Security of Software Defined Networking (SDN) Overview Definition Software Defined Networking (SDN) SDN security & Security Challenges SDN Attack Surface & Attacks Examples SDN Threat Model Open Research issues SDN Future Research Directions Simulator for Software Defined Networking Security of Cognitive Radio Network (CRN) Overview Definition Cognitive Network Security of Cognitive Radios & Threats Security issues in cognitive radio Attacks and the proposed defense mechanisms Open Research issues in Cognitive Radio Evaluation Methodologies for Cognitive Networking Future Research Directions Simulator for Cognitive Radio

1. Security of
Software Defined Networking (SDN)
Cognitive Radio Network (CRN)
Prepared by:
Ameer Sameer Hamood
University of Babylon - Iraq
Information Technology - Information Networks

2. Security of Software Defined Networking (SDN)
Overview
Definition Software Defined Networking (SDN)
SDN security & Security Challenges
SDN Attack Surface & Attacks Examples
SDN Threat Model
Open Research issues SDN
Future Research Directions
Simulator for Software Defined Networking

3. Overview
Definition Cognitive Network
Security of Cognitive Radios & Threats
Security issues in cognitive radio
Attacks and the proposed defense mechanisms
Open Research issues in Cognitive Radio
Evaluation Methodologies for Cognitive Networking
Future Research Directions
Simulator for Cognitive Radio
Security of Cognitive Radio Network (CRN)

4. What is Software Defined Networking (SDN) ?
•All of these are mechanisms.
• SDN is not a mechanism.
•It is a framework to solve a set of problems Many
solutions
•Software-Defined Networking (SDN) has been envisioned
as a way to reduce the complexity of network
configuration and management, enabling innovation in
production networks.
Figure 1

5. SDN is a framework to allow network administrators to
automatically and dynamically manage and control a large
number of network devices, services,
topology,traffic paths, and packet handling(quality of
service)policies using high-level languages and APIs. See
fig 2:
Software Defined Networking Definition
Figure 2

6. Although much has been said about the benefits of SDN to
solve persistent network security problems, our
current knowledge on SDN threats and attacks is
limited. The new systems required to carry out SDN
functions may themselves come under malicious
attacks.While some attacks will be common to existing
networks, others will be more specific to SDN.
Adversaries will inevitably exploit SDN systems if
a successful network compromise could be achieved
through such exploitations.
A vulnerable SDN network could therefore undermine
security and availability of the entire network. See
fig 3:
Software Defined Networking Security

7. Figure 3
Software Defined Networking Security (con..)

8. New features and new network deployments can introduce
faults and risks that open the door for threats that
did not previously exist or are more serious than before.
For example
one provider’s SDN controller can directly access and
manipulate another provider’s SDN switches. This
configuration is not recommended for
deployment in practice. In addition to the
traditional attack vectors on traffic flows, switches,
administrative stations, and recovery and fault
diagnosis, the controllers and the communications
related to the Controller plane result in new
security issues that are specific to SDN.
SDN-Specific Security Challenges

9. 1- Centralized Control
2- Programmability
A - Traffic and resource isolation
B - Trust between third party applications and the
controller
C - Interface Security protection on A-CPI and I-
CPI
3- Challenge of Integrating Legacy Protocols
4- Cross Domain Connection
5- etc…
SDN-Specific Security Challenges(cont..)

10. 1- Centralized Control
Centralized control or logically centralized control
(i.e. distributed but coordinated control function)
exposes a high-value asset to
attackers.
Attackers may attempt to manipulate the common network
services or even control the entire network by tricking
or compromising a controller . This is distinct from
a larger number of autonomous assets in a
completely distributed control domain.
SDN-Specific Security Challenges(cont..)

11. 2- Programmability
New types of threats arise due to the explicit
programmatic access SDN offers to clients that are
typically separate organizational or business
entities. This new business model presents requirements
that do not exist within closed administrative
domains in terms of protecting system integrity,
third-party data and open interfaces.
SDN-Specific Security Challenges(cont..)

