-
Towards Scalable Cross-Chain Messaging
Authors:
Joao Otavio Chervinski,
Diego Kreutz,
Jiangshan Yu
Abstract:
Blockchains were originally designed as closed execution environments and lack the ability to communicate directly with external systems. To overcome this limitation, many blockchains employ relayers, external applications capable of transporting data between different blockchains. Typically, the process of relaying data is permissionless and multiple independent relayers work concurrently to tran…
▽ More
Blockchains were originally designed as closed execution environments and lack the ability to communicate directly with external systems. To overcome this limitation, many blockchains employ relayers, external applications capable of transporting data between different blockchains. Typically, the process of relaying data is permissionless and multiple independent relayers work concurrently to transport the same information between two blockchains. While this model increases the reliability of data delivery by providing redundancy, it also introduces challenges that have not been previously discussed. In this work, we bridge this gap by discussing the shortcomings of permissionless cross-chain relaying systems and identifying three issues that adversely impact their performance, scalability and security. We take the first step towards addressing issues that hinder performance and scalability by proposing a novel protocol to enable coordination among independent relayers. Additionally, we provide an in-depth discussion about the trade-offs associated with the design of relayer coordination protocols for permissionless settings. Through this work we provide a foundation for improving cross-chain relaying services.
△ Less
Submitted 15 October, 2023;
originally announced October 2023.
-
Analyzing the Performance of the Inter-Blockchain Communication Protocol
Authors:
Joao Otavio Chervinski,
Diego Kreutz,
Xiwei Xu,
Jiangshan Yu
Abstract:
With the increasing demand for communication between blockchains, improving the performance of cross-chain communication protocols becomes an emerging challenge. We take a first step towards analyzing the limitations of cross-chain communication protocols by comprehensively evaluating Cosmos Network's Inter-Blockchain Communication Protocol. To achieve our goal we introduce a novel framework to gu…
▽ More
With the increasing demand for communication between blockchains, improving the performance of cross-chain communication protocols becomes an emerging challenge. We take a first step towards analyzing the limitations of cross-chain communication protocols by comprehensively evaluating Cosmos Network's Inter-Blockchain Communication Protocol. To achieve our goal we introduce a novel framework to guide empirical evaluations of cross-chain communication protocols. We implement an instance of our framework as a tool to evaluate the IBC protocol. Our findings highlight several challenges, such as high transaction confirmation latency, bottlenecks in the blockchain's RPC implementation and concurrency issues that hinder the scalability of the cross-chain message relayer. We also demonstrate how to reduce the time required to complete cross-chain transfers by up to 70% when submitting large amounts of transfers. Finally, we discuss challenges faced during deployment with the objective of contributing to the development and advancement of cross-chain communication.
△ Less
Submitted 20 April, 2023; v1 submitted 19 March, 2023;
originally announced March 2023.
-
ANCHOR: logically-centralized security for Software-Defined Networks
Authors:
Diego Kreutz,
Jiangshan Yu,
Fernando M. V. Ramos,
Paulo Esteves-Verissimo
Abstract:
While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an…
▽ More
While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.
△ Less
Submitted 31 December, 2018; v1 submitted 9 November, 2017;
originally announced November 2017.
-
The KISS principle in Software-Defined Networking: An architecture for Kee** It Simple and Secure
Authors:
Diego Kreutz,
Jiangshan Yu,
Paulo Esteves-Verissimo,
Catia Magalhaes,
Fernando M. V. Ramos
Abstract:
Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane…
▽ More
Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN.
We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms.
△ Less
Submitted 2 November, 2017; v1 submitted 14 February, 2017;
originally announced February 2017.
-
Software-Defined Networking: A Comprehensive Survey
Authors:
Diego Kreutz,
Fernando M. V. Ramos,
Paulo Verissimo,
Christian Esteve Rothenberg,
Siamak Azodolmolky,
Steve Uhlig
Abstract:
Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network p…
▽ More
Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -- with a focus on aspects such as resiliency, scalability, performance, security and dependability -- as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.
△ Less
Submitted 8 October, 2014; v1 submitted 2 June, 2014;
originally announced June 2014.