Investigating current state Security of OpenFlow Networks
Focusing on the control-data plane communications
M.L. Pors (TU Delft - Electrical Engineering, Mathematics and Computer Science)
F.A. Kuipers – Mentor
Francisco Dominguez – Mentor
C. Dörr – Graduation committee member
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Software-Defined Networking (SDN) is the emerging paradigm that breaks vertical integration in networks, separating the network’s control logic from the underlying network devices such as routers and switches.
The decoupling of this data plane and control plane, there is need for a new communication channel which is used for the communication between the SDN controller and the network devices.
This channel is the so-called control channel and a popular protocol used over this channel is OpenFlow.
In this work we focus on the security of SDN while focusing on the control channel and the OpenFlow protocol. In example, we show several impersonation attacks and achieve denial-of-service by misusing the ARP protocol to generate a lot of OpenFlow traffic.
We also discuss how we can protect SDN against such attacks in order to improve SDN security.
This work has been performed at the IT security company Fox IT.