SlideShare a Scribd company logo

ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring with sFlow and FlowVisor

Asma Swapna
Asma Swapna

This was my research presentation on SDN in IEEE conference as a first author held in Coimbatore, India

Engineering
1 of 22
Download to read offline
Paper ID: COM205 Session I IEEE International Conference on Communication and Electronics Systems (ICCES 2016) October 21st-22nd 1ICCES, Coimbatore, India
Mawlana Bhashani Science and Technology University, Bangladesh BAC IT, Bangladesh University of Derby, England Security Analysis of Software Defined Wireless Network Monitoring with sFlow and FlowVisor Asma Islam Swapna, MD Rezaul Huda Reza, Mainul Kabir Aion October 21st-22nd 2ICCES, Coimbatore, India
Presentation Summary SDN ? SDWN ? Network Monitoring and Measurement sFlow DFD FlowVisor DFD STRIDE and DFD sFlow STRIDE Analysis FlowVisor STRIDE Analysis Evaluation Conclusion References October 21st-22nd 3ICCES, Coimbatore, India
Software Defined Networking (SDN) Current Network ICCES, Coimbatore, India October 21st-22nd 4 Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware Operating System Operating System Operating System Operating System Operating System App App App Million of lines of source code Billions of gates Limitations ? Source: Open Network Foundation Newsletter
Software Defined Networking (SDN) ICCES, Coimbatore, India October 21st-22nd 5Source: Open Network Foundation Newsletter Global Network View Protocols Protocols Control via forwarding interface Network Operating System Control Programs Solution ! Operating System for Networks SDN providing network administration Full hardware accessibility
Software Defined Networking (SDN) (Cont.) • Direct programmability in the network plane • Decouples the control plane from data forwarding plane • Agile • Open standards-based and vendor-neutral ICCES, Coimbatore, India October 21st-22nd 6 Enables- Scalability Information hiding Network policy Complete Resource Utilization Expands local to global Spans business network Source: Open Network Foundation Newsletter
Software Defined Wireless Networking 2G  3G  4G  5G  Billions of wirelessly connected mobile devices Need more wireless capacity ! Heterogeneous network (LTE, wifi, wimax) Solution SDN for wireless network! -Interface for controlling mobile nodes -Customizable Mobility Management ICCES, Coimbatore, India October 21st-22nd 7 Debut of pop in 2005, 2013
ICCES, Coimbatore, India October 21st-22nd 8 Software Defined Wireless Networking (Cont.) Underlying Network Security  Secured information flow and Control plane • Controller collects Mobile Nodes (MNs) information for packet transmission • Composed of North-South and East-West network dimension • Border Gateway Protocol (BGP) enables inter-controller communication for large wireless network • Leverages Wireless mesh networks
Network Monitoring & Measurement Measure and detect intrusion, network threats and monitors network services ICCES, Coimbatore, India October 21st-22nd 9 sFlow FlowVisor BigSwitch BigTap SevOne 4D PCE SANE-based SDN Architectures Monitoring & Measuring Tools Source: McAfee Labs, 2015 Network traffic visibility Inline and Out-of-bound Monitoring Leverage SDWN/SDN controller
Challenge Monitoring Large, scale-out, multi-domain, multi- controller based SDWN ICCES, Coimbatore, India October 21st-22nd 10 Network Database MemCache Web Server Load Balancer Application Server Solution ! sFlow - Opensource - Monitors Switches - Comprehensive multi-layer visibility FlowVisor- Non-vendordependednt - Proxy Controller between SDWN switch and Controller - Isolates SDWN devices into slices
ICCES, Coimbatore, India October 21st-22nd 11 sFlow DFD Embedded with switch and router in SDWN Agents (Linux, Windows, Solaris, AIX) -Remotely Configured -Management Information Base (MIB) -SNMP flow datagrams from switch to collector Collectors (sFlow-RT, sFlowTrend, sflowtool, third party etc.) -Memcached hit-miss, traffic bytes, durations, keys in Data Store -sFlow-RT controller collects traffic data from collectors, analyse each samples - understands tcpdump -CLI operation sFlow Data Flow Diagram
FlowVisor DFD ICCES, Coimbatore, India October 21st-22nd 12 • OpenFlow proxy controller between SDWN • Switches and Controllers • Divides resources into slices and flowspace for each slice • Slice Policy configures switches, routing, packet forwarding • Production controller manages slice policy rewrite FlowVisor Data Flow Diagram FlowVisor Controller and Slice Policy SDWN Switch SDWN Controller • CLI allows flowvisor configuration • Slice processes are owned by the admin and groups of the network operators • Isolated slice information: bandwidth, cpu, forwarding table, etc.
Threat Models Elicitations and analysis of security threats, mechanisms in deployed designs and network • DREAD – SQL Injections, Microsoft, OpenStack • Octave – Large system and Application • STRIDE – Network System and Application, Microsoft • Generic Risk Model – • Guerilla Threat Modeling – • Process for Attack Simulation and Threat Analysis (PASTA) – last stage risk management • Trike etc. ICCES, Coimbatore, India October 21st-22nd 13
DFD elements can be vulnerable to one or many STRIDE threats. ICCES, Coimbatore, India October 21st-22nd 14 STRIDE & Data Flow Diagram (DFD) FlowVisor Data Flow Diagram Spoofing Information DIsclosure Rrepudiation Temparing Denial of Service Elevation of Privilege STRIDE Name STRIDE vulnerability Definition Data Flow Yes Data sent among network elements Data Store Yes Stable Data Process Yes Programs or applications that configures the system Interactors Yes Endpoints out of system scope to control Trust Boundaries Yes Separation between trusted and untrusted elements of the system
sFlow Stride Analysis Threat Data Flow Data Store Solution Tampering Yes Yes ACL/RBAC/DAC for CLI, SNPMv3, TLS Information Disclosure Yes Yes TLS Denial of Services (DoS) Yes Yes AC in CLI for MIB security, TLS ICCES, Coimbatore, India October 21st-22nd 15 • Third party deployment environment for data flow security • Transport Layer security among agents to encrypt traffic information • Access control mechanism, SNMP3 can leverage securing MIB • Direct traffic information using SNMP • DoS vulnerabilities in data store can cause unauthorized access to SDWN devices • No Interactors for one way SNMP communication
FlowVisor Stride Analysis Threat Data Flow Solution Tampering Yes TLS Information Disclosure Yes TLS Denial of Services (DoS) Yes Access Control in CLI for policy rewrite, TLS ICCES, Coimbatore, India October 21st-22nd 16 • Transport Layer security among agents to defend policy rewrite • Access control mechanism can leverage policy rewrite • Attack on Production Control avails rewriting slice policy • Switch configuration in data is secured with authentic flow entries store • CLI secures slice policy with port number, host id and destination address
Evaluation Threat Data Flow Data Store Tampering FlowVisor, sFlow sFlow Information Disclosure FlowVisor, sFlow sFlow Denial of Service FlowVisor, sFlow sFlow October 21st-22nd 17ICCES, Coimbatore, India  sFlow providing no security in data flow and data store and vulnerable to spoofing, DoS and information disclosure threat  Flowspace CLI secures switch configuration data store  Inherits security threat vulnerabilities in isolated slices and prone to Spoofing, Tampering and Information disclosure, even delay and Denial of Service threats in data flow.Comparison among sFlow and Flowvisor
Conclusion • Studied STRIDE security model for SDWN • Analyzed packet flow in SDWN environment using sFlow • Analyzed packet flow in SDWN environment using FlowVisor • Performed comparative side-by-side analysis of SDWN security risks in using sFLow and FlowVisor • Research outcome finds FlowVisor providing security in data storage • sFlow is vulnerable to spoofing, switch information temparing and DoS risk October 21st-22nd 18ICCES, Coimbatore, India
Future Work ICCES, Coimbatore, India October 21st-22nd 19 Real time Prototyping of SDWN environment and monitoring performance SDWN appliance in largeer network, i. e. data center FlowVIsor Slicing and Isolation impact on real time SDWN prototyping
References [1] C. J. Bernardos, A. De La Oliva, P. Serrano, A. Banchs, L. M. Contreras, H. Jin, and C. Juan, “An architecture for software defined wireless networking,” IEEE Wireless Communications, vol. 21, no. 3, pp. 52–61, 2014. [2] M. R. Sama, L. M. Contreras, J. Kaippallimalil, I. Akiyoshi, H. Qian, and H. Ni, “Software-defined control of the virtualized mobile packet core,” IEEE Communications Magazine, vol. 53, no. 2, pp. 107–115, 2015. [3] Y. Wang, J. Bi, and K. Zhang, “Design and implementation of a software-defined mobility architecture for ip networks,” Mobile Networks and Applications, vol. 20, no. 1, pp. 40–52, 2015. [4] D. Klingel, R. Khondoker, R. Marx, and K. Bayarou, “Security analysis of software defined networking architectures: Pce, 4d and sane,” in Proceedings of the AINTEC 2014 on Asian Internet Engineering Conference. ACM, 2014, p. 15. [5] M. Tasch, R. Khondoker, R. Marx, and K. Bayarou, “Security analysis of security applications for software defined networks,” in Proceedings of the AINTEC 2014 on Asian Internet Engineering Conference. ACM, 2014, p. 23. [6] K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, “Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments,” Computer Networks, vol. 62, pp. 122–136, 2014. [7] A. Zaalouk, R. Khondoker, R. Marx, and K. Bayarou, “Orchsec: An orchestrator-based architecture for enhancing network- security using network monitoring and sdn control functions,” in 2014 IEEE Network Operations and Management Symposium (NOMS). IEEE, 2014, pp. 1–9. October 21st-22nd 20ICCES, Coimbatore, India
Question & Answer ! October 21st-22nd 21ICCES, Coimbatore, India
Thanks! Asma Islam Swapna Twitter: @AsmaSwapna Github: @AsmaSwapna Tech site: www.asmaswapna.github.io ResearchGate: Asma_Swapna2 LinkedIn: asma0swapna October 21st-22nd 22ICCES, Coimbatore, India

