Review
Security in SDN: A comprehensive survey

https://doi.org/10.1016/j.jnca.2020.102595Get rights and content

Abstract

Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security.

Introduction

The SDN paradigm decouples the control and data planes, therefore all network intelligence and control logic is migrated from the network devices to a logically centralized software-based entity known as the network controller. Network controller resides in the control plane where centralized control and network management functions instruct forwarding behavior to all the elements distributed in the infrastructure. In the data plane, network elements called switches are designed to match metadata in flow packets against the rules and forwarding instructions issued by the network controller. Such process runs before conceiving any forwarding decision. The centralized characteristic of SDN implies that the network controller is always aware of the network state and that all traffic flows are passed to the controller at least once in the network lifetime for the definition of forwarding behavior. Besides centralized flow management, SDN nurtures the conception of network programmability; hence, different network functions are embedded as software applications that can be either installed on top of the controller or deployed as independent data consumer functions.

SDN embodies the concept of network programmability since all network operations must be described as software programs, integrating algorithms, data structures and programming concepts that belong to the software development environment. Security, a sensitive aspect in communication and data networks, may benefit from SDN features including the network programmability itself; several security problems that often threat conventional networks can be sorted out in SDN in a timely and reliable manner enforcing network security software applications. The introduction of security applications to networking environments might contribute to: replace hardware-based security middleboxes; add extra security features by the integration of emergent software-based technologies to the SDN environment, such as machine learning and virtualization; redefine, improve or sanitize conventional networking mechanisms and concepts with a proclivity to expose vulnerabilities or weak points; increase scalability and flexibility of security solutions and ease the deployment of such solutions in massive network infrastructures. Despite all the benefits listed before, it is convenient to highlight that the SDN architecture entails unknown and additional security problems, risks and threats that emerge due to the introduction of new network interfaces and the alteration of network elements and their traditional communication scheme. Therefore besides developing new security strategies leveraging SDN there must be a commitment to embed security in the reference architecture of the SDN itself.

As stated above, SDN can be leveraged to enhance network security but, at the same time, it needs to be precisely secured. Both approaches have attracted the attention of researchers considering that the SDN paradigm will not consolidate as the reference network architecture for enterprises and ISPs until a strict security scheme that cooperates with fulfilling a standardized set of minimum security requirements is completely devised. Back in 2008, the first security proposals for SDN appeared (Hinrichs et al., 2008) and since then to the recent years many different proposals have been published; some of them provide new network security mechanisms and improvements that leverage SDN features while some others focus on building a secure framework for reliable SDN deployment, just to name a few: PermOF (Wen et al., 2013) SE-Floodlight (Porras et al., 2015), FortNOX (Porras et al., 2012), Rosemary (Shin et al., 2014), LegoSDN (Chandrasekaran and Benson, 2014), Avant-Guard (Shin et al., 2013a), CPRecovery (Fonseca et al., 2012), NICE (Canini et al., 2012), FlowChecker (Al-Shaer and Al-Haj, 2010), Veriflow (Khurshid et al., 2012), FlowGuard (Hu et al., 2014a), Frenetic (Foster et al., 2011), Verificare (Skowyra et al., 2013), FRESCO (Shin et al., 2013b), NICE:NIDS (Chung et al., 2013), SnortFlow (Xing et al., 2013) and CBAS (Toseef et al., 2014). Those security proposals have been presented and thoroughly analyzed and discussed in comprehensive survey articles published throughout the recent years (Dacier et al., 2017, Ahmad et al., 2015, Scott-Hayward et al., 2016, Scott-Hayward et al., 2013, Akhunzada et al., 2015, Rawat and Reddy, 2017, Alsmadi and Xu, 2015, Ali et al., 2015, Shu et al., 2016, Akhunzada et al., 2016, Coughlin, 2014, Shaghaghi et al., 1804). Therefore, we consider that no significant contribution will result from further analysis of such works. However, new proposals have been thickening the state-of-art reflecting the evolution of SDN technology and covering newly discovered security aspects and details closely related to such evolution. Therefore, in this work we will focus on recently published SDN security works that introduce new security approaches obtained by either leveraging SDN features or by adapting to SDN security strategies that were developed for conventional networks.

The main goal of this work is to provide readers with a comprehensive revision of state-of-art proposals for the development and evolution of SDN security. In more detail, the main contributions of this survey are listed below:

  • 1.

    A taxonomy that classifies the reviewed articles in two main categories: The first one groups the proposals that leverage SDN features to improve network security. While the other one marks proposals that provide solutions to intrinsic security faults and risks in SDN. Moreover, subsequent categories label the articles according to seven subclasses defined according to unique contributions and features exhibited by the proposals.

  • 2.

    We foster a discussion to highlight two situations: The complexity in the integration of diverse security systems, and the Inconsistencies that can be observed in the design and implementation of security strategies for SDN. From our perspective and understanding those two situations need attention and additional efforts from the SDN community in order to ensure that the emerging security solutions overcome the problems and flaws present in current SDN security strategies.

  • 3.

