Uma análise de segurança de redes definidas por software sobre protocolo OpenFlow

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Sistemas de Informação.O rápido crescimento no uso de computação em nuvem em substituição à computação convencional está levando a infra-estrutura atual de redes a seu limite, criando desafios relacionados a sua escalabilidade e administração. Neste cenário, surgiu a abordagem conhecida como Redes Definidas por Software (Software Defined Network - SDN), que torna possível redefinir a topologia e tomar decisões de roteamento dinamicamente, com uma rede programável. É viabilizada uma nova gama de aplicações e serviços, sem a preocupação com os antigos protocolos de comunicação em cima de enlaces de comunicação com altas taxas de transmissão. Entretanto, a flexibilidade que SDN incorpora às arquiteturas de rede veio acompanhada de riscos na segurança das redes. Atualmente, as aplicações desenvolvidas e implementadas consideram paradigmas de protocolos obsoletos de comunicação. Não foram projetadas para esse ambiente de redes inteligentes, com potenciais falhas de segurança decorrentes desse fato. O ambiente é híbrido, com aplicações convencionais, desenvolvidas para redes convencionais, operando sobre Redes Definidas por Software. O presente trabalho apresenta uma análise descritiva de Redes Definidas por Software sobre protocolo OpenFlow. Em adição, demonstra empíricamente problemas de segurança decorrentes da adoção do protocolo OpenFlow.The rapid growth in the use of cloud computing as a substitute for conventional computing is taking the current network infrastructure to its limits, creating challenges related to its scalability and administration. In this scenario, the approach known as Software Defined Network (SDN) has emerged, which makes it possible to redefine the topology and make routing decisions dynamically, with a programmable network. A new range of applications and services is possible without the concern of old communication protocols over high-rate communication links. However, the flexibility that SDN incorporates into network architectures has been accompanied by network security risks. Currently, the developed and implemented applications consider paradigms of obsolete communication protocols. They were not designed for this intelligent networking environment, with potential security breaches arising from this. The environment is hybrid, with conventional applications, developed for conventional networks, operating on Software Defined Networks. This work presents a descriptive analysis of Software Defined Networks over OpenFlow protocol. In addition, it demonstrates empirically security issues arising from the adoption of the OpenFlow protocol

A bibliometric approach to quantitatively assess current research trends in 5G security

Cellular communication has seen remarkable growth since its inception and has now evolved into fifth generation (5G) networks. Promising services and use cases are envisioned leveraging the advancements within this technology including but not limited to the Internet of Things (IoT), massive MIMO, Device to Device communication (D2D), Vehicle to Everything (V2X) communication, and VR/AR applications. It integrates enabling technologies such as Edge computing, Network Function Virtualization (NFV), and Software Defined Networks (SDN) to support a broad range of use cases and application scenarios. Significant security and privacy challenges have arisen and are attracting interest from both academia and industry to develop bespoke solutions to address them. This study aims to examine research within security and privacy for 5G-based systems highlighting contributions made by the research community and identify research trends within different subdomains of 5G security where open issues still exist. The paper uses a bibliographic approach to review the state-of-the-art in the field of 5G security and is the pioneering effort to investigate 5G security research using this methodology. Specifically, the paper presents a quantitative description of the existing contributions in terms of authors, organizations, and countries. It then presents detailed keyword and co-citation analysis which shows the quantity and pattern of research work in different subfields. Finally, 5G security areas, having open challenges, are identified for future research work

Building a reliable and secure management framework for software-defined networks

Title from PDF of title page viewed December 15, 2021Dissertation advisor: Sejun SongVitaIncludes bibliographical references (pages 101-109)Thesis (Ph.D.)--School of Computing and Engineering. University of Missouri--Kansas City, 2021The Software-Defined Networking (SDN) technologies promise to enhance the performance and cost of managing both wired and wireless network infrastructures, functions, controls, and services (i.e., Internet of Things). However, centralized management in softwarization architecture poses new security, reliability, and scalability challenges. Significantly, the current OpenFlow Discovery Protocol (OFDP) in SDN induces substantial issues due to its gossipy, centralized, periodic, and tardy protocol. Furthermore, the problems are aggravated in the wireless and mobile SDN due to the dynamic topology churns and the lack of link-layer discovery methods. In this work, we tackle both security and reliability management issues in SDN. Specifically, we design and build a novel multitemporal cross-stratum discovery proto- col framework, which efficiently orchestrates different reliability monitoring mechanisms over SDN networks and synchronizes the control messages among various applications. It facilitates multiple discovery frequency timers for each target over different stratum instead of using a uniform discovery timer for the entire network. It supports many common reliability monitoring factors for registered applications by analyzing offline and online network architecture information such as network topologies, traffic flows, virtualization architectures, and protocols. The framework consists of traffic-aware discovery (TaDPole), and centrality-aware protocol (CAMLE) facilities. We implemented the framework on Ryu controller. Extensive Mininet experimental results validate that the framework significantly improves discovery message efficiency and makes the control traffic less bursty than OFDP with a uniform timer. It also reduces the network status discovery delay without increasing the control overhead. We then evaluated the security issues in SDN and proposed an SDN-based Wormhole Analysis using the Neighbor Similarity (SWANS) approach as a novel wormhole countermeasure in a Software-defined MANET. As SWANS analyses the similarity of neighbor counts at a centralized SDN controller, it apprehends wormholes not only without requiring any particular location information but also without causing significant communication and coordination overhead. SWANS also countermeasures various false-positive and false-negative scenarios generated by the Link Layer Discovery Protocol (LLDP) vulnerability. We performed extensive studies via both analysis and simulations. Our simulation results show that SWANS can detect wormhole attacks efficiently with low false-positive and false-negative rates.Introduction -- Background -- Literature review -- Traffic-aware discovery protocol for software-defined wireless and mobile networks -- Centrality-aware multitemporal discovery protocol for software-defined networks -- SDN-based wormhole analysis using the neighbor similarity for a Mobile Ad hoc Network (MANET) -- Conclusions and future wor

Enabling SDN in VANETs: What is the Impact on Security?

The demand for safe and secure journeys over roads and highways has been growing at a tremendous pace over recent decades. At the same time, the smart city paradigm has emerged to improve citizens’ quality of life by developing the smart mobility concept. Vehicular Ad hoc NETworks (VANETs) are widely recognized to be instrumental in realizing such concept, by enabling appealing safety and infotainment services. Such networks come with their own set of challenges, which range from managing high node mobility to securing data and user privacy. The Software Defined Networking (SDN) paradigm has been identified as a suitable solution for dealing with the dynamic network environment, the increased number of connected devices, and the heterogeneity of applications. While some preliminary investigations have been already conducted to check the applicability of the SDN paradigm to VANETs, and its presumed benefits for managing resources and mobility, it is still unclear what impact SDN will have on security and privacy. Security is a relevant issue in VANETs, because of the impact that threats can have on drivers’ behavior and quality of life. This paper opens a discussion on the security threats that future SDN-enabled VANETs will have to face, and investigates how SDN could be beneficial in building new countermeasures. The analysis is conducted in real use cases (smart parking, smart grid of electric vehicles, platooning, and emergency services), which are expected to be among the vehicular applications that will most benefit from introducing an SDN architecture

ANCHOR: logically-centralized security for Software-Defined Networks

While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference

Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure