A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN

الملخص EN

Software-defined networking (SDN) is a representative next generation network architecture, which allows network administrators to programmatically initialize, control, change, and manage network behavior dynamically via open interfaces.

SDN is widely adopted in systems like 5G mobile networks and cyber-physical systems (CPS).

However, SDN brings new security problems, e.g., controller hijacking, black-hole, and unauthorized data modification.

Traditional firewall or IDS based solutions cannot fix these challenges.

It is also undesirable to develop security mechanisms in such an ad hoc manner, which may cause security conflict during the deployment procedure.

In this paper, we propose OSCO (Open Security-enhanced Compatible OpenFlow) platform, a unified, lightweight platform to enhance the security property and facilitate the security configuration and evaluation.

The proposed platform supports highly configurable cryptographic algorithm modules, security protocols, flexible hardware extensions, and virtualized SDN networks.

We prototyped our platform based on the Raspberry Pi Single Board Computer (SBC) hardware and presented a case study for switch port security enhancement.

We systematically evaluated critical security modules, which include 4 hash functions, 8 stream/block ciphers, 4 public-key cryptosystems, and key exchange protocols.

The experiment results show that our platform performs those security modules and SDN network functions with relatively low computational (extra 2.5% system overhead when performing AES-256 and SHA-256 functions) and networking performance overheads (73.7 Mb/s TCP and 81.2Mb/s UDP transmission speeds in 100Mb/s network settings).