P4Knocking: Offloading host-based firewall functionalities to the network

Eder Ollora Zaballa, David Franco, Zifan Zhou, Michael Stübert Berger

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    The introduction of Software-Defined Networks (SDN) and the evolution towards programmable data planes bring the opportunity to offload several functions to the data plane. In this context, the P4 programming language opens the door to the customization of data planes. It can provide packet processing functionalities that can be applied to improve network security among other areas. This paper presents P4Knocking, a P4-based port knocking implementation that can externally open ports that appear to be closed. The goal of bringing port knocking capabilities to the network is to seamlessly deploy firewall functions in the data plane, reliving hosts from dealing with unintended traffic. Our work presents a total of four implementations that involve data and control planes in different degrees. In this case, P4Knocking can provide a more transparent and efficient way to deploy the port knocking service compared to a host-based port knocking implementation. In fact, it requires no specific purpose externs apart from registers, hence its higher portability and flexibility with local or remote control planes.
    Original languageEnglish
    Title of host publicationProceedings of 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)
    PublisherIEEE
    Publication date2020
    Pages7-12
    ISBN (Print)9781728151274
    DOIs
    Publication statusPublished - 2020
    Event23rd Conference on Innovation in Clouds, Internet and Networks and Workshops - Paris, France
    Duration: 24 Feb 202027 Feb 2020
    Conference number: 23

    Conference

    Conference23rd Conference on Innovation in Clouds, Internet and Networks and Workshops
    Number23
    Country/TerritoryFrance
    CityParis
    Period24/02/202027/02/2020

    Keywords

    • Port knocking
    • Security
    • Programmable
    • SDN
    • P4

    Fingerprint

    Dive into the research topics of 'P4Knocking: Offloading host-based firewall functionalities to the network'. Together they form a unique fingerprint.

    Cite this