Isolating Malicious Controller(s) In Distributed Software-Defined Networks with Centralized Reputation Management

Although software-defined networks have seen a sharp increase in their deployment around the world, with big tech companies including Microsoft and Google, to name a few, tapping into the enormous potential that these networks offer, there are still various security loopholes that need to be plugged. One such security-related issues is that of a rogue controller bringing down an entire network. As we shall see in this paper, this problem is still short of any definitive solutions, especially when it comes to distributed software-defined networks. We attempt to resolve this issue by developing a centrally managed trust and reputation scheme. By proactively comparing the policies/flow rules that need to be installed in the switches with those that are actually installed, our scheme singles out a malicious controller. We have evaluated the scheme for scalability, message overhead, and for bad-mouthing attacks. Our results suggest that using trust and reputation system can greatly enhance the network security in this scenario as demonstrated by rigorous evaluations in Emulab network emulation testbed.

[1]  Murali S. Kodialam,et al.  Traffic engineering in software defined networks , 2013, 2013 Proceedings IEEE INFOCOM.

[2]  Mathieu Bouet,et al.  DISCO: Distributed multi-domain SDN controllers , 2013, 2014 IEEE Network Operations and Management Symposium (NOMS).

[3]  Weisong Shi,et al.  PET: A PErsonalized Trust Model with Reputation and Risk Evaluation for P2P Resource Sharing , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[4]  Preeti Singh,et al.  Packet and circuit network convergence with OpenFlow , 2010, 2010 Conference on Optical Fiber Communication (OFC/NFOEC), collocated National Fiber Optic Engineers Conference.

[5]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[6]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[7]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[8]  Ghulam Muhammad Shaikh,et al.  A Centralized Reputation Management Scheme for Isolating Malicious Controller(s) in Distributed Software-Defined Networks , 2017, ArXiv.

[9]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[10]  Jim Webber,et al.  A programmatic introduction to Neo4j , 2018, SPLASH '12.

[11]  Sufian Hameed,et al.  SDN Based Collaborative Scheme for Mitigation of DDoS Attacks , 2018, Future Internet.

[12]  Yashar Ganjali,et al.  HyperFlow: A Distributed Control Plane for OpenFlow , 2010, INM/WREN.

[13]  Vinod Yegneswaran,et al.  Model checking invariant security properties in OpenFlow , 2013, 2013 IEEE International Conference on Communications (ICC).

[14]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[15]  Ejaz Ahmed,et al.  Securing software defined networks: taxonomy, requirements, and open issues , 2015, IEEE Communications Magazine.

[16]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[17]  Nick Feamster,et al.  The road to SDN: an intellectual history of programmable networks , 2014, CCRV.

[18]  Khin Mi Mi Aung,et al.  A loss-free multipathing solution for data center network using software-defined networking approach , 2012, 2012 Digest APMRC.

[19]  Sam Hartman,et al.  Security Analysis of the Open Networking Foundation (ONF) OpenFlow Switch Specification , 2013 .

[20]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[21]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[22]  Brent Byunghoon Kang,et al.  Rosemary: A Robust, Secure, and High-performance Network Operating System , 2014, CCS.

[23]  Sufian Hameed,et al.  Leveraging SDN for collaborative DDoS mitigation , 2017, 2017 International Conference on Networked Systems (NetSys).

[24]  Sufian Hameed,et al.  Efficacy of Live DDoS Detection with Hadoop , 2015, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[25]  Nick Feamster,et al.  Improving network management with software defined networking , 2013, IEEE Commun. Mag..

[26]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[27]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[28]  Sakir Sezer,et al.  Queen ' s University Belfast-Research Portal Are We Ready for SDN ? Implementation Challenges for Software-Defined Networks , 2016 .

[29]  Aniruddha S. Gokhale,et al.  Software-Defined Networking: Challenges and research opportunities for Future Internet , 2014, Comput. Networks.

[30]  Yashar Ganjali,et al.  On scalability of software-defined networking , 2013, IEEE Communications Magazine.

[31]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[32]  Xiaoming Fu,et al.  On the Security of Software-Defined Networks , 2015, 2015 Fourth European Workshop on Software Defined Networks.

[33]  S. Buchegger,et al.  Coping with False Accusations in Misbehavior Reputation Systems for Mobile Ad-hoc Networks , 2003 .

[34]  K. Bakshi Considerations for Software Defined Networking (SDN): Approaches and use cases , 2013, 2013 IEEE Aerospace Conference.