Show simple item record

dc.contributor.authorGunleifsen, Håkon
dc.contributor.authorKemmerich, Thomas
dc.contributor.authorGkioulos, Vasileios
dc.date.accessioned2019-12-19T13:10:18Z
dc.date.available2019-12-19T13:10:18Z
dc.date.created2019-07-21T16:59:40Z
dc.date.issued2019
dc.identifier.citationComputer Networks. 2019, 160 77-91.nb_NO
dc.identifier.issn1389-1286
dc.identifier.urihttp://hdl.handle.net/11250/2634162
dc.description.abstractThis article describes a novel mechanism for the automated establishment of dynamic Virtual Private Networks (VPN) in the application domain of Network Function Virtualization (NFV). Each hop in an NFV Service Function Chain (SFC) lacks the capability of per-flow encryption, that makes the traffic flow in federated NFV environments vulnerable for eavesdropping. Due to the possible lack of bidirectional data plane communication channels between VNFs in an SFC, the Internet Security Key Exchange protocol (IPsec-IKE) is not applicable inside a VNF. Hence, this article introduces an alternative to IPsec-IKE that is specifically designed for NFV environments. This component is named Software Defined Security Associations (SD-SA), which is shown through a proof of concept evaluation to perform better than IPsec-IKE with respect to bandwidth and resource consumption.nb_NO
dc.language.isoengnb_NO
dc.publisherElseviernb_NO
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internasjonal*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/deed.no*
dc.titleDynamic setup of IPsec VPNs in service function chainingnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.description.versionacceptedVersionnb_NO
dc.source.pagenumber77-91nb_NO
dc.source.volume160nb_NO
dc.source.journalComputer Networksnb_NO
dc.identifier.doi10.1016/j.comnet.2019.05.015
dc.identifier.cristin1712228
dc.description.localcode© 2019. This is the authors’ accepted and refereed manuscript to the article. Locked until 25.5.2021 due to copyright restrictions. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/nb_NO
cristin.unitcode194,63,30,0
cristin.unitnameInstitutt for informasjonssikkerhet og kommunikasjonsteknologi
cristin.ispublishedtrue
cristin.fulltextoriginal
cristin.qualitycode2


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal