
Research Article
Flowrider: Fast On-Demand Key Provisioning for Cloud Networks
@INPROCEEDINGS{10.1007/978-3-030-90022-9_11, author={Nicolae Paladi and Marco Tiloca and Pegah Nikbakht Bideh and Martin Hell}, title={Flowrider: Fast On-Demand Key Provisioning for Cloud Networks}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part II}, proceedings_a={SECURECOMM PART 2}, year={2021}, month={11}, keywords={Network security Software defined networking Secure communication Key management Cloud security}, doi={10.1007/978-3-030-90022-9_11} }
- Nicolae Paladi
Marco Tiloca
Pegah Nikbakht Bideh
Martin Hell
Year: 2021
Flowrider: Fast On-Demand Key Provisioning for Cloud Networks
SECURECOMM PART 2
Springer
DOI: 10.1007/978-3-030-90022-9_11
Abstract
Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks.