Open Access Open Access  Restricted Access Subscription Access

Security Challenges and Related Solutions in Software Defined Networks: A Survey


Affiliations
1 Department of Computer Science Engineering, GIT, GITAM (Deemed to be University), Visakhapatnam, Andhra Pradesh, Bvrit Hyderabad College of Engineering for Women, Hyderabad, Telangana, India
2 Department of Computer Science Engineering, GIT, GITAM (Deemed to be University), Visakhapatnam, Andhra Pradesh, India
 

In the current digitalized world, everything is interconnected and accessible from everywhere. Although traditional networks are widely adopted, their management is complicated. Therefore, they are not effective in providing services to the future Internet like a wide range of accessibility, high bandwidth, management, and security. On the other hand, Traditional network architecture relies on manual configurations of proprietary devices that are error-prone and inefficient to utilize the network devices properly. Softwaredefined Networking (SDN) has drawn massive changes in the traditional network paradigm by decoupling the network operations from the physical hardware and encouraging network control to be logically centralized. It provides network programmability and improves security by enabling a global view of the entire network and issues handled effectively by the centralized controller. As a result, SDN allows networks to monitor the traffic and detect vulnerabilities more effectively. It also simplifies the deployment of new services with more flexibility at a faster pace. On the other hand, the decoupling of control and the data planes introduces security threats such as Distributed Denial of Service (DDoS) attacks, Man in the Middle attacks, Saturation attacks, etc. As a result, SDN has attracted a lot of interest from both academics and industry. In this paper, we study security vulnerabilities on layers of SDN, the security frameworks that protect each layer, and many security methodologies for network-wide security.

Keywords

Software Defined Networks (SDN), Open-Flow (OF), Network Operating System (NOS), Security, Reliability, Centralized Controller.
User
Notifications
Font Size

