La seguridad en redes SDN y sus aplicaciones

Introduction: The review article is the product of the research on Security in SDN networks and their applications, developed at the District University in 2020, presenting the latest advances, that have been made in security. Problem: The security weaknesses that SDN networks have had, due to being a new architecture. This has not allowed traditional networks to be replaced.   Objective: To carry out a review of the state of the art of SDN networks, focusing research on the security of the control layer and its advances. Methodology: The descriptive method is implemented, consulting databases such as Scopus, IEEE and ScienceDirect, using the following search criteria: SDN networks, security in SDN networks, applications with SDN networks and OpenFlow protocol. It is shown as a research sample: the Asian, European and American continents with years of research from 2014 to 2020. Results: Great advances have been made in terms of security for SDN networks, which allows us to see an early solution to the weaknesses that it currently faces.   Conclusion: SDN networks will solve all the challenges they face and will be consolidated as a solid and reliable architecture.   Originality: an important focus is taken on the security of SDN networks and the great development that has occurred in this regard is evident.   Limitations: SDN networks are a new architecture, so their development has been very little and advances in security have been significantly affected.Introducción: El artículo de revisión es producto de la investigación Seguridad en redes SDN y sus aplicaciones, desarrollada en la Universidad Distrital en el año 2020, presentando los últimos avances que se han logrado en seguridad. Problema: Las debilidades en seguridad que han tenido las redes SDN debido a ser una arquitectura nueva, esto no ha permitido que se reemplacen las redes tradicionales. Objetivo: realizar una revisión del estado del arte de las redes SDN enfocando la investigación la seguridad de la capa de control y sus avances. Metodología: se emplea el método descriptivo, se consultaron bases de datos como Scopus, IEEE y ScienceDirect, utilizando los siguientes criterios de búsqueda: SDN networks, security in SDN networks, applications with SDN networks y OpenFlow protocol, se tomó como muestra de investigación a los continentes asiático, europeo y americano con años de investigación desde el año 2014 hasta el año 2020. Resultados: se han desarrollado grandes avances en seguridad para las redes SDN, lo que permite ver una pronta solución a las debilidades que afronta en la actualidad. Conclusión: las redes SDN lograran resolver todos los retos a los que se enfrentan y se consolidara como una arquitectura sólida y confiable. Originalidad: se realiza un enfoque importante en la seguridad de las redes SDN y se evidencia el gran desarrollo que se ha presentado en este aspecto. Limitaciones: las redes SDN son una arquitectura nueva por lo que su desarrollo ha sido muy poco y los avances en seguridad se vieron afectados significativamente

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Creating a Worldwide Network For the Global Environment for Network Innovations (GENI) and Related Experimental Environments

Many important societal activities are global in scope, and as these activities continually expand world-wide, they are increasingly based on a foundation of advanced communication services and underlying innovative network architecture, technology, and core infrastructure. To continue progress in these areas, research activities cannot be limited to campus labs and small local testbeds or even to national testbeds. Researchers must be able to explore concepts at scale—to conduct experiments on world-wide testbeds that approximate the attributes of the real world. Today, it is possible to take advantage of several macro information technology trends, especially virtualization and capabilities for programming technology resources at a highly granulated level, to design, implement and operate network research environments at a global scale. GENI is developing such an environment, as are research communities in a number of other countries. Recently, these communities have not only been investigating techniques for federating these research environments across multiple domains, but they have also been demonstration prototypes of such federations. This chapter provides an overview of key topics and experimental activities related to GENI international networking and to related projects throughout the world

