Security analysis of network function virtualization (NFV)

Abstract

As a result of inflexibility and increasing cost of traditional network, Network Function Virtualization came into focus of the industry. NFV decouples network function software implementation from underlying hardware, and it provides an abstraction of network functions, via software components that can run-on general-purpose devices that can be located in a variety of telecom infrastructure, such as data centers, network nodes, and end-user devices. NFV architecture consists of three main components: NFVI, VNF and MANO. There are various use cases of NFV including using NFVI as service, VNF forwarding graphs etc. Benefits of NFV includes reducing cost in purchasing hardware, faster deployment time, flexibility to scale up or down as per the requirement. It can be beneficial to use a software-defined NFV as NFV can help SDN by virtualizing the SDN controller to run on the cloud, allowing for dynamic relocation of the controllers to the best locations. In return, SDN, benefits NFV by enabling programmable network connectivity between VNFs for optimized traffic engineering and steering. OpenStack, an open-source Infrastructure-as-a-Service (IaaS) platform for cloud computing, offers a number of services that, when coordinated, can be used to create and deploy an NFV system that is both affordable and scalable. However, in order to have a safe NFV environment, each of NFV and OpenStack presents its own unique set of security concerns that must be overcome. As NFV is in its early security stages there are many open security issues present which can be dealt by using some available techniques also through other emerging solutions. In this thesis, we demonstrate how the most recent version of OpenStack, code-named OpenStack Yoga, may be used to build and deploy an all-in-one single node NFV environment. We will also have a look at the typical NFV use-cases and its architecture. Finally, we will assess the security flaws that pose a threat to our deployment and recommend threat mitigation techniques and security best practices to implement in order to make our NFV environment secure.