  • Singh, Jagdeep and Sunny Behal. “Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions.” Comput. Sci. Rev. 37 (2020): 100279.
  • Fonseca, Paulo César, and Edjard Souza Mota. "A survey on fault management in software-defined networks." IEEE Communications Surveys & Tutorials 19, no. 4 (2017): 2284-2321
  • Kreutz, Diego, Fernando MV Ramos, and Paulo Verissimo. "Towards secure and dependable software-defined networks." In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 55-60. 2013.
  • Jo, Hyeonseong, Jaehyun Nam, and Seungwon Shin. "Nosarmor: Building a secure network operating system." Security and Communication Networks 2018 (2018).
  • Open Network Foundation: achievements, https://opennetworking.org/about-onf/careers/about-onf/ Accessed 04 Jan 2021
  • Kandoi, Rajat, and Markku Antikainen. "Denial-of-service attacks in OpenFlow SDN networks." In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322-1326. IEEE, 2015.
  • HP, ‘‘8200 ZL switch series,’’ 2013. [Online]. Available: http://h17007.www1.hp.com/ us/en/networking/products/switches/HP_8200_zl_Switch_Series/.
  • Arista Networks, ‘‘7150 Series,’’ 2013. [Online]. Available: http://www.Aristanetworks.com/media/system/pdf/Datasheets/7150S_ Datasheet.pdf.
  • Extreme Networks, ‘‘Blackdiamond x8,’’2013. [Online]. Available: http://www.extremenetworks.com/libraries/products/ DSBDX_1832.pdf.
  • Huawei Technologies Co., Ltd., ‘‘Cx600 metro services platform,’’ 2013. [Online].Available: http://www.huawei.com/ucmf/groups/public/documents/attachments/h w_132369.pdf.
  • Juniper Networks, ‘‘Ex9200 Ethernet switch,’’ 2013. [Online]. Available: http://www.juniper.net/us/en/local/pdf/datasheets/1000432en.pdf.
  • BROCADE, ‘‘MLX Series,’’ 2013. [Online].available: http://www.brocade.com/ products/all/routers/product-details/ netironmlx-series/system-options.page
  • IBM, ‘‘System networking RackSwitch G8264,’’ 2013. [Online]. Available: http://www03.ibm.com/systems/networking/switches/rack/g8264/
  • Pica8, ‘‘3920,’’ 2013. [Online]. Available: http://www.pica8.org/documents/pica8-datasheet-64x10gbe-p3780p3920.pdf.
  • .Juniper Networks, Inc., ‘‘Contrail virtual router,’’ 2013. [Online]. Available: https://github.com/Juniper/contrail-vrouter.
  • Rutka, Krzysztof, Konrad Kaplita, Sandhya Narayan, and Stuart Bailey. "LINC Switch (2013)."
  • Fernandes, Eder Leao, and Christian Esteve Rothenberg. "OpenFlow 1.3 software switch." Salao de Ferramentas do XXXII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuıdos SBRC (2014): 1021-1028.
  • Open vSwitch, 2013. [Online]. Available: http://vswitch.org/
  • Pfaff, Ben, Justin Pettit, Keith Amidon, Martin Casado, Teemu Koponen, and Scott Shenker. "Extending networking into the virtualization layer." In Hotnets. 2009.
  • Open-Flow Community, ‘‘Switching reference system,’’ 2009. [Online]. Available: http:// www.Open-Flow.org/wp/downloads/
  • Xie, Haiyong, Tina Tsou, Diego R. Lopez, en Hongtao Yin. “Use Cases for ALTO with Software Defined Networks”. Internet Engineering Task Force, 27 Junie 2012. https://datatracker.ietf.org/doc/html/draft-xie-alto-sdn-use-cases-01.
  • McKeown, Nick, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. "OpenFlow: enabling innovation in campus networks." ACM SIGCOMM computer communication review 38, no. 2 (2008): 69-74.
  • Erickson, David. "The beacon openflow controller." In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 13-18. 2013.
  • Phemius, Kevin, Mathieu Bouet, and Jérémie Leguay. "Disco: Distributed multi-domain sdn controllers." In 2014 IEEE Network Operations and Management Symposium (NOMS), pp. 1-4. IEEE, 2014.
  • Dixit, Advait, Fang Hao, Sarit Mukherjee, T. V. Lakshman, and Ramana Rao Kompella. "ElastiCon; an elastic distributed SDN controller." In 2014 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 17-27. IEEE, 2014.
  • Matsumoto, Stephanos, Samuel Hitz, and Adrian Perrig. "Fleet: Defending SDNs from malicious administrators." In Proceedings of the third workshop on Hot topics in software defined networking, pp. 103-108. 2014.
  • Floodlight, P. "Project floodlight open source software for building softwaredefined networks." (2012).
  • HP, ‘‘SDN controller architecture,’’Tech. Rep., Sep. 2013.
  • Tootoonchian, Amin, and Yashar Ganjali. "Hyperflow: A distributed control plane for openflow." In Proceedings of the 2010 internet network management conference on Research on enterprise networking, vol. 3. 2010.
  • Hassas Yeganeh, Soheil, and Yashar Ganjali. "Kandoo: a framework for efficient and scalable offloading of control applications." In Proceedings of the first workshop on Hot topics in software defined networks, pp. 19-24. 2012.
  • Koponen, Teemu, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan et al. "Onix: A distributed control platform for large-scale production networks." In OSDI, vol. 10, pp. 1-6. 2010.
  • Cai, Z., A. L. Cox, and T. S. E. Ng. "Maestro: A System for Scalable OpenFlow Control. Technical report." Rice University (2011).
  • Banikazemi, Mohammad, David Olshefski, Anees Shaikh, John Tracey, and Guohui Wang. "Meridian: an SDN platform for cloud network services." IEEE Communications Magazine 51, no. 2 (2013): 120-127.
  • Gude, Natasha, Teemu Koponen, Justin Pettit, Ben Pfaff, Martín Casado, Nick McKeown, and Scott Shenker. "NOX: towards an operating system for networks." ACM SIGCOMM computer communication review 38, no. 3 (2008): 105-110.
  • Koponen, Teemu, Keith Amidon, Peter Balland, Martín Casado, Anupam Chanda, Bryan Fulton, Igor Ganichev et al. "Network virtualization in multi-tenant datacenters." In 11th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 14), pp. 203-216. 2014.
  • OpenDaylight, A. "Linux Foundation Collaborative Project." Dispontvel online: http:/Avww. opendaylight. org (2013).
  • U. Krishnaswamy et al., ‘‘ONOS: An open source distributed SDN OS,’’ 2013. [Online]. Available: http://www.slideshare.net/umeshkrishnaswamy/open-networkoperating- system.
  • Ferguson, Andrew D., Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. "Participatory networking: An API for application control of SDNs." ACM SIGCOMM computer communication review 43, no. 4 (2013): 327-338.
  • McCauley, Murphy. "About pox." URL: http://www. noxrepo.org/pox/about-pox/. Online (2013).
  • Shin, Seungwon, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip Porras, Vinod Yegneswaran, Jiseong Noh, and Brent Byunghoon Kang. "Rosemary: A robust, secure, and highperformance network operating system." In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pp. 78-89. 2014.
  • Telegraph, Nippon. "Telephone Corporation,“Ryu Network Operating System.”." (2012).
  • Botelho, Fábio, Alysson Bessani, Fernando MV Ramos, and Paulo Ferreira. "On the design of practical fault-tolerant SDN controllers." In 2014 third European workshop on software defined networks, pp. 73-78. IEEE, 2014.
  • Takamiya, Yasuhito, and Nick Karanatsios. "Trema OpenFlow controller framework." (2012).
  • Hand, Ryan, Michael Ton, and Eric Keller. "Active security." In Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks, pp. 1-7. 2013.
  • Shin, Seungwon, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. "Avant-guard: Scalable and vigilant switch flow management in software-defined networks." In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 413-424. 2013.
  • Shin, Seungwon, and Guofei Gu. "CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)." In 2012 20th IEEE international conference on network protocols (ICNP), pp. 1-6. IEEE, 2012.
  • Tantar, Emilia, Maria Rita Palattella, Tigran Avanesov, Miroslaw Kantor, and Thomas Engel. "Cognition: A tool for reinforcing security in software defined networks." In EVOLVE-A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V, pp. 61-78. Springer, Cham, 2014.
  • Braga, Rodrigo, Edjard Mota, and Alexandre Passito. "Lightweight DDoS flooding attack detection using NOX/OpenFlow." In IEEE Local Computer Network Conference, pp. 408-415. IEEE, 2010.
  • Stabler, Greg, Aaron Rosen, Sebastien Goasguen, and Kuang-Ching Wang. "Elastic IP and security groups implementation using OpenFlow." In Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date, pp. 53-60. 2012.
  • Casado, Martin, Michael J. Freedman, Justin Pettit, Jianying Luo, Nick McKeown, and Scott Shenker. "Ethane: Taking control of the enterprise." ACM SIGCOMM computer communication review 37, no. 4 (2007): 1-12.
  • Shin, Seung Won, Phillip Porras, Vinod Yegneswara, Martin Fong, Guofei Gu, and Mabry Tyson. "Fresco: Modular composable security services for software-defined networks." In 20th Annual Network & Distributed System Security Symposium. Ndss, 2013.
  • Wang, Kai, Yaxuan Qi, Baohua Yang, Yibo Xue, and Jun Li. "LiveSec: Towards effective security management in large-scale production networks." In 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 451-460. IEEE, 2012.
  • Sapio, Amedeo, Mario Baldi, Yong Liao, Gyan Ranjan, Fulvio Risso, Alok Tongaonkar, Ruben Torres, and Antonio Nucci. "MAPPER: a mobile application personal policy enforcement router for enterprise networks." In 2014 Third European Workshop on Software Defined Networks, pp. 131-132. IEEE, 2014.
