Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave

Below are listed a list of topics. You are required to -

1. Select a topic from the list and conduct research (based on literature, at least three recent research papers) and prepare a summary report with brief supportive descriptions to post on the forum/blog. In your posting you should provide information about the topic (discuss the topic, challenges, problems, describe the relevant technologies, applications of the technologies, clarify vague areas, research questions… etc.)


2. Provide constructive feedback for (at least two) cohort colleagues and receive feedback from (at least two) cohort colleagues on your own design and make refinements accordingly.

Background

Software defined networking is the new agenda in the field of networking which focuses on developing intelligence network of networking devices like hubs, switches, and router. SDN architecture encompasses the direct program for controlling the network. “The technique of virtualization has been used by the SDN architecture to make it completely separate from network services” (Ramos ,2014).

Software defined networking is the modification of network control point. The unpredictable nature of routing control platform and active network give birth to the innovation of SDN technology. “The network behaviour can be predicted by low level configuration files and folders” (Nataranjan, 2016). SDN architecture is composed of Application, data, and control planes. Control plane interface is used for managing communication between different planes. Some of the important features of SDN are centralized control, virtualization and abstraction technique, programmability, rapid innovation, openness, and others. The architecture of SDN is depicted in the figure below:

The architecture of SDN is equipped with security issues which can affect replication schemes of the controller by using conflict resolution and authentication mechanism. The threat of attack is increasing on the SDN platform than traditional network.

The SDN focuses on control which is based on software enabled network. In this paper, we will indulge with security issues which are associated with the SDN and the countermeasures which should take place on the occurrence of vulnerabilities. The SDN architecture should support isolation and multi-tenancy between tenant networks.

The potential attack of denial of service attack is increasing on the software defined network. The fake requirement of multiple services has been sent to the central part of SDN which can lead to the overflow of the table and result into denial of service attack. The open flow algorithm is used for deploying the SDN network. Transport layer security can be managed between switches and controller by using open flow algorithm. The security issues which are associated with SDN are depicted below:

  • Unauthorised access: SDN follows the methodology of centralized control. The possibility can arise that multiple controllers wants to access the data plane of SDN. The pool of controllers is abstracted for read write operation. In this situation, the attacker can get the authentication of the application through which he can manipulate the working of the application. The table below shows the list of security issues associated with unauthorised access and its recommended solution.
  • Data leakage: The attacker focuses on the timing associated with the packet processing. The proactive and reactive configuration of data packet can result into leakage of data.
  • Data modification: “The flow of traffic can be controlled by the controller of the SDN” (Horvath, 2015). The hijacking of controller will result into effectively controlling of SDN by the hacker. The flow of network devices can be modified and controlled by the hacker.
  • Malicious and compromised application: The malicious application can adversely affect the SDN controller. The controller act as an abstraction between data plane and the application. The poorly designed application can result into the entrance of vulnerabilities. The table below shows the list of security issues associated with malicious attack and its recommended solution.  
  • Denial of service attack: It has been analysed that the weakness of SDN architecture is the combining capability of central controller and data planes. The insertion and modification rules are associated with the denial of service attack. The potential attack of denial of service attack is increasing on the software defined network. The table below shows the list of security issues associated with denial of service attack and its recommended solution.
  • Configuration issues: “The network vulnerabilities can be detected by using the security policies and authentication protocols” (Xu, 2013). The interface should be developed between SDN network and the layer.

The table below shows the list of security issues and layer affected by them.

Security issues

Application layer

Application-control layer

Control layer

Control data interface

Data layer

Unauthorised controller hijacking and access

Yes

Yes

Yes

Unauthenticated and unauthorised application

Yes

Yes

Yes

Discovery of flow rule

Yes

Management of credentials such as keys and certificates associated with logical network

Yes

Discovery of forward policy

Yes

Yes

Yes

Modification of flow rule for modifying packet

Yes

Yes

Yes

Insertion of fraudulent rule

Yes

Yes

Yes

Communication flood for controller switches

Yes

Yes

Yes

Table flooding of switch flow

Yes

Transport layer security adoption

Yes

Yes

Yes

Yes

Yes

Enforcement of policy

Yes

Yes

Yes

Security provisioning

Yes

Yes

Yes

Yes

Yes

Lack of network state visibility

Yes

Yes

Yes

The following table shows the recommended solution to cope up with the security issues associated with the SDN:

Security Issues

Recommended solution

Unauthorised and unauthenticated access

Security provided to distributed control and development of resilient SDN

Authentication provided for resilience

Permof

Checkpoints for operations

Floodlight

Authflow

Data leakage

Overcome the problem of denial of service attack

Data modification

Security provided to distributed control and development of resilient SDN

Malicious code and application

FortNOX

ROSEMARY

LegoSDN

Denial of service attack

AVANT Guard

CP recovery

VAVE

Delegation for network security

Configuration issues

NICE

Flow Checker

Security by using firewall

Sharing of data store

System level SDN security

SDN debugger

Secure SDN

FRESCO

“There are security issues associated with system level security which are categorised as debugging of simplified SDN, security to switches and TCP attacks, Security to control channels, and Simplification in complex security policies” (Dabbagh, 2016). The recommended solution to overcome the system level security is to develop a prototype for network debugger, architecture based on global ID, Developing architecture for secure control channel by using the concept of security gateways and IPSec tunnels, and framework for application development based on composition of security services. “The evolution in trends has been seen in managing the security control of SDN” (Shu, 2016). The following table shows the new version of security control which helps in securing the software defined network.

