Software Defined Networking (SDN) is the best
choice in establishing a software controlled inter-domain network. Convergence of different Wireless link technologies bring the mobile users to choose the network being in any geographical location. IEEE 802.21 is such a standard for exchanging networking information for connecting with the network being at any region in the world. Integrated with SDN wireless network this functionality of IEEE 802.21 standard can discover programmable network services with profound resource utilization. However, the information exchange should circulate through a reliable source. Hence, the security analysis of IEEE 802.21 Media Independent Handover (MIH) mechanism for Software Defined Wireless Network (SDWN) is the primary concern of this research work. This study, conducts architectural and functional analysis of MIH integrated with SDWN interface for mobility management of the wireless nodes. The outcome specifies a possible integration with future deployment opportunities in information exchange of IEEE 802.21 MIH for programmable network devices.
Call Now โฝ 9953056974 โผ๐ Call Girls In New Ashok Nagar โผ๐ Delhi door step de...
ย
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networking
1. Security Analysis of IEEE 802.21 Standard in
Software Defined Wireless Networking
THE 20TH INTERNATIONAL CONFERENCE ON COMPUTER
AND INFORMATION TECHNOLOGY (ICCIT 2017)
1ICCIT, Dhaka, Bangladesh December 22nd-24th
Asma Islam Swapna, Nazrul Islam
2. Presentation Summary
Objective of Work
SDN & MIH
SDN Security Aspect
Deployed Architecture
Evaluation
Conclusion & Future Work
References
2December 20nd-24thICCIT, Dhaka, Bangladesh
3. โข To identify integration synergies between 802.21 and SDN in wireless
scenarios
โข Focus: Handover optimization and multi-technology interfacing in
heterogeneous network
โข Study Base: STRIDE Threat Model
ICCIT, Dhaka, Bangladesh December 22nd-24th 3
Objective of Work
4. Presentation Summary
Objective of Work
SDN & MIH
SDN Security Aspect
Deployed Architecture
Evaluation
Conclusion & Future Work
References
4December 22nd-24thICCIT, Dhaka, Bangladesh
5. Software Defined Networking (SDN)
Current Network
5
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App Specialized Packet
Forwarding Hardware
Operating
System
Operating
System
Operating
System
Operating
System
Operating
System
App App App
Million of lines of source code
Billions of gates
Limitations ?
Source: Open Network Foundation NewsletterICCIT, Dhaka, Bangladesh December 22nd-24th
6. Software Defined Networking (SDN)
Source: Open Network Foundation Newsletter
Global Network View
Protocols Protocols
Control via
forwarding
interface
Network Operating System
Control Programs
Solution !
Operating System for Networks
SDN providing network
administration
Full hardware accessibility
ICCIT, Dhaka, Bangladesh December 22nd-24th 6
7. Software Defined Wireless Networking
2G ๏ 3G ๏ 4G ๏ 5G ๏ Billions of device connected wirelessly
Heterogeneous Network
7
Debut of pop in 2005, 2013
ICCIT, Dhaka, Bangladesh December 22nd-24th
8. Emerging SDWN Protocols
Bigger the network, greater the challenge in
security management
8
MIH
BGP
OF-Config
NETCONF
NFV
4D
PCE
SANE-based
SDN
ArchitecturesSDN/SDWN
Protocols
Source: McAfee Labs, 2015
Efficient Routing
Configure Network Devices
Leverage SDWN/SDN
controller
ICCIT, Dhaka, Bangladesh December 22nd-24th
9. Using IEEE 802.21 (MIH) assists
SDN operations
โข Datapath
โข Maintains the flow table
โข Processes incoming packets
โข Link
โข Interact with the network interfaces of the OpenFlow Switch
โข Leveraged by Link Media Dependent Interface (LMDI) that translates MIM
OpenFlow messages into media specific commands
โข OpenFlow Channel
โข Establishes a connection with the OpenFlow Controller via
OpenFlow protocol
โข Able to manage and to transmit events from the OpenFlow switch
to the OpenFlow Controller
ICCIT, Dhaka, Bangladesh December 22nd-24th 9
11. Presentation Summary
Objective of Work
SDN & MIH
SDN Security Aspect
Deployed Architecture
Evaluation
Conclusion & Future Work
References
11ICCIT, Dhaka, Bangladesh December 22nd-24th
12. SDWN Security Aspects
ICCIT, Dhaka, Bangladesh 12December 22nd-24th
Security Challenges :
๏ง Attack on the centralized controller
๏ง Trust problem between controller and software applications
๏ง Attack on the communication channel between controller and devices
๏ง Conflicting flow rules
๏ง Forwarding loops
13. Security Challenge
Configure and managing large, scale-out, multi-domain, multi-
controller based SDWN from security attacks
13ICCIT, Dhaka, Bangladesh December 22nd-24th
14. Threat Models
Elicitations and analysis of security threats, mechanisms in
deployed designs and network
โข DREAD โ SQL Injections, Microsoft, OpenStack
โข Octave โ Large system and Application
โข STRIDE โ Network System and Application, Microsoft
โข Generic Risk Model โ
โข Guerilla Threat Modeling โ
โข Process for Attack Simulation and Threat Analysis (PASTA) โ last stage risk management
โข Trike etc.
14ICCIT, Dhaka, Bangladesh December 22nd-24th
15. DFD elements can be vulnerable to one or
many STRIDE threats.
15
STRIDE & Data Flow Diagram (DFD)
FlowVisor Data Flow Diagram
Spoofing
Information
DIsclosure
Rrepudiation
Temparing
Denial of
Service
Elevation of
Privilege
STRIDE
Name STRIDE
vulnerability
Definition
Data Flow Yes Data sent among
network elements
Data Store Yes Stable Data
Process Yes
Programs or
applications that
configures the system
Interactors Yes
Endpoints out of
system scope to
control
Trust
Boundaries
Yes
Separation between
trusted and untrusted
elements of the
system
ICCIT, Dhaka, Bangladesh December 22nd-24th
16. Presentation Summary
Objective of Work
SDN & MIH
SDN Security Aspect
Deployed Architecture
Evaluation
Conclusion & Future Work
References
16ICCIT, Dhaka, Bangladesh December 22nd-24th
17. ICCIT, Dhaka, Bangladesh December 22nd-24th 17
Deployed Architecture
MIH handover framework provides
a set of optimization facilities and
functionalities
Network information flows
and controls are deployed
in all the linked network
resources
18. ICCIT, Dhaka, Bangladesh December 22nd-24th 18
Deployed Architecture
โข OpenFlow Controller / PoS
โ Perform routing related tasks, via
SDN
โ Handle and control mobility
procedures, via IEEE 802.21
โข OpenFlow device
โ Forwarding related tasks
โ Provides interfaces to control
and manage link layers,
regarding handover
management
โข Mobile Node
โ Provide interfaces to control and
manage link layers, via IEEE
802.21
19. Presentation Summary
Objective of Work
SDN & MIH
SDN Security Aspect
Deployed Architecture
Evaluation
Conclusion & Future Work
References
19ICCIT, Dhaka, Bangladesh December 22nd-24th
22. Presentation Summary
Objective of Work
SDN & MIH
SDN Security Aspect
Deployed Architecture
Evaluation
Conclusion & Future Work
References
22ICCIT, Dhaka, Bangladesh December 22nd-24th
23. Conclusion
โข When analyzed under light of 802.21 objectives
โข SDN has some security vulnerabilities that could be
mitigated/protected
โข 802.21 can optimize SDN flow handover in wireless environments
โข 802.21 supported mobility allows for seamless handover in SDN flow
environments with preserved session privacy
โข 802.21 packet flow has a lower overhead and higher forgery attack
resistance than OpenFlow
โข Transporting MIH in UDP (with Ack service) has a message exchange
delay comparable with OpenFlow (TCP)
โข Possibilities to adopt in IP based linked technologies
23ICCIT, Dhaka, Bangladesh December 22nd-24th
24. Future Work
24
SDWN appliance in largeer network, i. e. data center
Vulnerabilithy assessment in SDWN orchestration
Analyzing and controlling routing preferences for SDWN
ICCIT, Dhaka, Bangladesh
Network Management and Configuration research in SDWN
data center etc.
December 22nd-24th
25. References
L. M. C. Carlos J Bernardos, Antonio De La Oliva and H. Jin, โAn architecture for software defined
wireless networking,โ IEEE Wireless Communications, vol. 21, no. 3, pp. 52โ61, 2014.
M. R. Sama, L. M. Contreras, J. Kaippallimalil, I. Akiyoshi, H. Qian, and H. Ni, โSoftware-defined
control of the virtualized mobile packet core,โ IEEE Communications Magazine, vol. 53, no. 2, pp.
107โ115, 2015.
J. B. You Wang and K. Zhang, โDesign and implementation of a software-defined mobility architecture
for ip networks,โ Mobile Networks and Applications, vol. 20, no. 1, pp. 40โ52, 2015.
I. Saadat, F. Buiati, D. R. Caหnas, and L. J. G. Villalba, โOverview of ieee 802.21 security issues for
mih networks,โ in ICIT 2011: Proceedings of the 5th International Conference on Information
Technology, 2011.
E. Piri and K. Pentikousis, โIeee 802.21: media independent handover services,โ The Internet Protocol
Journal, vol. 12, no. 2, pp. 7โ27, 2009
25ICCIT, Dhaka, Bangladesh December 22nd-24th