Research Article

Vulnerabilities in SDN Due to Separation of Data and Control Planes

by  S. Faizullah, S. Almutairi
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 179 - Issue 31
Published: Apr 2018
Authors: S. Faizullah, S. Almutairi
10.5120/ijca2018916519
PDF

S. Faizullah, S. Almutairi . Vulnerabilities in SDN Due to Separation of Data and Control Planes. International Journal of Computer Applications. 179, 31 (Apr 2018), 21-24. DOI=10.5120/ijca2018916519

                        @article{ 10.5120/ijca2018916519,
                        author  = { S. Faizullah,S. Almutairi },
                        title   = { Vulnerabilities in SDN Due to Separation of Data and Control Planes },
                        journal = { International Journal of Computer Applications },
                        year    = { 2018 },
                        volume  = { 179 },
                        number  = { 31 },
                        pages   = { 21-24 },
                        doi     = { 10.5120/ijca2018916519 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2018
                        %A S. Faizullah
                        %A S. Almutairi
                        %T Vulnerabilities in SDN Due to Separation of Data and Control Planes%T 
                        %J International Journal of Computer Applications
                        %V 179
                        %N 31
                        %P 21-24
                        %R 10.5120/ijca2018916519
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

Tremendous advancements over the past several decades revolutionized the networking research and technological industry, however, it is still dominated and remains hardware based. Such legacy networks are inflexible, hard and costly to scale and manage. Software defined networking (SDN) is a new approach to networking which enable comprehensive network programmability. SDN architecture bifurcates the data and control plane thereby simplifies network management. In this new architecture, the control plane consists of networking intelligence and the policy making ability is moved to a centralized entity called as controller. Commonly, SDN uses OpenFlow as the communication interface between the data and control planes. This separation while providing great opportunities for scalability, also introduces new vulnerabilities. We identify certain scenarios for vulnerabilities in the OpenFlow semantics that can subject the controller to distributed denial of service (DDoS) attack which is unique to SDN due to the new architecture where the control plane is separated from the data plane. We also explore some reactive mechanisms that can detect and help to devise techniques to prevent impending DDoS attack on an SDN controller.

References
  • B. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka and T. Turletti, "A survey of software-defined networking: Past, present, future of programmable networks", IEEE Commun. Surv. Tut., vol. 16, no. 3, pp. 1617-1634, 2014
  • N. Feamster, J. Rexford and E. Zegura, "The road to SDN", Queue, vol. 11, no. 12, pp. 20:20-20:40, 2013
  • K. Ahokas, “Software-defined networking”, Aalto University School of Science.
  • S. Shin and G. Gu, ”Attacking software-defined networks: A first feasibility study (short paper)” , In HotSDN'13.
  • M. Yu, L. Jose, and R. Miao, “Software defined traffic measurement with OpenSketch”. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI'13). April (2013).
  • http://archive.openflow.org/documents/openflow-spec-v1.0.0.pdf
  • A. Doria, J. Hadi Salim, R. Haas, H. Khosravi, W. Wang, L. Dong, R. Gopal, and J. Halpern, “Forwarding and control element separation” (ForCES) protocol specification, RFC 5810 (Proposed Standard), March 2010,
  • Devolved Control of ATM Networks. http://www.cl.cam.ac.uk/research/srg/netos/old-projects/dcan/#pub.
  • H. Wang, L. Xu, and G. Guofei, “Of-Guard: A DoS Attack Prevention Extension in Software-Defined Networks’, In USENIX Open Network Summit, 2014.
  • T. Limoncelli, “Openflow: a radical new idea in networking”,. Commun. ACM, 55(8):42–47, August 2012.
  • K. Benton, L. J. Camp, and C. Small. OpenFlow Vulnerability Assessment. HotSDN '13, pages 151--152, 2013.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Software Defined Networking SDN SDN Vulnerabilities DDoS Cloud Computing OpenFlow.

Powered by PhDFocusTM