    An introduction to the open and emerging challenges in SDN security to suggest and point out the directions for future research efforts and proposals.

This work is structured as follows: Section 2 introduces a set of basic notions and concepts to provide a brief description of the SDN architecture and the OpenFlow protocol; in this section we also highlight network attacks, threat vectors and attack surfaces in SDN. In Section 3, we thoroughly analyze the duality in SDN security: enforcing SDN to improve network security or enhancing SDN security? In Section 4, the taxonomy and the classification are presented, along with a brief analysis of newly published proposals. In Section 5 we briefly detail some potential flaws and inconsistencies that are still present in the design of security mechanisms for SDN. In Section 6, we identify open challenges and future work in SDN security. And finally, in Section 7 we conclude this article.

Section snippets

Background and context

SDN paradigm decouples control and data planes, it means that all network logic and control is isolated from data devices. Although SDN proposes novel and promising network architectures, it is still in an early stage for realistic and production-like implementations. One key aspect that inibits the adoption of SDN as the de-facto network architecture is the security, there is still too much to develop and test regarding this aspect. Nevertheless, in recent years SDN security has been gaining

SDN for security and SDN security

SDN features like network-wide visibility, centralized network intelligence and network programmability reshaped the way packet forwarding and basic network control duties are performed in programmable networks. However, as detailed in the previous section, these features and the SDN architecture itself introduce new security risks and attack surfaces that are not present in conventional network deployments. According to the latter statement and taking on count the benefits to network control

Classification and overview of SDN security solutions

In this section, we provide a comprehensive review of new security solutions to attack vectors and threat surfaces that target the SDN architecture. We present the proposals classified into eight categories that reflect either the main contribution to security or the main network concept that is embodied in the proposal: Attack detection, Virtualized/Cloud-based security, Threat and attack mitigation, Protected and secure sessions, Network state monitoring, Vulnerability assessment, Forensics

Faulty system integration and system complexity

Security is as strong as the weakest link, any loose end in a security approach exposes the entire network system to be compromised sooner or later. For that latter reason it is suggested to run extensive assessments and tests for the identification of critical points that could be leveraged to bypass the security measures and then compromise the network elements under threat. Besides, implementation of a comprehensive security system implies adding complexity to the network and reducing its

Lack of standardized interfaces for the integration of NFV and cloud services in SDN security

Virtualized functions and services offer many new possibilities for the enhancement of security in SDN environments, as detailed in previous sections virtualized functions can be enforced by SDN to deploy security services directly on infrastructure devices or in the control plane, removing the utilization of specialized middleboxes and by the way offloading processing burden from control plane instances. Besides, by enforcing virtualized functions and services available in cloud environments

Conclusion

The SDN architecture is a revolution in network management and control, adding special features that enhance different network functions and at the same time provide with solutions to cumbersome issues present in conventional networks. The centralized control and network programmability in SDN cooperate in speeding-up the prototyping and development of network functions, in general, most of the network functions found in conventional architectures can be rendered in SDN in the form of simple

Declaration of competing interest

None.

Acknowledgements

This paper has been partially supported by the project “Red temática CYTED 519RT0580″ funded by the Ibero-American Science and Technology Program CYTED. This research was also partially supported by the Colombian Department of Science Technology and Innovation (Colciencias) and the Government of Antioquia, under the contract CT609 of 2019.

Juan Camilo Correa Chica, received the Bs. Eng in Electronics Engineering in 2010 from the University of Antioquia and received his MSc degree in Telecommunications Engineering from the same university in 2016. He is a lecturer and researcher at Instituto Tecnológico Metropolitano (ITM) and has been working as part time lecturer for digital systems design and software programming courses for the University of Antioquia. His research interests include: simulation and modeling of

References (127)

  • G.A. Ajaeiya et al.

    Flow-based intrusion detection system for sdn

  • A. Akhunzada et al.

    Securing software defined networks: taxonomy, requirements, and open issues

    IEEE Commun. Mag.

    (2015)
  • E. Al-Shaer et al.

    Flowchecker: configuration analysis and verification of federated openflow infrastructures

  • S.T. Ali et al.

    A survey of securing networks using software defined networking

    IEEE Trans. Reliab.

    (2015)
  • M. Banikazemi et al.

    Meridian: an sdn platform for cloud network services

    IEEE Commun. Mag.

    (2013)
  • L.R. Battula

    Network security function virtualization(nsfv) towards cloud computing with nfv over openflow infrastructure: challenges and novel approaches

  • K. Benton et al.

    Openflow vulnerability assessment

  • D.V. Bernardo et al.

    Introduction and analysis of sdn and nfv security architecture (sn-seca)

  • A. Bianco et al.

    Openflow switching: data plane performance

  • R. Bifulco et al.

    A survey on the programmable data plane: abstractions architectures and open problems

  • W. Braun et al.

    Software-defined networking using openflow: protocols, applications and architectural design choices

    Future Internet

    (2014)
  • M. Canini et al.

    A nice way to test openflow applications

  • M. Caprolu et al.

