Software-Defined Networking Security Techniques and the Digital Forensics of the SDN Control Plane
Doctor of Philosophy (PhD)
Software-Defined Networking (SDN) is an efficient networking design that decouples the network's control plane from the data plane. When compared to the traditional network architecture, the SDN architecture shares many of the same security issues. The centralized SDN controller makes it easier to control, easier to program in real-time, and more flexible, but this comes at the cost of more security risks. An attack on the control plane layer of the SDN controller is a major security concern.
First, centralized design and the existence of a single point of failure in the control plane compromise the accessibility and availability of data or services. A failure of the SDN controller will make the entire network unavailable. In this research, we propose an architecture made up of a set of open-source RYU controllers that work together to achieve an effective level of performance, availability, and scalability against the threat of a single point of failure on the control plane of the SDN and the threat of a DDoS attack on the control plane.
Second, in this project, we discussed Man-In-The-Middle (MITM) attacks and their tremendous impact on the SDN control plane as one of the most serious threats in SDN. With a specific focus on the ARP poisoning attack against the SDN, we developed a security tool that is capable of identifying and preventing MITM attacks in the SDN. Our solution, titled the RYU SDN Controller ARP Poisoning Security Application (Ryu-ARP), is a security application that runs on the RYU controller and provides a way for detecting and preventing the ARP poisoning attack in SDN.
Finally, in the era of SDN, the SDN controller is in charge of the majority of the information passing across the network. As a third thrust of this dissertation, we explored the OpenDaylight (ODL) SDN controller's memory for forensically useful information. This was accomplished by creating controller memory samples with different networking configurations, analyzing the memory samples, and then constructing an SDN-Controller-Network-Discovery-Tool (SCoNDT). SCoNDT is a memory analysis tool that examines and analyzes the ODL controller's host tracker service from an acquired memory dump.
Alshaya, Abdullah, "Software-Defined Networking Security Techniques and the Digital Forensics of the SDN Control Plane" (2023). LSU Doctoral Dissertations. 6143.
Richard, Golden G III