ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Security Issues in Software Defined Networks (SDN)

Verified

Added on  2021/05/31

|6
|3403
|167
AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: SECURITY ISSUES IN SOFTWARE DEFINED NETWORKS (SDN)
Security issues in Software Defined Networks (SDN)
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2
SECURITY ISSUES IN SOFTWARE DEFINED NETWORKS (SDN)
ABSTRACT- This study discuses about the
security challenges in the SDN architecture.
Various benefits of the SDN architecture have
been discussed in the study. Various threats have
been identified in the study. Various security
solutions have been analyzed in the study.
Keywords- SDN controller, DISCO, DoS attack and
CONA
A. INTRODUCTION
Cloud Service providers have been working for
satisfying their customers by their enhanced quality
of services and security. Different network
architectures have been prepared in order to enhance
security of data and information of users. The
software defined network (SDN) has helped in
preparing in secured network architecture for the best
function of virtualization. Various software
programming have been installed in the SDNs for
preparing secure networks in organization [1].
This report focuses in the security perspective of
the SDNs in the market. Various security threats and
risks have been discussed in the report.
This report outlines the safety measures for
counter-measuring these challenges in SDNs.
A. Research problem
This research has focused on the security
challenges in the network of various companies. The
security treats in the network architecture have been
major problem discussed in this research. The
security of data and information transferring through
network architecture have been intercepted by the
hackers and other intruders in the network. Therefore,
this have been creating a lot of problems related to
data loss in companies [2]. Various security
challenges and solutions has been discussed in the
research that might help in maintaining the security
of data and information of companies in the market.
Various attacks including cyber-attacks, DoS attack,
and traffic monitoring and overflow attack have been
major challenges in the SDN architecture.
B. LITERATURE REVIEW
Overview of SDN Architecture
SDN has been an emerging network architecture
that helps in forwarding data from the control logic t
other network components. The decoupling of
forwarding data and information is done with the
help of switches and routers. However, SDN
architecture can be divided into three layers including
data forwarding layer, control layer and application
layer [3].
A. Data forwarding layer
The data forwarding layer of the SDN consists of
various SDN switches that are hysically connected
with the help of wires and wireless media. Every
switch acts as a simple device for forwarding packets
of data and information to the Flow table that
contains thousands of rules for forwarding decisions
[11]. However, each of the table is made up of three
fields including action, counter and pattern. The
pattern describes the flow of data and its header files
value. The switch searches its flow table upon
receiving the data and information. The switch
receives notification upon receiving the data and
information from various data sources and forward to
the controller from control layer.
B. Control layer
The SDN controller communicates with the
switch by a standard south bound API including
Openflow. Various routing protocols, such as BGP
and OSPF, run on the SDN controller so that all the
data forwarding taking place in the data layer is based
on instructions placed by the controller. The
controller used in the control layer helps in
controlling the amount of data flow [12]. In the multi
controller architecture, each controller is responsible
for controlling only a portion of the switches. In
order to maintain the consistency of the network’s
status, an individual SDN controller can
communicate with other controllers in the network
through east–westbound APIs.
C. Application layer
The application layer issued to allowing network
operators for responding to various business
requirements. Various innovative application
software has been prepared for SDN controllers for
meeting the requirements incusing network
virtualization and topology [13]. This layer used to
communicate with the control layer by north-bund
APIs. However, the control layer helps in providing
abstraction of restores of network operators for
changing the data path of packets by programming
language focusing in SDN controllers.
Advantages of SDN and defects
There are various advantages of the SDN
architectures. Some of the benefits are discussed
below:
Effective monitoring of abnormal traffic:
SDN controllers are able to perceive
network traffic, therefore, it becomes easy for
noticing abnormal behavior in network traffic due to
Document Page
3
SECURITY ISSUES IN SOFTWARE DEFINED NETWORKS (SDN)
an attacker. Any kind of mischievous activities
happening in the network can be easily detected by
the SDN controllers.
Timely dealing with vulnerabilities:
The controllers are programmed to the
immediate actions against the threat detected in the
networks. The controllers are responsible for
reacting against the identified threat in the networks
without wasting any time. Software installed in the
controllers has been updated with latest version that
helps in maintaining the security of the data and
information [4]. The SDN controller helps in
providing data security policy covering different
layers in the network.
