(POSTER) Using MACsec to protect a Network Functions Virtualisation infrastructure.

IEEE 802.1AE is a standard for Media Access Control security (MACsec), which enables data integrity, authentication, and confidentiality for traffic in a broadcast domain. This protects network communications against attacks at link layer, hence it provides a higher degree of security and flexibility compared to other security protocols, such as IPsec. Softwarised network infrastructures, based on Network Functions Virtualisation (NFV) and Software Defined Networking (SDN), provide higher flexibility than traditional networks. Nonetheless, these networks have a larger attack surface compared to legacy infrastructures based on hardware appliances. In this scenario, communication security is important to ensure that the traffic in a broadcast domain is not intercepted or manipulated. We propose an architecture for centralised management of MACsecenabled switches in a NFV environment. Moreover, we present a PoC that integrates MACsec in the Open Source MANO NFV framework and we evaluate its performance.