Security controls

Trends in Research Evolution

Firewalls

Dynamic allocation of firewalls, SDN based firewalls, Statefull firewall access, and Hybrid SDN classical firewall issues

Access control

SDN dynamic access control

Fine grained access control

IDS/ IPS

Integration with classical tools

SDN IDS/IPS implementation

Policy management

SDN policy language

Migration from classical network

Policy enforcement

Monitoring and auditing

Traffic monitoring tools and traffic management

The diagram below shows the security issues and recommended solution which are associated with the software defined network. From the research and survey, it has been concluded that the network security system can be developed by doing inspection of small packets of SDN. “The SDN architecture should support isolation and multi-tenancy between tenant networks” (Alsmadi, 2015). “Fine grained network security should be used for managing workload on the system” (Dhawan, 2014). The most preferred recommended practices are to overcome the security issues are invariant detection of conflict resolution, deployment of mutual authentication, isolation of control plane, use of container based application, limiting of rates, short timeouts, aggregation of flow, and IPS logging.

The following table shows the complete summary of cause of security issues on SDN and related countermeasures:

Targeted Level

Malicious behaviour

Cause

Countermeasures

Forwarding plane

Switch denial of service attack

Limitation of forwarding table

Increasing number of flow

Limited capacity of switch buffer

Proactive caching rule

Aggregation of rule

Increasing capacity of switch buffer

Decreasing communication between switch controller

Control plane

Denial of service attack

Compromising on controller attack

Centralization of control

Limited storage of forwarding table

Increasing number of flows

Replication of controller

Dynamic master controller

Placement of efficient controller

Replication of controller with diversity

Forwarding control link

Main in the middle attack

Replay of attacks

Communication messages

Limited authentication

Lack of time stamping

Use of encryption technique

Use of digital signature

Inclusion of time stamp in encrypted messages.

The countermeasures should be taken to overcome the situation of security challenges for the smooth functioning of software defined network. The implementation of SDN brings various benefits to the network scheme. “The application of high level software can be easily managed by SDN” (Ali, 2015). It helps in detection of intrusion which can harm the network. It can help in detecting malicious behaviour of switches. The SDN is used for carrying over network forensic. It is reactive in performing packet dropping and packet redirection.

Conclusion:

The purpose of this paper is to present security issues and recommended solution associated with the software defined network. The architecture of SDN is equipped with security issues which can affect replication schemes of the controller by using conflict resolution and authentication mechanism. The implementation of SDN brings various benefits to the network scheme. From the research and survey, it has been concluded that the network security system can be developed by doing inspection of small packets of SDN. The countermeasures should be taken to overcome the situation of security challenges for the smooth functioning of software defined network. 

References

Ali, S. (2015). A survey of securing networks using software defined networking. 1st ed. [ebook] Retrieved from: https://www2.ee.unsw.edu.au/~vijay/pubs/jrnl/15tor.pdf

Alsmadi, I. (2015). Security of software defined networks: A survey. 1st ed. [ebook] Retrieved from: https://www.profsandhu.com/cs5323_s17/alsmadi15.pdf

Dabbagh, M. (2016). Software defined networks security: Pros and cons. 1st ed. [ebook] Retrieved from: https://pdfs.semanticscholar.org/2aa1/5c14137460f5cf8b837b6cb21e4e791eb1a6.pdf

Dhawan, M. (2014). Detecting security attacks in software defined networking. 1st ed. [ebook] Retrieved from: https://people.eecs.berkeley.edu/~rishabhp/publications/Sphinx.pdf

Garg, G. (2014). Review on architecture and security issues of SDN. 1st ed. [ebook] Retrieved from: https://www.ijircce.com/upload/2014/november/42_Review.pdf

Horvath, R. (2015). A Literature review on challenges and effect of software defined networking. 1st ed. [ebook] Retrieved from: https://www.sciencedirect.com/science/article/pii/S1877050915026988

Nataranjan, S. (2016). A survey of security in software defined networks. 1st ed. [ebook] Retrieved from: https://pure.qub.ac.uk/portal/files/16066743/SDN_Security_Survey_FinalFile.pdf

Ramos, F. (2014). Towards secure and dependable software defined networking. 1st ed. [ebook] Retrieved from: https://www.ietf.org/proceedings/87/slides/slides-87-sdnrg-2.pdf

Shu, Z. (2016). Security in software defined networking: Threats and countermeasures. 1st ed. [ebook] Retrieved from: https://www.researchgate.net/publication/290477553_Security_in_Software-Defined_Networking_Threats_and_Countermeasures

Xu, K. (2013). Software defined networking challenges and future direction. 1st ed. [ebook] Retrieved from: https://iopscience.iop.org/article/10.1088/1757-899X/121/1/012003/pdf

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2021). Security Issues And Countermeasures In SDN Essay.. Retrieved from https://myassignmenthelp.com/free-samples/6682-information-security/encrypted-messages.html.

"Security Issues And Countermeasures In SDN Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/6682-information-security/encrypted-messages.html.

My Assignment Help (2021) Security Issues And Countermeasures In SDN Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/6682-information-security/encrypted-messages.html
[Accessed 14 July 2024].

My Assignment Help. 'Security Issues And Countermeasures In SDN Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/6682-information-security/encrypted-messages.html> accessed 14 July 2024.

My Assignment Help. Security Issues And Countermeasures In SDN Essay. [Internet]. My Assignment Help. 2021 [cited 14 July 2024]. Available from: https://myassignmenthelp.com/free-samples/6682-information-security/encrypted-messages.html.

Get instant help from 5000+ experts for
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing: Proofread your work by experts and improve grade at Lowest cost

loader
250 words
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Plagiarism checker
Verify originality of an essay
essay
Generate unique essays in a jiffy
Plagiarism checker
Cite sources with ease
support
Whatsapp
callback
sales
sales chat
Whatsapp
callback
sales chat
close