Forward Networks - Networking Field Day 13 presentationForward Networks
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
Managing microservices with Istio Service MeshRafik HARABI
Developing and managing hundreds (or maybe thousands) of microservices at scale is a challenge for both development and operations teams.
We have seen over the last years the appearance of new frameworks dedicated to deliver ‘Cloud Native’ applications by providing a set of (out of box) building blocks. Most of these frameworks integrate microservices concerns at the code level.
Recently, we have seen the emerging of a new pattern known as sidecar or proxy promoting to push all these common concerns outside of the business code and provides them on the edge by integrate a new layer to the underlying platform called Service Mesh.
Istio is one of the leading Service Mesh implementing sidecar pattern.
We will go during the presentation throw the core concepts behind Istio, the capabilities that provides to manage, secure and observe microservices and how it gives a new breath for both developers and operations.
The presentation will be guided by a sequence of demo exposing Istio capabilities.
Forward Networks - Networking Field Day 13 presentationAndrew Wesbecher
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
Forward Networks - Networking Field Day 13 presentationForward Networks
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
Managing microservices with Istio Service MeshRafik HARABI
Developing and managing hundreds (or maybe thousands) of microservices at scale is a challenge for both development and operations teams.
We have seen over the last years the appearance of new frameworks dedicated to deliver ‘Cloud Native’ applications by providing a set of (out of box) building blocks. Most of these frameworks integrate microservices concerns at the code level.
Recently, we have seen the emerging of a new pattern known as sidecar or proxy promoting to push all these common concerns outside of the business code and provides them on the edge by integrate a new layer to the underlying platform called Service Mesh.
Istio is one of the leading Service Mesh implementing sidecar pattern.
We will go during the presentation throw the core concepts behind Istio, the capabilities that provides to manage, secure and observe microservices and how it gives a new breath for both developers and operations.
The presentation will be guided by a sequence of demo exposing Istio capabilities.
Forward Networks - Networking Field Day 13 presentationAndrew Wesbecher
On November 17th, 2016, Forward Networks conducted its first public unveiling of its Network Assurance platform at Networking Field Day 13. Visit https://www.forwardnetworks.com/ for more details.
A Practical Deep Dive into Observability of Streaming Applications with Kosta...HostedbyConfluent
"You build your streaming applications and event-driven microservices using Apache Kafka. Are your systems observable enough without depending only on the broker-side metrics and application logs? Can you track down the root cause during incidents, or do you hope everything will be fine after a restart? In this talk, Tim & Kosta will take you on their observability journey by sharing pitfalls and knowledge our team gained over the last couple of years.
We are going to answer questions like:
• Do you understand how to expose and use your client-side Kafka metrics?
• JMX, Metric interceptors, Micrometer where to start?
• Why is there a difference between the values of client-side and broker-side metrics?
• Learn how client-side consumer lag metrics can differ from the lag calculated on the cluster.
• What is the right way to use and interpret them?
• Can you measure latency through your complete stack using distributed tracing?
• OpenTelemetry, Jaeger & Zipkin, what to pick?
During a step-by-step demo, we will look into different real-life examples and scenarios to demonstrate how to bring the observability of your Kafka applications to the next level."
Deploying new WAN services can take a long time and require a significant up-front capital investment. The software-defined nature of SD-WAN enables service agility, rapid rollout, and instant-on WAN that the Service Provider can immediately benefit from. This accelerates the time to market and time to revenue.
This was delivered by Sumeet Puri (Senior Vice President, Global Head of Systems Engineering) at the Singapore Cricket Club on September 18th, 2019.
Topics covered include: event-driven architecture, event brokers, event mesh, becoming an event-driven enterprise, real-time data streaming, event streaming, event management
Building a scalable microservice architecture with envoy, kubernetes and istioSAMIR BEHARA
Talk from O'Reilly Software Architecture Conference San Jose 2019
Microservices and containers have taken the software industry by storm. Transitioning from a monolith to microservices enables you to deploy your application more frequently, independently, and reliably. However, microservice architecture has its own challenges, and it has to deal with the same problems encountered while designing distributed systems.
Enter service mesh technology to the rescue. A service mesh reduces the complexity associated with microservices and provides functionality like load balancing, service discovery, traffic management, circuit breaking, telemetry, fault injection, and more. Istio is one of the best implementations of a service mesh at this point, while Kubernetes provides a platform for running microservices and automating deployment of containerized applications.
Join Samir Behara to go beyond the buzz and understand microservices and service mesh technologies.
Providing carriers with essential tools in the
Transport SDN toolbox is important. The OIF is working on an SDN framework document and implementation agreements to support carriers with their SDN needs.
The WAN Automation Engine (WAE) is a software platform that provides multivendor and multilayer visibility and analysis for service provider and large enterprise networks. It plays a critical role in answering key questions of network resource availability, and when appropriate can automate and simplify Traffic Engineering mechanisms such as RSVP-TE and Segment Routing. This session will focus on use-cases and APIs for developers.
