Abdallah Mustafa Abdelrahman,Joel J. P. C. Rodrigues,Mukhtar M. E. Mahmoud,Kashif Saleem,Ashok Kumar Das,Valery Korotaev,Sergei A. Kozlov

DOI: https://doi.org/10.1002/dac.4706

2020-12-15

International Journal of Communication Systems

Abstract:Software‐defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data‐forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built‐in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state‐of‐the‐art SDN controllers and the available countermeasures. Furthermore, an in‐depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

telecommunications,engineering, electrical & electronic

Shanshan Bian,Peng Zhang,Zheng Yan

DOI: https://doi.org/10.4108/eai.18-6-2016.2264176

2016-01-01

Abstract:Software-Defined Networking (SDN) has gained special attention in both academia and industry. It is a new network architecture framework for networking, which decouples the network control plane from the data plane at physical topology. SDN promotes centralization of network control and introduces the ability to program the network. However, the development of the SDN is constrained by various security concerns, e.g., the central management of SDN is ideal for security attack. In this paper, we investigate potential security threats and specify security requirements accordingly. Existing security solutions in SDN are seriously reviewed and evaluated based on the specified security requirements in order to figure out open issues and motivate future research efforts.

Zhaogang Shu,Jiafu Wan,Di Li,Jiaxiang Lin,Athanasios V. Vasilakos,Muhammad Imran

DOI: https://doi.org/10.1007/s11036-016-0676-x

2016-01-01

Mobile Networks and Applications

Abstract:In recent years, Software-Defined Networking (SDN) has been a focus of research. As a promising network architecture, SDN will possibly replace traditional networking, as it brings promising opportunities for network management in terms of simplicity, programmability, and elasticity. While many efforts are currently being made to standardize this emerging paradigm, careful attention needs to be also paid to security at this early design stage. This paper focuses on the security aspects of SDN. We begin by discussing characteristics and standards of SDN. On the basis of these, we discuss the security features as a whole and then analyze the security threats and countermeasures in detail from three aspects, based on which part of the SDN paradigm they target, i.e., the data forwarding layer, the control layer and the application layer. Countermeasure techniques that could be used to prevent, mitigate, or recover from some of such attacks are also described, while the threats encountered when developing these defensive mechanisms are highlighted.

Iftekhar Ahmed Mahar,Wu Libing,Zulfikar Ahmed Maher,Ghulam Ali Rahu

DOI: https://doi.org/10.1109/KHI-HTC60760.2024.10482096

2024-01-01

Abstract:Due to the fast growth of modern mobile communication and internet technologies, the devices, gadgets, and architecture in networking systems have now become heterogeneous and complicated. More intelligence is required to adequately manage, operate, enhance, and organize the network systems. Software defined networks (SDN) introduces novel opportunities for delivering intelligence within network systems. Software defined networking focus on the separation of the control and data plane. Software defined networking offers a universal control plane across all the networking devices within network system, making device configuration quick and straightforward. However, like any technological advancement, SDN is not immune to security challenges. This article explores the fundamental concepts of SDN and delves into the security threats that accompany its implementation. This review underscores the need for a proactive stance in addressing the intricacies of SDN security. As the networking landscape evolves, the synthesis of innovative solutions, collaborative research efforts, and industry-wide best practices will be pivotal in fortifying the resilience of SDN against emerging security threats. Navigating these frontiers demands a collective commitment to ensuring the secure and efficient future of the computer networks.

Arusa Kanwal,Mohammad Nizamuddin,Waseem Iqbal,Waqas Aman,Yawar Abbas,Shynar Mussiraliyeva

DOI: https://doi.org/10.1109/access.2024.3390968

IF: 3.9

2024-04-27

IEEE Access

Abstract:Software Defined Networking (SDN) has emerged as a new paradigm for managing heterogeneous networks ranging from enterprises to home network via decoupling the control plane from the data plane. In the traditional networking landscape, these two planes are tightly bound together inside a single appliance. The logically centralized and distributed control plane and programmability offer a great opportunity to improve network security, such as by implementing new mechanisms to detect and mitigate various threats, and also enable security as a service in an SDN paradigm. Due to the ever increasing and fast development of SDN, this paper provides an extensive survey of SDN controllers, SDN-related security threats, and solutions to mitigate the security threats. This study provides a comprehensive survey of 53 SDN controllers from different aspects, including language, architecture, organization, open source, scalability, consistency, reliability, API used, library, and their description. We have also provided a detailed security analysis of SDN architecture with an extensive classification of security threats endangering its different architectural components and the solutions to effectively mitigate them. This paper also identifies challenges and promising future directions on SDN deployment, standardization, implementation, and security issues that should be addressed in this field.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yassine Maleh,Youssef Qasmaoui,Khalid El Gholami,Yassine Sadqi,Soufyane Mounir

