Cybersecurity
Resources provided
Book "Software-Defined Networks: A Systems Approach" (Chapter 4: Bare-Metal Switches)
Introduction to data plane programming - Video Tutorials provided by the P4 consortium:
- Introduction to Data Plane Programming
- Introduction to P4_16. Part 1
- Introduction to P4_16. Part 2
Official hands-on P4 tutorials maintained and provided by P4.org:
https://github.com
Are you interested?
If you are a professor or university student and you are interested in participating in the TUTORING program, register your information so that we can start the program.
Subject Area
This challenge is aimed at students with a high level of English, enrolled in master's degrees with knowledge in networking and security. With an interest in conducting advanced research and expanding their frontiers of knowledge.
Introduction
Commercially available programmable switches feature a general-purpose CPU, and a (programmable) ASIC that can be programmed using a domain-specific language for networking like P4.
Ideally, one would like to be able to implement cryptographic algorithms entirely in P4, since this would enable network operators to perform cryptographic operations per-packet at line rate in the data plane of the switch. In practice, this is a very challenging problem due to two main reasons.
The current P4 programming language does not offer any support for cryptographic operations in the data plane. Moreover, these switch ASICs impose strict memory and compute restrictions to achieve Terabit speed in the data plane. Due to these restrictions, currently there are two types of implementations of data-plane cryptographic algorithms: (i) those that are secure but degrade overall switch network performance considerably or (ii) those that can run at line rate at the cost of decreasing the security of the algorithm.
However, to date there is no implementation of a cryptographic algorithm that can run at line speed and be secure.
Challenge Description
In this project, we will first systematically analyze the different state-of-the-art implementations of cryptographic algorithms for P4-programmable switches, with the goal to understand whether existing designs and their implementations may have accidentally violated the security properties of the original algorithm.
Afterwards, we will perform two more investigations to identify practical options to perform cryptographic operations per-packet on the data plane of P4-programmable switches.
- First, we will consider very recent switch architectures (e.g., Tofino2), which extend the compute and memory budget of the switch ASIC, to implement well-established cryptographic standards (e.g., AES) whose early implementations in P4 were suffering from performance degradation on older, more constrained switch architectures (e.g., Tofino1).
- Second, we will consider latest lightweight cryptographic algorithms (e.g., proposals from the finalists of the NIST's challenge on lightweight Cryptography) as candidates to implement practical cryptographic data-plane primitives on P4-programmable switches.