There are some defects in the SDN network
discussed below:
Vulnerable controller:
The architecture of the SDN helps
improvising a concentrated target of reducing the
difficulties in attacks. However, the development of
the cloud computing have been creating security
issues in the system. The data of the cloud
computing have been less secure than other database
[5]. Therefore, the security threats in the cloud
computing get increased in the SDN controller. The
attackers can attack the SDN controllers that might
seize the control of the network and breach all data
and information of the network.
Risk caused by open programmable interfaces:
The open nature of the SDN have increased
the security threats. The software is full open to the
attackers that increase the security threats in the SDN
controller. However, the SDN controller provide
huge number of programmable interface for the
application layer that is exposed in the malicious
code. The open interfaces of SDN controller helps in
providing access to the attackers in the network [6].
Therefore, the entrance of the attackers become easy
and safe. The open interfaces of SDN controllers
needs to focus in the security of the gateway of
controller.
More attack points:
The traditional network provide less attack
points that the modern SDN controllers. The SDN
switch has been prone to attacks that have been
identified. The link between SDN switches are not
encrypted that create security issues during the data
transfer. Therefore, data and information stored on
the switches are prone to the security attacks. The
SDN controller have been the most attractive target
for the attackers in the market. The SDN controller
has been the most central part of the network
architecture. Therefore, getting access to the SDN
controller helps in accessing all parts of the SDN.
The data packets that contain these rules can be
tampered with by attacker through eavesdropping on
the link between the controller and switch, which will
result in a spurious rule insertion or malicious rule
modification [14]. The application software is built
on the controller that is directly that is located on the
same physical device. When the application software
invokes the functions of the controllers through the
north-bound APIs, malicious code maybe embedded
into the controller. Hence, the application software is
considered the most convenient attack point for
seizing the controllers.
Security threats to SDN
There are various threats identified in the
different layer of SDN as discussed below:
Threats in data forwarding layer:
The data forwarding layer is situated at the bottom of
the SDN architecture that contains thousands of
switches, which are interconnected. Man-in-middle
attack focuses on the agent node and destination node
or intercepting communication of data and tamper
them without detected by the controller. These
attacks of man-in-middle involve session hijacking,
DNS spoofing and port mirroring. This attack
between the controller and switches has been a
proper choice for attacking an SDN. It is used to
intercept the messages between them [15]. The flow
table has been saturated in the irregular traffic as
legal traffic have not been forwarded correctly.
Packets in the Flow Buffer will be marked for
deletion on a First in First out (FIFO) basis to release
the storage space. As in the case of the Flow Table,
the storage capacity of the Flow Buffer is also
limited. Attackers can flood large packets belonging
to a different flow than that encountered by the
switch normally; the switch has to buffer these large
packets and this leads to the saturation of the Flow
Buffer.
Threats in Control layer:
In the SDN architecture, the control layer is
the OpenFlow controllers and the security have a
direct impact on the data forwarding layer. A
Content-Oriented Networking Architecture (CONA)
is a proxy node located between the client and the
content server, and can communicate with the
controller. Therefore, content request messages from
customers can be intercepted and analyzed by the
Document Page
4
SECURITY ISSUES IN SOFTWARE DEFINED NETWORKS (SDN)
CONA for mitigating the Dos Attacks. In case, the
rate of messages get increased, DoS attacks is in
progress. Therefore, the controller sends a message to
relevant CONA agent. The single point controller
architecture of the SDN lacks in scalability and
reliability [7]. Therefore, the clusters of the data and
information of each controller functions
communicate with each other. Multiple physical level
controllers helps in managing the network instead of
the transparent data forwarding layer.
The privacy issues in the control layer have
been maximum as all the controllers are controlled
from this layer. The hackers are always targeting
this layer for getting access to this level. The access
to the controller helps in monitoring whole SDN
architecture. Therefore, the distributed architecture of
the SDN have been critically analyzed by the hackers
for entering into the architecture [8]. The pattern
describes the flow of data and its header files value.
The switch searches its flow table upon receiving the
data and information. The switch receives
notification upon receiving the data and information
from various data sources and forward to the
controller from control layer.
Threats to application layer:
The application layer is affected by the
attackers for work configuration, steak network data
and inserting spyware in the network. However,
OpenFlow can deploy security algorithms in the
network, these hackers still find a way to breach into
the network if the system. Various types of
applications are developed by companies in the
market that are working in the application layer.