A review of the use of artificial intelligence methods in infrastructure systems

The artificial intelligence (AI) revolution offers significant opportunities to capitalise on the growth of digitalisation and has the potential to enable the ‘system of systems’ approach required in increasingly complex infrastructure systems. This paper reviews the extent to which research in economic infrastructure sectors has engaged with fields of AI, to investigate the specific AI methods chosen and the purposes to which they have been applied both within and across sectors. Machine learning is found to dominate the research in this field, with methods such as artificial neural networks, support vector machines, and random forests among the most popular. The automated reasoning technique of fuzzy logic has also seen widespread use, due to its ability to incorporate uncertainties in input variables. Across the infrastructure sectors of energy, water and wastewater, transport, and telecommunications, the main purposes to which AI has been applied are network provision, forecasting, routing, maintenance and security, and network quality management. The data-driven nature of AI offers significant flexibility, and work has been conducted across a range of network sizes and at different temporal and geographic scales. However, there remains a lack of integration of planning and policy concerns, such as stakeholder engagement and quantitative feasibility assessment, and the majority of research focuses on a specific type of infrastructure, with an absence of work beyond individual economic sectors. To enable solutions to be implemented into real-world infrastructure systems, research will need to move away from a siloed perspective and adopt a more interdisciplinary perspective that considers the increasing interconnectedness of these systems

A manifesto for future generation cloud computing: research directions for the next decade

The Cloud computing paradigm has revolutionised the computer science horizon during the past decade and has enabled the emergence of computing as the fifth utility. It has captured significant attention of academia, industries, and government bodies. Now, it has emerged as the backbone of modern economy by offering subscription-based services anytime, anywhere following a pay-as-you-go model. This has instigated (1) shorter establishment times for start-ups, (2) creation of scalable global enterprise applications, (3) better cost-to-value associativity for scientific and high performance computing applications, and (4) different invocation/execution models for pervasive and ubiquitous applications. The recent technological developments and paradigms such as serverless computing, software-defined networking, Internet of Things, and processing at network edge are creating new opportunities for Cloud computing. However, they are also posing several new challenges and creating the need for new approaches and research strategies, as well as the re-evaluation of the models that were developed to address issues such as scalability, elasticity, reliability, security, sustainability, and application models. The proposed manifesto addresses them by identifying the major open challenges in Cloud computing, emerging trends, and impact areas. It then offers research directions for the next decade, thus helping in the realisation of Future Generation Cloud Computing

Wide-Area Time-Synchronized Closed-Loop Control of Power Systems And Decentralized Active Distribution Networks

The rapidly expanding power system grid infrastructure and the need to reduce the occurrence of major blackouts and prevention or hardening of systems against cyber-attacks, have led to increased interest in the improved resilience of the electrical grid. Distributed and decentralized control have been widely applied to computer science research. However, for power system applications, the real-time application of decentralized and distributed control algorithms introduce several challenges. In this dissertation, new algorithms and methods for decentralized control, protection and energy management of Wide Area Monitoring, Protection and Control (WAMPAC) and the Active Distribution Network (ADN) are developed to improve the resiliency of the power system. To evaluate the findings of this dissertation, a laboratory-scale integrated Wide WAMPAC and ADN control platform was designed and implemented. The developed platform consists of phasor measurement units (PMU), intelligent electronic devices (IED) and programmable logic controllers (PLC). On top of the designed hardware control platform, a multi-agent cyber-physical interoperability viii framework was developed for real-time verification of the developed decentralized and distributed algorithms using local wireless and Internet-based cloud communication. A novel real-time multiagent system interoperability testbed was developed to enable utility independent private microgrids standardized interoperability framework and define behavioral models for expandability and plug-and-play operation. The state-of-theart power system multiagent framework is improved by providing specific attributes and a deliberative behavior modeling capability. The proposed multi-agent framework is validated in a laboratory based testbed involving developed intelligent electronic device prototypes and actual microgrid setups. Experimental results are demonstrated for both decentralized and distributed control approaches. A new adaptive real-time protection and remedial action scheme (RAS) method using agent-based distributed communication was developed for autonomous hybrid AC/DC microgrids to increase resiliency and continuous operability after fault conditions. Unlike the conventional consecutive time delay-based overcurrent protection schemes, the developed technique defines a selectivity mechanism considering the RAS of the microgrid after fault instant based on feeder characteristics and the location of the IEDs. The experimental results showed a significant improvement in terms of resiliency of microgrids through protection using agent-based distributed communication