DOI: https://doi.org/10.1007/s40860-022-00171-8

2022-02-08

Journal of Reliable Intelligent Environments

Abstract:Nowadays, security threats on Software Defined Network SDN architectures are similar to traditional networks. However, the profile of these threats changes with SDN. For example, a denial-of-service attack on a centralized controller that manages a large network of several network devices (routers, switches, etc.) is more destructive than a targeted attack against a router. A spoofed SDN controller could allow a hacker to control an entire network, while a spoofed router could only harm the proper functioning of the traffic routed through that router. The SDN is facing these new security challenges, especially on securing the SDN architecture itself. SDN security is ensured at all these levels based on three-layer architecture and programming interfaces, which poses several challenges. The SDN’s security challenges are expected to grow with the progressive deployment. This paper aims to provide a comprehensive review of state of the art, accompanied by categorizing the research literature into a taxonomy that highlights each proposal’s main characteristics and contributions to the SDN's different layers. Based on the analysis of existing work, we also highlight key research gaps that could support future research in this area.

Shumian Yang,Lianhai Wang,Dawei Zhao,Xiaohui Han,Shuhui Zhang

DOI: https://doi.org/10.22323/1.300.0033

2018-01-01

Abstract:Software definition networking is a revolutionary network architecture, which realizes the separation of the control plane and data plane of a network. While providing the centralized controllability and the software programmability, the network itself is encountering many security problems. In order to solve the problem of security threats in SDN networks, there are different layers of unique security challenges and the relevant research on SDN security problems. This paper introduces the depth learning technology into the field of security threat detection in SDN, and propose a security threat detection framework based on depth learning.The framework is based on the research on model establishment, abnormal behavior recognition and decision algorithm design. The software system based on physical memory analysis is under development in SDN. The system verifies the feasibility of this framework, and to finally generate the work plan on SDN infrastructure.

Zhen Yao,Zheng Yan

DOI: https://doi.org/10.1007/978-3-319-49148-6_27

2016-01-01

Abstract:With the development of information and networking technologies, conventional network has been unable to meet the demands of practical applications and network users. A new network paradigm called Software-Defined Networking (SDN) was proposed and got public attention. By decoupling the forwarding and control planes and applying specific protocols, SDN greatly reduces the cost of network management. Moreover, SDN empowers network managers to program their networks with high flexibility. However, there are many network security issues with regard to SDN, which should be solved in order to ensure the final success of SDN. In this paper, we undertake an SDN security survey. We focus on analyzing SDN's security problems and reviewing existing countermeasures. Meanwhile, we identify the future research directions of SDN security.

Tao Han,Syed Rooh Ullah Jan,Zhiyuan Tan,Muhammad Usman,Mian Ahmad Jan,Rahim Khan,Yongzhao Xu

DOI: https://doi.org/10.1002/cpe.5300

2019-04-17

Concurrency and Computation: Practice and Experience

Abstract:Software Defined Network (SDN) and Network Virtualization (NV) are emerged paradigms that simplified the control and management of the next generation networks, most importantly, Internet of Things (IoT), Cloud Computing, and Cyber‐Physical Systems. The Internet of Things (IoT) includes a diverse range of a vast collection of heterogeneous devices that require interoperable communication, scalable platforms, and security provisioning. Security provisioning to an SDN‐based IoT network poses a real security challenge leading to various serious security threats due to the connection of various heterogeneous devices having a wide range of access protocols. Furthermore, the logical centralized controlled intelligence of the SDN architecture represents a plethora of security challenges due to its single point of failure. It may throw the entire network into chaos and thus expose it to various known and unknown security threats and attacks. Security of SDN controlled IoT environment is still in infancy and thus remains the prime research agenda for both the industry and academia. This paper comprehensively reviews the current state‐of‐the‐art security threats, vulnerabilities, and issues at the control plane. Moreover, this paper contributes by presenting a detailed classification of various security attacks on the control layer. A comprehensive state‐of‐the‐art review of the latest mitigation techniques for various security breaches is also presented. Finally, this paper presents future research directions and challenges for further investigation down the line.

BAI Jiasong,ZHANG Menghao,BI Jun

DOI: https://doi.org/10.19729/j.cnki.1673-5188.2018.04.002

2019-01-01

Abstract:Software defined networking（SDN）has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.

WANG Tao,CHEN Hong-chang,CHENG Guo-zhen

DOI: https://doi.org/10.11959/j.issn.1000-436x.2017221

2017-01-01

Abstract:Software-defined network (SDN) separated the traditional control plane from the data plane, formed a centralized controller, opened up the network programming interface, simplified network management, promoted network innovation and optimized network operation. However, SDN's "three-layer two-interface" architecture increased the net-work attack surface, resulting in many new security issues. The development, characteristics and working principle of SDN were first introduced, and the existing security problems from the application layer, the northbound interface, the control plane, the southbound interface, the data plane were summarized respectively. Secondly, the latest research progress and existing solutions were discussed. Finally, SDN current and future security challenges were summarized, and the future SDN security development direction was looked forward to.

