Advertisement

A Comprehensive Security Analysis Checksheet for OpenFlow Networks

  • Yoshiaki HoriEmail author
  • Seiichiro Mizoguchi
  • Ryosuke Miyazaki
  • Akira Yamada
  • Yaokai Feng
  • Ayumu Kubota
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 2)

Abstract

Software-defined networking (SDN) enables the exible and dynamic configuration of a network, and OpenFlow is one practical SDN implementation. Although it has been widely deployed in actual environments, it can cause fatal aws. In this paper, we consolidate the security threats to OpenFlow mentioned in previous work and introduce a new security checksheet that includes risk assessment methods. We compare the Kreutz et al. threat vectors with the SDNSecurity.org attack list to discover new threats. Our checksheet enables the security of a given OpenFlow network design to be comprehensively assessed. Furthermore, we evaluate the performance of an OpenFlow network with two attack scenarios using the checksheet and identify critical performance degradations.

Keywords

SDN OpenFlow system security risk assessment 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Y. Jarraya et al.: A Survey and a Layered Taxonomy of Software-De_ned Networking, In IEEE Comm. Surveys & Tutorials, Vol. 16, No. 4, pp. 1955-1980 (2014)Google Scholar
  2. 2.
    D. Kreutz et al.: Software-Defined Networking: A Comprehensive Survey. Proc. of the IEEE, Vol. 103, No. 1, pp. 14-76 (2015)Google Scholar
  3. 3.
    N. McKeown et al: OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Computer Communication Review, Vol. 38, Issue 2 (2008)Google Scholar
  4. 4.
    J. Wack, M. Tracy, M. Souppaya: Guideline on Network Security Testing, NIST Special Publication 800-42 (2003)Google Scholar
  5. 5.
    K. Scarfone, M. Souppaya, A. Cody, A. Orebaugh: Technical Guide to Information Security Testing and Assessment, NIST Special Publication 800-115 (2008)Google Scholar
  6. 6.
    D. Kreutz et al: Towards Secure and Dependable Software-Defined Networks, In: ACM SIGCOMM workshop HotSDN’13, pp. 55-60 (2013)Google Scholar
  7. 7.
    SDNSecurity.org: An Overview of Misuse / Attack Cases, https://web.archive.org/web/20150423094535/http://sdnsecurity.org/project SDN-Security-Vulnerbility-attack-list.html (access 2015-12-14)Google Scholar
  8. 8.
    K. Benton, L. J. Camp, C. Small: OpenFlow vulnerability assessment, In: ACM SIGCOMM workshop HotSDN’13, pp.151-152 (2013)Google Scholar
  9. 9.
    S. Shin, G. Gu: Attacking Software-Defined Networks: A First Feasibility Study, In: ACM SIGCOMM workshop HotSDN’13, pp.165-166 (2013)Google Scholar
  10. 10.
    R. Klöti et al.: OpenFlow: A security analysis, In: 21st IEEE Int’l Conf. on Network Protocols (ICNP 2013), pp. 1-6 (2013)Google Scholar
  11. 11.
    S. Scott-Hayward et al.: A Survey of Security in Software Defined Networks, In: IEEE Comm. Surveys & Tutorials, Vol. 18, No. 1, pp. 623-654 (2016)Google Scholar
  12. 12.
    Pica8 switches, Pica8, Inc. http://www.pica8.com/products/pre-loaded-switches(access 2015-12-15)Google Scholar
  13. 13.
    PACKETH. http://packeth.sourceforge.net/packeth/Home.html(access 2015-12-15)Google Scholar
  14. 14.
    Ryu SDN Framework. http://osrg.github.io/ryu/ (access 2015-12-15)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Yoshiaki Hori
    • 1
    • 2
    Email author
  • Seiichiro Mizoguchi
    • 3
  • Ryosuke Miyazaki
    • 2
    • 4
  • Akira Yamada
    • 3
  • Yaokai Feng
    • 2
    • 4
  • Ayumu Kubota
    • 3
  • Kouichi Sakurai
    • 2
    • 4
  1. 1.Organization for General EducationSaga UniversitySagaJapan
  2. 2.Institute of Systems, Information Technologies and NanotechnologiesFukuokaJapan
  3. 3.KDDI R&D Laboratories, Inc.SaitamaJapan
  4. 4.Faculty of Information Science and Electrical EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations