Portal de Periódicos da CAPES

Analysis and practical validation of a standard SDN-based framework for IPsec management

2022; Elsevier BV; Volume: 83; Linguagem: Inglês

10.1016/j.csi.2022.103665

1872-7018

Gabriel López-Millán, Rafael Marín-López, Fernando Pereñíguez-García, Óscar Cánovas, José Antonio Parra-Espín,

Smart Grid Security and Resilience

The Internet Engineering Task Force (IETF), the international standardization organism for the Internet, has recently approved a standard, RFC 9061, which defines an interface and framework with which to manage IPsec SAs autonomously by using the Software Defined Networking (SDN) paradigm. In this framework, a centralized entity, the controller, sends configuration information to IPsec-enabled nodes in the network in order to create IPsec SAs. Two cases are presented: IKE-case, in which the nodes ship an IKE implementation that is configured by the controller or IKE-less, in which the controller sends the IPsec SAs directly to the nodes, among other relevant security information. This paper analyzes both cases in depth, provides a design for the controller's operation based on Mealy state machines and obtains experimental results from a virtualized testbed so as to compare these cases, which are missing parts in the standard.