Learning Centre

Evaluation of Network-Layer Security Technologies for Cloud Platforms

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Ahmad, Bilal
dc.contributor.advisor Jin, Hongyu
dc.contributor.author Duarte Coscia, Bruno
dc.date.accessioned 2020-12-20T18:13:45Z
dc.date.available 2020-12-20T18:13:45Z
dc.date.issued 2020-12-14
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/97596
dc.description.abstract With the emergence of cloud-native applications, the need to secure networks and services creates new requirements concerning automation, manageability, and scalability across data centers. Several solutions have been developed to overcome the limitations of the conventional and well established IPsec suite as a secure tunneling solution. One strategy to meet these new requirements has been the design of software-based overlay networks. In this thesis, we assess the deployment of a traditional IPsec VPN solution against a new secure overlay mesh network called Nebula. We conduct a case study by provisioning an experimental system to evaluate Nebula in four key areas: reliability, security, manageability, and performance. We discuss the strengths of Nebula and its limitations for securing inter-service communication in distributed cloud applications. In terms of reliability, the thesis shows that Nebula falls short to meet its own goals of achieving host-to-host connectivity when attempting to traverse specific firewalls and NATs. With respect to security, Nebula provides certificate-based authentication and uses current and fast cryptographic algorithms and protocols from the Noise framework. Regarding manageability, Nebula is a modern solution with a loosely coupled design that allows scalability with cloud-ready features and easier deployment than IPsec. Finally, the performance of Nebula clearly shows an overhead for being a user-space software application. However, the overhead can be considered acceptable in certain server-to-server microservice interactions and is a fair trade-off for its ease of management in comparison to IPsec. en
dc.format.extent 71+8
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Evaluation of Network-Layer Security Technologies for Cloud Platforms en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword overlay network en
dc.subject.keyword network security en
dc.subject.keyword IPsec en
dc.subject.keyword nebula en
dc.subject.keyword slack nebula en
dc.subject.keyword noise framework en
dc.identifier.urn URN:NBN:fi:aalto-2020122056423
dc.programme.major Security and Cloud Computing fi
dc.programme.mcode SCI3084 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Aura, Tuomas
dc.programme Master’s Programme in Security and Cloud Computing (SECCLO) fi
local.aalto.electroniconly yes
local.aalto.openaccess yes

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication