Improving Software Defined Network Security via sFLow and IPSec Protocol

Year 2018, Volume: 19 Issue: 3, 555 - 564, 01.09.2018

Babatunde Hafis Lawal Nuray At

Abstract

Software Defined Network (SDN) has found its footprints in modern networking practices. Thanks to its abstraction of the control plane from the infrastructural plane and its ability to enhance programmability in networking. Despite its aptness, security is still a major concern for this technology. This study proposes a secure method for the SDN network based on the sFlow and the IPSec protocol. The proposed method ensures a real-time detection and mitigation of attacks such as Distributed Denial of Service (DDoS) attacks, Man in the Middle attacks (MITM), replay attacks, etc. on the SDN network. To prove the effectiveness of the proposed method, the SDN network was emulated on MININET and analyzed. It was shown that attacks were detected and curbed early on the network before any damage could be done to the network.

Keywords

Software Defined Network (SDN), Mininet, sFlow, IPSec

References

• [1] Martin Vizv´ary, "Mitigation of DDoS Attacks in Software Defined Networks," Ph.D. thesis proposal, 2015.
• [2] N. McKeown et al., “OpenFlow: Enabling innovation in campus networks,” ACM SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69–74, Apr. 2008.
• [3] Ijaz Ahmad, Suneth Namal, Mika Ylianttila, Senior Member, IEEE, and Andrei Gurtov, Senior Member, IEEE,"Security in Software Defined Networks: A Survey."IEEE Communication Surveys & Tutorials, vol. 17, no. 4, fourth quarter 2015.
• [4] S. J. Vaughan-Nichols, “OpenFlow: The next generation of the network?” Computer, vol. 44, no. 8, pp. 13–15, Aug. 2011.
• [5] Karamjeet Kaur, Krishan Kumar, Japinder Singh, Navtej Singh Ghumman, “Programmable Firewall Using Software Defined Networking.” 2015 2nd International Conference on Computing for Sustainabile Global Development (INDIACom).
• [6] Rajat Kandoi, Markku Antikainen, “Denial-of-Service Attacks in OpenFlow SDN Networks.” 2015.
• [7] H. Wang, D. Zhang and K.G. Shin, “Detecting SYN Flooding Attacks,” Proceeding of Twenty-First Annual Joint Conference of the IEEE omputer and Communications Societies, pp. 1530-1539, 2002.
• [8] Bing Wang, Yao Zheng, Wenjing Lou, Y. Thomas Hou, “DDoS Attack Protection in The Era of Cloud Computing and Software Defined Networking.” International Conference on Network Protocols (ICNP), IEEE, Raleigh, NC, 2015.
• [9] Ogundile O.O, Lawal B.H, and Osanaiye O.A, “A Secured Voice over Internet Protocol (VoIP) Setup Using MiniSipServer.” International Journal of Scientific & Engineering Research, Volume 3, Issue 11, November-2012 ISSN 2229-5518.
• [10] R. Marin-Lopez, G. Lopez-Millan, “Software-Defined Networking (SDN)-based IPsec Flow Protection.”
• [11] Frankel, S. and S. Krishnan, "IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap", RFC 6071, DOI 10.17487/RFC6071, February 2011.
• [12] RFC 2402
• [13] RFC 2406
• [14] Shie-Yuan Wang, “Comparison of SDN OpenFlow Network Simulator and Emulators: EstiNet vs. Mininet.”
• [15] Faris Keti, Shavan Askar, “Emulation of Software Defined Networks Using Mininet in Different Simulation Environments”. In proceedings of the 6th International Conference on Intelligent Systems, Modelling and Simulation, 2015.
• [16] B. Lantz, B. Heller, and N. McKeown, “A network in a laptop: rapidprototyping for software-defined networks,” in Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. ACM, 2010.
• [17] http://www.projectfloodlight.org/floodlight/, accessed date: 03/17/2018.