Advertisement

S-SDS: A Framework for Security Deployment as Service in Software Defined Networks

  • Adama ColyEmail author
  • Maïssa Mbaye
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 296)

Abstract

Software Defined Networking (SDN) is an emerging networking paradigm that addresses current network design limitations. It promotes centralized control of the network by clearly separating Control Plane and Data Plane. In one hand, Security in SDN is one of the most challenging research topics. In the other hand, deployment of security as service is one of the most cutting-edge topic. In this paper, we propose a general framework for security deployment as a service in SDN networks. As a case study we proposed extension of OpenFlow protocol for IPsec VPN set. We have evaluated this proposal using a real world testbed based on Mininet and Floodlight. Preliminary results show that our proposal can enable security service without drastically degrading performance in comparison to deploy security on endpoints of communications.

Keywords

SDS SDN Control plane Data plane IPsec OpenFlow Security service deployment Network Security Floodlight Mininet 

References

  1. 1.
    Bakhshi, T.: State of the art and recent research advances in software defined networking. Wirel. Commun. Mob. Comput. 2017, 35 (2017). Article ID 7191647CrossRefGoogle Scholar
  2. 2.
    Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. In: IEEE Communications Surveys and Tutorials, vol. 17, no. 4, pp. 2317–2346 (Fourthquarter 2015)CrossRefGoogle Scholar
  3. 3.
    Ertaul, L., Venkatachalam, K.: Security of software defined networks (SDN). In: International Conference on Wireless Networks, Las Vegas, Nevada, USA, 17–20 July 2017 (2017)Google Scholar
  4. 4.
    Feghali, A., Kilany, R., Chamoun, M.: SDN security problems and solutions analysis. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), Paris, pp. 1–5 (2015)Google Scholar
  5. 5.
    Patil, V., Patil, C., Awale, R.N.: Security challenges in software defined network and their solutions. In: 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Delhi, India, pp. 1–5 (2017)Google Scholar
  6. 6.
    Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., Conti, M.: A Survey on the Security of Stateful SDN Data Planes. IEEE Communications Surveys and Tutorials 19(3), 1701–1725 (2017)CrossRefGoogle Scholar
  7. 7.
    Shin, S., Xu, L., Hong, S., Gu, G.: Enhancing network security through software dened networking (SDN). In: 2016 25th International Conference on Computer Communication and Networks (ICCCN), Waikoloa, HI, pp. 1–9 (2016)Google Scholar
  8. 8.
    Satasiya, D., Raviya, R., Kumar, H.: Enhanced SDN security using firewall in a distributed scenario. In: 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, pp. 588–592 (2016)Google Scholar
  9. 9.
    Chou, L.D., Tseng, C.W., Huang, Y.K., Chen, K.C., Ou, T.F., Yen, C.K.: A security service on-demand architecture in SDN. In: 2016 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, pp. 287–291 (2016)Google Scholar
  10. 10.
    Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A.: SDN security plane an architecture for resilient security services. In: 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW), Berlin, pp. 54–59 (2016)Google Scholar
  11. 11.
    Li, Y., Mao, J.: SDN-based access authentication and automatic configuration for IPsec. In: 2015 4th International Conference on Computer Science and Network Technology (ICCSNT), Harbin, pp. 996–999 (2015)Google Scholar
  12. 12.
    Monshizadeh, M., Khatri, V., Kantola, R.: Detection as a service: an SDN application. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), Bongpyeong, pp. 285–290 (2017)Google Scholar
  13. 13.
    Software-Defined Networking (SDN) Definition. https://www.opennetworking.org/sdn-definition. Accessed 13 Jan 2018
  14. 14.
    Seo, K., Seo, K.: Security architecture for the internet protocol. RFC 4301 (Standard), Obsoletes 2401, December 2005Google Scholar
  15. 15.
    Seo, K.: IP Encapsulating Security Payload (ESP). RFC 4303 (Standard), Obsoletes 2406, December 2005Google Scholar
  16. 16.
    Seo, K.: IP Authentication Header. RFC 4302 (Standard), Obsoletes 2402, December 2005Google Scholar
  17. 17.
    Frankel, S., Krishnan, S.: IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071 (Informational), Obsoletes 2411, February 2011Google Scholar
  18. 18.
    Official website of Mininet. http://mininet.org. Accessed 11 Dec 2017
  19. 19.
    Official website of Floodlight. http://www.projectfloodlight.org/floodlight/. Accessed 2 Dec 2017
  20. 20.
    Official website of Racoon. https://packages.debian.org/fr/sid/racoon. Accessed 14 Mar 2019
  21. 21.
    Official website of Iperf. https://iperf.fr/. Accessed 13 Jan 2018

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  1. 1.Laboratoire D’Analyse Numérique et InformatiqueGaston Berger UniversitySaint-LouisSenegal

Personalised recommendations