A Review of Solutions for SDN-Exclusive Security Issues

Spooner, Jakob; Zhu, Shao Ying

doi:10.14569/ijacsa.2016.070817

Cited by 10 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Ada ancaman serius yang dapat terjadi pada SDN, ancaman terbesarnya adalah link antara lapisan aplikasi dan jaringan yang terletak dibawahnya atau antara Control Plane dan Data Plane [2]. Beberapa penyelesaianya adalah dengan menggunakan metode yang ditawarkan oleh Intrusion Detection System (IDS) dan Intrusion Prevention System (IPS).…”

Section: Pendahuluanunclassified

Implementasi untuk Meningkatkan Keamanan Jaringan Menggunakan Deep Packet Inspection pada Software Defined Networks

Harja

Rakhmatsyah

Nugroho

2019

IndoJC

View full text Add to dashboard Cite

AbstractToday, Software Defined Network (SDN) has been globally recognized as a new technology for network architecture. But, there is still lack in security. Many studies use methods such as the Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) to deal with social problems. But there is still a lack of security in terms of network performance. To solve the problem, can be used Deep Packet Inspection method (DPII) which make administrators can directly know what happens to traffic in real time. In this research, DPI will be implemented as security method and tested with Denial of Service (DoS) attack with Direct Attack. The results of testing on SDN networks that have been added DPI can perform packet detection such as IDS and blocking such as IPS with good performance time in overcoming attack.Keywords: SDN, DPI, DoS attack, Direct Attack, performance

show abstract

Section: Pendahuluanunclassified

Implementasi untuk Meningkatkan Keamanan Jaringan Menggunakan Deep Packet Inspection pada Software Defined Networks

Harja

Rakhmatsyah

Nugroho

2019

IndoJC

View full text Add to dashboard Cite

show abstract

“…Therefore, it is concerned with preserving the integrity of flow tables and flow rules [9]. Eavesdropping is a general threat in computer networks and it applies to the electrical [13] as well as the optical domain [14]. A natural countermeasure is encryption.…”

Section: Secure Servicesmentioning

confidence: 99%

Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration

Szyrkowiec¹,

Santuari²,

Chamania³

et al. 2018

J. Opt. Commun. Netw.

View full text Add to dashboard Cite

Growing traffic demands and increasing security awareness is driving the need for secure services. Current solutions require manual configuration and deployment based on the customer's requirements. In this work, we present an architecture for an automatic intent-based provisioning of a secure service in a multilayer -IP, Ethernet and optical -network while choosing the appropriate encryption layer using an open-source SDN orchestrator. The approach is experimentally evaluated in a testbed with commercial equipment. Results indicate that the processing impact of secure channel creation on a controller is negligible. As the time for setting up services over WDM is varying between technologies, it needs to be taken into account in the decision process.

show abstract

“…Benton et al also present a brief overview of the vulnerabilities in OpenFlow protocol [15]. In addition, there are some works [34][35][36][37][38] that analyze vulnerabilities that exist in SDN network and present relevant studies dealing with vulnerabilities. Finally, Yoon et al systemize the attack surfaces existing in SDN network and evaluate them against three popular SDN controllers [39].…”

Section: Related Workmentioning

confidence: 99%

NOSArmor: Building a Secure Network Operating System

Nam

Shin

2018

Security and Communication Networks

View full text Add to dashboard Cite

Software-Defined Networking (SDN), controlling underlying network devices (i.e., data plane) in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS), also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB), into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight) with secureness of network assets.

show abstract

A Review of Solutions for SDN-Exclusive Security Issues

Cited by 10 publications

References 28 publications

Implementasi untuk Meningkatkan Keamanan Jaringan Menggunakan Deep Packet Inspection pada Software Defined Networks

Implementasi untuk Meningkatkan Keamanan Jaringan Menggunakan Deep Packet Inspection pada Software Defined Networks

Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration

NOSArmor: Building a Secure Network Operating System

Contact Info

Product

Resources

About