OpenFlow Communications and TLS Security in Software-Defined Networks

The adoption of Software-Defined Networking (SDN), a networking approach where data traffic control and execution are made independent of each other, is an ongoing process that some companies are considering as an option but have not embraced yet due to different factors. Incorporating this new paradigm into an existing network defines a shift in networking technology with different benefits expected to derive from this implementation. These benefits include (1) the ability to use customised business specific applications, (2) reduce overhead costs on legacy network infrastructure, taking full control of network, (3) reduce network application update time, increase productivity, and (4) apply increased security among others. However, the security of SDN itself has been a subject of debate. This is mainly because, the communication standard used by SDN, known as OpenFlow, and developed by the Open Network Foundation, does not enforce the implementation of the Transport Layer Security (TLS) but defines it only as optional. This could then make the network infrastructure vulnerable and therefore affect the overall security of a company. Security plays a significant part in an organisation and it is one of the determinants of the success of SDN. OpenFlow security relies on the implementation of TLS, which has been proven vulnerable, and therefore bringing to mind the question on how secure organisation's data is when the implementation of secure data transfer is treated with laxity. This paper focuses on securing OpenFlow communication in SDN by summarising TLS security flaws and recommending ways of improving TLS security thereby securing OpenFlow communication.

[1]  Franklin A. Michota Learning From the Mistakes of Others , 2012 .

[2]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[3]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[4]  Olivier Bonaventure,et al.  Opportunities and research challenges of hybrid software defined networks , 2014, CCRV.

[5]  Guido Appenzeller,et al.  Maturing of OpenFlow and Software-defined Networking through deployments , 2014, Comput. Networks.

[6]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[7]  Sakir Sezer,et al.  Queen ' s University Belfast-Research Portal Are We Ready for SDN ? Implementation Challenges for Software-Defined Networks , 2016 .

[8]  Mohsen Guizani,et al.  Software-defined networking security: pros and cons , 2015, IEEE Communications Magazine.

[9]  Adam Langley,et al.  Transport Layer Security (TLS) Snap Start , 2010 .

[10]  Hyunsoo Kwon,et al.  A survey on MITM and its countermeasures in the TLS handshake protocol , 2016, 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN).

[11]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[12]  Ching-Hao,et al.  OpenFlow Version Roadmap , .

[13]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[14]  Chin Guok,et al.  Open transport switch: a software defined networking architecture for transport networks , 2013, HotSDN '13.

[15]  Pratik Guha Sarkar,et al.  ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST , CRIME , TIME , BREACH , LUCKY 13 & RC 4 BIASES , 2013 .

[16]  Mathieu Bouet,et al.  DISCO: Distributed multi-domain SDN controllers , 2013, 2014 IEEE Network Operations and Management Symposium (NOMS).

[17]  Luciano Paschoal Gaspary,et al.  Survivor: An enhanced controller placement strategy for improving SDN survivability , 2014, 2014 IEEE Global Communications Conference.

[18]  Hervé Debar,et al.  TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS , 2015, AsiaCCS.

[19]  Christof Paar,et al.  DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.

[20]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[21]  Sam Hartman,et al.  Security Analysis of the Open Networking Foundation (ONF) OpenFlow Switch Specification , 2013 .

[22]  Iain Murray,et al.  Software Defined Networking challenges and future direction: A case study of implementing SDN features on OpenStack private cloud , 2016 .

[23]  Stephen Thomas SSL and TLS Essentials: Securing the Web , 2000 .

[24]  Jörg Schwenk,et al.  Lessons Learned From Previous SSL/TLS Attacks - A Brief Chronology Of Attacks And Weaknesses , 2013, IACR Cryptol. ePrint Arch..

[25]  Karthikeyan Bhargavan,et al.  Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH , 2016, NDSS.