• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2018년도 춘계학술대회
• /
• pp.238-240
• /
• 2018

Cloud vehicular networks are a promising paradigm to improve vehicular through distributing computation tasks between remote clouds and local vehicular terminals. Software-Defined Network(SDN) can bring advantages to Intelligent Transportation System(ITS) through its ability to provide flexibility and programmability through a logically centralized controlled cluster that has a full comprehension of view of the network. However, as the SDN paradigm is currently studied in vehicular ad hoc networks(VANETs), adapting it to work on cloud-based vehicular network requires some changes to address particular computation features such as task computation of applications of cloud-based vehicular networks. There has been initial work on briging SDN concepts to vehicular networks to reduce the latency by using the fog computing technology, but most of these studies do not directly tackle the issue of task computation. This paper proposes a Software-Defined Cloud-based vehicular Network called SDCVN framework. In this framework, we study the effectiveness of task computation of applications of cloud-based vehicular networks with vehicular cloud and roadside edge cloud. Considering the edge cloud service migration due to the vehicle mobility, we present an efficient roadside cloud based controller entity scheme where the tasks are adaptively computed through vehicular cloud mode or roadside computing predictive trajectory decision mode. Simulation results show that our proposal demonstrates a stable and low route setup time in case of installing the forwarding rules of the routing applications because the source node needs to contact the controller once to setup the route.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2017년도 추계학술대회
• /
• pp.561-562
• /
• 2017

소프트웨어 정의 네트워킹 기술은 네트워크 처리 부분과 제어 부분을 분리하여 중앙집중적이고 강력하게 네트워크를 제어할 수 있다. 하지만 소프트웨어 정의 네트워킹 기술은 강력함과 함께 보안 위협이 크고 영향도 크다. 대부분의 소프트웨어 정의 네트워킹에 대한 보안 연구는 네트워크 취약점을 발견하고 방어하는 데 중점을 두고 있다. 하지만 이러한 기술 자체에 대한 보안 연구는 많지 않다. 본 논문에서는 이러한 네트워킹 기술에서 발생할 수 있는 보안 취약점들을 분석하고 보안도를 높이기 위해 필요한 사항을 제안한다. 가장 큰 위협은 컨트롤러에 대한 서비스 거부 공격 및 보안 위협들이며 컨트롤러와 스위치간 신뢰성 문제도 있으며 설정 정보를 조작하여 오동작하게 하는 공격을 탐지하기 위한 기법도 필요하다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권2호
• /
• pp.580-599
• /
• 2021

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

• 한국컴퓨터정보학회:학술대회논문집
• /
• 한국컴퓨터정보학회 2020년도 제61차 동계학술대회논문집 28권1호
• /
• pp.235-236
• /
• 2020

본 논문에서는 기존의 SDN(Software Defined Network)의 특징 및 활용 등에 대해 살펴보고 이를 활용한 네트워크의 고도화 및 보안 측면에서의 장단점 연구를 통해 향후 SDN이 보다 고도화 되어야 하는 방향을 제시한다. SDN은 소프트웨어 앱을 사용하여 네트워크를 지능화 하고 중앙에서 제어하거나 프로그래밍 할 수 있는 네트워크 아키텍처 접근법이다. 사업자는 기본 네트워크 기술에 상관없이 전체 네트워크를 일관적으로 전체적으로 관리할 수 있다. 물리적인 네트워크를 소프트웨어 기술을 이용하여 제어하는 네트워크 기술이다. SDN은 네트워크의 제어 플레인을 네트워크 트래픽을 전달하는 데이터 플레인과 분리한다는 개념이다. 이런 분리의 목적은 중앙에서 관리하고 프로그래밍이 가능한 네트워크를 만드는 것이다. 일부 SDN 구현 솔루션은 범용 네트워크 하드웨어를 통제하는 소프트웨어 기반 관리 플랫폼을 사용한다. 또 다른 접근법은 통합된 소프트웨어와 하드웨어를 사용하기도 한다. 하지만 이러한 SDN에도 많은 취약점이 존재하며 이를 보완할 수 있어야 하며 본 논문에서 이러한 방향을 제한하도록 한다.

• 정보보호학회논문지
• /
• 제29권1호
• /
• pp.29-43
• /
• 2019

최근, IoT 무선 디바이스 등의 증가로 WSN(Wireless Sensor Network) 환경에서 네트워크 트래픽이 증가하면서 네트워크 자원을 안전하고 효율적으로 관리하는 SDN(Software-Defined Networking)을 WSN에 적용한 SDWSN(Software-Defined Wireless Sensor Networking)과 그에 대한 보안 기술에 대한 관심도가 증가하고 있다. 본 논문에서는 SDWSN 환경에서 PUF(Physical Unclonable Function) 기반 그룹 키 분배 방법을 안전하고 효율적으로 설계하는 방법을 서술한다. 최근에 Huang 등은 그룹 키 분배에 SDN의 장점과 PUF의 물리적 보안 기능을 이용하여 그룹 키 분배 방법을 설계하였다. 하지만, 본 논문에서는 Huang 등의 프로토콜이 보조 제어부 미인증과 불필요한 동기화 정보를 유지하는 취약점이 존재함을 발견하였다. 본 논문에서는 보조 제어부에 인증과정을 안전하게 설계하고, 불필요한 동기화 정보는 삭제하되 카운터 스트링과 랜덤 정보를 추가하여 Huang의 취약점을 개선하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권12호
• /
• pp.5723-5743
• /
• 2018