Watch the DevNet 2035 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92720&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
MMIX Peering Forum: Securing Internet RoutingAPNIC
APNIC Senior Network Analyst Tashi Phuntsho presents on how to secure Internet routing at the Myanmar Internet Exchange (MMIX) Peering Forum 2019 in Yangon, Myanmar from 3 to 5 May 2019.
APNIC Senior Network Analyst and Training Manager Tashi Phuntsho presents on why securing Internet routing is important, and outlines some tools and techniques that can help network operators.
SDN in the Enterprise: APIC Enterprise Module Cisco Canada
Lila Rousseaux, Consulting Systems Engineer, Enterprise Networks and Tim Szigeti, Technical Marketing Engineer discusses SDN in the enterprise at Cisco Connect Toronto 2015.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
More Related Content
Similar to VeSPA: Vehicular Security and Privacy-preserving Architecture
A Practical Deep Dive into Observability of Streaming Applications with Kosta...HostedbyConfluent
"You build your streaming applications and event-driven microservices using Apache Kafka. Are your systems observable enough without depending only on the broker-side metrics and application logs? Can you track down the root cause during incidents, or do you hope everything will be fine after a restart? In this talk, Tim & Kosta will take you on their observability journey by sharing pitfalls and knowledge our team gained over the last couple of years.
We are going to answer questions like:
• Do you understand how to expose and use your client-side Kafka metrics?
• JMX, Metric interceptors, Micrometer where to start?
• Why is there a difference between the values of client-side and broker-side metrics?
• Learn how client-side consumer lag metrics can differ from the lag calculated on the cluster.
• What is the right way to use and interpret them?
• Can you measure latency through your complete stack using distributed tracing?
• OpenTelemetry, Jaeger & Zipkin, what to pick?
During a step-by-step demo, we will look into different real-life examples and scenarios to demonstrate how to bring the observability of your Kafka applications to the next level."
Deploying new WAN services can take a long time and require a significant up-front capital investment. The software-defined nature of SD-WAN enables service agility, rapid rollout, and instant-on WAN that the Service Provider can immediately benefit from. This accelerates the time to market and time to revenue.
This was delivered by Sumeet Puri (Senior Vice President, Global Head of Systems Engineering) at the Singapore Cricket Club on September 18th, 2019.
Topics covered include: event-driven architecture, event brokers, event mesh, becoming an event-driven enterprise, real-time data streaming, event streaming, event management
Building a scalable microservice architecture with envoy, kubernetes and istioSAMIR BEHARA
Talk from O'Reilly Software Architecture Conference San Jose 2019
Microservices and containers have taken the software industry by storm. Transitioning from a monolith to microservices enables you to deploy your application more frequently, independently, and reliably. However, microservice architecture has its own challenges, and it has to deal with the same problems encountered while designing distributed systems.
Enter service mesh technology to the rescue. A service mesh reduces the complexity associated with microservices and provides functionality like load balancing, service discovery, traffic management, circuit breaking, telemetry, fault injection, and more. Istio is one of the best implementations of a service mesh at this point, while Kubernetes provides a platform for running microservices and automating deployment of containerized applications.
Join Samir Behara to go beyond the buzz and understand microservices and service mesh technologies.
Providing carriers with essential tools in the
Transport SDN toolbox is important. The OIF is working on an SDN framework document and implementation agreements to support carriers with their SDN needs.
The WAN Automation Engine (WAE) is a software platform that provides multivendor and multilayer visibility and analysis for service provider and large enterprise networks. It plays a critical role in answering key questions of network resource availability, and when appropriate can automate and simplify Traffic Engineering mechanisms such as RSVP-TE and Segment Routing. This session will focus on use-cases and APIs for developers.
Watch the DevNet 2035 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92720&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
MMIX Peering Forum: Securing Internet RoutingAPNIC
APNIC Senior Network Analyst Tashi Phuntsho presents on how to secure Internet routing at the Myanmar Internet Exchange (MMIX) Peering Forum 2019 in Yangon, Myanmar from 3 to 5 May 2019.
APNIC Senior Network Analyst and Training Manager Tashi Phuntsho presents on why securing Internet routing is important, and outlines some tools and techniques that can help network operators.
SDN in the Enterprise: APIC Enterprise Module Cisco Canada
Lila Rousseaux, Consulting Systems Engineer, Enterprise Networks and Tim Szigeti, Technical Marketing Engineer discusses SDN in the enterprise at Cisco Connect Toronto 2015.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
VeSPA: Vehicular Security and Privacy-preserving Architecture
1. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Vehicular Security and Privacy-preserving
architecture
N. Alexiou M. Lagan` S. Gisdakis
a
M. Khodaei P. Papadimitratos
School of Electrical Engineering, KTH, Sweden
surname@kth.se
HotWiSec13’
April 19, 2013
1 / 20
2. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
2 / 20
3. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Vehicular Communications
• Vehicular Communications (VC)
• Vehicles propagate information
for Safe-Driving
• Location, Velocity, angle
• Hazardous warnings
• Emergency break etc.
• Cooperative awareness through
beaconed status messages and
event-triggered warnings
• ..Security in VC?
