Trust Establishment in SDN: Controller and Applications

Full Text (PDF, 589KB), PP.20-28

Views: 0 Downloads: 0

Author(s)

Bassey Isong 1,* Tebogo Kgogo 1 Francis Lugayizi 1

1. Computer Science Department, North-West University, Mafikeng, South Afric

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2017.07.03

Received: 5 Jan. 2017 / Revised: 15 Mar. 2017 / Accepted: 3 May 2017 / Published: 8 Jul. 2017

Index Terms

SDN, OpenFlow, Controller, Applications, Trust Establishment

Abstract

Software Defined Networks (SDNs) is a network technology developed to deal with several limitations faced by the current traditional networks. However, SDN itself is confronted with security challenges which emanates specifically from its platform, given the explosive growth in network attacks and threats. Though many solutions have been developed and proposed, the continual lack of trust between the SDN controller and the applications running atop the control plane poses a great security challenge. SDN controller can easily be attacked by malicious/compromised applications which can result in network failure as the controller represents a single point of failure. Though trust mechanisms to certify network devices exist, mechanisms to certify management applications are still not well developed. Therefore, this paper proposes a novel direct trust establishment framework between an OpenFlow-based SDN controller and applications. The objective is to ensure that SDN controller is protected and diverse applications that consumes network resources are always trusted throughout their lifetime. Additionally, the paper introduce the concept of trust access matrix and application identity to ensure efficient control of network resources. We believe that, if the proposed trust model is adopted in the OpenFlow architecture, it could go a long way to improve the security of the SDN.

Cite This Paper

Bassey Isong, Tebogo Kgogo, Francis Lugayizi, "Trust Establishment in SDN: Controller and Applications", International Journal of Computer Network and Information Security(IJCNIS), Vol.9, No.7, pp.20-28, 2017. DOI:10.5815/ijcnis.2017.07.03

Reference

[1]Da Silva, AS, Smith, P., Mauthe, S. "Resilience support in software-defined networking: A survey." Computer Networks 92 (2015): 189-207.
[2]Ding, AY, Crowcroft, J. Tarkoma,S. Flinck,H. Software defined networking for security enhancement in wireless mobile networks. Computer Networks 66 (2014) 94–101
[3]Benabbou, J. and Idboufker, N. Software-Defined Networks, Security Aspects Analysis. 2015 11th International Conference on Information Assurance and Security (IAS), 2015.
[4]Sezer, Sakir, et al. "Are we ready for SDN? Implementation challenges for software-defined networks." IEEE Communications Magazine 51.7 (2013): pp.36-43.
[5]Grandison, Tyrone, and Morris Sloman. "A survey of trust in internet applications." IEEE Communications Surveys & Tutorials 3.4 (2000): 2-16.
[6]Sezer, Sakir, et al. "Are we ready for SDN? Implementation challenges for software-defined networks." IEEE Communications Magazine 51.7 (2013): 36-43.
[7]Bakshi, Kapil. "Considerations for software defined networking (SDN): approaches and use cases." Aerospace Conference, 2013 IEEE. IEEE, 2013.
[8]Jeong, J. Seo, J. Cho, G. Kim, H. Park, J. A Framework for Security Services Based on Software-Defined Networking," 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops, Gwangiu, 2015, pp. 150-153.
[9]Bakshi, Kapil. "Considerations for software defined networking (SDN): approaches and use cases." Aerospace Conference, 2013 IEEE. IEEE, 2013.
[10]Govindarajan, Kannan, et al. "Realizing the quality of service (QoS) in software-defined networking (SDN) based cloud infrastructure." Information and Communication Technology (ICoICT), 2014 2nd International Conference on. IEEE, 2014.
[11]Raza, Muhammad H., et al. "A comparison of software defined network (SDN) implementation strategies." Procedia Computer Science 32 (2014): 1050-1055.
[12]Akhunzada, A, Gani, A.,Anuar, N.B, Abdelaziz, A. Khan, M.K, Hayat, A., Khan, S.U. Secure and dependable software defined networks. Journal of Network and Computer Applications 61(2016) pp.199–221.
[13]Li, W., Meng, M., Kwok, L.M. A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures. Journal of Network and Computer Applications Issue 68, pp.126–139, 2016.
[14]D. Kreutz, F. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in Proc. 2nd ACM SIGCOMM Workshop Hot Topics Softw. Defined Netw., 2013, pp.55-60.
[15]Y. L. Sun and Y. Yang, "Trust Establishment in Distributed Networks: Analysis and Modeling," 2007 IEEE International Conference on Communications, Glasgow, 2007, pp. 1266-1273.
[16]B. Chandrasekaran and T. Benson, “Tolerating SDN application failures with LegoSDN,” in Proc. 13th ACM Workshop Hot Topics Netw., 2014, p. 22.
[17]Hu, Zhiyuan, et al. "A comprehensive security architecture for SDN."Intelligence in Next Generation Networks (ICIN), 2015 18th International Conference on. IEEE, 2015.
[18]Betgé-Brezetz, S. Kamga, G. Tazi, M. "Trust support for SDN controllers and virtualized network applications," Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), London, 2015, pp. 1-5.
[19]S. Scott-Hayward, S. Natarajan and S. Sezer, "A Survey of Security in Software Defined Networks," in IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 623-654, Firstquarter 2016.
[20]S. T. Ali, V. Sivaraman, A. Radford and S. Jha, "A Survey of Securing Networks Using Software Defined Networking," in IEEE Transactions on Reliability, vol. 64, no. 3, pp. 1086-1097, Sept. 2015.
[21]Ganeriwal, S and Srivastava, M.B. “Reputation-Based Framework for High Integrity Sensor Networks,” In the Proceedings of ACM Workshop Security of Ad Hoc and Sensor Networks, October 25- 29, 2004, Washington, DC, USA, pp. 66-67.
[22]Mármol, F. G., & Pérez, G. M. Security Threats Scenarios in Trust and Reputation Models for Distributed Systems. Elsevier Computers & Security, 28(7), 545–556, 2009.
[23]Z. Yan and C. Prehofer, "Autonomic Trust Management for a Component-Based Software System," in IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, pp. 810-823, Nov.-Dec. 2011.
[24]J. Chen, X. Zheng, and C. Rong. “Survey on software-defined networking”. In: Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) 9106.1 (2015), pp. 115–124. issn: 16113349.
[25]X. Wen, Y. Chen, C. Hu, C. Shi, and Y. Wang, “Towards a secure controller platform for OpenFlow applications,” in Proc. 2nd ACM SIGCOMM Workshop Hot Topics in Software Defined Networking (HotSDN), 2013, pp. 171–172.
[26]P. Porras et al., “A security enforcement kernel for OpenFlow networks,” in Proc. 1st Workshop Hot Topics Softw. Defined Netw., 2012, pp. 121–126.
[27]S. Shin et al., “Rosemary: A robust, secure, and high-performance network operating system,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2014, pp. 78–89.
[28]Z. Yan, P. Zhang, and A. V. Vasilakos, “A security and trust framework for virtualized networks and software-defined networking,” Security and Communication Networks, 2015.
[29]Scott-Hayward, Sandra, Gemma O'Callaghan, and Sakir Sezer. "Sdn security: A survey." Future Networks and Services (SDN4FNS), 2013 IEEE SDN For. IEEE, 2013.
[30]Chourishi, Dharmendra, et al. "Role-based multiple controllers for load balancing and security in SDN." Humanitarian Technology Conference (IHTC2015), 2015 IEEE Canada International. IEEE, 2015.