12. 2- Programmability
A-Traffic and resource isolation
Operators must ensure that business management and real-
time control information of one entity is fully
isolated from that of all others Best practices
from existing automated interfaces between
customer and provider business support systems may be of
use here. This element extends to the existing
security issue of multi-tenant traffic and
resource isolation to avoid interference and misuse. Due
to the new business model for SDN described above,
there may be additional dynamic interactions introducing
further requirements for isolation in order to meet
different SLAs, private addressing issues, etc.
SDN-Specific Security Challenges(cont..)

13. 2- Programmability
B- Trust between third party applications and the
controller
Programmability is a double-edged sword; it offers
flexibility to implement newly innovated market-
driven applications but it also opens the door to
malicious and vulnerable applications.
Authentication and different authorization levels should
be enforced at the point of application registration to
the controller in order to limit the controller
exposure.
SDN-Specific Security Challenges(cont..)

14. 2- Programmability
C- Interface Security protection on A-CPI and I-CPI
Beyond the communication with applications through A-CPIs
a controller may be controlled either by an upper
layer controller or may work in tandem with another
controller at the same hierarchical level. Lack of
protection across these interfaces may lead to
malicious attacks on the SDN.
Security attributes and operation checkpoints should
therefore be defined for securing A-CPIs and I-CPIs
(Intermediate - controller plane interface).
SDN-Specific Security Challenges(cont..)

15. 3- Challenge of Integrating Legacy Protocols
SDN interfaces and protocols are being developed in the
recognized context of escalating exploitation of
technical and process deficiencies, with
increasingly severe consequences that could lead to
security issues. However, experience has demonstrated the
difficulty of retrofitting security
capabilities into existing technologies (Domain Name
Server (DNS) and Border Gateway Protocol(BGP) are notable
examples). It is critical that compatibility be checked
before implementing legacy protocols (e.g., Network
Address Translation (NAT), BGP) into SDN. It is
also important that weaknesses previously
addressed by legacy architectures not be repeated or
even inflated when building the SDN framework.
SDN-Specific Security Challenges(cont..)

16. 4- Cross Domain Connection
An additional requirement of SDN implementation requires
that infrastructure of different domains can be
connected. This can be realized by connecting
controllers of different providers via the I-CPI. The
mechanisms to establish trust relationships, to determine
authorization level in order to prevent abuse and
secure channel setup should all be considered.
SDN-Specific Security Challenges(cont..)

17. The SDN threat modeling requires understanding of the SDN
architectural components and their
interconnections. Figure 4 illustrates a
typical SDN architecture to reveal the main SDN building
blocks, which include the SDN planes and interfaces. Any
of these architectural components could
contain vulnerabilities and be exploited by
attackers to compromise a SDN network.
SDN Attack Surface

18. Figure 4. The SDN components
The SDN components
Figure 4

19. attacks could be launched on SDN components to
achieve unauthorized access, unauthorized
disclosure of information, unauthorized
modification, destruction, and/or disruption of
service.
1-Unauthorized Access Using Password Brute-Forcing
or Password-Guessing Attacks
2-Unauthorized Access Using Remote Application
Exploitation Attacks
3-Unauthorized Disclosure of Information Using RAM
scraping Attacks
4-etc ……
SDN Attacks Examples

20. 1- Unauthorized Access Using Password Brute-Forcing or Password-
Guessing Attacks
•Figure 5. An unauthorized access attack is illustrated
using the EXT->ACC->MGR path.
SDN Attacks Examples(cont..)
Figure 5

21. 1- Generic network infrastructure threats
2- SDN specific Threats
3- Network Virtualization Threats
SDN Threat Model

22. 1- Generic network infrastructure threats
1- Physical threats
2- Damage/loss
3- Failures/malfunctions
4- Outages
5- Disaster
6- Legal

23. we present types of threats that are specific to SDN. Such threats may relate
to different assets in the reference SDN architecture
1- Data forging
2-Traffic diversion
3-Side channel attack
4- Flooding attack
5- Software/firmware exploits
6- Denial of Service (DoS)
7- Identity spoofing
8- API exploitation
9- Memory scraping
10- Remote application exploitation
11-Traffic sniffing
2- SDN specific Threats

24. Figure 6 :Threats of SDN reference architecture
2- SDN specific Threats(cont..)

25. 1- Data forging: This threat involves compromising an SDN
element (e.g., controller, router, switch) in order to
forge network data and launch other attacks (e.g.,
DOS).
2-Traffic diversion: This threat involves compromising a
network element in order to divert traffic flows and
to enable eavesdropping. Traffic diversion is a threat
relating to network elements of the data plane.
3- Side channel attack: This threat involves extracting
information on existing flow rules that are used by
network elements. The threat can be realized by exploiting
patterns of network operations (e.g. exploiting the
time required for establishing a network connection).
2- SDN specific Threats(cont..)

