Security Challenges in Emerging Networks
Question:
The purpose of this assignment is to develop skills to independently think of innovation. In this assignment, students will first learn how to develop knowledge on current state of the art of an emerging knowledge domain. Then student will analyze critically three current or future security issues in this area and its countermeasures. students should be able to demonstrate their achievements in the following unit learning outcomes c. Explain the major methodologies for secure networks and what threats they address; d. Identify and report network threats, select and implement appropriate countermeasures for network security
Answer:
Part 1: Security Aspects in Software Defined Networking
i) Introduction to SDN
Software defined networking or SDN is a typical approach towards the technology of cloud computing, which eventually facilitates the management of networking and also allows excellent configuration of network programmatically [5]. This network configuration is enabled for the improvement of network monitoring and performance. Moreover, SDN helps in addressing the typical fact that static architecture of any traditional network is more complex and decentralized, whereas, the architecture of the current network needs maximum flexibility and troubleshooting. Software defined networking centralizes the network intelligence in any one specific component of network by simply detaching the procedure of forwarding of any data packet from the process of routing [12]. This process of routing comprises of at least one controller, also known as the brain of any software defined network. The incorporation of network intelligence is done here. However, there are few disadvantages as well in the security of this network.
There are three distinct layers in software defined networking. They are as follows:
- Data Forwarding Layer: This the primary layer of a SDN. The network devices of this layer mainly include router, local area network switch, packet switch and other network devices. This layer is also known as data plane. It helps in forwarding the traffic to the next hop with a specific path to the chosen network destination [11]. The packets of the data plane layer go via the router present in the layer. The switches or the routers of the data forwarding layer utilize what the layer of control plane is made for the disposal of the incoming or the outgoing packets and frames.
- Control Layer: This is the second layer of software defined networking. The SDN control software in this layer includes routing, traffic engineering and mobility. The control layer is responsible for the decision making regarding the destination of traffic [1]. Moreover, the router always initiates the packets of the control layer. The major functions of this layer are system management, configuration and also the exchange of the information of routing table. This layer is also known as the signalling of a network.
- Application Layer: This is the third layer of software defined networking. The applications of this particular layer mainly include the business applications, SDN applications and cloud orchestration [2]. These applications are typical programs, which can explicitly or directly communicate with the controller of SDN for the requirements of network.
ii) Characteristics of SDN compared to traditional network
The traditional network is different from the software defined networking. The comparison between the characteristics of SDN and traditional network are as follows:
Characteristics | Traditional Networking | Software Defined Networking |
1. Definition | Traditional networks are the static as well as inflexible network. They cannot be utilized for the innovative business ventures [10]. Moreover, traditional networks possess extremely less flexibility and agility. | Software defined network is the programmable network during time of deployment and in the later stage on the basis of requirement changing [14]. SDN is utilized for new business venture through the virtualization, agility and flexibility. |
2. Configuration | Traditional network is configured by utilizing hardware appliances. | Software defined network is configured by utilizing open software. |
3. Control Plane | Traditional network comprises of control plane that is distributed [3]. | Software defined network comprises of control plane that is logically centralized. |
4. Utilization | Traditional network utilize custom FPGAs and ASICs. | Software defined network utilize merchant silicon [8]. |
5. Working Procedure | Traditional network works by utilizing protocols [13]. | Software defined network utilize APIs for configuration as required. |
Figure 1: Architecture of Traditional Network Device
(Source: [1])
Figure 2: Architecture of Software Defined Network
(Source: [1])
iii) Comparison of advantages and disadvantages of SDN over traditional networks
There are various advantages or benefits of software defined networking over traditional networks regarding security issues. They are as follows:
- Provision of Centralized Network: This is the most significant advantage of software defined network. The centralized network is easily provisioned with the help of SDN. It provides an extremely clear vision of the complete network and thus the network is provisioned and centralized [7]. SDN abstracts the data or the control planes and thus more agility and flexibility is provided to both the physical and virtual network devices from any centralized location.
- Centralized Security: This is the second important advantage of software defined network. The network management is extremely difficult in case of virtualization [9]. For solving this problem, the controller of SDN gives a specific central point for the successful distribution of policy information and security within the organization.
- Less Operating Costs: The overall operating costs of software defined network are extremely less than the traditional network. Thus, it is easily afforded by all organizations, irrespective of its size.
- Cloud Abstraction: This is the fourth major advantage of software defined networking [4]. The abstraction of cloud resources is very important for any organization with cloud computing technology.
In spite of having such vast advantages, software defined network do comprises of various disadvantages over traditional network. They are as follows:
- Scalability: This is one of the basic disadvantages of software defined network [7]. There is lack of scalability in this type of network, the controllers often face problem due to this, and data is lost.
- Latency: Latency is the second important disadvantage of software defined network. The data packets are transferred after major delay.