Recommended

ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...Asma Swapna
 
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...Asma Swapna
 
Software Defined Networking Architecture for Empowering Internet of Things & ...
Software Defined Networking Architecture for Empowering Internet of Things & ...Software Defined Networking Architecture for Empowering Internet of Things & ...
Software Defined Networking Architecture for Empowering Internet of Things & ...IRJET Journal
 
Quantum computing
Quantum computingQuantum computing
Quantum computingMiguel Antonio Rey
 
COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORK
COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORKCOMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORK
COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORKijesajournal
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET Journal
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
 

Recommended

ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...Asma Swapna
 
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...
Security Analysis of IEEE 802.21 Standard in Software Defined Wireless Networ...Asma Swapna
 
Software Defined Networking Architecture for Empowering Internet of Things & ...
Software Defined Networking Architecture for Empowering Internet of Things & ...Software Defined Networking Architecture for Empowering Internet of Things & ...
Software Defined Networking Architecture for Empowering Internet of Things & ...IRJET Journal
 
Quantum computing
Quantum computingQuantum computing
Quantum computingMiguel Antonio Rey
 
COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORK
COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORKCOMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORK
COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORKijesajournal
 
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET Journal
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detectingjpstudcorner
 
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...ijtsrd
 
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...IRJET Journal
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityIJERA Editor
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions inIJNSA Journal
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...LeMeniz Infotech
 
2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...EditorJST
 
Wrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowWrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowiaemedu
 
Privacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2PPrivacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2Pwww.pixelsolutionbd.com
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET Journal
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...Pvrtechnologies Nellore
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Real-Time Innovations (RTI)
 