26. 4-Flooding attack: Flooding attacks involve compromising a
SDN component in order to make it flood other
components, which it interacts with.
5- Software/firmware exploits: This threat involves
exploiting vulnerabilities of the
software/firmware in order to cause some
malfunction, reduction or disruption of service,
eavesdrop data or destroy/compromise data.
6- Denial of Service (DoS): This threat relates to attacks
aimed at causing reduction or disruption of the SDN
service. DoS threats may occur in all layers of the SDN
reference architecture. At the data plane, DoS can
be caused by attackers, which flood the bandwidth or
resources of network elements.
2- SDN specific Threats(cont..)

27. 7- Identity spoofing: Identity spoofing is a threat where a
threat agent successfully determines the identity of
a legitimate entity and then masquerades this entity in
order to launch further attacks.
8-API exploitation: This threat involves exploiting the API
of a software component in order to launch
different types of further attacks such as the
unauthorized disclosure, compromise of integrity and/or
destruction of information, or the unauthorized
destruction/ degradation of service.
9-Memory scraping: This threat arises when an attacker
scans the physical memory of a software component in order
to extract sensitive information that is it not authorized
to have.
2- SDN specific Threats(cont..)

28. 10- Remote application exploitation: In this threat, an
attacker gains access or obtains higher access
privileges to an SDN application by exploiting
software vulnerabilities of it. This can then be used to
execute operations illegitimately.
11-Traffic sniffing:Traffic sniffing involves tapping data
flows within a network. In SDN, traffic sniffing has been
identified primarily as an attack upon the communication
link between an application at the SDN application
plane and a controller at the control plane in order to
gain access to important controller configuration data or
application-level credentials.
2- SDN Threat Model(cont..)

29. 3- Network Virtualization Threats
Network virtualization threats are threats related to the
underlying IT infrastructure used for virtualizing
network operations. Such threats can be distinguished
into:
1- Threats related to servers running virtualized network functions
(virtualized host abuse)
2- Threats to data centres hosting SDN operations (Data centre
threats):
3- Threats related to virtualization mechanism: (Network
Virtualization bypassing):

30. • Scalability:
• Control plane bottleneck.
• Single controller is not sufficient to manage large scale network.
• How many controllers are needed to support large scale network?
• When to scale down?
• Multi Controllers.
• Each controller is responsible to a subset of the network.
• Concern with synchronization and communication between
controllers.
• How to slice the resources among controllers?
• Latency between controllers and switches.
• Less accurate decision?
What is Relation between WSN and SDN?
Open Research issues SDN

31. Open Research issues SDN(cont..)
• Slicing Resources (CPU, bandwidth, etc).
- How to allocate resources to different controllers and users?
- Formulated to optimization and fairness problems.
• Using SDN to achieve more green DCN.
•No substantial works in this area.
•As 2015, few publications on this subject are published in IEEE
ICC and IEEEE Globecom.
•Some software may provide measurement on power usage or
capability to turn on/off switches.
• NetFPGA, Mininet and OpenFlow?
How to leverage from SDN approach to have more flexible and secure WSN & IoT?

32. Open Research issues SDN as 2015(cont..)

33. The future, however, will most likely use a combination
of these
(and perhaps other) models, standards, and
implementations.
Models such as I2RS are likely to be used to provide
network programmability in those heterogeneous
environments in which scalability is the primary
concern. The architectural models underlying
I2RS envision layered, distributed control planes in
which the control and data planes share fate.
Future Research Directions

34. Using a software-defined radio together with MATLAB and
Simulink for wireless design, simulation, and analysis
enables engineers and students to:
1- Set up SDR hardware with preconfigured radio functions
2- Transmit and receive standards-based and custom-generated
signals
3- Test designs in the presence of interference and other real-
world conditions
4- Perform real-time signal analysis and measurement
5- Deploy, prototype, and verify custom designs on SDR hardware
using HDL and C code generation from algorithm models
6- Verify implementation with radio-in-the loop tests
Simulator for Software Defined Networking