Therefore, hackers might attack lose applications to
enter into the system of the SDN [9]. These might
damage the system in a few seconds and breach data
and information from it.
The illegal access to the SDN controllers
cannot be detected by the item that create more
vulnerable situation for the team. In the multi
controller architecture, each controller is responsible
for controlling only a portion of the switches. In
order to maintain the consistency of the network’s
status, an individual SDN controller can
communicate with other controllers in the network
through east–westbound APIs. The lack in the
standard security protocol have been main case for
the breach in the data network. The applications are
made by the organization that creates an
authentication perspective of the applications in the
system [10].
Solutions to these security issues
There are various solutions to these security
issues in the SDN architectures:
FlowChecker: Flowchecker is a tool that
helps in identifying the errors in the switches. It helps
in creating a model of the switches and models the
accessibility factor of the switches in the circuit [17].
It helps in end-to-end connection of the switches with
the security protocol that helps in restricting any kind
of spyware from entering until the networks. The use
of the configuration helps in providing robustness
and performs functions correctly in the even cases.
This algorithm helps in connecting various
components of the SDN networks with each for
preventing from hacking.
Virtual source Address Validation Edge
(VAVE): It is a protection scheme that helps in
mitigating DoS attack in the network architecture.
This scheme works with the OpenFlow architecture
in the system. A new packet is being transferred to
the network that helps in checking the presence of
any spyware in the network. The presence of
spyware will affect the data packet and proper steps
will be taken.
DISCO: It helps in providing control layer
functions in the distributed heterogeneous networks
that can be implemented in the Floodlight protocol. It
contains two modules including inter-domain control
module and intra-domain control module [16]. The
inter-domain control module is responsible for
monitoring and managing the priority of data
travelling between the domains, so that flow paths
with different priorities can be calculated and
forwarded. The intra-domain control module helps in
redirecting traffic flow for dealing with the attacks.
However, the message transceiver has been designed
to accept neighboring controllers and providing a
various control channel relating in the commutation
between controllers.
McNettle: It is a scalable SDN controller
that helps in multi-core CPUs, that helps in
demonstrating extensible features due to the facts for
allowing additional control algorithms in the systems.
The use of an operator in the McNettle helps in
making advanced level programming language for
maintaining the behavior of the traffic flow.
Targeted
Level
Threats type Solutions
Data
forwarding
layer
Man-in-middle
attack between
switch and
controller.
FlowChecker
ForNOX
VeriFlow
Controller

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
5
SECURITY ISSUES IN SOFTWARE DEFINED NETWORKS (SDN)
DoS attack to
saturate Flow
Table and
Flow Buffer
replication
FlowVisor
Virtual source
Address
Validation
Edge (VAVE)
Resonance
Control layer DoS/DDoS
attack on the
controller.
Threats based
on distributed
multi-
controllers.
Threats from
applications
FloodGuard
DDoS
Blocking
Application
Content-
Oriented
Networking
Architecture
(CONA)
DISCO
McNettle
HyperFlow
SE-Floodlight
FRESCO
Application
Layer
Illegal access
Security rules
and
configuration
conflicts
PemOF
NICE
Verificare
VeriCon
Flover
Anteater
NetPlumber
D. CONCLUSION
It can be concluded that the use of the SDN
architecture in the network of any company helps in
mitigating various issues related to the network
security. The SDN architecture contains a controller
that helps in controller all the components of the
architecture. There are three layers of the SDN
architecture that have been discussed in the study.
The functionality and importance of these three levels
have been discussed in the study. These attacks of
man-in-middle involve session hijacking, DNS
spoofing and port mirroring. This attack between the
controller and switches has been a proper choice for
attacking an SDN. It is used to intercept the messages
between them. The flow table has been saturated in
the irregular traffic as legal traffic have not been
forwarded correctly. The empirical study of various
security threats at various levels have been discussed
in the study. The use of the application layer have
been analyzed in the study with proper explanation.
Various threats have been discussed in the study.
E. REFERENCES
[1] Yan, Qiao, F. Richard Yu, Qingxiang Gong,
and Jianqiang Li. "Software-defined
networking (SDN) and distributed denial of
service (DDoS) attacks in cloud computing
environments: A survey, some research
issues, and challenges." IEEE
Communications Surveys & Tutorials 18,
no. 1 (2016): 602-622.
