Software Defined Networking and Security
Abstract: Software Defined Networking (SDN) is growing at a rapid pace and it is said to be the
future for networking. As SDN continues to grow and slowly integrate with the networks around
the world, only time will tell if it will end up making internet a safer place, or opening up more
access points for intruders to get in. This survey presents comprehensive study of research in
the field of security as it relates to SDN and tries to understand the direction it is taking as we
usher in to this new era.
Software-defined networking (SDN) has made a lot of progress in past few years and moved
quickly in to production environments of major players like Google and Facebook, who have
used it to overcome the limitations of traditional networks by leveraging SDNs flexibility and
ease of implementation using non-proprietary hardware. SDN approaches networking by
separating the data plane and control planes, and thus making a more precise division of roles
and duties for each element.
SDN Architecture and Security Challenges
SDN model separates the Data Plane from Control Plane and adds an Application Plane. This
process is aimed to separate intelligence from the network devices, and moving it to a central
location- the controller. This leads to network switches which only act as a forwarding device
and Control Plane handles all the logical decisions. It also gives freedom to end users to
implement the logic the way they like, making networks highly programmable and
customizable to meet the needs to end users. This advanced networking functionality comes
with a ton of security challenges that were non existent before.
Driving factors of SDN:
Two issues that are driving the growth of SDN include the issues related to traditional networks,
and benefits of SDN.
• Issues with traditional networks:
– With the introduction of big data, internet of things and other high network traffic producing
technologies traditional networks are struggling to keep up with the need for fast data flow.
– They were not designed to handle this kind of data growth we have seen in the last decade.
– The traditional networks increase in complexity as the size of the network grows.
– Each device needs to be configured and managed separately which is a huge issue for large
– Vendor dependency is high and vendors are well known to keep technologies proprietary
and not play well with each other.
• Benefits of SDN:
Centralization of logical control of network provides a global view of the network. This
minimizes errors, makes it easier to control the network and keep an eye on what’s going on
at all times, provides consistency in configuring network devices, and reduces role of
network switches to data forwarding devices. This also leads to cost reduction since SDN
allows Controller to work with standard network devices which are cheap (as they are made
to send and receive packets and lack proprietary software(s) by vendors).
Information Security in SDN
Three elects of information security, in simple terms, are:
– Availability – State in which information is available when required by authorized user.
– Confidentiality – Only authorized user has access to information
– Integrity – Only authorized user is able to modify the information
Defense in depth, or the Castle Approach is information assurance concept in which multiple
security controls are placed throughout each layer the system. The idea is to have several
methods in use to keep check on a system and minis the impact in case of an attack.
SDN has increased the access points for intruder based on the fact that there are many more
separate layers in an SDN system than there were before, namely the control plane, application
plane and dat plane. Each on of these planes and the links between them are potential points
of targets for attackers.
• Separation of Plane and security challenges:
SDN, by design, is different than a traditional network and thus needs to be backwards
compatible with the traditional devices. This puts pressure on SDN to support un secure
options. Example. SDN started with using TLS for communication between the planes, but
later on ended up adding support for TCP (with TLS as optional) since most of the network
switches use today do not support TLS. This opens up the network to potential attacks since
TCP is less secure.
Centralization of control plane and sensitive information on a single system (or cluster of
systems) makes it a great target to attacks. Leak of this information to hackers can cause loss
of service in a complete network. Attackers can also take over the entire network if they gain
unauthorized access to the controller. This controller, thus. Is a single point of failure, and
needs to be made redundant, physically secured, and run on secure hardware and software.
Effects of compromised controller include:
• Route Flow around security devices
• Send traffic to compromised end systems
• Man in the middle attacks
• Modify traffic
• Insert Malware
• Bugs in the controller or custom applications: Since SDN allows end users and organizations
to write their own applications and design their controllers to meet their needs, it also leads
to a concern related to bugs in program which might make network unstable, or cause
serious issues by becoming points of attack. Example, an open backdoor, put in place for
convenience of the developer, can be exploited by an attacker to gain access to
Security and Possibilities:
SDN, while has potential to be the weak link in an organizations security strategy to keep their
systems safe and protected, can also be used to provide enhanced security when used
properly. SDN allows implementation of certain approaches, which are just not possible with
Some of the possibilities include:
– A central vision of the network and traffic flowing through it to the end user. A security
application can really benefit from being able to see whats going in the network and make
sure all devices are complying with defined security policy. This will allow all devices to have
same security policies defined and allow them to work together, the creating a uniform
security in the network, and not restricting security to specific points in network. This makes
the network more secure overall.
Quick action against infected systems. SDN allows controller and security applications to
work together to take quick action against he affected host. Possibilities include removing
the host from network as soon as it is suspected of suspicion activity. This process currently
can take several minutes, and requires manual IT intervention.
SDN has a lot of potential to be really powerful tool to help manage the network at a higher
throughput and efficiency than currently possible with traditional networks and address the
network security issue that has crippled the world of computer networks for decades now. As
the implementation of SDN grows, we will see more examples of how SDN works in real world
against the traditional networks. A good approach to move towards more wide use of SDN,
while minimizing the cost, is to implement it in a part of network or implementing a hybrid