Software Defined Networks based Smart Grid Communication: A Comprehensive Survey

The current power grid is no longer a feasible solution due to ever-increasing user demand of electricity, old infrastructure, and reliability issues and thus require transformation to a better grid a.k.a., smart grid (SG). The key features that distinguish SG from the conventional electrical power grid are its capability to perform two-way communication, demand side management, and real time pricing. Despite all these advantages that SG will bring, there are certain issues which are specific to SG communication system. For instance, network management of current SG systems is complex, time consuming, and done manually. Moreover, SG communication (SGC) system is built on different vendor specific devices and protocols. Therefore, the current SG systems are not protocol independent, thus leading to interoperability issue. Software defined network (SDN) has been proposed to monitor and manage the communication networks globally. This article serves as a comprehensive survey on SDN-based SGC. In this article, we first discuss taxonomy of advantages of SDNbased SGC.We then discuss SDN-based SGC architectures, along with case studies. Our article provides an in-depth discussion on routing schemes for SDN-based SGC. We also provide detailed survey of security and privacy schemes applied to SDN-based SGC. We furthermore present challenges, open issues, and future research directions related to SDN-based SGC.Comment: Accepte

ANCHOR: logically-centralized security for Software-Defined Networks

While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference

Can SDN Technology Be Transported to Software-Defined WSN/IoT?

© 2016 IEEE. Wireless sensor networks (WSNs) are essential elements of the Internet of Things ecosystem, as such, they encounter numerous IoT challenging architectural, management and application issues. These include inflexible control, manual configuration and management of sensor nodes, difficulty in an orchestration of resources, and virtualizing sensor network resources for on-demand applications and services. Addressing these issues presents a real challenge for WSNs and IoTs. By separating the network control plane from the data forwarding plane, Software-defined networking (SDN) has emerged as network technology that addresses similar problems of current switched-networks. Despite the differences between switched network and wireless sensor network domains, the SDN technology has a real potential to revolutionize WSNs/IoTs and address their challenging issues. However, very little has been attempted to bring the SDN paradigm to WSNs. This paper identifies weaknesses of existing research efforts that aims to bring the benefits of SDN to WSNs by mapping the control plane, the OpenFlow protocol, and the functionality between the two network domains. In particular, the paper investigates the difficulties and challenges in the development of software-defined wireless sensor networking (SDWSN). Finally, the paper proposes VSensor, SDIoT controller, SFlow components with specific and relevant functionality for an architecture of an SDWSN or SDIoT infrastructure

Experimental proof of concept of an SDN-based traffic engineering solution for hybrid satellite-terrestrial mobile backhauling

This is the peer reviewed version of the following article: Mendoza, F, Ferrus, R, Sallent, O. Experimental proof of concept of an SDN‐based traffic engineering solution for hybrid satellite‐terrestrial mobile backhauling. Int J Satell Commun Network. 2019; 37: 630– 645, which has been published in final form at https://doi.org/10.1002/sat.1303. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-ArchivingSatellite networks are expected to be an integral part of 5G service deployment. One compelling use case is mobile backhauling, where the exploitation of a satellite component can improve the reach, robustness, and economics of 5G rollout. The envisaged availability of new satellite capacity, together with the development of better integration approaches for the provisioning and operation of the satellite component in a more flexible, agile, and cost-effective manner than done today, are expected to revamp such use case within the 5G ecosystem. In this context, sustained in the architectural designs proposed within H2020 VITAL research project, this paper presents an experimental proof of concept (PoC) of a satellite-terrestrial integration solution that builds upon software-defined networking (SDN) technologies for the realization of end-to-end traffic engineering (E2E TE) in mobile backhauling networks with a satellite component. A laboratory test bed has been developed and validated, consisting of a small-scale private mobile network with a backhaul setting that combines Ethernet-wired links, a satellite link emulator (OpenSAND), OpenFlow switches, and an OpenFlow controller running the network application for E2E TE. Provided results show the operation of a E2E TE application able to enforce different traffic routing and path failure restoration policies as well as the performance impact that it has on the mobile network connectivity services.Peer ReviewedPostprint (author's final draft

