Benefits, Security and Issues in Software Defined Networking (SDN)

Nasir Shahzad, Ghulam Mujtaba, Manzoor Elahi

Abstract


Applications used now a day are bandwidth hungry like Online Shopping, IPTV, E-Commerce and many other which require more and more bandwidth as well as continuous bandwidth. The Software Defined Networking (SDN) decouples control and forward plane allowing the flexibility to program network control plane and empowers distinctive approaches to network security than those existing in present IP system. In SDN, the centralized controllers keep an eye on the changing scenarios of the network. Because of controller view of the network, SDN can facilitate and enhance the network related security. SDN architecture is directly programmable and opens standard-based but SDN itself have numerous issues like performance vs. flexibility, scalability, security and interoperability. This paper discusses security issues regarding logically centralized controller, OpenFlow constraints and absence of middle-boxes in SDN.


Full Text:

PDF

References


N. Gude, et al., “NOX: towards an operating system for networks,” ACM SIGCOMM Computer Communication Review, vol. 38, no.

, 2008, pp. 105-110.

M. Scheidell, “Intrusion detection system,”Book Intrusion detection system, Series Intrusion detection system, ed., Editor ed.^eds., Google Patents, 2009, pp.

S. Raza, et al., “Secure communication for the Internet of Things—a comparison of link-layer security and IPsec for 6LoWPAN,” Security

and Communication Networks, vol. 7, no. 12,

, pp. 2654-2668.

H. Suo, et al., “Security in the internet of things: a review,” Proc. Computer Science and Electronics Engineering (ICCSEE), 2012

International Conference on, IEEE, 2012, pp. 648-651.

M. Georgiev, et al., “The most dangerous code in the world: validating SSL certificates in non-browser software,” Proc. Proceedings of the 2012 ACM conference on Computer and communications security, ACM, 2012, pp. 38-49.

S.A. Mehdi, et al., “Revisiting traffic anomaly detection using software defined networking,”Proc. International Workshop on Recent Advances in Intrusion Detection, Springer, 2011, pp. 161-180.

R. Braga, et al., “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” Proc. Local Computer Networks (LCN), 2010 IEEE

th Conference on, IEEE, 2010, pp. 408-415.

R. Sherwood, et al., “Flowvisor: A network virtualization layer,” OpenFlow Switch Consortium, Tech. Rep, 2009, pp. 1-13.

S. Goldwasser, et al., “Cryptography and Information Security Group Research Project: Threshold Cryptology,” Book Cryptography

and Information Security Group Research Project: Threshold Cryptology, Series Cryptography and Information Security Group Research Project: Threshold Cryptology, ed.,Editor ed.^eds., 2013,

V. Cerf, et al., Delay-tolerant networking architecture, 2070-1721, 2007.

N. McKeown, et al., “OpenFlow: enabling innovation in campus networks,” ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, 2008, pp. 69-74.

C. Tankard, “Advanced persistent threats and how to monitor and deter them,” Network security, vol. 2011, no. 8, 2011, pp. 16-19.

D. Kreutz, et al., “Towards secure and dependable software-defined networks,” Proc. Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, ACM, 2013, pp. 55-60.

S. Shin and G. Gu, “Attacking software defined networks: A first feasibility study,” Proc. Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, ACM, 2013, pp.

-166.

Y. Wang, et al., “NetFuse: Short-circuiting traffic surges in the cloud,” Proc. 2013 IEEE International Conference on Communications (ICC), IEEE, 2013, pp. 3514-3518.

K. Govindarajan, et al., “A literature review on software-defined networking (SDN) research topics, challenges and solutions,” Proc. 2013

Fifth International Conference on Advanced Computing (ICoAC), IEEE, 2013, pp. 293-299.

G. Stabler, et al., “Elastic IP and security groups implementation using OpenFlow,” Proc. Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date, ACM, 2012, pp. 53-60.

C. Boldrini, et al., “Modelling social-aware forwarding in opportunistic networks,” Performance Evaluation of Computer and Communication Systems. Milestones and Future Challenges, Springer, 2011, pp. 141-

M. Becchi, et al., “A workload for evaluating deep packet inspection architectures,” Proc. Workload Characterization, 2008. IISWC 2008. IEEE International Symposium on, IEEE, 2008, pp. 79-89.

S.K. Fayazbakhsh, et al., “Enforcing networkwide policies in the presence of dynamic middlebox actions using flowtags,” Proc. 11th

USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), 2014, pp. 543-546.

D. Remane, et al., “Development and validation of a liquid chromatography-tandem mass spectrometry (LC-MS/MS) procedure for

screening of urine specimens for 100 analytes relevant in drug-facilitated crime (DFC),” Analytical and bioanalytical chemistry, vol. 406, no. 18, 2014, pp. 4411-4424.

Z. Zhao, et al., “SAHAD: Subgraph analysis in massive networks using Hadoop,” Proc. Parallel & Distributed Processing Symposium

(IPDPS), 2012 IEEE 26th International, IEEE, 2012, pp. 390-401.

K. Savitha and M. Vijaya, “Mining of web server logs in a distributed cluster using big data technologies,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 5, no. 1, 2014.

S. Shin, et al., “FRESCO: Modular Composable Security Services for SoftwareDefined Networks,” Proc. NDSS, 2013.

H. Farhadi, et al., “Enhancing OpenFlow actions to offload packet-in processing,” Proc. Network Operations and Management Symposium (APNOMS), 2014 16th AsiaPacific, IEEE, 2014, pp. 1-6.


Refbacks

  • There are currently no refbacks.


ISSN: 2070-9900