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_NetworksPaper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_NetworksZainab Nayyar
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
 
Transmitting bulk amount of data in the form of qr code with cbfsc and chunki
Transmitting bulk amount of data in the form of qr code with cbfsc and chunkiTransmitting bulk amount of data in the form of qr code with cbfsc and chunki
Transmitting bulk amount of data in the form of qr code with cbfsc and chunkiIAEME Publication
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanetijcisjournal
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Pvrtechnologies Nellore
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 

More Related Content

What's hot

A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detectingjpstudcorner
 
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...ijtsrd
 
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...IRJET Journal
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityIJERA Editor
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions inIJNSA Journal
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...LeMeniz Infotech
 
2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...EditorJST
 
Wrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowWrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowiaemedu
 
Privacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2PPrivacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2Pwww.pixelsolutionbd.com
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET Journal
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...Pvrtechnologies Nellore
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET Journal
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Real-Time Innovations (RTI)
 
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_NetworksPaper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_NetworksZainab Nayyar
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
 
Transmitting bulk amount of data in the form of qr code with cbfsc and chunki
Transmitting bulk amount of data in the form of qr code with cbfsc and chunkiTransmitting bulk amount of data in the form of qr code with cbfsc and chunki
Transmitting bulk amount of data in the form of qr code with cbfsc and chunkiIAEME Publication
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanetijcisjournal
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Pvrtechnologies Nellore
 

What's hot (20)

A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
Analyzing and Securing Data Transmission in Wireless Sensor Networks through ...
 
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions in
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...
 
2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...
 
Wrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowWrapped rsa cryptography check on window
Wrapped rsa cryptography check on window
 
Privacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2PPrivacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2P
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...A lightweight secure scheme for detecting provenance forgery and packet drop ...
A lightweight secure scheme for detecting provenance forgery and packet drop ...
 
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and SteganographyIRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
IRJET- A Survey: Data Security in Cloud using Cryptography and Steganography
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
 
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_NetworksPaper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
Paper_38-Secure_Clustering_in_Vehicular_Ad_Hoc_Networks
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
 
Transmitting bulk amount of data in the form of qr code with cbfsc and chunki
Transmitting bulk amount of data in the form of qr code with cbfsc and chunkiTransmitting bulk amount of data in the form of qr code with cbfsc and chunki
Transmitting bulk amount of data in the form of qr code with cbfsc and chunki
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...Lightweight secure scheme for detecting provenance forgery and packet drop at...
Lightweight secure scheme for detecting provenance forgery and packet drop at...
 

Similar to ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring with sFlow and FlowVisor

International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
An Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelAn Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelIRJET Journal
 
Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...IJECEIAES
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingAnita D'Amico
 
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET Journal
 
IRJET - Detecting and Securing of IP Spoofing Attack by using SDN
IRJET - Detecting and Securing of IP Spoofing Attack by using SDNIRJET - Detecting and Securing of IP Spoofing Attack by using SDN
IRJET - Detecting and Securing of IP Spoofing Attack by using SDNIRJET Journal
 
IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...
IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...
IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...IRJET Journal
 
Top Cited Paper - The International Journal of Network Security & Its Applica...
Top Cited Paper - The International Journal of Network Security & Its Applica...Top Cited Paper - The International Journal of Network Security & Its Applica...
Top Cited Paper - The International Journal of Network Security & Its Applica...IJNSA Journal
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSIRJET Journal
 
Vishal_Nigam_EXP_CV_New
Vishal_Nigam_EXP_CV_NewVishal_Nigam_EXP_CV_New
Vishal_Nigam_EXP_CV_NewVishal Nigam
 
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET Journal
 
Iaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd Iaetsd
 
Mobile computing-ieee-2014-projects
Mobile computing-ieee-2014-projectsMobile computing-ieee-2014-projects
Mobile computing-ieee-2014-projectsVijay Karan
 
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...Editor IJCATR
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET Journal
 

Similar to ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring with sFlow and FlowVisor (20)

International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
An Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelAn Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride Model
 
Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
IRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using CryptographyIRJET - Multimedia Security on Cloud Computing using Cryptography
IRJET - Multimedia Security on Cloud Computing using Cryptography
 
IRJET - Detecting and Securing of IP Spoofing Attack by using SDN
IRJET - Detecting and Securing of IP Spoofing Attack by using SDNIRJET - Detecting and Securing of IP Spoofing Attack by using SDN
IRJET - Detecting and Securing of IP Spoofing Attack by using SDN
 
IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...
IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...
IRJET- Revisiting Security Aspects of Internet of Things for Self-Managed...
 
Top Cited Paper - The International Journal of Network Security & Its Applica...
Top Cited Paper - The International Journal of Network Security & Its Applica...Top Cited Paper - The International Journal of Network Security & Its Applica...
Top Cited Paper - The International Journal of Network Security & Its Applica...
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
 
International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaS
 
Vishal_Nigam_EXP_CV_New
Vishal_Nigam_EXP_CV_NewVishal_Nigam_EXP_CV_New
Vishal_Nigam_EXP_CV_New
 
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
 
Paper1
Paper1Paper1
Paper1
 
Iaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systems
 
Mobile computing-ieee-2014-projects
Mobile computing-ieee-2014-projectsMobile computing-ieee-2014-projects
Mobile computing-ieee-2014-projects
 
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...
 
resume IT security
resume IT securityresume IT security
resume IT security
 

Recently uploaded

APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...Call girls in Ahmedabad High profile
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 

Recently uploaded (20)

APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 

ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring with sFlow and FlowVisor