• Assure legitimate vehicles
propagate information
• Secure integrity of information
Image source: C2C-CC
3 / 20
4. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Digital Signatures for VC
• Vehicles hold Private-Public
Key pair
• Unique pair to each vehicle
• Digital Signature of the
messages
• Authentication
• Integrity
• Non-repudiation
• Vehicular Public Key
Infrastructure (VPKI)
• To assign credentials
• Propagate trust
Image Source: Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos et al
4 / 20
5. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Privacy in VC
• Packets signed using same
credentials can be trivially
linked
• Solution:
• Offer multiple short-lived
credentials (Pseudonyms
(PS))
• Pseudonyms valid for
unique time periods
• Sign packets with valid
pseudonyms
• Cryptographic operations in
a Hardware Security Module
• Extend the VPKI to support
Pseudonyms
5 / 20
6. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Current Status: Overview
• Credential management in Vehicular Communications (VC)
• Long-term Credentials for accountability and Authentication
• Short-lived Pseudonyms for anonymity and Location Privacy
• A VPKI to support credential management
• VPKI Architecture:
• LTCA: Issuer of Long-term Credentials
• PCA: Issuer of Pseudonymous Credentials
• RA: Resolution Authority
• VPKI Protocols:
• Pseudonym provision: Refresh pool of pseudonyms
• Pseudonym Resolution: De-anonymize misbehaving vehicles
• Car accident, violation of traffic regulation, police request
• Pseudonym revocation: Revoke the misbehaving pseudonyms
• Main Suspects: SEVECOM, C2C-CC, PRESERVE, 1609
family of standards WAVE, ETSI
6 / 20
7. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
7 / 20
8. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Future Challenges for VC
• Implement an efficient VPKI prototype according to the
standard
• How to enhance privacy towards the infrastructure
• Envision support for future vehicular services
• Safety as a service, not the target application
• Location based services, Pay-as-you-drive systems
• Enhance current VPKI to support vehicular services
• AAA solution with current VPKI architecture as the starting
point
• Authentication: Legitimate part of the system
• Authorization: Right to access a service
• Accountability: Track of consumption
8 / 20
9. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
9 / 20
10. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Vehicular Security and Privacy-preserving
Architecture
• “Kerberized” version of a VPKI
• Efficient VPKI Credential Management Architecture
• Enhanced VPKI design with respect to privacy
• Cryptographic tickets to support AAA
• Tickets:
• tkt = SigLTCA ([te ], {S1 }, . . . , {Sn })
• Carrier of service subscription information
• Anonymous proof of access to obtain pseudonyms
• Authorization and Authentication to the PCA
• Limited lifetime dependent on vehicle subscription to the
service
• Revocable upon misbehavior
10 / 20
11. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Operation
• AAA check at LTCA
• LTCA issues ticket
• 73, 5msec/ticket
• Ticket per service/access
• Increased anonymity set
• Low overhead introduced
• Ticket received
• Request for new
pseudonyms
• Communication over TLS
(one-way authentication)
11 / 20
12. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Protocols
Pseudonym Provision:
Resolution Protocol:
• V −→LTCA: Sigkv (t1 ,Request) LTv
i
• RA−→PCA: SigRA (Pv ,t1 )
• LTCA−→V : tkt
• PCA−→RA: SigPCA (tkt,t2 )
•
1
n
V −→PCA:t3 ,tkt,{Kv ,...,Kv }
• RA−→LTCA: SigRA (tkt,t3 )
•
1
n
PCA−→V :t4 ,{Psv ,...,Psv }
• LTCA−→RA: SigLTCA (LTv ,t4 )
12 / 20
13. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
13 / 20
14. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Implementation Details
• OpenCA for cryptographic operations
• ECC-256 keys for digital certificates
• 1609.2 standard compatible
• Separate machines for each entity:
• Intel Xeon 3.4 GHz, 8 GB RAM
• System scales up with more machines or..
• stronger equipment
• Communications over encrypted TLS channel (one-way
authentication)
• Authentication of server
• Confidentiality
14 / 20
17. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Pseudonym Provision Efficiency
18
Preparing the Request
Entire Operations on the Server
Entire Communication
Verification and Storage
16
Latency [seconds]
14
12
10
8
6
4
2
0
1
10
20
50
100 200
Number of Pseudonyms
500
1000
Infrastructure, Vehicle, Communications Efficiency vs number of requested
pseudonyms
17 / 20
18. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Pseudonym Revocation Efficiency
3600
Latency [milliseconds]
3200
Preparing the Request
Entire Operations on the Server
Entire Communication
Verification and Storage
2800
2400
2000
1600
1200
800
400
0
1
10
100
1000 10,000 100,000
Number of Revoked Pseudonyms in CRL
Infrastructure, Vehicle, Communications Efficiency vs number of revoked pseudonyms
18 / 20
19. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
19 / 20
20. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Overview & Future Work
VeSPA:
• Efficient VPKI Prototype according to the standards
• Increased Privacy to towards the infrastructure
• Enhanced VPKI with AAA capabilities
• A VPKI able to support vehicular services
Ongoing Work:
• Integration of Anonymous Authentication Mechanisms
• Extensions to support multi-Domain VPKI architectures
20 / 20