Publication Type : Conference Paper
Publisher : IEEE
Source : 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
Url : https://ieeexplore.ieee.org/abstract/document/8494043
Campus : Amritapuri
Year : 2018
Abstract : Software Defined Networking (SDN) is an emerging technology which is widely accepted by various enterprises. The SDN mostly involves with a programmatic interface which replaces the control plane on the switch and provides a programmatic interfaces into the controller, to network orchestration in general. SDN was proposed to address some of the issues which are being face by the traditional network. When considering the security aspects of SDN, the most address problem is to secure the SDN from a denial-of-service (DoS) attack. The Distributed DoS attack has now become a common weapon used by cyber terrorist and hackers. Even though a lot of mitigation techniques exist against the DDoS, the threat still remains. The most common way is to perform a control plane saturation attack which takes down the controller hence compromising the network. In this paper, we present our survey and systematic study with experiments, in our attack testbed, few of the existing research on securing the SDN stack. We highlight the state-of-the-art mechanisms related to the analysis, principles and evaluation methods with the observations in our testbed. We analyze how each of the mechanism protects SDN from control plane saturation attacks; data plane flooding & network topology attacks and so on. Also to address the limitations and some of the shortcomings of the existing techniques of SDN, we propose our future work which is a defense layer for the data plane (within the Openvswitch)which does all the basic forwarding of packets from within the switch for a new flow rather than getting the information from the controller. By implementing a defense mechanism layer within the data plane/forwarding layer, which drops & blacklists the malicious flows & hosts, major attack traffic is prevented from entering the SDN stack, hence can increase the performance as well as provide more security in SDN.
Cite this Research Publication : Karthik Raghunath, Prabhakar Krishnan, "Towards a secure SDN architecture",2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT)