Abstract
Computer networking is actively moving towards intelligent management of corporate networks. AI plays a more and more significant role in corporate traffic management on Software Defined Networks. The centralized nature of the SDN management gives potential attackers great chances to compromise it and subsequently jeopardize the whole network security. The SDN controller is the center point for connections between the applications and the network, becomes the potential candidate for network attacks such as man-in-the-middle or distributed denial of service (DDoS) attacks. In this paper, the SDN infrastructure was exposed to various DDoS attacks and then the results of the attack were analyzed to outline the potential severity of the attacks. In a nutshell, this paper studies the potential security vulnerabilities of unencrypted communication in the northbound and southbound channels of SDNs. It was indicated that even most-recommended security mechanisms such as VLAN traffic segregation may not protect SDN controllers from being impacted by the attack happening in a different VLAN on the same private cloud platform.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)
Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2014)
Latif, Z., Sharif, K., Li, F., Karim, M.M., Wang, Y.: A comprehensive survey of interface protocols for software defined networks. J. Network Comput. Appl. 156, 102563 (2020)
Hoang, D.B., Pham, M.: On software-defined networking and the design of SDN controllers. In: 2015 6th International Conference on the Network of the Future (NOF), pp. 1–3. IEEE, September 2015
Kim, H., Feamster, N.: Improving network management with software defined networking. IEEE Commun. Mag. 51(2), 114–119 (2013)
SDN Northbound interfaces (NBI) and Southbound interfaces (SBI), February 2017. https://netfv.wordpress.com/2017/02/13/sdn-northbound-interfaces-nbi-and-southbound-interfaces-sbi/
Blial, O., Mamoun, M.B., Benaini, R.: An overview of SDN architectures with mulitple SDN controller. J. Comput. Networks Commun. 9396525, 8 (2016)
Aziz, N.A., Mantoro, T., Khairudin, M.A., Murshid, A.F.B.: Software defined networking (SDN) and its security issues. In: 4th International Conference on Computing, Engineering, and Design (ICCED) (2018)
Lin, B., Ding, X.Z., Zhiguo, X.: Research on the vulnerability of software defined network. In: Advances in Engineering Research (AER), vol. 148, p. 8 (2017)
Hoque, N., Bhuyan, M., Baishya, H.R., Bhattacharyya, D., Kalita, J.: Network attacks: taxonomy, tools and systems. J. Network Comput. Appl. 18, 307–324 (2014)
Arbettu, R.K., Khondoker, R., Bayarou, K., Weber, F.: Security analysis of OpenDaylight, ONOS, rosemary and ryu SDN controllers, pp. 39–42. IEEE (2016)
Opendaylight : Security Vulnerabilities, CVE (2018). https://www.cvedetails.com/vulnerability-list/vendor_id-13628/Opendaylight.html
Iqbal, M., Iqbal, F., Mohsin, F., Rizwan, D.M., Ahmad, D.F.: Security issues in software defined networking (SDN): risks, challenges and potential solutions. (IJACSA) Int. J. Adv. Comput. Sci. Appl. 10, 1042 (2019)
Sebbar, A., Boulmalf, M., El Kettani, M.D.E.-C., Baddi, Y.: Detection MITM attack in multi-SDN controller. In: IEEE 5th International Congress on Information Science and Technology (CiSt) (2018)
Ilyas, Q., Khondoker, R.: Security analysis of FloodLight, ZeroSDN, Beacon and POX SDN controllers. In: Khondoker, R. (ed.) SDN and NFV Security. LNNS, vol. 30, pp. 85–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-71761-6_6
Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Valdés, J.F., Luna-Valero, F.: Detection and mitigation of DoS and DDoS attacks in IoT-based stateful SDN: an experimental approach. Sensors 20(3), 816 (2020)
Oktian, Y.E., Lee, S., Lee, H., Lam, J.: Secure your Northbound SDN API, p. 2. IEEE, 10 August 2015. https://doi.org/10.1109/ICUFN.2015.7182679
Thomas, R.M., James, D.: DDOS detection and denial using third party application in SDN, p. 6. IEEE (2018). https://doi.org/10.1109/ICECDS.2017.8390193
Banse, C., Rangarajan, S.: A secure northbound interface for SDN applications, pp. 834–839. IEEE (2015). https://doi.org/10.1109/Trustcom.2015.454
Polat, O., Polat, H.: The effects of DoS attacks on ODL and POX SDN controllers. In: 8th International Conference on Information Technology (ICIT) (2017)
Team, N.S.: What Is the Low Orbit Ion Cannon (LOIC)? netsparker, 24 July 2019. https://www.netsparker.com/blog/web-security/low-orbit-ion-cannon/
Bidaj, A.: Security Testing SDN Controllers, Aaltodoc, p. 6+61, 29 July 2016. http://urn.fi/URN:NBN:fi:aalto-201608263040
Golden, B.: Virtualization for Dummies. Wiley Publishing, Inc., New York (2007)
Sahoo, K.S., Behera, R.K., Sahoo, B., Tiwary, M.: Distributed denial-of-service threats and defense mechanisms in software-defined networks: a layer-wise review. In: Handbook of e-business Security, pp. 101–135. Auerbach Publications, Boca Raton (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Kaur, P., Patel, S., Mittal, S., Sharma, S., Butakov, S. (2022). Exploring the Security of Software Defined Network Controllers. In: Misra, S., Oluranti, J., Damaševičius, R., Maskeliunas, R. (eds) Informatics and Intelligent Applications. ICIIA 2021. Communications in Computer and Information Science, vol 1547. Springer, Cham. https://doi.org/10.1007/978-3-030-95630-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-95630-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95629-5
Online ISBN: 978-3-030-95630-1
eBook Packages: Computer ScienceComputer Science (R0)