35. Pareto-Optimal Resilient Controller Placement in SDN-based Core
Networks by David Hock, Matthias Hartmann, Steffen Gebert,
Michael Jarschel, Thomas Zinner, Phuoc Tran-Gia from the
University of Wuerzburg, Germany
A Matlab-based tool for calculating pareto-optimal placements
of controllers in a network topology.
https://github.com/lsinfo3/poco
Pareto Optimal Controller Placement (POCO) Matlab-based tool
Figure 7

36. OpenDaylight SDN Controller with the Mininet Network Emulator
OpenDaylight (ODL) is a popular open-source SDN
controller framework. To learn more about OpenDaylight,
it is helpful to use it to manage an emulated network of
virtual switches and virtual hosts. Most people use the
Mininet network emulator to create a virtual SDN network
for OpenDaylight to control.
https://www.opendaylight.org/platform-overview-beryllium
Figure 8

37. Mininet Network Emulator
Mininet is a network emulator which creates a network of
virtual hosts, switches, controllers, and links. Mininet
hosts run standard Linux network software, and its
switches support OpenFlow for highly flexible custom
routing and Software-Defined Networking.
Mininet supports research, development, learning,
prototyping, testing, debugging, and any other tasks that
could benefit from having a complete experimental network
on a laptop or other PC.http://mininet.org/
Figure 9

38. NS-3 Network Simulator
NS-3 is a discrete-event open-source network simulator
for Internet systems, used primarily for research and
educational use. NS-3 is a complex tool that runs
simulations described by code created by users, so you
may need programming skills to use it.
https://www.nsnam.org/
Figure 10

39. Cognitive radio offers the promise of intelligent
radios that can learn from and adapt to their
environment.
And change how they communicate, it's crucial that
they select optimal, secure means of
communications. Data integrity and
confidentiality can be handled by higher-layer
cryptographic security
Cognitive radio can be described as an intelligent
and dynamically reconfigurable radio .
See Figure.11, cognitive radio scenario
Definition Cognitive Network

40. Figure.11, cognitive radio scenario
Definition Cognitive Network(cont..)

41. The main objective of the security system is to
protect the
communication from the malicious users. The
cognitive radio network has the same security
requirements as that of the general wireless
networks because of the open air nature of
wireless media . The major difference between the
cognitive radio network and the traditional
wireless network is that it doesn’t operate on a
fixed frequency spectrum i.e. the
frequency spectrum is being used dynamically.
Security of Cognitive Radio

42. Security of Cognitive Radio at different layers
1- Physical layer
- Example of possible attacks (Intentional jamming
attack)
2- Link layer
- Example of possible attacks (Biased utility attack , DOS
attack)
3- Network layer
- Example of possible attacks (Hole attack)
4- Transport layer
- Example of possible attacks (Key depletion attack)
5- Application layer
- As a result, any attack on physical, link,network or
transport layers may have an adverse affect on the
application layer

43. - Secure authentication mechanisms,
- Confidentiality,
- Data integrity,
- Accessibility,
- Multimodal strategies for the isolation of adversary
nodes,
- Ability to differentiate between adversaries and
unintentionally misbehaving SUs
Security Requirement of Cognitive Radio

44. Threat is a constant danger through persons, objects, or
any resources where as an attack is an act of
or event that exploits the vulnerability. The policies,
learning mechanisms, and self-propagation in cognitive
radio architecture prevents the threats (cannot
escape the threats). In CR, a threat can happen while
sensing of information (due to involvement of a
malicious user).This information will
then feed for learning and decision making. The
results produced will lead to inappropriate decisions
(unacceptable decisions) due to a malicious user
injected the faults.
Threats and Attacks in Cognitive Radio Networks

45. Attacks Layer Involved in Cognitive Radio Networks

46. Cross-layer attacks are possible in CRN. There is a need
to be given individual attention for such attacks.
Jamming on routing information happens due to
lack of common control channels. Traffic
analysis attack on data privacy and location privacy will
be avoided by authentication and controlling the
access rights of cognitive user.
Attacks Layer Involved in Cognitive Radio Networks(cont..)