[2] Kreutz, Diego, Fernando MV Ramos, Paulo
Esteves Verissimo, Christian Esteve
Rothenberg, Siamak Azodolmolky, and
Steve Uhlig. "Software-defined networking:
A comprehensive survey." Proceedings of
the IEEE 103, no. 1 (2015): 14-76.
[3] Nunes, Bruno Astuto A., Marc Mendonca,
Xuan-Nam Nguyen, Katia Obraczka, and
Thierry Turletti. "A survey of software-
defined networking: Past, present, and future
of programmable networks." IEEE
Communications Surveys & Tutorials 16,
no. 3 (2014): 1617-1634.
[4] Scott-Hayward, Sandra, Sriram Natarajan,
and Sakir Sezer. "A survey of security in
software defined networks." IEEE
Communications Surveys & Tutorials 18,
no. 1 (2016): 623-654.
[5] Kreutz, Diego, Jiangshan Yu, Fernando
Ramos, and Paulo Esteves-Verissimo.
"ANCHOR: logically-centralized security
for Software-Defined Networks." arXiv
preprint arXiv:1711.03636 (2017).
[6] Chen, Min, Yongfeng Qian, Shiwen Mao,
Wan Tang, and Ximin Yang. "Software-
defined mobile networks security." Mobile
Networks and Applications 21, no. 5 (2016):
729-743.
[7] Wang, Bing, Yao Zheng, Wenjing Lou, and
Y. Thomas Hou. "DDoS attack protection in
the era of cloud computing and software-
defined networking." Computer Networks 81
(2015): 308-319.
[8] Cui, Laizhong, F. Richard Yu, and Qiao
Yan. "When big data meets software-
defined networking: SDN for big data and
big data for SDN." IEEE network 30, no. 1
(2016): 58-65.
[9] Akhunzada, Adnan, Ejaz Ahmed, Abdullah
Gani, Muhammad Khurram Khan,
Muhammad Imran, and Sghaier Guizani.
"Securing software defined networks:
taxonomy, requirements, and open
issues." IEEE Communications
Magazine 53, no. 4 (2015): 36-44.
[10] Stojmenovic, Ivan, and Sheng Wen. "The
fog computing paradigm: Scenarios and
security issues." In Computer Science and
Document Page
6
SECURITY ISSUES IN SOFTWARE DEFINED NETWORKS (SDN)
Information Systems (FedCSIS), 2014
Federated Conference on, pp. 1-8. IEEE,
2014.
[11] Kreutz, Diego, Jiangshan Yu, Paulo Esteves-
Verissimo, Catia Magalhaes, and Fernando
Ramos. "The KISS principle in software-
defined networking: an architecture for
keeping it simple and secure." arXiv
preprint arXiv:1702.04294 (2017).
[12] Lee, Seunghyeon, Jinwoo Kim, Seungwon
Shin, Phillip Porras, and Vinod
Yegneswaran. "Athena: A framework for
scalable anomaly detection in software-
defined networks." In Dependable Systems
and Networks (DSN), 2017 47th Annual
IEEE/IFIP International Conference on, pp.
249-260. IEEE, 2017.
[13] Lee, Seungsoo, Changhoon Yoon, Chanhee
Lee, Seungwon Shin, Vinod Yegneswaran,
and Phillip Porras. "DELTA: A security
assessment framework for software-defined
networks." In Proceedings of NDSS, vol. 17.
2017.
[14] Dabbagh, Mehiar, Bechir Hamdaoui,
Mohsen Guizani, and Ammar Rayes.
"Software-defined networking security: pros
and cons." IEEE Communications
Magazine 53, no. 6 (2015): 73-79.
[15] Ahmad, Ijaz, Suneth Namal, Mika
Ylianttila, and Andrei Gurtov. "Security in
software defined networks: A survey." IEEE
Communications Surveys & Tutorials 17,
no. 4 (2015): 2317-2346.
[16] Hausheer, David, Oliver Hohlfeld, Stefan
Schmid, and Guofei Gu. "Security and
Performance of Software-defined Networks
and Functions Virtualization." (2018).
[17] Lee, Seungsoo, Changhoon Yoon, Chanhee
Lee, Seungwon Shin, Vinod Yegneswaran,
and Phillip Porras. "DELTA: A security
assessment framework for software-defined
networks." In Proceedings of NDSS, vol. 17.
2017.
1 out of 6
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]