Politecnico di Torino (logo)

Towards automation of TLS-based VPN configuration

Luca Bianconi

Towards automation of TLS-based VPN configuration.

Rel. Riccardo Sisto, Fulvio Valenza, Daniele Bringhenti. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2023

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (6MB) | Preview

The advancements in networking technologies, namely Network Functions Virtualization (NFV) and Software-Defined Networking (SDN), have significantly enhanced the flexibility and efficiency of building Service Function Chains. NFV enables the implementation of specific network functions, such as NAT or proxy servers, on standard servers, eliminating the need for dedicated hardware devices. This utilization of standard servers allows for the consolidation of multiple network functions, optimizing resource utilization and enabling the addition of new functions without the need for additional physical devices. SDN, on the other hand, provides the ability to create tailored routes for different types of traffic or users, adding greater flexibility to Service Function Chain construction. Through controller programming, the path taken by a packet can be dynamically modified and customized as it traverses various network devices. However, the manual configuration of network devices in the creation of Service Function Chains presents challenges. Incorrect configurations can lead to serious security breaches or unwanted traffic acceptance. Additionally, manual configuration can result in significant latency during updates or maintenance of the security system. Network Automation offers a solution by automating the configuration of network security devices, reducing human errors and minimizing latency associated with configuration changes. An example of a Network Automation framework is VEREFOO (VErified REFinement and Optimized Orchestration). By inputting a Service Graph and Network Security Requirements, VEREFOO generates an optimized Service Graph solution that identifies a physical network with automatically allocated and configured network security functions. This ensures the best alignment with the provided Network Security Requirements. The primary focus of this thesis work was on selecting the most suitable VPN technology. The key contribution of this research was the enhancement and expansion of the VEREFOO framework, which was originally designed to address network security requirements by managing the allocation and configuration of Firewalls and Channel Protection Systems. However, the framework lacked the capability to choose between different VPN technologies. The thesis work addressed this limitation and after an extensive work of research and modelization, introduced the ability to select the optimal VPN technology within the VEREFOO framework. Furthermore, aspects of the previous version of the framework were improved, with a specific focus on scalability and performance enhancements. To validate the effectiveness of the framework and highlight the factors that significantly impact its scalability, performance tests were conducted. These tests were carried out by varying numerous input values, such as the Allocation Points and Network Security Requirements, both in number and in requested property. The performance tests aimed to verify the accuracy, scalability, and overall improvements achieved by the framework.

Relators: Riccardo Sisto, Fulvio Valenza, Daniele Bringhenti
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 88
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/27655
Modify record (reserved for operators) Modify record (reserved for operators)