Software Defined Networking : A Security Perspective Dr. Sarker - - PowerPoint PPT Presentation

software defined networking a
SMART_READER_LITE
LIVE PREVIEW

Software Defined Networking : A Security Perspective Dr. Sarker - - PowerPoint PPT Presentation

Aug 10, 2023 267 likes •542 views

Software Defined Networking : A Security Perspective Dr. Sarker Tanveer Ahmed Rumee Dept. of CSE, University of Dhaka Traditional Network Infrastructure Two Main Tasks Control of information flow (control plane) Calculation of routing

slide-1
SLIDE 1

Software Defined Networking : A Security Perspective

  • Dr. Sarker Tanveer Ahmed Rumee
  • Dept. of CSE, University of Dhaka
slide-2
SLIDE 2

Traditional Network Infrastructure

slide-3
SLIDE 3

Two Main Tasks

  • Control of information flow (control plane)

– Calculation of routing decisions / tables – Additional decision: QoS, Security etc.

  • Forwarding of information (data plane)

– Forward network packets based on predetermined/ precalculclated decisions

slide-4
SLIDE 4

Traditional Computer Networks

Data plane: Packet streaming

Forward, filter, buffer, mark, rate-limit, and measure packets

slide-5
SLIDE 5

Traditional Computer Networks

Track topology changes, compute routes, install forwarding rules

Control plane: Distributed algorithms

slide-6
SLIDE 6

Traditional Computer Networks

Collect measurements and configure the equipment Management plane: Human time scale

slide-7
SLIDE 7

We want to do better

  • How?

– One possible solution is to separate the control plane from the data plane – Provides great flexibility – Easier to accommodate change – Solution: Software Defined Network

slide-8
SLIDE 8

Software Defined Networking (SDN)

API to the data plane (e.g., OpenFlow) Logically-centralized control Switches

Smart, slow

Dumb, fast

slide-9
SLIDE 9

Control Program A Control Program B Network OS

Software Defined Network (SDN)

Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding

slide-10
SLIDE 10

Network O.S. Applications Applications Applications

Southbound API

SDN

Switch Operating System Switch Hardware

North bound API

slide-11
SLIDE 11

Implications Of SDN

Controller (N. O.S.) Applications Applications Applications Southbound API Switch O.S Switch HW Switch O.S Switch HW Switch O.S Switch HW

Global View Programmatic Control

Current Networking SDN Enabled Environment

Network O.S. ASIC Applications Applications Network O.S. ASIC Applications Applications Network O.S. ASIC Applications Applications

slide-12
SLIDE 12

SDN Challenges

slide-13
SLIDE 13

Controller Availability

13

Controller (N. O.S.) Applications Applications Applications

slide-14
SLIDE 14

Controller Availability

14

Controller (N. O.S.) Applications Applications Applications

slide-15
SLIDE 15

Controller Availability

“control a large force like a small force: divide and conquer”

  • -Sun Tzu, Art of war

15

  • How many controllers?
  • How do you assign switches to controllers?
  • More importantly: which assignment reduces

processing time

  • How to ensure consistency between

controllers

Controller (N. O.S.) Applications Applications Applications Controller (N. O.S.) Applications Applications Applications Controller (N. O.S.) Applications Applications Applications

slide-16
SLIDE 16

SDN Reliability/Fault Tolerance

16

Controller (N. O.S.) Applications Applications Applications

Controller: Single point of control

  • Bug in controller takes the

whole network down

Existing network survives failures or bugs in code for any one devices

slide-17
SLIDE 17

SDN Security

17

Controller (N. O.S.) Applications Applications Applications

Controller: Single point of control

  • Compromise controller

If one device in the current networks are compromised the network may still be safe

slide-18
SLIDE 18

SDN Security

18

Controller (N. O.S.) Applications Applications Applications

Controller: Single point of control

  • Compromise controller
  • Denial of Service attack the

control channel

slide-19
SLIDE 19

SDN Security issues

slide-20
SLIDE 20

Primary Concerns

  • Security Challenges :
  • Attack on the centralized controller
  • Trust problem between controller and

software applications

  • Attack on the communication channel

between controller and devices

slide-21
SLIDE 21

Security in SDN---DoS Attack in Detail

step 2 step 3 step 4

packet

step 1 sender switch receiver

slide-22
SLIDE 22

Security in SDN---DoS

  • Possible solution to DoS attack :
  • Run the device in proactive mode or using Firewall

Internet

Header Header

slide-23
SLIDE 23

Security in SDN---Malicious Applications

SDN controller

App App App

App

  • Malicious application can now be easily

developed and deployed on controllers.

  • Possible solutions : software attestation.
slide-24
SLIDE 24

Security in SDN---Control Channel Attack

SDN Controller control channel SSL

  • Attack can either pretend to be the controller or the switch!
  • Possible solution 1: encrypt the channel by SSL.
slide-25
SLIDE 25

Control Channel Attack Solution -2

slide-26
SLIDE 26

Conclusion

  • SDN is still is in infancy period
  • Security protection of SDN – standards not

developed yet

  • Eventually SDN will be standard
  • We need to find solutions and mechanisms to

make it work for all kinds of networks