Securing OpenFlow communication between the controller and the data plane
The main focus of this research is to provide a means to secure communication between the controller and data plane in Software-Defined Networks (SDN), a new networking paradigm. One of the reasons for the emergence of SDN centres around the security of information and network infrastructure which is still an issue considering how much changes have been introduced in networking and the diverse network infrastructure available.
This research, therefore, focuses on the aspect of communication security in the new paradigm, and to tackle the issue of security, the research has narrowed down the area of concern to the OpenFlow protocol that enables communication between the Controller and the Data Plane through the review of relevant publications. However, the security of the OpenFlow protocol is guaranteed by the Transport Layer Security (TLS), a cryptographic protocol enabling the encryption and transportation of communication between different network devices. The research has shown that, TLS is susceptible to different man-in-the-middle (mitm) attacks. To protect the TLS protocol, an enhancement of the protocol was designed with the inclusion of a smart monitoring system to provide the needed security for OpenFlow communication in Software-Defined Networks.
In order to ascertain the notion of the vulnerability of the TLS protocol, a total of 20 mitm attacks were carried out against the different versions of the TLS protocol with 5 variations of attack syntax. An overall 75 percent attack success rate was achieved. With different modifications of the attack syntax, 3 had a 100 percent success rate across the protocols, while one had a 90 percent rate success across 3 versions of the protocol, and the syntax had no success.
The work of the smart monitoring system is to create a randomised status check of the client at intervals which would provide the server with the necessary information of the client as reliable before and after a connection or handshake is initiated or completed. This is an advantage that would secure OpenFlow communication in Software-Defined Networks.
History
Institution
Anglia Ruskin UniversityFile version
- Published version
Thesis name
- PhD
Thesis type
- Doctoral