FS-OpenSecurity : A taxonomic modeling of security threats in SDN for future sustainable computing

Peer reviewedPublisher PD

ReactiFi: Reactive Programming of Wi-Fi Firmware on Mobile Devices

Network programmability will be required to handle future increased network traffic and constantly changing application needs. However, there is currently no way of using a high-level, easy to use programming language to program Wi-Fi firmware. This impedes rapid prototyping and deployment of novel network services/applications and hinders continuous performance optimization in Wi-Fi networks, since expert knowledge is required for both the used hardware platforms and the Wi-Fi domain. In this paper, we present ReactiFi, a high-level reactive programming language to program Wi-Fi chips on mobile consumer devices. ReactiFi enables programmers to implement extensions of PHY, MAC, and IP layer mechanisms without requiring expert knowledge of Wi-Fi chips, allowing for novel applications and network protocols. ReactiFi programs are executed directly on the Wi-Fi chip, improving performance and power consumption compared to execution on the main CPU. ReactiFi is conceptually similar to functional reactive languages, but is dedicated to the domain-specific needs of Wi-Fi firmware. First, it handles low-level platform-specific details without interfering with the core functionality of Wi-Fi chips. Second, it supports static reasoning about memory usage of applications, which is important for typically memory-constrained Wi-Fi chips. Third, it limits dynamic changes of dependencies between computations to dynamic branching, in order to enable static reasoning about the order of computations. We evaluate ReactiFi empirically in two real-world case studies. Our results show that throughput, latency, and power consumption are significantly improved when executing applications on the Wi-Fi chip rather than in the operating system kernel or in user space. Moreover, we show that the high-level programming abstractions of ReactiFi have no performance overhead compared to manually written C code

OpenDaylight vs. Floodlight: Comparative Analysis of a Load Balancing Algorithm for Software Defined Networking

This paper presents the proposal of a load balancing algorithm implemented in two of the most popular controllers for Software Defined Networks (SDN): OpenDaylight and Floodlight. A comparative study in terms of the available bandwidth and delay time of the packet forwarding was performed by means of simulation modeling in a base network in which a shortest path algorithm was implemented as well. The results show that the proposed load balancing algorithm improves significantly the performance of a SDN in terms of the offered QoS of a OpenDaylight based controller. The effect of the proposed load balancing algorithm in the Floodlight controller shows a smaller impact mainly on the bandwidth allocation due to its in-build modules that by default perform specific routing and forwarding operations efficiently according to the traffic demand

Software-Defined Networking: A Comprehensive Survey

peer reviewedThe Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this - ew paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms—with a focus on aspects such as resiliency, scalability, performance, security, and dependability—as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment

Network Mobility Management Challenges, Directions, and Solutions: An Architectural Perspective

Efficient mobility management solutions are essential to provide users with seamless connectivity and session continuity during movement. However, user mobility was not envisaged as one of the early Internet's use cases due to the early adoption of destination based routing and the assumption that end-nodes are static. This has become a critical hinder for providing efficient mobility support. This paper presents the challenges, drivers, and solutions that aim to overcome the drawbacks of current mobility management approaches. Furthermore, it introduces a promising solution that builds on emerging path-based forwarding architectures that identify network links rather than end nodes. Delivery path information is stored inside the packet while forwarding is achieved by performing a simple set membership test rather than the current destination-based routing approach. Mobility management in these architectures simply requires partial recomputation of the delivery path allowing for efficient mobility support over an optimal path. Evaluation results show significant cost savings in terms of delivery paths and end-to-end packet delay when using a path forwarding architecture

Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey

Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across

Network Mobility Management Challenges, Directions, and Solutions: An Architectural Perspective

Efficient mobility management solutions are essential to provide users with seamless connectivity and session continuity during movement. However, user mobility was not envisaged as one of the early Internet’s use cases due to the early adoption of destination based routing and the assumption that end-nodes are static. This has become a critical hinder for providing efficient mobility support. This paper presents the challenges, drivers, and solutions that aim to overcome the drawbacks of current mobility management approaches. Furthermore, it introduces a promising solution that builds on emerging path-based forwarding architectures that identify network links rather than end nodes. Delivery path information is stored inside the packet while forwarding is achieved by performing a simple set membership test rather than the current destination-based routing approach. Mobility management in these architectures simply requires partial recomputation of the delivery path allowing for efficient mobility support over an optimal path. Evaluation results show significant cost savings in terms of delivery paths and end-to-end packet delay when using a path forwarding architecture

Network Mobility Management Challenges, Directions, and Solutions: An Architectural Perspective

Efficient mobility management solutions are essential to provide users with seamless connectivity and session continuity during movement. However, user mobility was not envisaged as one of the early Internet’s use cases due to the early adoption of destination based routing and the assumption that end-nodes are static. This has become a critical hinder for providing efficient mobility support. This paper presents the challenges, drivers, and solutions that aim to overcome the drawbacks of current mobility management approaches. Furthermore, it introduces a promising solution that builds on emerging path-based forwarding architectures that identify network links rather than end nodes. Delivery path information is stored inside the packet while forwarding is achieved by performing a simple set membership test rather than the current destination-based routing approach. Mobility management in these architectures simply requires partial recomputation of the delivery path allowing for efficient mobility support over an optimal path. Evaluation results show significant cost savings in terms of delivery paths and end-to-end packet delay when using a path forwarding architecture

High performance network function virtualization for user-oriented services

The Network Function Virtualization (NFV) paradigm proposes to transform those network functions today running on dedicated and often closed appliances (e.g., firewall, wan accelerator) into pure software images, called Virtual Network Functions (VNFs), which can be consolidated and executed on high-volume standard servers. In this context, this dissertation focuses on the possibility of enabling each single end user (and not only network operators) to set up network services by means of NFV, allowing him to custoimize the set of services that are active on his Internet connection. This goal mainly requires to address flexibility and performance issues. Regarding to the former, it is important: (i) to support services including both network (e.g., firewall) and cloud (e.g., storage server) applications; (ii) to allow the user to define the service with an intuitive and high-level abstraction, hiding infrastructure-layer details. Instead, with respect to performance, multiple software-based services operating on the user's traffic should not introduce penalties in the user’s Internet experience. This dissertation solves the above issues by proposing a number of improvements in the context of Network Function Virtualization, both in terms of high level models and architectures to define and instantiate network services, and in terms of mechanisms to efficiently interconnect VNFs. Experimental results demonstrate that the goal of allowing end users to deploy services operating on their own traffic is feasible without impacting the Internet experience

Software defined neighborhood area network for smart grid applications

Information gathered from the Smart Grid (SG) devices located in end user premises provides a valuable resource that can be used to modify the behavior of SG applications. Decentralized and distributed deployment of neighborhood area network (NAN) devices makes it a challenge to manage SG efficiently. The NAN communication network architecture should be designed to aggregate and disseminate information among different SG domains. In this paper, we present a communication framework for NAN based on wireless sensor networks using the software defined networking paradigm. The data plane devices, such as smart meters, intelligent electronic devices, sensors, and switches are controlled via an optimized controller hierarchy deployed using a separate control plane. An analytical model is developed to determine the number of switches and controllers required for the NAN and the results of several test scenarios are presented. A Castalia based simulation model was used to analyze the performance of modified NAN performance