The evolving internet-based services demand high-speed data transmission in conjunction with scalability. The next generation optical network has to exploit artificial intelligence and cognitive techniques to cope with the emerging requirements. This work proposes a novel way to solve the dynamic provisioning problem in optical network. The provisioning in optical network involves the computation of routes and the reservation of wavelenghs (Routing and Wavelength assignment-RWA). This is an extensively studied multi-objective optimization problem and its complexity is known to be NP-Complete. As the exact algorithms incurs more running time, the heuristic based approaches have been widely preferred to solve this problem. Recently the software-defined networking has impacted the way the optical pipes are configured and monitored. This work proposes the dynamic selection of path computation algorithms in response to the changing service requirements and network scenarios. A software-defined controller mechanism with a novel packet matching feature was proposed to dynamically match the traffic demands with the appropriate algorithm. A software-defined controller with Path Computation Element-PCE was created in the ONOS tool. A simulation study was performed with the case study of dynamic path establishment in ONOS-Open Network Operating System based software defined controller environment. A java based NOX controller was configured with a parent path computation element. The child path computation elements were configured with different path computation algorithms under the control of the parent path computation element. The use case of dynamic bulk path creation was considered. The algorithm selection method is compared with the existing single algorithm based method and the results are analyzed.

• International Journal of Computer Science & Network Security
• /
• 제24권2호
• /
• pp.67-78
• /
• 2024

Software-Defined Networking (SDN) is a new emerging networking paradigm that has adopted a logically centralized architecture to increase overall network performance agility and programmability. Combining network virtualization with SDN will guarantees for combined advantages of improved flexibility and network performance. Combining SDN with hypervisors divides the network physical resources into several logical transparent and isolated virtual SDN network (vSDN), where each has its virtual controller. However, SDN hypervisors bring several advantages as well as several challenges to its network operators as for the virtual appliances, their efficient placement, assurance of network performance is mandatory, and their dynamic instantiation with their migration. In this article, we provide a brief and concise review of network virtualization along with its implementation in the SDN network. SDN hypervisors types are discussed, and taxonomy is provided to demonstrate the importance of hypervisors in SDN. A comparison of SDN hypervisors is performed to elaborate on the vital hypervisor software along with their features, and different challenges are discussed faced by the SDN network. A framework is proposed to add combined functionalities of hypervisors to create a more effective and efficient virtual system. The purpose of the framework is to increase network performance through proper configuration of resources, software, control plane isolation functions with defined rules and policies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권1호
• /
• pp.484-510
• /
• 2017

Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

• ETRI Journal
• /
• 제41권4호
• /
• pp.452-464
• /
• 2019

The use of wireless body area networks (WBANs) in healthcare applications has made it convenient to monitor both health personnel and patient status continuously in real time through wearable wireless sensor nodes. However, the heterogeneous and complex network structure of WBANs has some disadvantages in terms of control and management. The software-defined network (SDN) approach is a promising technology that defines a new design and management approach for network communications. In order to create more flexible and dynamic network structures in WBANs, this study uses the SDN approach. For this, a WBAN architecture based on the SDN approach with a new energy-aware routing algorithm for healthcare architecture is proposed. To develop a more flexible architecture, a controller that manages all HUBs is designed. The proposed architecture is modeled using the Riverbed Modeler software for performance analysis. The simulation results show that the SDN-based structure meets the service quality requirements and shows superior performance in terms of energy consumption, throughput, successful transmission rate, and delay parameters according to the traditional routing approach.

• International journal of advanced smart convergence
• /
• 제13권2호
• /
• pp.16-24
• /
• 2024

With an increase in the relevance of next-generation integrated networking environments, the need to effectively utilize advanced networking techniques also increases. Specifically, integrating Software-Defined Networking (SDN) with Multi-access Edge Computing (MEC) is critical for enhancing network flexibility and addressing challenges such as security vulnerabilities and complex network management. SDN enhances operational flexibility by separating the control and data planes, introducing management complexities. This paper proposes a reinforcement learning-based network path optimization strategy within SDN environments to maximize performance, minimize latency, and optimize resource usage in MEC settings. The proposed Enhanced Proximal Policy Optimization (PPO)-based scheme effectively selects optimal routing paths in dynamic conditions, reducing average delay times to about 60 ms and lowering energy consumption. As the proposed method outperforms conventional schemes, it poses significant practical applications.