Security in the software defined networking infrastructure

Masters Thesis

Edge, Peter. 2019. Security in the software defined networking infrastructure. Masters Thesis Master of Science (Research). University of Southern Queensland. https://doi.org/10.26192/3xxt-zv02
Title

Security in the software defined networking infrastructure

TypeMasters Thesis
Authors
AuthorEdge, Peter
SupervisorZhang, Zhongwei
Lai, David
Institution of OriginUniversity of Southern Queensland
Qualification NameMaster of Science (Research)
Number of Pages97
Year2019
Digital Object Identifier (DOI)https://doi.org/10.26192/3xxt-zv02
Abstract

Software Defined Networks (SDN) is a paradigm in which control and data planes of traditional networking devices are decoupled to form a distrubuted model. Communication between the separate planes requires a protocol such as OpenFlow to leverage programmable routing and forwarding decisions on the network. In this model, Application Programmable Interfaces (APIs) make it possible to inject policy and forwarding rules via the control plane or controller. The most prominent challenges resulting from the separation is link security between the separated elements through which private network data is now traversing.

One main area of concern is the method of transmission with which the majority of Open-Source controllers currently communicate. The preferred practice is for a Transport Layer Security (TLS) channel initiation by an OpenFlow switch wishing to communicate with a controller. Many developers have replaced the TLS method of communication with straight Transport Control Protocol (TCP) due to handshake sequence issues caused by certificate exchange during the TLS connection phase.

This thesis and the subsequent research will ask questions on security around the controller to device links that pass flow tables , network abstractions and multi-layer information to multiple controlled network elements.

The main objective of this research is to develop testing procedures that allow for accurate and repeatable experiments. Therefore, in researching security vulnerabilities between controllers and forwarding devices, benchmarking performed on secure links tests the capability of authentication mechanisms to function properly under load.

The outcomes of this research include a series of quality industry standard tests to benchmark typical SDN controllers and forwarding devices. A critical analysis of typical devices at low, medium and high loads. An SDN security taxonomy is presented to help with future categorising of device testing in context of SDN architecture.

KeywordsSDN, NFV, OpenFlow, security, virtualisation, routing
ANZSRC Field of Research 2020460499. Cybersecurity and privacy not elsewhere classified
Byline AffiliationsSchool of Agricultural, Computational and Environmental Sciences
Permalink -

https://research.usq.edu.au/item/q5553/security-in-the-software-defined-networking-infrastructure

Log in to edit

Download files

Published Version
Peter_Edge_Thesis_MSCR_2019.pdf
File access level: Anyone

  • 523
    total views
  • 361
    total downloads
  • 4
    views this month
  • 9
    downloads this month

Export as

Related outputs

Software Defined Networking Managed Hybrid IoT as a Service
Edge, Peter, Davar, Zara and Zhang, Zhongwei. 2019. "Software Defined Networking Managed Hybrid IoT as a Service." Makhijani, Kiran (ed.) Fifteenth International Conference on Networking and Services (ICNS 2019). Athens, Greece 02 - 06 Jun 2019 Wilmington, United States.