Mudassar Hussain,Nadir Shah,Rashid Amin,Sultan S Alshamrani,Aziz Alotaibi,Syed Mohsan Raza,Sultan S. Alshamrani

DOI: https://doi.org/10.3390/s22155551

IF: 3.9

2022-07-26

Sensors

Abstract:Software-defined networking (SDN) is an innovative network architecture that splits the control and management planes from the data plane. It helps in simplifying network manageability and programmability, along with several other benefits. Due to the programmability features, SDN is gaining popularity in both academia and industry. However, this emerging paradigm has been facing diverse kinds of challenges during the SDN implementation process and with respect to adoption of existing technologies. This paper evaluates several existing approaches in SDN and compares and analyzes the findings. The paper is organized into seven categories, namely network testing and verification, flow rule installation mechanisms, network security and management issues related to SDN implementation, memory management studies, SDN simulators and emulators, SDN programming languages, and SDN controller platforms. Each category has significance in the implementation of SDN networks. During the implementation process, network testing and verification is very important to avoid packet violations and network inefficiencies. Similarly, consistent flow rule installation, especially in the case of policy change at the controller, needs to be carefully implemented. Effective network security and memory management, at both the network control and data planes, play a vital role in SDN. Furthermore, SDN simulation tools, controller platforms, and programming languages help academia and industry to implement and test their developed network applications. We also compare the existing SDN studies in detail in terms of classification and discuss their benefits and limitations. Finally, future research guidelines are provided, and the paper is concluded.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhiyuan Hu,Mingwen Wang,Xueqiang Yan,Yueming Yin,Zhigang Luo

DOI: https://doi.org/10.1109/icin.2015.7073803

2015-01-01

Abstract:SDN enables the administrators to configure network resources very quickly and to adjust network-wide traffic flow to meet changing needs dynamically. However, there are some challenges for implementing a full-scale carrier SDN. One of the most important challenges is SDN security, which is beginning to receive attention. With new SDN architecture, some security threats are common to traditional networking, but the profile of these threats (including their likelihood and impact and hence their overall risk level) changes. Moreover, there are some new security challenges such as bypassing predefined mandatory policies by overwriting flow entries and data eavesdropping by inserting fraudulent flow entries. This paper is to design open-flow specific security solutions and propose a comprehensive security architecture to provide security services such as enforcing mandatory network policy correctly and receiving network policy securely for SDN in order to solve these common security issues and new security challenges. It can also help the developers to implement security functions to provide security services when developing the SDN controller.

Shen Wang,Jun Wu,Wu Yang,Long-hua Guo

DOI: https://doi.org/10.1631/fitee.1800575

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Nowadays, cyberspace has become a vital part of social infrastructure. With the rapid development of the scale of networks, applications and services have become enriched, and the bearing function of the underlying network devices (such as switches and routers) has also been extended. To promote the dynamics architecture, high-level security, and high quality of service of the network, control network architecture forward separation is a development trend of the networking technology. Currently, software-defined networking (SDN) is one of the most popular and promising technologies. In SDN, high-level strategies are deployed by the proprietary equipment, which is used to guide the data forwarding of the network equipment. This can reduce many complicated functions of the network equipment and improve the flexibility and operability of the implementation and deployment of new network technologies and protocols. However, this novel networking technology faces novel challenges in term of architecture and security. The aim of this study is to offer a comprehensive review of the state-of-the-art research on novel advances of programmable SDN, and to highlight what has been investigated and what remains to be addressed, particularly, in terms of architecture and security.

Min Chen,Yongfeng Qian,Shiwen Mao,Wan Tang,Ximin Yang

DOI: https://doi.org/10.1007/s11036-015-0665-5

2016-01-09

Mobile Networks and Applications

Abstract:The future 5G wireless is triggered by the higher demand on wireless capacity. With Software Defined Network (SDN), the data layer can be separated from the control layer. The development of relevant studies about Network Function Virtualization (NFV) and cloud computing has the potential of offering a quicker and more reliable network access for growing data traffic. Under such circumstances, Software Defined Mobile Network (SDMN) is presented as a promising solution for meeting the wireless data demands. This paper provides a survey of SDMN and its related security problems. As SDMN integrates cloud computing, SDN, and NFV, and works on improving network functions, performance, flexibility, energy efficiency, and scalability, it is an important component of the next generation telecommunication networks. However, the SDMN concept also raises new security concerns. We explore relevant security threats and their corresponding countermeasures with respect to the data layer, control layer, application layer, and communication protocols. We also adopt the STRIDE method to classify various security threats to better reveal them in the context of SDMN. This survey is concluded with a list of open security challenges in SDMN.

