Abstract
Software Defined Networking (SDN) is an emerging networking paradigm that addresses current network design limitations. It promotes centralized control of the network by clearly separating Control Plane and Data Plane. In one hand, Security in SDN is one of the most challenging research topics. In the other hand, deployment of security as service is one of the most cutting-edge topic. In this paper, we propose a general framework for security deployment as a service in SDN networks. As a case study we proposed extension of OpenFlow protocol for IPsec VPN set. We have evaluated this proposal using a real world testbed based on Mininet and Floodlight. Preliminary results show that our proposal can enable security service without drastically degrading performance in comparison to deploy security on endpoints of communications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bakhshi, T.: State of the art and recent research advances in software defined networking. Wirel. Commun. Mob. Comput. 2017, 35 (2017). Article ID 7191647
Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. In: IEEE Communications Surveys and Tutorials, vol. 17, no. 4, pp. 2317–2346 (Fourthquarter 2015)
Ertaul, L., Venkatachalam, K.: Security of software defined networks (SDN). In: International Conference on Wireless Networks, Las Vegas, Nevada, USA, 17–20 July 2017 (2017)
Feghali, A., Kilany, R., Chamoun, M.: SDN security problems and solutions analysis. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), Paris, pp. 1–5 (2015)
Patil, V., Patil, C., Awale, R.N.: Security challenges in software defined network and their solutions. In: 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Delhi, India, pp. 1–5 (2017)
Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., Conti, M.: A Survey on the Security of Stateful SDN Data Planes. IEEE Communications Surveys and Tutorials 19(3), 1701–1725 (2017)
Shin, S., Xu, L., Hong, S., Gu, G.: Enhancing network security through software dened networking (SDN). In: 2016 25th International Conference on Computer Communication and Networks (ICCCN), Waikoloa, HI, pp. 1–9 (2016)
Satasiya, D., Raviya, R., Kumar, H.: Enhanced SDN security using firewall in a distributed scenario. In: 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, pp. 588–592 (2016)
Chou, L.D., Tseng, C.W., Huang, Y.K., Chen, K.C., Ou, T.F., Yen, C.K.: A security service on-demand architecture in SDN. In: 2016 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, pp. 287–291 (2016)
Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A.: SDN security plane an architecture for resilient security services. In: 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW), Berlin, pp. 54–59 (2016)
Li, Y., Mao, J.: SDN-based access authentication and automatic configuration for IPsec. In: 2015 4th International Conference on Computer Science and Network Technology (ICCSNT), Harbin, pp. 996–999 (2015)
Monshizadeh, M., Khatri, V., Kantola, R.: Detection as a service: an SDN application. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), Bongpyeong, pp. 285–290 (2017)
Software-Defined Networking (SDN) Definition. https://www.opennetworking.org/sdn-definition. Accessed 13 Jan 2018
Seo, K., Seo, K.: Security architecture for the internet protocol. RFC 4301 (Standard), Obsoletes 2401, December 2005
Seo, K.: IP Encapsulating Security Payload (ESP). RFC 4303 (Standard), Obsoletes 2406, December 2005
Seo, K.: IP Authentication Header. RFC 4302 (Standard), Obsoletes 2402, December 2005
Frankel, S., Krishnan, S.: IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071 (Informational), Obsoletes 2411, February 2011
Official website of Mininet. http://mininet.org. Accessed 11 Dec 2017
Official website of Floodlight. http://www.projectfloodlight.org/floodlight/. Accessed 2 Dec 2017
Official website of Racoon. https://packages.debian.org/fr/sid/racoon. Accessed 14 Mar 2019
Official website of Iperf. https://iperf.fr/. Accessed 13 Jan 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Coly, A., Mbaye, M. (2019). S-SDS: A Framework for Security Deployment as Service in Software Defined Networks. In: Bassioni, G., Kebe, C., Gueye, A., Ndiaye, A. (eds) Innovations and Interdisciplinary Solutions for Underserved Areas. InterSol 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 296. Springer, Cham. https://doi.org/10.1007/978-3-030-34863-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-34863-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34862-5
Online ISBN: 978-3-030-34863-2
eBook Packages: Computer ScienceComputer Science (R0)