This document summarizes the key aspects of software defined networking (SDN) and discusses associated security issues. SDN separates the control plane and data plane to allow for centralized network control and programmability. While SDN enables more effective security through visibility and automation, it also introduces new vulnerabilities related to the centralized control plane, virtualized environment, and application access. The document outlines security challenges in SDN infrastructure and potential attack vectors, as well as recommendations for protecting the data, control, and application layers through measures like role-based access policies and in-line security functions.

1. A survey: Security issues of
Software defined networking
Gifty Susan Mani
Faculty Advisor: Dr. Ahmed Awad
Master of Science in Information, Network and
Computer Security
New York Institute of technology, Vancouver

2. What is SDN?
Why we need SDN?
Does it ensure security for the future?

3. Introduction
• Challenging task in the traditional networks: Maintaining the
changing environments according to the predefined policies.
• Configuration of each network device separately: Requirement of
high-level policies considering the fundamental nature of network.
• In traditional networks,
Control Plane: determines the traffic to be sent.
Data Plane: forwards the traffic at very high speed but lower
latency.

4. Router
A
Router
D
Router
C
1 2
Router
B
1
2
4
6
8
3
4
1
Traffic Flow: 1 -> Router A -> Router D -> 2
Conventional Routing

5. Ideal Re-Routing
Router
A
Router
D
Router
C
1 2
Router
B
1
2
4
6
8
3
4
1
Traffic Flow: 1 -> Router A -> Router C -> 2
Failure

6. What is SDN
• Active programming approach with a paradigm that separates the
control plane and data plane that allows easy optimization between
the control plane and network devices.
• State Variability and Reusability.
• Key attributes are:
- Programmability
- Openness
- Heterogeneity
- Maintainability

7. SDN Explained…
• Instead of putting the hardware together to form the network, it
focus on the services that run on the network.
• It adds a software layer in between the hardware dealing with the
data and controls it.
• Co-existence of Dissimilar networks on the same physical hardware.
• Encourage the network innovation and deploys agile network
capabilities.

8. Comparison with traditional network

9. SDN Components
• Control Plane: abstract view of the network.
• North-bound Application Protocols: Represents the software interface
between the controller and applications.
• East-West Protocols: Acts as control that manages the interaction between
the multi-controller environments.
• Data Plane and south-bound protocols: forwards the communication from
the controller to the network infrastructure.
• Open flow: Protocol to manage the southbound interface of the SDN
architecture.

10. SDN: Basic Architecture

11. Significance of SDN streamline
• Respond faster to the changing environments with low cost.
• 80/20 rule of applications:80% should be the programmable solution
assembled in the infrastructure using the 20% commands that
request the high level request.
• Service chaining sequence application specific procedures to a
client’s job.
• Dynamic load management and implement bandwidth calendaring.

12. SDN in Network Security
• SdN is considered to the disruptive technology in the network
security.
• SDN creates security opportunities and security challenges.
• 35% of the network organizations believe that SDN will enable to
implement more effective security.
• 12% of the organizations believe the concerns of the security
vulnerabilities is a significant inhibitor to SDN deployment.

13. Deepening crisis and threats

14. Deepening crisis and threats
• Mass customization: The use of unknown malware and
infections – increased malware campaigns.
• Increased data loss across the industries and data types.
• The server network is the most compromised asset by far over
the past 5 years.
• Only 15% security breaches have a reliable count, 85% of the
breaches are incomplete.

15. Opportunities of SDN
• Better utilization of the network access-55%.
• Perform end-to-end view of the network-54%
• Scale the network functionality and effective security functionality-
45%.
• The deployment cycle has drastically reduced.
• Defense in depth: Heterogeneity and decentralized nature of the
control plane.
• Separation of monitoring and security enforcement elements

16. SDN Principles of Security
• Availability and Performance.
• Integrity and Confidentiality.
• Authorization and authentication.
• Resiliency.
• Multi-domain Isolation.
• Repudiation.
• Transparency.
Security + SDN=Security Centric SDN

17. Security Challenges in SDN
• SDN changes the entire security model.
• SDN methodology rely on new overlay and encapsulation
techniques, many of current security tools are incompatible.
• Virtualization made the SDN both more and less secure.
More Secure: Abstraction Layers.
Less Secure : Lack of physical access.

18. Security Limitation in SDN
Infrastructure
• Data Layer: Insecure implementation of the management
application.
• Control Layer: Centralized orchestration represents single point of
failure - compromise the control of the network flow.
• Application Layer: Lack of mechanism in place to ensure the
authentication of the application access to the control plane.

19. Attack Vectors in SDN

20. Countermeasures
• Protect the data layer- segregation of protocol traffic from the data
flow through out-of-band network or security measures.
• Protect the control layer- Implementation of Role-based access
policies by verifying the legitimacy of the host migration.
• Protect the application layer- Leverage in-line mode security
function in the applications to strengthen the the end user security.

21. Conclusion
• Emerging approach to the network security and how it can smartly
replace the traditional networks.
• SDN is not a technology but a paradigm that uses the concept of
virtualization and programmable protocol.
• SDN security issues are more related to the control plane, inter-
component communication and controlling the scope applications
through access policies.

22. IoT to Internet of Everything

23. Questions?