Investigating current state Security of OpenFlow Networks

Focusing on the control-data plane communications

Master thesis (2017)

Authors

M.L. Pors Electrical Engineering, Mathematics and Computer Science

Contributors

F.A. Kuipers (mentor)
C. Dörr (graduation committee member)
Faculty
Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science
Copyright: © 2017 Marlou Pors
More Info
expand_more

Published Date

06-07-2017

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Software-Defined Networking (SDN) is the emerging paradigm that breaks vertical integration in networks, separating the network’s control logic from the underlying network devices such as routers and switches.
The decoupling of this data plane and control plane, there is need for a new communication channel which is used for the communication between the SDN controller and the network devices.
This channel is the so-called control channel and a popular protocol used over this channel is OpenFlow.
In this work we focus on the security of SDN while focusing on the control channel and the OpenFlow protocol. In example, we show several impersonation attacks and achieve denial-of-service by misusing the ARP protocol to generate a lot of OpenFlow traffic.
We also discuss how we can protect SDN against such attacks in order to improve SDN security.
This work has been performed at the IT security company Fox IT.