  • Wang, Ye, Yueping Zhang, Vishal Singh, Cristian Lumezanu, and Guofei Jiang. "Netfuse: Short-circuiting traffic surges in the cloud." In 2013 IEEE international conference on communications (ICC), pp. 3514-3518. IEEE, 2013.
  • Ballard, Jeffrey R., Ian Rae, and Aditya Akella. "Extensible and Scalable Network Monitoring Using OpenSAFE." Inm/wren 10 (2010).
  • Casado, Martin, Tal Garfinkel, Aditya Akella, Michael J. Freedman, Dan Boneh, Nick McKeown, and Scott Shenker. "SANE: A Protection Architecture for Enterprise Networks." In USENIX Security Symposium, vol. 49, p. 50. 2006.
  • Yao, Guang, Jun Bi, and Peiyao Xiao. "Source address validation solution with OpenFlow/NOX architecture." In 2011 19Th IEEE international conference on network protocols, pp. 7-12. IEEE, 2011.
  • Wang, Guohui, TS Eugene Ng, and Anees Shaikh. "Programming your network at run-time for big data applications." In Proceedings of the first workshop on Hot topics in software defined networks, pp.
  • -108. 2012.
  • Benson, Theophilus, Aditya Akella, Anees Shaikh, and Sambit Sahu. "CloudNaaS: a cloud networking platform for enterprise applications." In Proceedings of the 2nd ACM Symposium on Cloud Computing, pp.1-13. 2011.
  • Das, Anupam, Cristian Lumezanu, Yueping Zhang, Vishal Singh, Guofei Jiang, and Curtis Yu. "Transparent and flexible network management for big data processing in the cloud." In 5th {USENIX} Workshop on Hot Topics in Cloud Computing (HotCloud 13). 2013.
  • Arefin, Ahsan, Vishal K. Singh, Guofei Jiang, Yueping Zhang, and Cristian Lumezanu. "Diagnosing data center behavior flow by flow." In 2013 IEEE 33rd International Conference on Distributed Computing Systems, pp. 11-20. IEEE, 2013.
  • Keller, Eric, Soudeh Ghorbani, Matt Caesar, and Jennifer Rexford. "Live migration of an entire network (and its hosts)." In Proceedings of the 11th ACM Workshop on Hot Topics in Networks, pp. 109-114. 2012.
  • Raghavendra, Ramya, Jorge Lobo, and Kang-Won Lee. "Dynamic graph query primitives for sdn-based cloudnetwork management." In Proceedings of the first workshop on Hot topics in software defined networks, pp. 97-102. 2012.
  • Ghobadi, Monia, and Y. Ganjali. "TCP adaptation framework in data centers." PhD diss., University of Toronto, 2013.
  • Yu, Ye, Chen Qian, and Xin Li. "Distributed and collaborative traffic monitoring in software defined networks." In Proceedings of the third workshop on Hot topics in software defined networking, pp. 85-90.
  • Van Adrichem, Niels LM, Christian Doerr, and Fernando A. Kuipers. "Opennetmon: Network monitoring in openflow software-defined networks." In 2014 IEEE Network Operations and Management Symposium (NOMS), pp. 1-8. IEEE, 2014.
  • Tootoonchian, Amin, Monia Ghobadi, and Yashar Ganjali. "OpenTM: traffic matrix estimator for OpenFlow networks." In International Conference on Passive and Active Network Measurement, pp. 201-210. Springer, Berlin, Heidelberg, 2010.
  • Argyropoulos, Christos, Dimitrios Kalogeras, Georgios Androulidakis, and Vasilis Maglaris. "PaFloMon--A Slice Aware Passive Flow Monitoring Framework for OpenFlow Enabled Experimental Facilities." In 2012 European Workshop on Software Defined Networking, pp. 97-102. IEEE, 2012.
  • Chowdhury, Shihabur Rahman, Md Faizul Bari, Reaz Ahmed, and Raouf Boutaba. "Payless: A low cost network monitoring framework for software defined networks." In 2014 IEEE Network Operations
  • and Management Symposium (NOMS), pp. 1-9. IEEE, 2014.
  • Scharf, Michael, Vijay Gurbani, Thomas Voith, Manuel Stein, W. Roome, Greg Soprovich, and Volker Hilt. "Dynamic VPN optimization by ALTO guidance." In 2013 second European workshop on software defined networks, pp. 13-18. IEEE, 2013.
  • Handigol, Nikhil, Srini Seetharaman, Mario Flajslik, Aaron Gember, Nick McKeown, Guru Parulkar, Aditya Akella et al. "Aster* x: Loadbalancing web traffic over wide-area networks." Open Networking Summit Demo (2011).
  • Heller, Brandon, Srinivasan Seetharaman, Priya Mahadevan, Yiannis Yiakoumis, Puneet Sharma, Sujata Banerjee, and Nick McKeown.
  • "Elastictree: Saving energy in data center networks." In Nsdi, vol. 10, pp. 249-264. 2010.
  • Benson, Theophilus, Ashok Anand, Aditya Akella, and Ming Zhang. "MicroTE: Fine grained traffic engineering for data centers." In Proceedings of the seventh conference on emerging networking experiments and technologies, pp. 1-12. 2011.
  • Xiong, Pengcheng, and Hakan Hacigümüş. "Pronto: A softwaredefined networking based system for performance management of analytical queries on distributed data stores." Proceedings of the VLDB Endowment 7, no. 13 (2014): 1661-1664.
  • Jeong, Kwangtae, Jinwook Kim, and Young-Tak Kim. "QoS-aware network operating system for software defined networking with generalized OpenFlows." In 2012 IEEE Network Operations and Management Symposium, pp. 1167-1174. IEEE, 2012.
  • Palma, David, Joao Goncalves, Bruno Sousa, Luis Cordeiro, Paulo Simoes, Sachin Sharma, and Dimitri Staessens. "The queuepusher: Enabling queue management in openflow." In 2014 third European workshop on software defined networks, pp. 125-126. IEEE, 2014.
  • Ahmad, Suhail, and Ajaz Hussain Mir. "Scalability, consistency, reliability and security in sdn controllers: A survey of diverse sdn controllers." Journal of Network and Systems Management 29, no. 1 (2021): 1-59.
  • Park, Younghee, Hongxin Hu, Xiaohong Yuan, and Hongda Li. "Enhancing Security Education Through Designing SDN Security Labs in CloudLab." In Proceedings of the 49th ACM Technical Symposium on Computer Science Education, pp. 185-190. 2018.
  • Kreutz, Diego, Fernando MV Ramos, and Paulo Verissimo. "Towards secure and dependable software-defined networks." In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 55-60. 2013.
  • Xie, Haiyong, Tina Tsou, Diego R. Lopez, en Hongtao Yin. “Use Cases for ALTO with Software Defined Networks”. Internet Engineering Task Force, 27 Junie 2012. https://datatracker.ietf.org/doc/html/draft-xie-alto-sdn-use-cases-01.
  • Seedorf, Jan, and Eric Burger. Application-layer traffic optimization (ALTO) problem statement. RFC 5693, October, 2009..
  • MR, Harshitha, Harshitha JS, Brunda KS, and Shrihari MR. "An Approach for Supervising the Security Threats using Software Defined Networks." Available at SSRN 3510055 (2019).
  • Gupta, Brij B., Gregorio Martinez Perez, Dharma P. Agrawal, and Deepak Gupta. Handbook of computer networks and cyber security. Springer, 2020.
  • Benton, Kevin, L. Jean Camp, and Chris Small. "Open Flow vulnerability assessment." In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 151-152. 2013.
  • Liyanage, Madhusanka, and Andrei Gurtov. "Secured VPN models for LTE backhaul networks." In 2012 IEEE Vehicular Technology Conference (VTC Fall), pp. 1-5. IEEE, 2012.
  • Staessens, Dimitri, Sachin Sharma, Didier Colle, Mario Pickavet, and Piet Demeester. "Software defined networking: Meeting carrier grade requirements." In 2011 18th IEEE workshop on local & metropolitan area networks (LANMAN), pp. 1-6. IEEE, 2011.
  • Wen, Xitao, Yan Chen, Chengchen Hu, Chao Shi, and Yi Wang. "Towards a secure controller platform for openflow applications." In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 171-172. 2013.
  • Beckett, Ryan, Xuan Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, and David Walker. "An assertion language for debugging SDN applications." In Proceedings of the third workshop on Hot topics in software defined networking, pp. 91-96. 2014.
  • Canini, Marco, Dejan Kostic, Jennifer Rexford, and Daniele Venzano. "Automating the testing of OpenFlow applications." In The 1st International Workshop on Rigorous Protocol Engineering (WRiPE).
  • Phemius, Kévin, Mathieu Bouet, and Jérémie Leguay. "DISCO: Distributed SDN controllers in a multi-domain environment." In 2014 IEEE Network Operations and Management Symposium (NOMS), pp.1-2. IEEE, 2014.
  • Tootoonchian, Amin, and Yashar Ganjali. "Hyperflow: A distributed control plane for openflow." In Proceedings of the 2010 internet network management conference on Research on enterprise networking, vol. 3. 2010.
  • Al-Shaer, Ehab, and Saeed Al-Haj. "FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures." In Proceedings of the 3rd ACM workshop on Assurable and usable security configuration, pp. 37-44. 2010.
  • Khurshid, Ahmed, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. "Veriflow: Verifying network-wide invariants in real time." In 10th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 13), pp. 15-27. 2013.
  • Foster, Nate, Rob Harrison, Michael J. Freedman, Christopher Monsanto, Jennifer Rexford, Alec Story, and David Walker. "Frenetic: A network programming language." ACM Sigplan Notices 46, no. 9 (2011): 279-291.
  • Voellmy, Andreas, Hyojoon Kim, and Nick Feamster. "Procera: a language for high-level reactive network control." In Proceedings of the first workshop on Hot topics in software defined networks, pp. 4348. 2012.
