Chuchotage: In-line Software Network Protocol Translation for (D)TLS

Pegah Nikbakht Bideh; Nicolae Paladi

doi:10.1007/978-3-031-15777-6_32

Chuchotage: In-line Software Network Protocol Translation for (D)TLS

Pegah Nikbakht Bideh, Nicolae Paladi

CanaryBit AB

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

72 Downloads (Pure)

Abstract

The growing diversity of connected devices leads to complex network deployments, often made up of endpoints that implement in- compatible network application protocols. Communication between heterogeneous network protocols was traditionally enabled by hardware translators or gateways. However, such solutions are increasingly unfit to address the security, scalability, and latency requirements of modern software-driven deployments. To address these shortcomings we propose Chuchotage, a protocol translation architecture for secure and scalable machine-to-machine communication. Chuchotage enables in-line TLS interception and confidential protocol translation for software-defined networks. Translation is done in ephemeral, flow-specific Trusted Execution Environments and scales with the number of network flows. Our evaluation of Chuchotage implementing an HTTP to CoAP translation indicates a minimal transmission and translation overhead, allowing its integration with legacy or outdated deployments.

Original language	English
Title of host publication	Proceedings of the 24th International Conference on Information and Communications Security (ICICS'22)
Pages	589-607
DOIs	https://doi.org/10.1007/978-3-031-15777-6_32
Publication status	Published - 2022 Sep 30
Event	Proceedings of the 24th International Conference on Information and Communications Security, ICICS'22 - Canterbury, United Kingdom Duration: 2022 Sep 5 → 2022 Sep 8

Conference

Conference	Proceedings of the 24th International Conference on Information and Communications Security, ICICS'22
Country/Territory	United Kingdom
City	Canterbury
Period	2022/09/05 → 2022/09/08

Subject classification (UKÄ)

Computer Science

Keywords

Protocol conversion
IoT
Application layer protocols
Software Defined Networking
TLS
Cross-Layer Optimisation

Access to Document

10.1007/978-3-031-15777-6_32

Chuchotage-IoT-protocol-translation.pdfAccepted author manuscript, 569 KB

SMARTY: Säkra mjukvaruuppdateringar för den smarta staden
Hell, M., Magnusson, B., Gehrmann, C., Paladi, N., Karlsson, L., Sönnerup, J., Johnsson, B. A., Hedin, G., Nordahl, M., Pagnin, E., Kundu, R. & Åkesson, A.
Swedish Foundation for Strategic Research, SSF
2018/03/01 → 2023/02/28
Project: Research

Cite this

@inproceedings{065726f2959a47ddb812d008417ec522,

title = "Chuchotage: In-line Software Network Protocol Translation for (D)TLS",

abstract = "The growing diversity of connected devices leads to complex network deployments, often made up of endpoints that implement in- compatible network application protocols. Communication between heterogeneous network protocols was traditionally enabled by hardware translators or gateways. However, such solutions are increasingly unfit to address the security, scalability, and latency requirements of modern software-driven deployments. To address these shortcomings we propose Chuchotage, a protocol translation architecture for secure and scalable machine-to-machine communication. Chuchotage enables in-line TLS interception and confidential protocol translation for software-defined networks. Translation is done in ephemeral, flow-specific Trusted Execution Environments and scales with the number of network flows. Our evaluation of Chuchotage implementing an HTTP to CoAP translation indicates a minimal transmission and translation overhead, allowing its integration with legacy or outdated deployments.",

keywords = "Protocol conversion, IoT, Application layer protocols, Software Defined Networking, TLS, Cross-Layer Optimisation",

author = "{Nikbakht Bideh}, Pegah and Nicolae Paladi",

year = "2022",

month = sep,

day = "30",

doi = "10.1007/978-3-031-15777-6_32",

language = "English",

pages = "589--607",

booktitle = "Proceedings of the 24th International Conference on Information and Communications Security (ICICS'22)",

note = "Proceedings of the 24th International Conference on Information and Communications Security, ICICS'22 ; Conference date: 05-09-2022 Through 08-09-2022",

}

Nikbakht Bideh, P & Paladi, N 2022, Chuchotage: In-line Software Network Protocol Translation for (D)TLS. in Proceedings of the 24th International Conference on Information and Communications Security (ICICS'22). pp. 589-607, Proceedings of the 24th International Conference on Information and Communications Security, ICICS'22, Canterbury, United Kingdom, 2022/09/05. https://doi.org/10.1007/978-3-031-15777-6_32

TY - GEN

T1 - Chuchotage: In-line Software Network Protocol Translation for (D)TLS

AU - Nikbakht Bideh, Pegah

AU - Paladi, Nicolae

PY - 2022/9/30

Y1 - 2022/9/30

N2 - The growing diversity of connected devices leads to complex network deployments, often made up of endpoints that implement in- compatible network application protocols. Communication between heterogeneous network protocols was traditionally enabled by hardware translators or gateways. However, such solutions are increasingly unfit to address the security, scalability, and latency requirements of modern software-driven deployments. To address these shortcomings we propose Chuchotage, a protocol translation architecture for secure and scalable machine-to-machine communication. Chuchotage enables in-line TLS interception and confidential protocol translation for software-defined networks. Translation is done in ephemeral, flow-specific Trusted Execution Environments and scales with the number of network flows. Our evaluation of Chuchotage implementing an HTTP to CoAP translation indicates a minimal transmission and translation overhead, allowing its integration with legacy or outdated deployments.

AB - The growing diversity of connected devices leads to complex network deployments, often made up of endpoints that implement in- compatible network application protocols. Communication between heterogeneous network protocols was traditionally enabled by hardware translators or gateways. However, such solutions are increasingly unfit to address the security, scalability, and latency requirements of modern software-driven deployments. To address these shortcomings we propose Chuchotage, a protocol translation architecture for secure and scalable machine-to-machine communication. Chuchotage enables in-line TLS interception and confidential protocol translation for software-defined networks. Translation is done in ephemeral, flow-specific Trusted Execution Environments and scales with the number of network flows. Our evaluation of Chuchotage implementing an HTTP to CoAP translation indicates a minimal transmission and translation overhead, allowing its integration with legacy or outdated deployments.

KW - Protocol conversion

KW - IoT

KW - Application layer protocols

KW - Software Defined Networking

KW - TLS

KW - Cross-Layer Optimisation

U2 - 10.1007/978-3-031-15777-6_32

DO - 10.1007/978-3-031-15777-6_32

M3 - Paper in conference proceeding

SP - 589

EP - 607

BT - Proceedings of the 24th International Conference on Information and Communications Security (ICICS'22)

T2 - Proceedings of the 24th International Conference on Information and Communications Security, ICICS'22

Y2 - 5 September 2022 through 8 September 2022

ER -

Chuchotage: In-line Software Network Protocol Translation for (D)TLS

Abstract

Conference

Subject classification (UKÄ)

Keywords

Access to Document

Fingerprint

Projects

SMARTY: Säkra mjukvaruuppdateringar för den smarta staden

Cite this