Security in the software defined networking infrastructure

Edge, Peter (2019) Security in the software defined networking infrastructure. [Thesis (PhD/Research)]

[img]
Preview
Text (Whole Thesis)
Peter_Edge_Thesis_MSCR_2019.pdf

Download (2MB) | Preview

Abstract

Software Defined Networks (SDN) is a paradigm in which control and data planes of traditional networking devices are decoupled to form a distrubuted model. Communication between the separate planes requires a protocol such as OpenFlow to leverage programmable routing and forwarding decisions on the network. In this model, Application Programmable Interfaces (APIs) make it possible to inject policy and forwarding rules via the control plane or controller. The most prominent challenges resulting from the separation is link security between the separated elements through which private network data is now traversing.

One main area of concern is the method of transmission with which the majority of Open-Source controllers currently communicate. The preferred practice is for a Transport Layer Security (TLS) channel initiation by an OpenFlow switch wishing to communicate with a controller. Many developers have replaced the TLS method of communication with straight Transport Control Protocol (TCP) due to handshake sequence issues caused by certificate exchange during the TLS connection phase.

This thesis and the subsequent research will ask questions on security around the controller to device links that pass flow tables , network abstractions and multi-layer information to multiple controlled network elements.

The main objective of this research is to develop testing procedures that allow for accurate and repeatable experiments. Therefore, in researching security vulnerabilities between controllers and forwarding devices, benchmarking performed on secure links tests the capability of authentication mechanisms to function properly under load.

The outcomes of this research include a series of quality industry standard tests to benchmark typical SDN controllers and forwarding devices. A critical analysis of typical devices at low, medium and high loads. An SDN security taxonomy is presented to help with future categorising of device testing in context of SDN architecture.


Statistics for USQ ePrint 36813
Statistics for this ePrint Item
Item Type: Thesis (PhD/Research)
Item Status: Live Archive
Additional Information: Master of Science (Research) thesis.
Faculty/School / Institute/Centre: Historic - Faculty of Health, Engineering and Sciences - School of Agricultural, Computational and Environmental Sciences (1 Jul 2013 - 5 Sep 2019)
Faculty/School / Institute/Centre: Historic - Faculty of Health, Engineering and Sciences - School of Agricultural, Computational and Environmental Sciences (1 Jul 2013 - 5 Sep 2019)
Supervisors: Zhang, Zhongwei; Lai, David
Date Deposited: 22 Jul 2019 02:45
Last Modified: 12 Jul 2021 03:05
Uncontrolled Keywords: SDN, NFV, OpenFlow, security, virtualisation, routing
Fields of Research (2008): 08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
Fields of Research (2020): 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460499 Cybersecurity and privacy not elsewhere classified
Identification Number or DOI: doi:10.26192/3xxt-zv02
URI: http://eprints.usq.edu.au/id/eprint/36813

Actions (login required)

View Item Archive Repository Staff Only