  • 1. Paper ID: COM205 Session I IEEE International Conference on Communication and Electronics Systems (ICCES 2016) October 21st-22nd 1ICCES, Coimbatore, India
  • 2. Mawlana Bhashani Science and Technology University, Bangladesh BAC IT, Bangladesh University of Derby, England Security Analysis of Software Defined Wireless Network Monitoring with sFlow and FlowVisor Asma Islam Swapna, MD Rezaul Huda Reza, Mainul Kabir Aion October 21st-22nd 2ICCES, Coimbatore, India
  • 3. Presentation Summary SDN ? SDWN ? Network Monitoring and Measurement sFlow DFD FlowVisor DFD STRIDE and DFD sFlow STRIDE Analysis FlowVisor STRIDE Analysis Evaluation Conclusion References October 21st-22nd 3ICCES, Coimbatore, India
  • 4. Software Defined Networking (SDN) Current Network ICCES, Coimbatore, India October 21st-22nd 4 Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware App App App Specialized Packet Forwarding Hardware Operating System Operating System Operating System Operating System Operating System App App App Million of lines of source code Billions of gates Limitations ? Source: Open Network Foundation Newsletter
  • 5. Software Defined Networking (SDN) ICCES, Coimbatore, India October 21st-22nd 5Source: Open Network Foundation Newsletter Global Network View Protocols Protocols Control via forwarding interface Network Operating System Control Programs Solution ! Operating System for Networks SDN providing network administration Full hardware accessibility
  • 6. Software Defined Networking (SDN) (Cont.) • Direct programmability in the network plane • Decouples the control plane from data forwarding plane • Agile • Open standards-based and vendor-neutral ICCES, Coimbatore, India October 21st-22nd 6 Enables- Scalability Information hiding Network policy Complete Resource Utilization Expands local to global Spans business network Source: Open Network Foundation Newsletter
  • 7. Software Defined Wireless Networking 2G  3G  4G  5G  Billions of wirelessly connected mobile devices Need more wireless capacity ! Heterogeneous network (LTE, wifi, wimax) Solution SDN for wireless network! -Interface for controlling mobile nodes -Customizable Mobility Management ICCES, Coimbatore, India October 21st-22nd 7 Debut of pop in 2005, 2013
  • 8. ICCES, Coimbatore, India October 21st-22nd 8 Software Defined Wireless Networking (Cont.) Underlying Network Security  Secured information flow and Control plane • Controller collects Mobile Nodes (MNs) information for packet transmission • Composed of North-South and East-West network dimension • Border Gateway Protocol (BGP) enables inter-controller communication for large wireless network • Leverages Wireless mesh networks
  • 9. Network Monitoring & Measurement Measure and detect intrusion, network threats and monitors network services ICCES, Coimbatore, India October 21st-22nd 9 sFlow FlowVisor BigSwitch BigTap SevOne 4D PCE SANE-based SDN Architectures Monitoring & Measuring Tools Source: McAfee Labs, 2015 Network traffic visibility Inline and Out-of-bound Monitoring Leverage SDWN/SDN controller
  • 10. Challenge Monitoring Large, scale-out, multi-domain, multi- controller based SDWN ICCES, Coimbatore, India October 21st-22nd 10 Network Database MemCache Web Server Load Balancer Application Server Solution ! sFlow - Opensource - Monitors Switches - Comprehensive multi-layer visibility FlowVisor- Non-vendordependednt - Proxy Controller between SDWN switch and Controller - Isolates SDWN devices into slices
  • 11. ICCES, Coimbatore, India October 21st-22nd 11 sFlow DFD Embedded with switch and router in SDWN Agents (Linux, Windows, Solaris, AIX) -Remotely Configured -Management Information Base (MIB) -SNMP flow datagrams from switch to collector Collectors (sFlow-RT, sFlowTrend, sflowtool, third party etc.) -Memcached hit-miss, traffic bytes, durations, keys in Data Store -sFlow-RT controller collects traffic data from collectors, analyse each samples - understands tcpdump -CLI operation sFlow Data Flow Diagram
  • 12. FlowVisor DFD ICCES, Coimbatore, India October 21st-22nd 12 • OpenFlow proxy controller between SDWN • Switches and Controllers • Divides resources into slices and flowspace for each slice • Slice Policy configures switches, routing, packet forwarding • Production controller manages slice policy rewrite FlowVisor Data Flow Diagram FlowVisor Controller and Slice Policy SDWN Switch SDWN Controller • CLI allows flowvisor configuration • Slice processes are owned by the admin and groups of the network operators • Isolated slice information: bandwidth, cpu, forwarding table, etc.
  • 13. Threat Models Elicitations and analysis of security threats, mechanisms in deployed designs and network • DREAD – SQL Injections, Microsoft, OpenStack • Octave – Large system and Application • STRIDE – Network System and Application, Microsoft • Generic Risk Model – • Guerilla Threat Modeling – • Process for Attack Simulation and Threat Analysis (PASTA) – last stage risk management • Trike etc. ICCES, Coimbatore, India October 21st-22nd 13
