Information Security 

Table of Contents

Introduction

SDN Verses Traditional Network

Architecture of SDN and Security

Characteristics of Software Defined Networks Over Traditional Network

Security Analysis and Potential Threats of SDN

Security Threat Solution to SDN

Network Security Enhancement Using SDN Framework

Conclusion

References

Introduction

Computer network is primary resource where the sharing of the information from remote location is possible. The data communication and computer networks is considered as the backbone of latest technological advancement of various technologies such Internet, Intranet, Web, Cloud, IoT and many more. Security of the information is a challenge to the users of the computer network. The virtual world on which the computing platform integrated with the data communication capabilities to provide the shared computing is due to the networks which suffers the data confidentiality and integrity problems. Therefore, computer network security is a biggest bottleneck of networked communication of the computing workstations.

Basically two types of data communication networks are very common around the globe. These are wired and wireless networks. A wired network is that where all the computing and communication network devices are connected through the physical medium known as cable or circuit. Besides this the wireless networks are not connected through the physical medium. These networks are connected through the wireless medium such as radio, microwave links. These two networks pose the some of the similar security and some of the different security issues.

Advancement of the virtualization technology, the network virtualization is started and traditional network is virtualized by deploying the centralized control framework. This virtualization technology of the network emerges the software defined network (SDN) [1]. The security issues with SDN is also similar to the security issues of traditional network but in case of SDN management of security risks and exposure is ease due to centralized control. Virtualization technologies enables the security experts to model a software based security management techniques that protects the network from adversaries more efficiently than that of the traditional network security management.

On the ground of above security and privacy with software defined network can be integrated with advance and intelligent environment of communication of data with centralized controlled and managed procedures. The centralized controlling and management of software defined network enables the security framework to work more effectively than that of the security with traditional network. The major benefits of this software defined network is that it provides the centralized control, configuration and troubleshooting without the local device security management. Therefore, security with software defined network is more robust and also cost effective solution for the modern requirement of the secured computing and communication of various business critical requirements.

Software defined network brings the features such as ease of management, scalability, flexibility, and robustness in network services. SAN and other virtualized networks are examples of the software defined network where indirect security features are integrated. Modern applications in the field of information technology are best optimal for the secured communication by software defined network.

Architecture of SDN and Security

The architectural framework of software defined networking is basically layered. This type of architecture is built due to requirement of decoupling the control logic from the network hardware equipments which responsible to forward the network data and commands. Therefore, the decoupling increases the complexity of the network framework which further increases the security of the data. In case of traditional networking there is no decoupling of data and control planes so that it is easy to obtain the data from network as both data and commands are combined together.

Technological framework of SDN the network devices such as routers, switches, hubs etc are placed under the data plane which is responsible to process the network packets or messages to be delivered from source machine to destination machine. Similarly the control plane in SDN contains the control logics, commands and programmable components that are managed by centralized software applications [2]. Thus, the security features of the SDN is enhanced by intelligent programmable control interfaces from the single point of view for all the control and management of security of packets and messages from source networked station to destination networked station. The architecture of software defined networking is presented in figure 1.

SDN Layered Architectural Framework

Fig. 1. SDN Layered Architectural Framework

Above figure 1 shows that there are three layers under the architectural framework of software defined networking. These layers are infrastructure, control and application. The top layer is application layer which consists of software applications. These software applications also includes the security and risk management programs that advances the security framework and environment with the data and assets of the networking [3]. The virtual interface is produced by the middle control layer which acts on the basis of the application layer commands and control functions. Here the actual role of provisioning the security with the data and information are governed in software defined network.

Further, this layer brings the virtualization so that the complexity and confusion of the actual source and destination of data is being hidden from the adversaries. The bottom layer is infrastructure layer where the physical network devices such as routers, switches work. These devices configuration are managed and controlled by the application layer programs so that the central scope of the security configuration is given to configure the security requirements with the networking devices. This layer is also called data plane of software defined network. The transmitted data flows through this plane under the control of control layer and application layer in software defined network. Due to this fact the security and risk are managed centrally for all the infrastructure layer devices and so that high level of on demand security can be provided by software defined network.

Above three layers form the architecture of the software defined network with intelligent functions and programmability in the function and management?

SDN Verses Traditional Network

Software Defined Network and traditional networks are mainly used to provide the communication of data among the computing systems. The basic difference between these two different versions of networks is that software defined network is virtualized network having the software application based control and management procedures whereas the traditional network always needs the local control and management [4].

With respect to security aspects software defined network is more secured from various security threats and risk instead of the traditional network. The details about the security framework and robustness behind the different types of risks and vulnerabilities between both of the networks are presented in table 1.

Software Defined Network Security Framework

Traditional Network Security Framework

Introduced control layer or plan with software defined network provides the features of programming and manageability interface from a central location to any part of software defined network. The outcome of this feature is on demand security framework management from centralized solution

Traditional network does have the control layer and it works on infrastructure layer where there is need of local control and management of the network devices to configure to impose the required security configuration. Due to this fact traditional network lacks on demand security management and control

All the features related to security under software defined network is auto configurable with application logics and programming, so that it provides more robust security for data and information.

The security features are device dependent so that it is required to configured each device of the network to impose the required security over the data and information. This lacks the timely management and control of the security features with data and information

Priority based network communication is possible with the software defined network. Therefore, security requirements for different type information having the requirement of security be easily performed.

The priority based communication of data packets are not so easily performed due to local management and control. Therefore, high security cannot be taken on the packets directly.

Global and different pathways to packets to reach source and destination makes complexity to the hackers to get the sequence of the packets and so that the confidentiality of data cannot be easily broken by cyber criminals.

All the packets follows same path from source to destination machines. Therefore, it becomes easy to hacker to get sequence of the packets and break the confidentiality of communicated data through traditional network.

User oriented programmable interface of software defined network ease the users to program the network as per the security requirements. Therefore, security framework is managed as per the user’s requirements

The device level firmware and program is not easy to change. This requires to do on each of device locally, so that this is impossible with individual user to change the program and firmware. Therefore, user’s level security framework can be deployed with traditional network.

Table 1. Security Framework with SDN Verses Traditional Network

Characteristics of Software Defined Networks Over Traditional Network

Software defined networking provides the holistic visibility to whole network along with to program the network devices emerges the new networking hardware, software and services. Traditional network does not have the programming capabilities and also forced with the older infrastructure to provide the networking services. When it is considered about the confidentiality and integrity of the data which is carried out by network from source to destination, software defined network always ready to provide the user level requirement from user end. This user level security required from user end is not possible with the traditional networking.

According to usability and cost the software defined networking is always preferred to the users as it offers all the services as per use. This is not true with the traditional network as there is no integrated software application to define the use with respect to the service. Therefore, software defined networking is more cost effective than that of the traditional networking.

Software defined network is more open to the users and network provide. This enables the transparency and more availability of network services to the users. Traditional network is not open and so that it lacks the transparency and availability of the network is always with the network service provider only.

Software defined network is basically built on the topologies that are logical centralized intelligence and control and management capability for the resources of the whole network. In case of the traditional network the all the control and management methods are fully distributed and also dependent on the local device level management. Also, there is limited awareness of the network infrastructure devices for their current state and functional aspects. The bandwidth management, restoration of the network services, security and privacy of the devices and information, network policies are intelligent and highly optimized with the software defined network [5].

Software defined networking provides more granular security than that of the traditional networking. SDN controllers efficiently regulate the security policies and security mitigation intelligence to the network of an enterprise. Due to this fact the security with SDN is higher than that of traditional network because traditional network is hardware based instead of virtual machines to work in integrated fashion.

Single view for the control and management also a problem with software defined network due to fact that the failure of controller makes the whole network non functional. This does a problem with traditional network as local and distributed control do not and failure of any hardware does not bound to make whole connected networks failure [6]. Thus when it is considered about the reliability then SDN may be not good as the traditional network. When the scalability is considered then Software defined networking becomes a challengeable for the network professional to make it scalable for the service provider and users. To reduce the reliability and scalability problems with software defined network then it may be point that to design its architecture on the physical distributed systems. Therefore, decentralization of the control plane must be taken to advance the reliability and scalability of the software defined networking.

The security behind the fault of the networking equipments in software defined networking is automated by deployment of the automated repairer and fault tolerant nature of the devices and equipments through the application logics. Traditional networking has no such fault tolerant and automatic reconfiguration properties so it suffers from the security due to network faults.

Security Analysis and Potential Threats of SDN

The central software application for software defined network is based on different protocols such as Open Flow, OF-Control OVSDB. These protocols are considered as the central controller of the software defined networking. Threats and security issues related with the software defined network analysis with respect to the threats, effect on SDN layer, and impacts on security factors availability, confidentiality and integrity are presented in table 2 [7][8].

Threats/Security Risk

SDN Layer Impacted

Impacts on Security

Availability

Confidentiality

Integrity

DDoS Attack

Data and Control Planes

high

low

Low

DoS Attack

Data and Control Planes

high

low

Low

Controller Hijacking

Data, Control and Application Planes

high

high

High

Malicious applications

Application plane

low

low

High

Man in Middle Attack

Data, Control and Application Planes

low

high

High

Black Hole Attack

Data, Control and Application Planes

high

low

Low

Eavesdropping

Data, Control and Application Planes

low

high

High

MAC Spoofing attack

Control and Application Planes

low

high

High

Replay Attack

Data, Control Planes

high

high

high

Table 2. Security Analysis of various attacks on SDN and impacts

The layers of SDN and security attacks having the impacts on common three security aspects such as availability, confidentiality and integrity as shown in table 2, states that the software defined network is also much vulnerable to various attacks like attacks on the traditional network.

Basically, the security threats are directly associated with the vulnerabilities and loop holes of the network [9]. Therefore, software defined networking also becomes victims of such network security threats. Denial of Service (DoS) attack is very common with software defined network due to fact that the forwarding devices such as switches, routers etc are vulnerable to MAC Spoofing, routing table poisoning attacks. Software defined network controlled and managed by the central controller so that the problem that arises with it makes the whole network vulnerable. The administrative disability of the secured protocols such as SSL, TLS and OpenFlow with software defined network makes the communication channel vulnerable to the attacker.

Availability, confidentiality and integrity with data and network services with software defined network fully dependent on the administrative control and management with protocols and software applications at top of software defined networking layer. All the programming interfaces of the software defined networking is open in nature so that it brings the opportunity to attackers to apply their own programming to attack the network. The networking devices such as switches and routers are not directly connected with the information transmission over the communication channel. This opens the scope to attacker to introduce the man in middle attack with software defined network.

With respect to the above details of the security issues with software defined networking, it is concluded that risks and threats are also a major concern and requires the proper and systematic approach to develop such policies to reduce and mitigate all the risks and threats of software defined networking.

Security Threat Solution to SDN

The solution to the threats and risks associated with the software defined network should straight forward and robust so that a large virtualized network can be protected from cyber criminals. The security threats are from both external and internal sides. A single central server management to secure software defined network does not prove the security and it may be bigger attack than that of the attack with traditional network.

Therefore, it is required to model the security framework for each of the layers of the software defined network. Attacks such as flooding and spoofing those are linked with the network switch and controller of software defined network also affect the all layers. A new policy deployment can also becomes a cause of the security attacks as it may opens the loop hole with the layers. Therefore, it becomes necessary to ensure that all the components like protocols, controllers, algorithms and linking modules, infrastructure network devices under software defined network be secured. First of all controller should be secured because it is heart of the software defined network to control and manage the whole network [9].

Further, the operating system that is aligned with the virtual network platform must be secured. Compromising the operating system by controller can be a cause of the whole network failure. The data flow under the software defined network must be incorporated with the cryptographic system to encrypt the plain data to hide the data meaning under the communication channel. This ensures the protection from malicious injection vulnerabilities by the attacker. Software defined network agents is an environment under the network so that it must be secured to protect from the Dos and DDoS attacks.

The intruders are also a major security problems so that intrusion detection and prevention system must be deployed with proper monitoring capabilities to ensure the protection from the network intrusion. Firewall should also be configured in the software defined network to filter out all inward and outward network traffic to ensure the spurious activities with the network traffic. Also, the dynamic update with firewall configuration should be enabled to auto reconfigure the configuration file as per the required security with network traffic. The deployment of integrity checks, codes, digital signs and secure codes are taken to measure the security and mitigate the various issues of the security with software defined networking.

Network Security Enhancement Using SDN Framework

SDN framework is virtualized network platform which is proposed by the different layers. These all layers are linked together by the linking protocols and algorithms to work together in collaborative fashion to provide the services of the data communication among the different network entities. The mixed approach such as data link layer, control link layer and data encryption is required to be deployed to provide better security to the network.

Role based verification can be considered to verify the authorization of each of the application to enhance the network security [9][10]. The centralized solution to data encryption, data integrity management, network functioning and its proper function management data link layer efficient management and the control layer with fully association with all the security framework of Software defined network central controller advance the security protection to the network. Thus, these all systems should be aligned in a proper and systematic fashion to incorporate the high level security provision to the network to obtain high level security.

Cloud based and virtualized software defined network framework is already open to both users and service providers. Therefore, both the parties have to be with an agreement on the level of security to manage the network security effectively by combined fashion.

Conclusion

Software defined network is a virtualized networking platform where software applications controls and manages the network functionalities centrally. The security is one of the primary concern behind any type of networking so that the software defined networking is also required to be secured to preserve the confidentiality, integrity and availability of the data and network services. This paper elaborates the basics of security of the software defined networking, characteristics of the software defined networking, the common difference between the traditional and software defined networking. Security analysis of the software defined networking, solution to the security and threats of the software defined networking and the network security by the scope of the software defined networking framework. All the details about the security to software defined networking are presented subsequently in this research paper.

References

[1] R. . M. F. and K. D, "Software-Defined Networking: A Comprehensive Survey," in Proceedings of the IEEE, 2015.

[2] E. Haleplidis, "Overview of RFC7426: SDN Layers and Architecture Terminology - IEEE Software Defined Networks", Sdn.ieee.org, 2017. [Online]. Available: https://sdn.ieee.org/newsletter/september-2017/overview-of-rfc7426-sdn-layers-and-architecture-terminology.

[3] A, A. E and G. A, "Securing Software Defined Networks: Taxonomy, Requirements, and Open Issues," IEEE Communications Magazine, vol. 53(4), pp. 36-44, 2015.

[4] S.-H. S and S. S, "A survey of security in software defined networks," in IEEE Communications Surveys & Tutorials, 2016.

[5] X. Wu, M. Liu, W. Dou and S. Yu, "DDoS attacks on data plane of software-defined network: are they possible?", Security and Communication Networks, vol. 9, no. 18, pp. 5444-5459, 2016. Available: 10.1002/sec.1709.

[6] ONF, “Principles and Practices for Securing Software-Defined Networks,” 

[7] H. J., "Taxonomic Modeling of Security Threats in Software Defined Networking," in In BlackHat Conference, 2015.

[8] K. K and S. F, "Distributed Attack Graph Generation," in IEEE Transactions on Dependable and Secure Computing, 2016.

[9] A. e. a. S, "A Survey of securing Networks Using Software Defined Networking," in IEEE Trans. Reliability, 2015

[10] El Moussaid, T. N and El Azhari, "Security Analysis as Softwaredefined Security for SDN Environment," in Fourth International Conference on IEEE, 2017.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Get It Done! Today

Upload your assignment
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts

Highlights

  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

    $10.00
  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

    $25.00
  • Total

    Free
  • Let's Start

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

My Assignment Services- Whatsapp Tap to ChatGet instant assignment help

refresh