  • Monsanto, Christopher, Nate Foster, Rob Harrison, and David Walker. "A compiler and run-time system for network programming languages." Acm sigplan notices 47, no. 1 (2012): 217-230.
  • Handigol, Nikhil, Brandon Heller, Vimalkumar Jeyakumar, David Maziéres, and Nick McKeown. "Where is the debugger for my software-defined network?." In Proceedings of the first workshop on Hot topics in software defined networks, pp. 55-60. 2012.
  • Wundsam, Andreas, Dan Levin, Srini Seetharaman, and Anja Feldmann. "OFRewind: Enabling record and replay troubleshooting for networks." In USENIX Annual Technical Conference, pp. 327340. USENIX Association, 2011.
  • “Porras, Phillip A., Steven Cheung, Martin W. Fong, Keith Skinner, and Vinod Yegneswaran."Securing the software defined network control layer." In NDSS. 2015.
  • Switch, Big. "Developing floodlight modules. Floodlight OpenFlow controller." (2012).
  • Fernandez, Marcial P. "Comparing openflow controller paradigms scalability: Reactive and proactive." In 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), pp. 1009-1016. IEEE, 2013.
  • Voellmy, Andreas, and Junchang Wang. "Scalable software defined network controllers." In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication, pp. 289-290. 2012.
  • Phemius, Kevin, Mathieu Bouet, and Jérémie Leguay. "Disco: Distributed multi-domain sdn controllers." In 2014 IEEE Network Operations and Management Symposium (NOMS), pp. 1-4. IEEE,
  • Vinoski, Steve. "Advanced message queuing protocol." IEEE Internet Computing 10, no. 6 (2006): 87-89.
  • Heller, Brandon, Rob Sherwood, and Nick McKeown. "The controller placement problem." ACM SIGCOMM Computer Communication Review 42, no. 4 (2012): 473-478.
  • Kohonen, Teuvo. "The self-organizing map." Proceedings of the IEEE 78, no. 9 (1990): 1464-1480.
  • Hu, Yannan, Wendong Wang, Xiangyang Gong, Xirong Que, and Shiduan Cheng. "On reliability-optimized controller placement for software-defined networks." China Communications 11, no. 2 (2014):
  • -54.
  • Fan, Yuqi, and Tao Ouyang. "Reliability-aware controller placements in software defined networks." In 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems(HPCC/SmartCity/DSS), pp. 2133-2140. IEEE, 2019.
  • Bari, Md Faizul, Arup Raton Roy, Shihabur Rahman Chowdhury, Qi Zhang, Mohamed Faten Zhani, Reaz Ahmed, and Raouf Boutaba. "Dynamic controller provisioning in software defined networks." In Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013), pp. 18-25. IEEE, 2013.
  • Zhang, Ying, Neda Beheshti, and Mallik Tatipamula. "On resilience of split-architecture networks." In 2011 IEEE Global Telecommunications Conference-GLOBECOM 2011, pp. 1-6. IEEE, 2011.
  • Hock, David, Matthias Hartmann, Steffen Gebert, Michael Jarschel, Thomas Zinner, and Phuoc Tran-Gia. "Pareto-optimal resilient controller placement in SDN-based core networks." In Proceedings of the 2013 25th International Teletraffic Congress (ITC), pp. 1-9. IEEE, 2013.
  • Porras, Philip, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. "A security enforcement kernel for OpenFlow networks." In Proceedings of the first workshop on Hot topics in software defined networks, pp. 121-126. 2012.
  • Fonseca, Paulo, Ricardo Bennesby, Edjard Mota, and Alexandre Passito. "A replication component for resilient OpenFlow-based networking." In 2012 IEEE Network operations and management symposium, pp. 933-939. IEEE, 2012.
  • Seedorf, Jan, and Eric Burger. Application-layer traffic optimization (ALTO) problem statement. RFC 5693, October, 2009.
  • Sherwood, Rob, and K. K. Yap. "Cbench controller benchmarker." Last accessed, Nov (2011).
  • Jarschel, Michael, Christopher Metter, Thomas Zinner, Steffen Gebert, and Phuoc Tran-Gia. "OFCProbe: A platform-independent tool for OpenFlow controller analysis." In 2014 IEEE Fifth International Conference on Communications and Electronics (ICCE), pp. 182-187. IEEE, 2014.
  • Shankar, Ganesh H. "OFNet." OFNet-Quick User Guide.[Online]. Available: http://sdninsights. org/.[Accessed: 05-Jun-2018] (2016).
  • Ahmad, Ahnaf, Erkki Harjula, Mika Ylianttila, en Ijaz Ahmad. “Evaluation of Machine Learning Techniques for Security in SDN”. In 2020 IEEE Globecom Workshops (GC Wkshps, 1–6, 2020. https://doi.org/10.1109/GCWkshps50303.2020.9367477.
  • Alshra’a, Abdullah Soliman, Ahmad Farhat, and Jochen Seitz. "Deep Learning Algorithms for Detecting Denial of Service Attacks in Software-Defined Networks." Procedia Computer Science 191 (2021): 254-263

