Securing NFV/SDN IoT Using VNFs Over a Compute-Intensive Hardware Resource in NFVI

The Network Function Virtualization (NFV) and Software- Defined Networking (SDN) are network paradigms for flexibly deploying future networks while guaranteeing security service requirements. This work designs Virtual Network Functions (VNFs) through a Compute-Intensive (CI) hardware resource in Network Function Virtualization Infrastructure (NFVI). The proposed NFVI is characterized by a multi-channel cryptosystem, which can be virtualized as a plurality of VNFs, that is, crypto engines, and each crypto engine is logically dedicated to an NFV/SDN Internet of Things (IoT) device, which does not have or has limited security capability owing to resource constraints. To enhance the performance of a cryptosystem, the accelerator circuit is often deeply pipelined and unrolled. However, to fulfill the popular feedback operation modes, the throughput of the pipelined and unrolled cryptosystem that implements a block cipher, say Advanced Encryption Standard (AES), can deteriorate even lower than that without these techniques. To solve this problem, we design a pipelined and unrolled multi- channel cryptosystem, which can be integrated into NFVI edge servers, with feedback operation mode for the NFV/SDN IoT. As a result, the combinational logics of a block cipher with feedback can be shared by plenty of IoT devices to enhance the hardware efficiency as well. Moreover, in addition to briefly review several AES designs, the fastest AES design is derived by shortening its critical path to only a logic gate of multiplexer or Exculsive OR (XOR) gate.