  • 14. DFD elements can be vulnerable to one or many STRIDE threats. ICCES, Coimbatore, India October 21st-22nd 14 STRIDE & Data Flow Diagram (DFD) FlowVisor Data Flow Diagram Spoofing Information DIsclosure Rrepudiation Temparing Denial of Service Elevation of Privilege STRIDE Name STRIDE vulnerability Definition Data Flow Yes Data sent among network elements Data Store Yes Stable Data Process Yes Programs or applications that configures the system Interactors Yes Endpoints out of system scope to control Trust Boundaries Yes Separation between trusted and untrusted elements of the system
  • 15. sFlow Stride Analysis Threat Data Flow Data Store Solution Tampering Yes Yes ACL/RBAC/DAC for CLI, SNPMv3, TLS Information Disclosure Yes Yes TLS Denial of Services (DoS) Yes Yes AC in CLI for MIB security, TLS ICCES, Coimbatore, India October 21st-22nd 15 • Third party deployment environment for data flow security • Transport Layer security among agents to encrypt traffic information • Access control mechanism, SNMP3 can leverage securing MIB • Direct traffic information using SNMP • DoS vulnerabilities in data store can cause unauthorized access to SDWN devices • No Interactors for one way SNMP communication
  • 16. FlowVisor Stride Analysis Threat Data Flow Solution Tampering Yes TLS Information Disclosure Yes TLS Denial of Services (DoS) Yes Access Control in CLI for policy rewrite, TLS ICCES, Coimbatore, India October 21st-22nd 16 • Transport Layer security among agents to defend policy rewrite • Access control mechanism can leverage policy rewrite • Attack on Production Control avails rewriting slice policy • Switch configuration in data is secured with authentic flow entries store • CLI secures slice policy with port number, host id and destination address
  • 17. Evaluation Threat Data Flow Data Store Tampering FlowVisor, sFlow sFlow Information Disclosure FlowVisor, sFlow sFlow Denial of Service FlowVisor, sFlow sFlow October 21st-22nd 17ICCES, Coimbatore, India  sFlow providing no security in data flow and data store and vulnerable to spoofing, DoS and information disclosure threat  Flowspace CLI secures switch configuration data store  Inherits security threat vulnerabilities in isolated slices and prone to Spoofing, Tampering and Information disclosure, even delay and Denial of Service threats in data flow.Comparison among sFlow and Flowvisor
  • 18. Conclusion • Studied STRIDE security model for SDWN • Analyzed packet flow in SDWN environment using sFlow • Analyzed packet flow in SDWN environment using FlowVisor • Performed comparative side-by-side analysis of SDWN security risks in using sFLow and FlowVisor • Research outcome finds FlowVisor providing security in data storage • sFlow is vulnerable to spoofing, switch information temparing and DoS risk October 21st-22nd 18ICCES, Coimbatore, India
  • 19. Future Work ICCES, Coimbatore, India October 21st-22nd 19 Real time Prototyping of SDWN environment and monitoring performance SDWN appliance in largeer network, i. e. data center FlowVIsor Slicing and Isolation impact on real time SDWN prototyping
  • 20. References [1] C. J. Bernardos, A. De La Oliva, P. Serrano, A. Banchs, L. M. Contreras, H. Jin, and C. Juan, “An architecture for software defined wireless networking,” IEEE Wireless Communications, vol. 21, no. 3, pp. 52–61, 2014. [2] M. R. Sama, L. M. Contreras, J. Kaippallimalil, I. Akiyoshi, H. Qian, and H. Ni, “Software-defined control of the virtualized mobile packet core,” IEEE Communications Magazine, vol. 53, no. 2, pp. 107–115, 2015. [3] Y. Wang, J. Bi, and K. Zhang, “Design and implementation of a software-defined mobility architecture for ip networks,” Mobile Networks and Applications, vol. 20, no. 1, pp. 40–52, 2015. [4] D. Klingel, R. Khondoker, R. Marx, and K. Bayarou, “Security analysis of software defined networking architectures: Pce, 4d and sane,” in Proceedings of the AINTEC 2014 on Asian Internet Engineering Conference. ACM, 2014, p. 15. [5] M. Tasch, R. Khondoker, R. Marx, and K. Bayarou, “Security analysis of security applications for software defined networks,” in Proceedings of the AINTEC 2014 on Asian Internet Engineering Conference. ACM, 2014, p. 23. [6] K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, “Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments,” Computer Networks, vol. 62, pp. 122–136, 2014. [7] A. Zaalouk, R. Khondoker, R. Marx, and K. Bayarou, “Orchsec: An orchestrator-based architecture for enhancing network- security using network monitoring and sdn control functions,” in 2014 IEEE Network Operations and Management Symposium (NOMS). IEEE, 2014, pp. 1–9. October 21st-22nd 20ICCES, Coimbatore, India
  • 21. Question & Answer ! October 21st-22nd 21ICCES, Coimbatore, India
  • 22. Thanks! Asma Islam Swapna Twitter: @AsmaSwapna Github: @AsmaSwapna Tech site: www.asmaswapna.github.io ResearchGate: Asma_Swapna2 LinkedIn: asma0swapna October 21st-22nd 22ICCES, Coimbatore, India