IBN is an emerging network management paradigm that allows automated closed-loop control and management of network devices and services. Closed-loop control requires security primitives to avoid intrusive human impact on network policies, posing a serious security challenge. This paper addresses this critical problem by securing the management plane in IBN systems. We propose a novel security framework based on WireGuard that augments the existing standards to secure intent communication between intent stakeholders. The framework guarantees isolation through WireGuard tunnels and provides inherent authentication and access control mechanisms to avoid intrusion in IBN systems. This work contributes to developing secure, efficient, and flexible communication channels within the IBN ecosystem, ensuring the integrity and confidentiality of network intents and operational data. Experimental results show the suitability and superiority of WireGuard compared to OpenVPN.

翻译：意图驱动网络是一种新兴的网络管理范式，它支持对网络设备与服务进行自动化的闭环控制与管理。闭环控制需要安全原语来避免人为因素对网络策略的侵入性干扰，这构成了严峻的安全挑战。本文通过保护IBN系统中的管理平面来解决这一关键问题。我们提出了一种基于WireGuard的新型安全框架，该框架增强了现有标准，以保障意图相关方之间的意图通信安全。该框架通过WireGuard隧道保证隔离性，并提供固有的认证与访问控制机制，从而避免IBN系统遭受入侵。本工作有助于在IBN生态系统中建立安全、高效且灵活的通信信道，确保网络意图与运行数据的完整性与机密性。实验结果表明，与OpenVPN相比，WireGuard具备更优的适用性与性能优势。