Security in Software Defined Networking
P f Ad l J k• Professor : Admela Jukan• Supervisor : Marcel Caria • Student : Siqian Zhao
Overview • Software Defined Networking (SDN)
Legacy Networking VS. SDN d t f SDN advantages of SDN
• the security problems in SDN caused by malicious attack d b i fi ti caused by misconfiguration
• SDN research project in IDA
Technische Universität Braunschweig – Seite 2
Routing in Legacy Networking
• Routing : select a path to forward packets from sender to receiver.• In Legacy networking :In Legacy networking :
Each network node has its own control plane. Information is collected individually from all network nodes.→ Problem
Management Plane
Control Control Control Control Control ControlControlPlane
ControlPlane
ControlPlane
ControlPlane
ControlPlane
ControlPlane
Data Plane
Technische Universität Braunschweig – Seite 3
Routing in SDN• Centralized control in SDN :
API
App App App App App
SDN controller
Data PlanePlane
• The controller maintains the forwarding table on all nodes across the network!• Benefits : centralized control and programmability.
Technische Universität Braunschweig – Seite 4
SDN Deployment and Market • Deployment example --- Google• 2010: Google started implementing SDN.
O t b 2012 G l id th t it' i t t d it t i t ti l SDN b d• October 2012: Google said, that it's going to extend its current international SDN-based inter-data center network.
(source: http://www.sdncentral.com/sdncentral-library-sdn-market-report/)
Technische Universität Braunschweig – Seite 5
SDN Future
• According to SDN Central :
(source: http://www.sdncentral.com/sdncentral-library-sdn-market-report/)Technische Universität Braunschweig – Seite 6
Security Concern in SDN
• Since the beginning of 2013, various working groups have been established to study the security in SDN.
• Such as : ONF,ETSI,ITU Id i t f d i i it i f th t t• Idea : importance of designing security in from the start.
• However, SDN hardware, software and services which are already in production and service lack of consideration of security implication!
• Mission : explore techniques and policies to overcome the SDN security challenges• Mission : explore techniques and policies to overcome the SDN security challenges.
Technische Universität Braunschweig – Seite 7
Security in SDN---Challenges • Security Challenges :
Attack on the centralized controllerT t bl b t t ll d ft li tiTrust problem between controller and software applicationsAttack on the communication channel between controller and devicesConflicting flow rules F di lForwarding loops
Application Malicious Application
SDN Controller
SDN SwitchSDN Switch
SDN SwitchSDN Switch
Technische Universität Braunschweig – Seite 8
Security in SDN---DoS • Attack on the controller : Denial of Service
Flow matched ? ---forward packet.No flow matched ? send packet to the controllerNo flow matched ? ---send packet to the controller.
• Thus , an attacker can execute a DoS attack on the node by setting up constantly new and unknown flows.
SDN controllerSDN controller
step 2 step 3
step 1 step 4packet
sender switch receiver
Technische Universität Braunschweig – Seite 9
Security in SDN---DoS • Possible solution to DoS attack :
Run the device in proactive mode or using FirewallFi ll ft h d b d t k it t th t t l th• Firewall : a software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set.
Internet
Header
Header
Technische Universität Braunschweig – Seite 10
Security in SDN---Malicious Applications • Trust issue between controller and applications
A
SDN controller
App App App App
• Malicious application can now be easily developed and deployed on controllers.• Possible solutions : software attestation.
Technische Universität Braunschweig – Seite 11
Security in SDN---Control Channel Attack • Attack on the control channel
SDN Controller
control channelSSL
• Attack can either pretend to be the controller or the switch!• Possible solution 1: encrypt the channel by SSL.
Technische Universität Braunschweig – Seite 12
Security in SDN---Control Channel Attack • Possible solution 2 to the attack on the control channel :
Separate the network
Technische Universität Braunschweig – Seite 13
Security in SDN---Misconfiguration
• Conflicting flow rules by OF switch : Multiple OF applications run on a network controller device. Diff t li ti i t diff t t l li i d i ll Different applications insert different control policies dynamically.
conflicting flow rules may arise! App 1 : A to B ; Modify SRC IP to X.
App 2 : X to B ; Modify DST IP to CSDN controller App 2 : X to B ; Modify DST IP to C.
App 3 : X to C , Forward.
BLOCK : A C Host B
Host A Host X Host C
Technische Universität Braunschweig – Seite 14
Security in SDN---Misconfiguration • Forwarding loops
10 1 t Bl 1010.1.x.x ; to Blue 10.x.x.x10.x.x.x ; to B
10.1.x.x
PacketPacket Packet
PacketPacket
PacketPacket
PacketPacketPacketPacket
10.1.x.x ; to A10.x.x.x ; to Green
Packet
Technische Universität Braunschweig – Seite 15
Security in SDN---Misconfiguration • Nox Controller Nox : an open-source platform that simplifies the creation of software for controlling or
monitoring networksmonitoring networks.
: relay flow rules from OF application t th it hto the switch
Technische Universität Braunschweig – Seite 16
Security in SDN---Misconfiguration • Possible solution : Fortnox --- an extension to the NOX controller by providing non-
bypass flow rules.
when flow ruleswhen flow rules are
conflict,comparethe level of
h i iauthorization roles.
Technische Universität Braunschweig – Seite 17
Security in SDN---Misconfiguration
• Role-based Source Authentication : assign priority to a candidate flow rule , recognize 3 standard authorization levels
among flow rule producersamong flow rule producers.
OF Operator Level : define authoritative security policy
OF Security Level :add flow constraints to combat live
threat activity
OF Application Level : legacy OF Apps
Technische Universität Braunschweig – Seite 18
Security in SDN---OpenDaylight Controller • Another possible solution in OpenDaylight Controller : Defense4All.
Monitoring behavior of protected traffic Diverting attacked traffic to selected AMSs
Technische Universität Braunschweig – Seite 19
SDN Security Research in IDA • SASER : Safe And Secure European Routing
--- Start date : August 2012E d S t b 2015--- End : September 2015
--- Total Budget : about 80 million Euros--- Effort : more than 500 person yearsSDN l t d h• SDN related researches :---Security concept for a new architecture based on software defined networking.---General architecture specification ---Network optimization …
• Challenges coexist with opportunities .
Technische Universität Braunschweig – Seite 20