An ontology-based approach toward the configuration of heterogeneous network devices

Despite the numerous efforts of standardization, semantic issues remain in effect in many subfields of networking. The inability to exchange data unambiguously between information systems and human resources is an issue that hinders technology implementation, semantic interoperability, service deployment, network management, technology migration, among many others. In this thesis, we will approach the semantic issues in two critical subfields of networking, namely, network configuration management and network addressing architectures. The fact that makes the study in these areas rather appealing is that in both scenarios semantic issues have been around from the very early days of networking. However, as networks continue to grow in size and complexity current practices are becoming neither scalable nor practical. One of the most complex and essential tasks in network management is the configuration of network devices. The lack of comprehensive and standard means for modifying and controlling the configuration of network elements has led to the continuous and extended use of proprietary Command Line Interfaces (CLIs). Unfortunately, CLIs are generally both, device and vendor-specific. In the context of heterogeneous network infrastructures---i.e., networks typically composed of multiple devices from different vendors---the use of several CLIs raises serious Operation, Administration and Management (OAM) issues. Accordingly, network administrators are forced to gain specialized expertise and to continuously keep knowledge and skills up to date as new features, system upgrades or technologies appear. Overall, the utilization of proprietary mechanisms allows neither sharing knowledge consistently between vendors' domains nor reusing configurations to achieve full automation of network configuration tasks---which are typically required in autonomic management. Due to this heterogeneity, CLIs typically provide a help feature which is in turn an useful source of knowledge to enable semantic interpretation of a vendor's configuration space. The large amount of information a network administrator must learn and manage makes Information Extraction (IE) and other forms of natural language analysis of the Artificial Intelligence (AI) field key enablers for the network device configuration space. This thesis presents the design and implementation specification of the first Ontology-Based Information Extraction (OBIE) System from the CLI of network devices for the automation and abstraction of device configurations. Moreover, the so-called semantic overload of IP addresses---wherein addresses are both identifiers and locators of a node at the same time---is one of the main constraints over mobility of network hosts, multi-homing and scalability of the routing system. In light of this, numerous approaches have emerged in an effort to decouple the semantics of the network addressing scheme. In this thesis, we approach this issue from two perspectives, namely, a non-disruptive (i.e., evolutionary) solution to the current Internet and a clean-slate approach for Future Internet. In the first scenario, we analyze the Locator/Identifier Separation Protocol (LISP) as it is currently one of the strongest solutions to the semantic overload issue. However, its adoption is hindered by existing problems in the proposed mapping systems. Herein, we propose the LISP Redundancy Protocol (LRP) aimed to complement the LISP framework and strengthen feasibility of deployment, while at the same time, minimize mapping table size, latency time and maximize reachability in the network. In the second scenario, we explore TARIFA a Next Generation Internet architecture and introduce a novel service-centric addressing scheme which aims to overcome the issues related to routing and semantic overload of IP addresses.A pesar de los numerosos esfuerzos de estandarización, los problemas de semántica continúan en efecto en muchas subáreas de networking. La inabilidad de intercambiar data sin ambiguedad entre sistemas es un problema que limita la interoperabilidad semántica. En esta tesis, abordamos los problemas de semántica en dos áreas: (i) la gestión de configuración y (ii) arquitecturas de direccionamiento. El hecho que hace el estudio en estas áreas de interés, es que los problemas de semántica datan desde los inicios del Internet. Sin embargo, mientras las redes continúan creciendo en tamaño y complejidad, los mecanismos desplegados dejan de