47. In comparison with traditional wireless networks,
there are more chances open to attackers in
cognitive radio technology. As a result, security in
cognitive radio networks has become a challenging
task . Quality of service (QoS) provisioning and
security requirement for the entire network may be
adversely affected by these weaknesses and
vulnerable aspects, introduced by the
nature of cognitive radio .The data in the
wireless media may be eavesdropped or altered
without notice and the channel might be jammed or
overused by the adversaries
Security issues in cognitive radio

48. - multi-hop cognitive radio networks
- medium access control (MAC) and network layers of the
multi-hop cognitive radio protocol stack. Issues
considered include efficient spectrum sharing, optimal relay
node selection, interference mitigation, end-to-end delay,
etc.
-Surveys on Channel Assignment Problem in CRN
- Spectrum Assignment
* Selection criteria, approaches, techniques, and
challenges
- Channel Assignment Algorithms
* Coordination mechanisms, objectives, solving
approaches, network types, number of radios, PU
characteristics, routing dependencies, and channel
Open Research issues in Cognitive Radio

49. - Problems in Multichannel Hidden Terminal
- Energy Efficient MAC Protocol
- Self-interference Problem
- Negotiation Mechanism and Time Synchronization
Open Research issues in Cognitive Radio(cont..)

50. 1- Broader Evaluation
- System wide
- Interdisciplinary
- Scale
- Safety
- Realism
- Rigor
2- Testbed Requirements
3- Cognitive Radio Platforms
- Base stations , Client nodes , Mobile platforms
4- Testbed Deployment and Management
Evaluation Methodologies for Cognitive Networking

51. Most of the proposed solutions do not cover major issues
related to CR dynamic environment. Therefore, some
research proposals are first suggested in the context of
MAC protocol entity.
More research in future is required to search for
accurate sensing schemes. Although the hardware
limitations of CR users is a critical issue on spectrum
sensing. So, more efficient and robust alternatives must
be investigated in terms of CCC design. Clear assignments
to deal with transmit power, coding scheme,
transmission rate to the CR users must be devised
Future Research Directions

52. Further research may include QoS for SUs in the context
of dynamic resource availability.
However, ensuring a reliable network coordination and
reconfiguration mechanism is another
major issue that must be addressed efficiently.
Majority of the current research has focused on improving
the throughput of CR networks.
Clear assignments to deal with transmit power, coding
scheme, transmission rate to the CR users must be
devised. MAC Design focusing on energy introduces
new challenges in CR MAC design research.
Future Research Directions(cont..)

53. 1- simulation framework based on NS2 (CogNS) for
cognitive radio networks
2- NS-3 Simulator Extension for Cognitive Radio
3- matlab
4- Cognitive Radio Simulation based on OMNeT++/MiXiM
Simulator for Cognitive Radio

54. simulation framework based on NS2 (CogNS)
framework can be used to investigate and evaluate the
impact of lower layers, i.e., MAC and physical layer,
on the transport and network layers protocols. Due
to the importance of packet drop probability, end-
to-end delay and throughput as QoS requirements in real-
time reliable applications, these metrics are evaluated
over CRNs through CogNS framework.http://cogns.net/
Figure 12

55. OMNeT++ CR Simulation Framework
OMNeT++/MiXiM was chosen as the developing platform,
mainly due to its open source nature, its well-
organized modular architecture, the
existing documentation, and the provided IDE
(Integrated Development Environment).https://omnetpp.org/
Figure 13

56. Conclusions
Security of Software-Defined Networks (SDN)
Security within the SDN paradigm will arguably be a
challenge, as all layers, sub-layers and components
will need to communicate according to
strict security policies.
Security challenges for Software-Defined Networks
differ in some respects from those of a
classical network due to the specific network
implementation and SDN’s inherent control and
programmability characteristics.
our current knowledge on SDN threats and attacks is
limited. The new systems required to carry out SDN
functions may themselves come under malicious
attacks. While some attacks will be common to