computer science, information systems,telecommunications, hardware & architecture

Yinghao Su,Dapeng Xiong,Kechang Qian,Yu Wang

DOI: https://doi.org/10.3390/electronics13040807

IF: 2.9

2024-02-20

Electronics

Abstract:The widespread adoption of software-defined networking (SDN) technology has brought revolutionary changes to network control and management. Compared to traditional networks, SDN enhances security by separating the control plane from the data plane and replacing the traditional network architecture with a more flexible one. However, due to its inherent architectural flaws, SDN still faces new security threats. This paper expounds on the architecture and security of SDN, analyzes the vulnerabilities of SDN architecture, and introduces common distributed denial of service (DDoS) attacks within the SDN architecture. This article also provides a review of the relevant literature on DDoS attack detection and mitigation in the current SDN environment based on the technologies used, including statistical analysis, machine learning, policy-based, and moving target defense techniques. The advantages and disadvantages of these technologies, in terms of deployment difficulty, accuracy, and other factors, are analyzed. Finally, this study summarizes the SDN experimental environment and DDoS attack traffic generators and datasets of the reviewed literature and the limitations of current defense methods and suggests potential future research directions.

engineering, electrical & electronic,computer science, information systems,physics, applied

Diego Kreutz,Fernando M. V. Ramos,Paulo Verissimo,Christian Esteve Rothenberg,Siamak Azodolmolky,Steve Uhlig

DOI: https://doi.org/10.48550/arXiv.1406.0440

2014-10-09

Abstract:Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -- with a focus on aspects such as resiliency, scalability, performance, security and dependability -- as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.

Networking and Internet Architecture

Daojing He,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/mcom.2016.7378421

IF: 9.03

2016-01-01

IEEE Communications Magazine

Abstract:Software defined wireless networking (SDWN) is a new paradigm of wireless networking, physically separating the data and control planes of various elements in the wireless infrastructure. Similar to its wired counterpart, SDWN is expected to introduce a wide range of benefits to the operation and management of wireless networks. Security is always important to any network. On one hand, SDWN enables new security mechanisms. On the other hand, some new threats are introduced due to the separation of the control and data planes and the introduction of the logically centralized controller. In this article, we discuss its security threat vectors as well as design issues in making it secure. Also, we analyze the security requirements of SDWN, and then summarize the security attacks and countermeasures in this area and suggest some future research directions.

Ihsan H. Abdulqadder,Deqing Zou,Israa T. Aziz,Bin Yuan,Weiming Li

DOI: https://doi.org/10.1109/access.2018.2797214

IF: 3.9

2018-01-01

IEEE Access

Abstract:A software-defined network (SDN) is a technology that supports computer network administrators. However, the centralized control plane architecture of SDNs makes them vulnerable to harmful security threats. In this paper, we propose a secure cloud (SecSDN-cloud) architecture that includes user authentication, routing, attack resistance, and third-party monitoring. The goal of this paper is to design an SDN-cloud environment with integrated security that can resist three different attack types: flow table overloading, control plane saturation, and Byzantine attacks. A novel digital signature with chaotic secure hashing is used for user authentication, followed by an enhanced particle swarm optimization multi-class routing protocol to improve the quality of service. Controllers are assigned to switches by integrating an enhanced genetic algorithm with a modified cuckoo search algorithm. The malicious flow identification includes the analysis of five-tuples constructed from features extracted from packets. We implemented the proposed SecSDN-cloud in the OMNeT++ simulator and evaluated its performance in terms of packet loss, end-to-end delay, throughput, latency, and bandwidth.

Igor Ivkić,Dominik Thiede,Nicholas Race,Matthew Broadbent,Antonios Gouglidis

DOI: https://doi.org/10.1007/978-3-031-68165-3_4

2024-08-21

Abstract:Cloud computing has grown in importance in recent years which has led to a significant increase in Data Centre (DC) network requirements. A major driver of this change is virtualisation, which allows computing resources to be deployed on a large scale. However, traditional DCs, with their network topology and proliferation of network endpoints, are struggling to meet the flexible, centrally managed requirements of cloud computing applications. Software-Defined Networks (SDN) promise to offer a solution to these growing networking requirements by separating control functions from data routing. This shift adds more flexibility to networks but also introduces new security issues. This article presents a framework for evaluating security of SDN architectures. In addition, through an experimental study, we demonstrate how this framework can identify the threats and vulnerabilities, calculate their risks and severity, and provide the necessary measures to mitigate them. The proposed framework helps administrators to evaluate SDN security, address identified threats and meet network security requirements.

Cryptography and Security,Networking and Internet Architecture