ser escalabales y prácticos. Una de las tareas más complejas y esenciales en la gestión de redes es la configuración de equipos. La falta de mecanismos estándar para la modificación y control de la configuración de equipos ha llevado al uso continuado y extendido de interfaces por líneas de comando (CLI). Desafortunadamente, las CLIs son generalmente, específicos por fabricante y dispositivo. En el contexto de redes heterogéneas--es decir, redes típicamente compuestas por múltiples dispositivos de distintos fabricantes--el uso de varias CLIs trae consigo serios problemas de operación, administración y gestión. En consecuencia, los administradores de red se ven forzados a adquirir experiencia en el manejo específico de múltiples tecnologías y además, a mantenerse continuamente actualizados en la medida en que nuevas funcionalidades o tecnologías emergen, o bien con actualizaciones de sistemas operativos. En general, la utilización de mecanismos propietarios no permite compartir conocimientos de forma consistente a lo largo de plataformas heterogéneas, ni reutilizar configuraciones con el objetivo de alcanzar la completa automatización de tareas de configuración--que son típicamente requeridas en el área de gestión autonómica. Debido a esta heterogeneidad, las CLIs suelen proporcionar una función de ayuda que fundamentalmente aporta información para la interpretación semántica del entorno de configuración de un fabricante. La gran cantidad de información que un administrador debe aprender y manejar, hace de la extracción de información y otras formas de análisis de lenguaje natural del campo de Inteligencia Artificial, potenciales herramientas para la configuración de equipos en entornos heterogéneos. Esta tesis presenta el diseño y especificaciones de implementación del primer sistema de extracción de información basada en ontologías desde el CLI de dispositivos de red, para la automatización y abstracción de configuraciones. Por otra parte, la denominada sobrecarga semántica de direcciones IP--en donde, las direcciones son identificadores y localizadores al mismo tiempo--es una de las principales limitaciones sobre mobilidad, multi-homing y escalabilidad del sistema de enrutamiento. Por esta razón, numerosas propuestas han emergido en un esfuerzo por desacoplar la semántica del esquema de direccionamiento de las redes actuales. En esta tesis, abordamos este problema desde dos perspectivas, la primera de ellas una aproximación no-disruptiva (es decir, evolucionaria) al problema del Internet actual y la segunda, una nueva propuesta en torno a futuras arquitecturas del Internet. En el primer escenario, analizamos el protocolo LISP (del inglés, Locator/Identifier Separation Protocol) ya que es en efecto, una de las soluciones con mayor potencial para la resolucion del problema de semántica. Sin embargo, su adopción está limitada por problemas en los sistemas de mapeo propuestos. En esta tesis, proponemos LRP (del inglés, LISP Redundancy Protocol) un protocolo destinado a complementar LISP e incrementar la factibilidad de despliegue, a la vez que, reduce el tamaño de las tablas de mapeo, tiempo de latencia y maximiza accesibilidad. En el segundo escenario, exploramos TARIFA una arquitectura de red de nueva generación e introducimos un novedoso esquema de direccionamiento orientado a servicios

Next Generation of SDN in Cloud-Fog for 5G and Beyond-Enabled Applications: Opportunities and Challenges

In recent years, the number of objects connected to the Internet has significantly increased. Increasing the number of connected devices to Internet is transforming today’s Internet of Things (IoT) into massive IoT of future. It is predicted, in a few years, a high communication and computation capacity will be required to meet demands of massive IoT devices and applications requiring data sharing and processing. 5G and beyond mobile networks are expected to fulfill part of these requirements by providing data rate of up to Terabits per second. It will be a key enabler to support massive IoT and emerging mission critical applications with strict delay constrains. On the other hand, next generation of Software Defined Networking (SDN) with emerging Cloud related technologies (e.g., Fog and Edge computing) can play an important role on supporting and implementing the above-mentioned applications. This paper sets out the potential opportunities and important challenges that must be addressed in considering options for using SDN in hybrid Cloud-Fog systems to support 5G and beyond-enabled applications