57. Security of Cognitive Radio Network (CRN)
Most of the attacks presented are specific to PHY-layer
cognition. Sensors and decisions at higher layers can
often be cryptographically protected, making them less
vulnerable to manipulatory attacks.
The threat detection mechanisms can be developed for
cognitive radio networks in the same lines of
intrusion detection mechanisms. The threat detection and
protection of information are serious issues in wireless
networks as well as cognitive radio networks
Intrusion detection models are required in such
situations. Cryptographic techniques
are useful with the additional burden of computing
time.The trust models are more appropriate than to
cryptographic techniques due to their simplicity and
computational efficiency. Cloud application helps to
Conclusions

58. Review Question
1- What is the relation between SDR and Cognitive
radio ?
2- What would be an appropriate conceptual model for SDR-
CR?
3- What is self-propagating AI virus in A virus spreading
model for cognitive radio networks ?
4-What is The function of MAC protocols to ensure
interference-free (with PUs or other CR users) in CR
networks?
5- what is The Impact of SDN on Network Security ?
6- Give list some important design issues that are
necessary to be addressed in distributed CR MAC
design?
7- What is CCC of CR MAC protocols ?
8- What is Technical recommendations for Administrators

59. Reference
1-Introduction to Software Defined Networking (SDN)
Raj Jain
Washington University in Saint Louis
Saint Louis, MO 63130 , 2013
2- Taxonomic Modeling of Security Threats in Software Defined Networking ,
Jennia Hizver, PhD ,BlackHat Conference , August 5-6, 2015
3- Principles and Practices for Securing Software-Defined
Networks , January 2015, ONF TR-511
4- The Software-Defined-Networking Research Group
Published by the IEEE Computer Society 1089-7801/13/$31.00 © 2013 IEEE
5- “Cognitive Radio Communications and Networks: Principles and Practice”
By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009)
6- Security in Cognitive Radio Networks : Threats and Mitigation ,T. Charles
Clancy,
Nathan Goergen
7- Security in Cognitive Radio Networks
Kresimir Dabcevic, Lucio Marcenaro, Carlo S. Regazzoni , University of
Genova, Italy

60. 8- Security Challenges in Cognitive Radio Networks ,
Hanen Idoudi, Kevin Daimi, and Mustafa Saed
9-- Future Directions in Cognitive Radio Network Research , NSF Workshop Report
Edited by: Peter Steenkiste, Douglas Sicker, Gary Minden, Dipankar
Raychaudhuri
March 9-10, 2009
10- Cognitive Radio: Technology Survey and Future Research Directions
José Marinho , Edmundo Monteiro
11- AN INVESTIGATION OF SECURITY CHALLENGES IN COGNITIVE RADIO NETWORS
By Deepraj Vernekar in 30-12-2012
12- Cognitive Radio Networks
edited by Yang Xiao, Fei Hu
13- Cognitive Radio RF: Overview and Challenges
Van Tam Nguyen,1 Frederic Villain,2 and Yann Le Guillou3
1 Institut Mines-Telecom, Telecom ParisTech, LTCI CNRS UMR 5141, 75634
Paris, France
2 BL TV Front End, NXP, 14460 Colombelles, France
3 Renesas Mobile Corporation, 35517 Cesson Sevigne Cedex, France
Reference

61. 14-Threat Landscape and Good Practice Guide for Software Defined Networks/5G
DECEMBER 2015 by
European Union Agency For Network And Information Security
15- Introduction to Software Defined Network (SDN)
By Hengky “Hank” Susanto, Sing Lab, HKUST
16- Security Issues and Threats in Cognitive Radio Networks
•Yenumula B. Reddy
• Department of Computer Science, Grambling State University
•Grambling, Louisiana, USA
17- Channel Assignment Algorithms in Cognitive Radio Networks: Taxonomy, Open
Issues, and Challenges
ARTICLE in IEEE COMMUNICATIONS SURVEYS & TUTORIALS · OCTOBER 2014
18- Cognitive Radio MAC Protocols: A Survey, Research Issues, and Challenges
Mahfuzulhoq Chowdhury1, Asaduzzaman1, and Md. Fazlul Kader
Received November 19, 2014; Revised December 29, 2014; Accepted January 26,
2015; Published February 28, 2015
Reference

62. https://www.researchgate.net/profile/Ameer_Sameer
://www.slideshare.net/AmeerSameer
s://www.facebook.com/ameer.Mee
https://www.linkedin.com/in/ameer-sameer-452693107
Any Question :
ameersameer.it@gmail.com