Part 2: Three Current or Future Security Issues in SDN and its Countermeasures
i) Three security issues in SDN
Software defined network or SDN is a technology that is utilized for the management of network and allows proper network configuration for the improvisation of performance as well as monitoring of network. It helps in centralizing the network and disassociation of data forwarding process [3]. The static architecture of all the traditional networks is absolutely decentralized and the software defined network is properly centralized and flexible. The security and the elasticity of SDN are main advantages of this particular network. However, there are some of the major issues in security in software defined network. They are as follows:
- Denial of Service or DoS Attacks: This is the most important and significant security issue in software defined network [2]. Denial of service or simply DoS attack is the type of cyber threat or attack, where the hacker or the intruder enters into a machine or any network resource absolutely unavailable for the legitimate users by simply disturbing the host services linked to the Internet connection. This Denial of Service attack occurs after the resource or the machine is congested with various requests from illegitimate users. The original users do not get any idea about this attack and the network is blocked completely. The intruders or the hackers claim themselves as the original users and all the information or data are stolen and the confidentiality of this data or information is lost [8]. Distributed Denial of Service attack or DDoS attack is a form of denial of service attack where the incoming traffic is flooded by the victim origination from various sources. The SDN often suffers from this type of attacks and they cannot be easily mitigated.
- Manipulation of Data or Network: This is the second most significant security issue of software defined network. Manipulation of data or network is the specific procedure of data alteration with the effort for making the data or network unreadable or unbearable for the legitimate users [3]. The hackers or the intruders often change or manipulate the data or network with the wrong intention of data breaching or network breaching. Te network traffic is viewed by the hackers and they block the traffic and thus, the data transfer is completely stopped.
- Network Traffic Diversion: This is the third major security issue in software defined network. The traffic of the network is diversified by the hackers or the attackers and they do this changing the network destination [1]. This often creates major problem when the data packets are sent to some other location other than the destination.
ii) Mitigation techniques and tools for each security measure
The above mentioned security issues can be eradicated or mitigated with the help of various mitigation tools and techniques. The various mitigation techniques for the three mentioned security issues of software defined network are as follows:
- i) Mitigation of Denial of Service or DoS Attacks: The security issue of Denial of Service attack of software defined network can be easily eradicated or eliminated by utilizing the process or technique of dropping of data packets in the control plane layer [5]. Moreover, the simple utilization of limitation rate can also mitigate the denial of service attack.
- ii) Mitigation of Manipulation of Data or Network: This specific type of attack can be easily eradicated when the SDN controller has an entity based channel and strong encryption will protect the network and data [14].
iii) Mitigation of Network Traffic Diversion: The network traffic diversion can be easily eradicated with the help of strong encrypted communication channel [13]. This will eventually secure the entire network.
References [1] Ali-Ahmad, Hassan, Claudio Cicconetti, Antonio de la Oliva, Vincenzo Mancuso, Malla Reddy Sama, Pierrick Seite, and Sivasothy Shanmugalingam. “An SDN-based network architecture for extremely dense wireless networks.” In Future Networks and Services (SDN4FNS), 2013 IEEE SDN for, pp. 1-7. IEEE, 2013.
[2] Yan, Qiao, F. Richard Yu, Qingxiang Gong, and Jianqiang Li. “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges.” IEEE Communications Surveys & Tutorials 18, no. 1 (2016): 602-622.
[3] Hu, Fei, ed. Network Innovation through OpenFlow and SDN: Principles and Design. CRC Press, 2014.
[4] Cui, Laizhong, F. Richard Yu, and Qiao Yan. “When big data meets software-defined networking: SDN for big data and big data for SDN.” IEEE network 30, no. 1 (2016): 58-65.
[5]Farhady, H., Lee, H. and Nakao, A. (2015). Software-Defined Networking: A survey. Computer Networks, 81, pp.79-95.
[6] Guan, Xinjie, Baek-Young Choi, and Sejun Song. “Reliability and scalability issues in software defined network frameworks.” In Research and Educational Experiment Workshop (GREE), 2013 Second GENI, pp. 102-103. IEEE, 2013.
[7] Karakus, Murat, and Arjan Durresi. “A survey: Control plane scalability issues and approaches in Software-Defined Networking (SDN).” Computer Networks 112 (2017): 279-293.
[8] Yan, Qiao, F. Richard Yu, Qingxiang Gong, and Jianqiang Li. “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges.” IEEE Communications Surveys & Tutorials 18, no. 1 (2016): 602-622.
[9] Scott-Hayward, Sandra, Gemma O’Callaghan, and Sakir Sezer. “SDN security: A survey.” In Future Networks and Services (SDN4FNS), 2013 IEEE SDN For, pp. 1-7. IEEE, 2013.
[10] Dhamecha, Kapil, and Bhushan Trivedi. “Sdn issues-a survey.” International Journal of Computer Applications 73, no. 18 (2013).
[11] Dixit, Advait, Fang Hao, Sarit Mukherjee, T. V. Lakshman, and Ramana Kompella. “Towards an elastic distributed SDN controller.” In ACM SIGCOMM Computer Communication Review, vol. 43, no. 4, pp. 7-12. ACM, 2013.
[12] Sezer, Sakir, Sandra Scott-Hayward, Pushpinder Kaur Chouhan, Barbara Fraser, David Lake, Jim Finnegan, Niel Viljoen, Marc Miller, and Navneet Rao. “Are we ready for SDN? Implementation challenges for software-defined networks.” IEEE Communications Magazine 51, no. 7 (2013): 36-43.
[13] Singla, Sanjoli, and Jasmeet Singh. “Cloud data security using authentication and encryption technique.” Global Journal of Computer Science and Technology (2013).
[14] Mihaljevi?, Miodrag J., and Hideki Imai. “Security issues of cloud computing and an encryption approach.” In Cloud Technology: Concepts, Methodologies, Tools, and Applications, pp. 1527-1547. IGI Global, 2015.