Abstract
Software Defined Networking (SDN) – a new rising terminology of network is recently gained more and more interest in both academic and industrial field. Not only decoupling of its control plane and data plane, SDN also provides the whole view of entire network for better and more flexible network management. Despite the benefits of the global view of the whole network, SDN with a single point of failure at the controller encounters some drawbacks and additional challenge for security. A malicious OpenFlow application (OF app) can access to SDN controller to perform illegal activities due to the lack of the authentication protocol in Northbound interface to ensure that only trusted, and authorized applications access critical network resources. The information about the whole network, such as topology data, flow information or statistics can be retrieved. Even worse the entire network can be controlled from the compromised controller. In this paper, we introduce Trust Trident - a framework of securing trustworthy authentication between applications and controller, with the controller-independent capability. It gives network administrator a fully and fine-grained observation of OF apps communicating with the controller. Threats in Northbound interface and counter measurements by our plugin are classified and evaluated according to the threat categories from the STRIDE methodology.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Kreutz, D., Ramos, F.M.V., Veríssimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. In: Proceedings of the IEEE (2014)
Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18(1), 623–654 (2015)
Li, W., Meng, W., Kwok, L.F.: A survey on OpenFlow-based software defined networks: security challenges and countermeasures. J. Netw. Comput. Appl. 68, 126–139 (2016)
Dixit, V.H., Doupé, A., Shoshitaishvili, Y., Zhao, Z., Ahn, G.-J.: AIM-SDN: attacking information mismanagement in SDN-datastores. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 664–676. ACM, New York
Lee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P.: DELTA: a security assessment framework for software-defined networks. In: Network & Distributed System Security Symposium (2017)
Chikhale, A., Khondoker, R.: Security analysis of SDN cloud applications. In: Khondoker, R. (ed.) SDN and NFV Security. LNNS, vol. 30, pp. 19–38. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-71761-6_2
Yoon, C., et al.: Flow wars: systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw. 25(6), 3514–3530 (2017)
Aliyu, L., Bull, P., Abdallah, A.: A trust management framework for network applications within an SDN environment. In: Proceedings of 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), Taipei, Taiwan (2017)
Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for OpenFlow networks. In: Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland (2012)
Cheung, S., Fong, M., Porras, P., Skinner, K., Yegneswaran, V.: Securing the software-defined network control layer. In: Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), San Diego, California (2015)
Isong, B., Kgogo, T., Lugayizi, F., Kankuzi, B.: Trust establishment framework between SDN controller and applications. In: Proceedings of 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Kanazawa, Japan (2017)
Tseng, Y., Zhang, Z., Naït-Abdesselam, F.: ControllerSEPA: a security-enhancing SDN controller plug-in for OpenFlow applications. In: Proceeding of 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), Guangzhou, China (2016)
Mininet - An instant virtual network on your laptop (or other PC). http://mininet.org/
Floodight Controller - Project Floodlight. https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/1343514/Tutorials
Acknowledgement
This work is funded by University of Information Technology, VNU-HCM under grant number of D1-2019-09.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Duy, P.T., Hien, D.T.T., Van Vuong, N., Au, N.N.H., Pham, VH. (2019). Toward a Trust-Based Authentication Framework of Northbound Interface in Software Defined Networking. In: Duong, T., Vo, NS., Nguyen, L., Vien, QT., Nguyen, VD. (eds) Industrial Networks and Intelligent Systems. INISCOM 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 293. Springer, Cham. https://doi.org/10.1007/978-3-030-30149-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-30149-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30148-4
Online ISBN: 978-3-030-30149-1
eBook Packages: Computer ScienceComputer Science (R0)