SDNsec: Forwarding Accountability for the SDN Data Plane

SDN promises to make networks more flexible, programmable, and easier to manage. Inherent security problems in SDN today, however, pose a threat to the promised benefits. First, the network operator lacks tools to proactively ensure that policies will be followed or to reactively inspect the behavior of the network. Second, the distributed nature of state updates at the data plane leads to inconsistent network behavior during reconfigurations. Third, the large flow space makes the data plane susceptible to state exhaustion attacks. This paper presents SDNsec, an SDN security extension that provides forwarding accountability for the SDN data plane. Forwarding rules are encoded in the packet, ensuring consistent network behavior during reconfigurations and limiting state exhaustion attacks due to table lookups. Symmetric-key cryptography is used to protect the integrity of the forwarding rules and enforce them at each switch. A complementary path validation mechanism allows the controller to reactively examine the actual path taken by the packets. Furthermore, we present mechanisms for secure link-failure recovery and multicast/broadcast forwarding.Comment: 14 page

SDN based Network Function Parallelism in Cloud

Network function virtualization (NFV) based service function chaining (SFC) allows the provisioning of various security and traffic engineering applications in a cloud network. Inefficient deployment of network functions can lead to security violations and performance overhead. In an OpenFlow enabled cloud, the key problem with current mechanisms is that several packet field match and flow rule action sets associated with the network functions are non-overlapping and can be parallelized for performance enhancement. We introduce Network Function Parallelism (NFP) SFC-NFP for OpenFlow network. Our solution utilizes network function parallelism over the OpenFlow rules to improve SFC performance in the cloud network. We have utilized the DPDK platform with an OpenFlow switch (OVS) for experimental analysis. Our solution achieves a 1.40-1.90x reduction in latency for SFC in an OpenStack cloud network managed by the SDN framework.Comment: 5 page

On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

Firewalls Policies Based on Software Defined Networking: A survey

Software-Defined Networking (SDN) introduces granularity, visibility and flexibility to networking, which separates the control-logic from networking devices. SDN programmatically modifies the functionality and behaviour of network devices. It separates control plane and data plane, and thus provides centralized control. Though SDN provides better performance but there are some security issues that need to be taken care of. This includes firewalls, monitoring applications, IDS(Intrusion detection systems) etc. Therefore, this research work reviews the related approaches which have been proposed by identifying their firewall scope, their practicability, their advantages and drawbacks related with SDN. This paper describes the firewall policies as the forth new security challenges.Keywords: Software defined networking, Architecture, OpenFlow, Firewalls, Anomaly detectio