CFP last date
20 January 2025
Reseach Article

Vulnerabilities in SDN Due to Separation of Data and Control Planes

by S. Faizullah, S. AlMutairi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 179 - Number 31
Year of Publication: 2018
Authors: S. Faizullah, S. AlMutairi
10.5120/ijca2018916519

S. Faizullah, S. AlMutairi . Vulnerabilities in SDN Due to Separation of Data and Control Planes. International Journal of Computer Applications. 179, 31 ( Apr 2018), 21-24. DOI=10.5120/ijca2018916519

@article{ 10.5120/ijca2018916519,
author = { S. Faizullah, S. AlMutairi },
title = { Vulnerabilities in SDN Due to Separation of Data and Control Planes },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2018 },
volume = { 179 },
number = { 31 },
month = { Apr },
year = { 2018 },
issn = { 0975-8887 },
pages = { 21-24 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume179/number31/29194-2018916519/ },
doi = { 10.5120/ijca2018916519 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:57:07.165907+05:30
%A S. Faizullah
%A S. AlMutairi
%T Vulnerabilities in SDN Due to Separation of Data and Control Planes
%J International Journal of Computer Applications
%@ 0975-8887
%V 179
%N 31
%P 21-24
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Tremendous advancements over the past several decades revolutionized the networking research and technological industry, however, it is still dominated and remains hardware based. Such legacy networks are inflexible, hard and costly to scale and manage. Software defined networking (SDN) is a new approach to networking which enable comprehensive network programmability. SDN architecture bifurcates the data and control plane thereby simplifies network management. In this new architecture, the control plane consists of networking intelligence and the policy making ability is moved to a centralized entity called as controller. Commonly, SDN uses OpenFlow as the communication interface between the data and control planes. This separation while providing great opportunities for scalability, also introduces new vulnerabilities. We identify certain scenarios for vulnerabilities in the OpenFlow semantics that can subject the controller to distributed denial of service (DDoS) attack which is unique to SDN due to the new architecture where the control plane is separated from the data plane. We also explore some reactive mechanisms that can detect and help to devise techniques to prevent impending DDoS attack on an SDN controller.

References
  1. B. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka and T. Turletti, "A survey of software-defined networking: Past, present, future of programmable networks", IEEE Commun. Surv. Tut., vol. 16, no. 3, pp. 1617-1634, 2014
  2. N. Feamster, J. Rexford and E. Zegura, "The road to SDN", Queue, vol. 11, no. 12, pp. 20:20-20:40, 2013
  3. K. Ahokas, “Software-defined networking”, Aalto University School of Science.
  4. S. Shin and G. Gu, ”Attacking software-defined networks: A first feasibility study (short paper)” , In HotSDN'13.
  5. M. Yu, L. Jose, and R. Miao, “Software defined traffic measurement with OpenSketch”. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI'13). April (2013).
  6. http://archive.openflow.org/documents/openflow-spec-v1.0.0.pdf
  7. A. Doria, J. Hadi Salim, R. Haas, H. Khosravi, W. Wang, L. Dong, R. Gopal, and J. Halpern, “Forwarding and control element separation” (ForCES) protocol specification, RFC 5810 (Proposed Standard), March 2010,
  8. Devolved Control of ATM Networks. http://www.cl.cam.ac.uk/research/srg/netos/old-projects/dcan/#pub.
  9. H. Wang, L. Xu, and G. Guofei, “Of-Guard: A DoS Attack Prevention Extension in Software-Defined Networks’, In USENIX Open Network Summit, 2014.
  10. T. Limoncelli, “Openflow: a radical new idea in networking”,. Commun. ACM, 55(8):42–47, August 2012.
  11. K. Benton, L. J. Camp, and C. Small. OpenFlow Vulnerability Assessment. HotSDN '13, pages 151--152, 2013.
Index Terms

Computer Science
Information Sciences

Keywords

Software Defined Networking SDN SDN Vulnerabilities DDoS Cloud Computing OpenFlow.