    Fortress: an efficient and distributed firewall for stateful data plane sdn, security and communication networks

  • B. Chandrasekaran et al.

    Tolerating sdn application failures with legosdn

  • M. Cheminod et al.

    Leveraging sdn to improve security in industrial networks

  • A. Chowdhary, D. Huang, A. Alshamrani, A. Sabur, M. H. Kang, A. Kim, A. Velazquez, Sdfw: Sdn-based stateful distributed...
  • C.-J. Chung et al.

    Nice: network intrusion detection and countermeasure selection in virtual network systems

    IEEE Trans. Dependable Secure Comput.

    (2013)
  • M. Conti et al.

    Know your enemy: stealth configuration-information gathering in sdn

  • M. Conti et al.

    A novel stealthy attack to gather sdn configuration-information

    IEEE Trans. Emerg. Top. Comput.

    (2018)
  • M. Coughlin

    A Survey of Sdn Security Research

    (2014)
  • J.H. Cox et al.

    Leveraging sdn and webrtc for rogue access point security

    IEEE Trans. Netw. Serv. Manag.

    (2017)
  • M. Dacier et al.

    Network attack detection and defense: security challenges and opportunities of software-defined networking

    Dagstuhl Rep.

    (2016)
  • M.C. Dacier et al.

    Security challenges and opportunities of software-defined networking

    IEEE Secur. Priv.

    (2017)
  • J. Deng et al.

    Vnguard: an nfv/sdn combination framework for provisioning and managing virtual firewalls

  • S. Deng et al.

    Packet injection attack and its defense in software-defined networks

    IEEE Trans. Inf. Forensics Secur.

    (2018)
  • M. Dhawan et al.

    Sphinx: detecting security attacks in software-defined networks

  • P. Dong et al.

    A detection method for a novel ddos attack against sdn controllers by vast new low-traffic flows

  • J.M. Dover

    A Denial of Service Attack against the Open Floodlight Sdn Controller

    (2013)
  • J.M. Dover

    A Switch Table Vulnerability in the Open Floodlight Sdn Controller

    (2014)
  • N. Feamster et al.

    The road to sdn

    Queue

    (2013)
  • M.P. Fernandez

    Comparing openflow controller paradigms scalability: reactive and proactive

  • P. Fonseca et al.

    A replication component for resilient openflow-based networking

  • N. Foster et al.

    Frenetic: a network programming language

    ACM Sigplan Not.

    (2011)
  • O.N. Fundation

    Software-defined networking: the new norm for networks

    ONF White Paper

    (2012)
  • N. Gray et al.

    Enhancing sdn security by device fingerprinting

  • E. Haleplidis et al.

    Network programmability with forces

    IEEE Commun. Surv. Tutor.

    (2015)
  • T. Hinrichs et al.

    Expressing and Enforcing Flow-Based Network Security Policies

    (2008)
  • J. Hizver

    Taxonomic modeling of security threats in software defined networking

  • S. Hogg

    Sdn Security Attack Vectors and Sdn Hardening: Securing Sdn Deployments Right from the Start

    (2014)
  • S. Hong et al.

    Poisoning network visibility in software-defined networks: new attacks and countermeasures

  • Cited by (182)

    View all citing articles on Scopus

    Juan Camilo Correa Chica, received the Bs. Eng in Electronics Engineering in 2010 from the University of Antioquia and received his MSc degree in Telecommunications Engineering from the same university in 2016. He is a lecturer and researcher at Instituto Tecnológico Metropolitano (ITM) and has been working as part time lecturer for digital systems design and software programming courses for the University of Antioquia. His research interests include: simulation and modeling of telecommunication systems; Internet of Things; Big Data; Software Defined Networking; and issues regarding software engineering such as efficient algorithms, data structures, optimization and metaheuristics. ORCID: 0000-0003-3476-9312

    Jenny Cuatindioy Imbachi, is a Professor at the Telecommunications Engineering Department at the University of Medellín, Medellín, Colombia. She received her Bs. Eng in Electronics and Telecommunications engineering back in 1998 from Universidad del Cauca. She pursued a Specialization in Networks and Telecommunications Services at Universidad del Cauca in 2005. She also received her M.Sc. degree in Telecommunications engineering from Universidad de Antioquia in 2017. Her main research interests include Channel Coding, Optical Networks, Access and Carrier Grade Networks and Next-Gen Networks.

    Juan Felipe Botero Vega, is a Professor at the Electronics and Telecommunications Engineering Department at the University of Antioquia, Medellín, Colombia. In 2006 he received his Computer Science Degree from the University of Antioquia, his M.Sc. degree in Telematics Engineering in 2008 from the Technical University of Catalonia, UPC, in Barcelona, Spain, and his Ph.D. degree in Telematics Engineering at UPC. In 2013, he joined the research group on applied telecommunications (GITA) at the Electronics and Telecommunications Engineering Department. His main research interests include Quality of Service, Software Defined Networking, Network Virtualization, Data Center Network Virtualization and resource allocation in virtual networks. (https://sites.google.com/site/juanfebotero/). ORCID: 0000-0002-7072-8924.

    View full text