Software Defined Network Architecture

The new agenda has been designed for developing software defined network for making intelligence network by composing hubs, routers, and switches together. The network can be controlled by direct program using Software defined network architecture. The network services can be enhanced by using the capability of virtualization with software defined network architecture.

The network control point (NCP) is the basic foundation of software defined network. The innovative idea of developing SDN is based on active network and routing control platform. The low level configuration files and folders are used for predicting the nature and behaviour of the SDN. The three planes are used for composing the architecture of SDN which are named as application plane, control plane, and data plane. The different planes communicate with one another through control plane. “The control plane acts as a mediator between different communicating units” (Garg, 2013). The SDN is composed of various features which are categorised as centralised control over the application; basic techniques which are used in SDN are virtualization and abstraction, approach of programming, rapid innovation in the field of networking, open forum, and many more. “The security issues which are associated with the SDN architecture can have adverse effect on the SDN controller which can transform replication scheme, authentication mechanism, and conflict resolution” (Dhawan, 2014). The SDN network is associated with various attacks.  The software defined network is shown below:

                                                 

The software defined network is used for making intelligence network. The control is given to the SDN controller for enabling the software enabled network. “There are various security issues which are related with software defined network” (Buhalis, 2012). The purpose of this paper is to focus on security issues related with software defined network architecture with their recommended solution. The countermeasures help in minimizing issues and challenges associated with SDN and result into smooth functioning of the network. The isolation should be developed between tenant networks in SDN framework.

There are various security issues which are related with software defined network. “The denial of service attack is the passive attack which is associated with software defined network” (Dabbagh, 2016). The request of multiple services is sent to the SDN controller by the hackers which result into inconsistency in handling services request in the database table and in that case denial of service attack takes place. The most preferred algorithm in SDN network is open flow. The SDN is formulated with various security issues which are listed in the table below:

Security Issues Associated with Software Defined Network Architecture

Issues	Description
Unauthorised and unauthenticated access	The centralised control methodology is basically followed by the SDN architecture. The situation can takes place when number of controllers wants to access the data plane of the architecture. The security should be provided to the distributed control model from malicious attack. The more security mechanism should be provided to the structure of SDN architecture
Leakage of Data	“The packet processing should be associated with timing schemes” (Bjorn, 2013). The hackers can take the control of SDN controller for the modification of application. The configuration of data packets according to proactive and reactive data schemes results into data leakage
Modification of data	The hackers can take the control of SDN controller for the modification of application. The SDN controller effectively manages the flow of data traffic on the internet. “The hackers can modify and take the control of network devices” (Alsmadi, 2015).
Application comprised of Malicious attack	The malicious attack on the application can negatively affect the working of the SDN controller. The abstraction layer is developed between data plane and application by the controller. The vulnerabilities can be entered into the network by poor design of the application. The major challenge is to detect conflicting flow rules is reconciling the potential attacks. The common platform is used for controlling the network. The resilience network can be developed by the controller on the SDN platform.
Denial of service attack	The hackers look forward for the weakness accomplished in the design of SDN architecture. The rules can be inserted and modified which can transform the working of the application. The request of multiple services is sent to the SDN controller by the hackers which result into inconsistency in handling services request in the database table and in that case denial of service attack takes place. The dynamic responses of denial of service attacks are detected in the control plane. The centralised network can result into failure due to denial of service attack. The validation of the address should be based on source. The bottleneck administration should be removed from the network.
Configuration issues	The authentication protocols are used for detecting security policies in the network vulnerabilities environment.

The table below shows security issues associated with layers of the network:

Security Issues	Application layer	Application control layer	Control layer	Control data interface	Data layer
Hijacking and accessing unauthorised control			Y	Y	Y
Un-authorization and un-authentication application	Y	Y	Y
Flow rule Discovery					Y
Credential should be managed  with key in logical network					Y
Forward Policy discovery			Y	Y	Y
Modifying packets according to the flow rule			Y	Y	Y
Fraudulent rule insertion	Y	Y	Y
Controller switches manages the communication flood			Y	Y	Y
Switch flow flooding table					Y
Adoption of security in transport layer	Y	Y	Y	Y	Y
Policy enforcement	Y	Y	Y
Provisioning of security	Y	Y	Y	Y	Y
Visibility of network state			Y	Y	Y

The association of security issues and recommended solution are depicted in the table below:

Issues related with security on the SDN platform	Recommendation
Authentication and authorization should be provided with the accessing of SDN network	Resilience network should be developed for utilizing the distributed control Resilience should be provided for authentication PERMoF Operations used for checkpoints Flood light Authflow
Leakage of data	The solution should be developed for overcoming the problem of denial of service attack.
Modification of data	Security mechanism should be encompasses on distributed control and resilience network.
Application infected by malicious attack	“FortNOX ROSEMARY LegoSDN” (Yoon, 2015)
Denial of service attack	“AVANTGuard CP recovery VAVE Network security for delegation” (Nataranjan, 2016)
Issues related with configuration	NICE FIREWALL security Checking of flow through FLOW CHECKER Data store used for sharing
SDN security at System level	Debugger used in SDN Securing SDN FRESCO

“The security at system level is based on security issues which are named as simplified SDN used for debugging, security program indulges between TCP attacks and corresponding switches, and the security policies of complex nature should be simplified” (Monga, 2015). The trends can be seen in the security control in the table below:

Controls used for security	Research evolution trends
Firewall security	Firewall dynamic allocation, Firewall based on SDN architecture, accessing of stateful firewall, and classical firewall on hybrid SDN
Access control	Access control on Dynamic SDN Implementation of IPS SDN
Management of security policies	“Security Language used for developing SDN policy Classical network migration Enforcement of policies” (Horvath, 2015)
Auditing and monitoring process	Tools and technologies used for traffic monitoring

The security policies for securing the SDN network can be developed by performing the process of inspection on the small packets of network. The isolation and multi-tenancy are some of the techniques which are supported by the SDN network. The policies based on fine grained network are efficient in managing the workload. The security issues can be minimised by resolving the conflict between invariant platform, mutual authorization development, control plane isolation, the application should be based on container, rates of data transfer should be limited, flow of aggregation, and logging. The summary of the security issues is depicted in the table below:

Level of target	Malicious behaviour of attack	Cause	Recommended solution
Forwarding plane	Switching of denial of service attack	The forwarding table should be limited Flow of packets should be increased Switch buffer capacity is limited	Implementation of caching rule Follow up of aggregation rule Switch buffer capacity should be increased Communication level between controller should be decreased
Control plane	Controller attack should be compromised Attack of denial of service	Centralised control Forwarding table for storage	Controller replication Dynamic behaviour of master controller
Link for forwarding control	Attacks replay	Limitation to the communication messages Limitless of authentication Time stamping	Encryption technique enforcement Digital signature usage

The recommended solution should be followed for overcoming the problem of challenges associated with the implementation of software defined network. The SDN is applicable of managing complex software programs. The malicious behaviour of switches can result into denial of service attack which can destroy the smooth functioning of SDN.

Conclusion:

The aim of this paper is to focus on security issues related with the implementation of SDN. The security at system level is based on security issues which are named as simplified SDN used for debugging, security program indulges between TCP attacks and corresponding switches, and the security policies of complex nature should be simplified. In this paper, the clear picture of recommended solution associated with security issues is described.

References:

Alsmadi, I. (2015). Security of software defined networks: A survey. 1st ed. [ebook] Retrieved from: https://www.profsandhu.com/cs5323_s17/alsmadi15.pdf

Bjorn, R. (2013). Introduction to software defined network . 1st ed. [ebook] Retrieved from: https://www.cisco.com/web/europe/ciscoconnect2013/pdf/DC_3_SDN.pdf

Buhalis, S. (2012). Software defined networking: The new norms for networking. 1st ed. [ebook] Retrieved from: https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf

Dabbagh, M. (2016). Software defined networks security: Pros and cons. 1st ed. [ebook] Retrieved from: https://pdfs.semanticscholar.org/2aa1/5c14137460f5cf8b837b6cb21e4e791eb1a6.pdf

Dhawan, M. (2014). Detecting security attacks in software defined networking. 1st ed. [ebook] Retrieved from: https://people.eecs.berkeley.edu/~rishabhp/publications/Sphinx.pdf

Garg, G. (2014). Review on architecture and security issues of SDN. 1st ed. [ebook] Retrieved from: https://www.ijircce.com/upload/2014/november/42_Review.pdf

Horvath, R. (2015). A Literature review on challenges and effect of software defined networking. 1st ed. [ebook] Retrieved from: https://www.sciencedirect.com/science/article/pii/S1877050915026988

Monga, I. (2015). Software defined network for big data science. 1st ed. [ebook] Retrieved from: https://www.es.net/assets/pubs_presos/ESnet-SRS-SC12-paper-camera-ready.pdf

Nataranjan, S. (2016). A survey of security in software defined networks. 1st ed. [ebook] Retrieved from: https://pure.qub.ac.uk/portal/files/16066743/SDN_Security_Survey_FinalFile.pdf

Yoon, C. (2015). Enabling security function with SDN: A feasibility study. 1st ed. [ebook] Retrieved from: https://www.necoma-project.eu/m/filer_public/18/30/1830b40c-a2e2-4a0b-b83e-af8b2d846e61/imt_zhang_comnet2015.pdf