Paper accepted at IFIP NETWORKING '23
14 April 2023, by Nurefsan Sertbas Bülbül

Photo: https://networking.ifip.org/2023/
Our paper, "TSN Gatekeeper: Enforcing Stream Reservations via P4-Based In-Network Filtering " has been accepted for publication at the IFIP NETWORKING ‘23 conference.
This paper proposes P4-based dynamic ingress filtering approaches for securing time-sensitive networks from de attacks. We proposed a meter-based mechanism that operates per stream and achieves low latency results, even for high traffic demands. Alternatively, we also proposed a gated filtering approach that fits the per-class filtering concept and enables the deployment of more customizable algorithms. We tested the presented approaches in an emulated mininet environment, and results show that our filtering approaches can limit frame loss rates of the honest traffic significantly with only a minimal filtering overhead. Thus, the proposed approaches have the potential to meet strict performance requirements in time-sensitive environments.
We will present our results at the conference in June and seek an exchange with international researchers.
Paper Abstract: 
Real-time communication is crucial for mission- critical scenarios such as industrial automation and automotive. To meet these applications’ strict quality of service (QoS) re- quirements, a new set of specifications known as time-sensitive networking standards (TSN) has been proposed. TSN requires pre-registration of data streams before the actual communication helps to guarantee the bandwidth and ensure constrained end- to-end latency. However, this mechanism is vulnerable to traffic overload and denial of service (DoS) attacks. This paper proposes a P4-based dynamic attack filtering as a link-layer network function to defend TSN against malicious network elements such as faulty talkers or switches directly on the data plane. Our experiments indicate that our P4-based implementation can filter malicious traffic with minimal overhead and minimize the frame losses for honest traffic.