Abstract Views: 522

PDF Views: 8




  • Security Challenges and Related Solutions in Software Defined Networks: A Survey

Abstract Views: 522  |  PDF Views: 8

Authors

Konda Srikar Goud
Department of Computer Science Engineering, GIT, GITAM (Deemed to be University), Visakhapatnam, Andhra Pradesh, Bvrit Hyderabad College of Engineering for Women, Hyderabad, Telangana, India
Srinivasa Rao Gidituri
Department of Computer Science Engineering, GIT, GITAM (Deemed to be University), Visakhapatnam, Andhra Pradesh, India

Abstract


In the current digitalized world, everything is interconnected and accessible from everywhere. Although traditional networks are widely adopted, their management is complicated. Therefore, they are not effective in providing services to the future Internet like a wide range of accessibility, high bandwidth, management, and security. On the other hand, Traditional network architecture relies on manual configurations of proprietary devices that are error-prone and inefficient to utilize the network devices properly. Softwaredefined Networking (SDN) has drawn massive changes in the traditional network paradigm by decoupling the network operations from the physical hardware and encouraging network control to be logically centralized. It provides network programmability and improves security by enabling a global view of the entire network and issues handled effectively by the centralized controller. As a result, SDN allows networks to monitor the traffic and detect vulnerabilities more effectively. It also simplifies the deployment of new services with more flexibility at a faster pace. On the other hand, the decoupling of control and the data planes introduces security threats such as Distributed Denial of Service (DDoS) attacks, Man in the Middle attacks, Saturation attacks, etc. As a result, SDN has attracted a lot of interest from both academics and industry. In this paper, we study security vulnerabilities on layers of SDN, the security frameworks that protect each layer, and many security methodologies for network-wide security.

Keywords


Software Defined Networks (SDN), Open-Flow (OF), Network Operating System (NOS), Security, Reliability, Centralized Controller.

References





DOI: https://doi.org/10.22247/ijcna%2F2022%2F211595