Deep learning : enhancing the security of software-defined networks

Software-defined networking (SDN) is a communication paradigm that promotes network flexibility and programmability by separating the control plane from the data plane. SDN consolidates the logic of network devices into a single entity known as the controller. SDN raises significant security challenges related to its architecture and associated characteristics such as programmability and centralisation. Notably, security flaws pose a risk to controller integrity, confidentiality and availability. The SDN model introduces separation of the forwarding and control planes. It detaches the control logic from switching and routing devices, forming a central plane or network controller that facilitates communications between applications and devices. The architecture enhances network resilience, simplifies management procedures and supports network policy enforcement. However, it is vulnerable to new attack vectors that can target the controller. Current security solutions rely on traditional measures such as firewalls or intrusion detection systems (IDS). An IDS can use two different approaches: signature-based or anomaly-based detection. The signature-based approach is incapable of detecting zero-day attacks, while anomaly-based detection has high false-positive and false-negative alarm rates. Inaccuracies related to false-positive attacks may have significant consequences, specifically from threats that target the controller. Thus, improving the accuracy of the IDS will enhance controller security and, subsequently, SDN security. A centralised network entity that controls the entire network is a primary target for intruders. The controller is located at a central point between the applications and the data plane and has two interfaces for plane communications, known as northbound and southbound, respectively. Communications between the controller, the application and data planes are prone to various types of attacks, such as eavesdropping and tampering. The controller software is vulnerable to attacks such as buffer and stack overflow, which enable remote code execution that can result in attackers taking control of the entire network. Additionally, traditional network attacks are more destructive. This thesis introduces a threat detection approach aimed at improving the accuracy and efficiency of the IDS, which is essential for controller security. To evaluate the effectiveness of the proposed framework, an empirical study of SDN controller security was conducted to identify, formalise and quantify security concerns related to SDN architecture. The study explored the threats related to SDN architecture, specifically threats originating from the existence of the control plane. The framework comprises two stages, involving the use of deep learning (DL) algorithms and clustering algorithms, respectively. DL algorithms were used to reduce the dimensionality of inputs, which were forwarded to clustering algorithms in the second stage. Features were compressed to a single value, simplifying and improving the performance of the clustering algorithm. Rather than using the output of the neural network, the framework presented a unique technique for dimensionality reduction that used a single value—reconstruction error—for the entire input record. The use of a DL algorithm in the pre-training stage contributed to solving the problem of dimensionality related to k-means clustering. Using unsupervised algorithms facilitated the discovery of new attacks. Further, this study compares generative energy-based models (restricted Boltzmann machines) with non-probabilistic models (autoencoders). The study implements TensorFlow in four scenarios. Simulation results were statistically analysed using a confusion matrix, which was evaluated and compared with similar related works. The proposed framework, which was adapted from existing similar approaches, resulted in promising outcomes and may provide a robust prospect for deployment in modern threat detection systems in SDN. The framework was implemented using TensorFlow and was benchmarked to the KDD99 dataset. Simulation results showed that the use of the DL algorithm to reduce dimensionality significantly improved detection accuracy and reduced false-positive and false-negative alarm rates. Extensive simulation studies on benchmark tasks demonstrated that the proposed framework consistently outperforms all competing approaches. This improvement is a further step towards the development of a reliable IDS to enhance the security of SDN controllers

Contributions to topology discovery, self-healing and VNF placement in software-defined and virtualized networks

The evolution of information and communication technologies (e.g. cloud computing, the Internet of Things (IoT) and 5G, among others) has enabled a large market of applications and network services for a massive number of users connected to the Internet. Achieving high programmability while decreasing complexity and costs has become an essential aim of networking research due to the ever-increasing pressure generated by these applications and services. However, meeting these goals is an almost impossible task using traditional IP networks. Software-Defined Networking (SDN) is an emerging network architecture that could address the needs of service providers and network operators. This new technology consists in decoupling the control plane from the data plane, enabling the centralization of control functions on a concentrated or distributed platform. It also creates an abstraction between the network infrastructure and network applications, which allows for designing more flexible and programmable networks. Recent trends of increased user demands, the explosion of Internet traffic and diverse service requirements have further driven the interest in the potential capabilities of SDN to enable the introduction of new protocols and traffic management models. This doctoral research is focused on improving high-level policies and control strategies, which are becoming increasingly important given the limitations of current solutions for large-scale SDN environments. Specifically, the three largest challenges addressed in the development of this thesis are related to the processes of topology discovery, fault recovery and Virtual Network Function (VNF) placement in software-defined and virtualized networks. These challenges led to the design of a set of effective techniques, ranging from network protocols to optimal and heuristic algorithms, intended to solve existing problems and contribute to the deployment and adoption of such programmable networks.For the first challenge, this work presents a novel protocol that, unlike existing approaches, enables a distributed layer 2 discovery without the need for previous IP configurations or controller knowledge of the network. By using this mechanism, the SDN controller can discover the network view without incurring scalability issues, while taking advantage of the shortest control paths toward each switch. Moreover, this novel approach achieves noticeable improvement with respect to state-of-the-art techniques. To address the resilience concern of SDN, we propose a self-healing mechanism that recovers the control plane connectivity in SDN-managed environments without overburdening the controller performance. The main idea underlying this proposal is to enable real-time recovery of control paths in the face of failures without the intervention of a controller. Obtained results show that the proposed approach recovers the control topology efficiently in terms of time and message load over a wide range of generated networks. The third contribution made in this thesis combines topology knowledge with bin packing techniques in order to efficiently place the required VNF. An online heuristic algorithm with low-complexity was developed as a suitable solution for dynamic infrastructures. Extensive simulations, using network topologies representative of different scales, validate the good performance of the proposed approaches regarding the number of required instances and the delay among deployed functions. Additionally, the proposed heuristic algorithm improves the execution times by a fifth order of magnitude compared to the optimal formulation of this problem.Postprint (published version