“Towards Secure Software-Defined Networks”
Master’s thesis, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Oct. 2015
Abstract: Computer networks are complex, difficult to configure and manage. The number of devices and their diversity hampers the process of configuration and management. Besides these aspects, there are also other requirements to be fulfilled, e.g. introduction of security policies or intrusion detection. Issues related with security are particularly important. But makes network management harder. Software-Defined Networking (SDN) was to take the complexity and cost of managing network infrastructures. SDN offers flexibility, interoperability between devices and introduces programmability in the network. Besides addressing the limitations of existing network infrastructures, it allows their development and innovation. Security is still one of the major challenges of SDN. Given that security issues are a priority concern for the adoption of SDN, it is necessary to ensure the essential security mechanisms for the proper functioning of the infrastructure. In this sense, control plane communications represent the most crucial link between network devices and, at the same time, one of the weakest links from a security and dependability viewpoint. By compromising or controlling the control plane communications an attacker can easily take over the entire network. With this issue in mind, this work has as main goal the development of a new approach to improve and simplify traditional secure control plane communications using novel security techniques, with improved performance, and robustness. For the development of this approach, we make an in-depth study of existing security techniques. In particular, we analyze the impact of several cryptographic primitives and the overhead of secure control plane communications. Based on this assessment, we propose a new security architecture for SDN that offers the same level of security of traditional techniques with improved performance (2x better than OpenSSL) and robustness (8.5x less lines of code compared to TLS and PKI).
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)