• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.561-562
• /
• 2017

Software defined networking technology allows centralized and powerful network control by separating packet processing and network control. However, powerfulness of software-defined networking technology threats the network itself. Most security researches of software-defined networking focus on discovering and defending network vulnerabilities. But, there is not much security for this technology itself. In this paper, the security vulnerabilities that can occur in this networking technology are analyzed and the security requirements of it are proposed. The biggest threats are the threats to the controller, the reliability problem between the controller and the switch must be solved, and a technique to detect attacks that malfunction by manipulating configuration information are needed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.580-599
• /
• 2021

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.01a
• /
• pp.235-236
• /
• 2020

본 논문에서는 기존의 SDN(Software Defined Network)의 특징 및 활용 등에 대해 살펴보고 이를 활용한 네트워크의 고도화 및 보안 측면에서의 장단점 연구를 통해 향후 SDN이 보다 고도화 되어야 하는 방향을 제시한다. SDN은 소프트웨어 앱을 사용하여 네트워크를 지능화 하고 중앙에서 제어하거나 프로그래밍 할 수 있는 네트워크 아키텍처 접근법이다. 사업자는 기본 네트워크 기술에 상관없이 전체 네트워크를 일관적으로 전체적으로 관리할 수 있다. 물리적인 네트워크를 소프트웨어 기술을 이용하여 제어하는 네트워크 기술이다. SDN은 네트워크의 제어 플레인을 네트워크 트래픽을 전달하는 데이터 플레인과 분리한다는 개념이다. 이런 분리의 목적은 중앙에서 관리하고 프로그래밍이 가능한 네트워크를 만드는 것이다. 일부 SDN 구현 솔루션은 범용 네트워크 하드웨어를 통제하는 소프트웨어 기반 관리 플랫폼을 사용한다. 또 다른 접근법은 통합된 소프트웨어와 하드웨어를 사용하기도 한다. 하지만 이러한 SDN에도 많은 취약점이 존재하며 이를 보완할 수 있어야 하며 본 논문에서 이러한 방향을 제한하도록 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.29-43
• /
• 2019

In recent years, as the network traffic in the WSN(Wireless Sensor Network) has been increased by the growing number of IoT wireless devices, SDWSN(Software-Defined Wireless Sensor Network) and its security that aims a secure SDN(Software-Defined Networking) for efficiently managing network resources in WSN have received much attention. In this paper, we study on how to efficiently and securely design a PUF(Physical Unclonable Function)-assisted group key distribution scheme for the SDWSN environment. Recently, Huang et al. have designed a group key distribution scheme using the strengths of SDN and the physical security features of PUF. However, we observe that Huang et al.'s scheme has weak points that it does not only lack of authentication for the auxiliary controller but also it maintains the redundant synchronization information. In this paper, we securely design an authentication process of the auxiliary controller and improve the vulnerabilities of Huang et al.'s scheme by adding counter strings and random information but deleting the redundant synchronization information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.5723-5743
• /
• 2018

The evolving internet-based services demand high-speed data transmission in conjunction with scalability. The next generation optical network has to exploit artificial intelligence and cognitive techniques to cope with the emerging requirements. This work proposes a novel way to solve the dynamic provisioning problem in optical network. The provisioning in optical network involves the computation of routes and the reservation of wavelenghs (Routing and Wavelength assignment-RWA). This is an extensively studied multi-objective optimization problem and its complexity is known to be NP-Complete. As the exact algorithms incurs more running time, the heuristic based approaches have been widely preferred to solve this problem. Recently the software-defined networking has impacted the way the optical pipes are configured and monitored. This work proposes the dynamic selection of path computation algorithms in response to the changing service requirements and network scenarios. A software-defined controller mechanism with a novel packet matching feature was proposed to dynamically match the traffic demands with the appropriate algorithm. A software-defined controller with Path Computation Element-PCE was created in the ONOS tool. A simulation study was performed with the case study of dynamic path establishment in ONOS-Open Network Operating System based software defined controller environment. A java based NOX controller was configured with a parent path computation element. The child path computation elements were configured with different path computation algorithms under the control of the parent path computation element. The use case of dynamic bulk path creation was considered. The algorithm selection method is compared with the existing single algorithm based method and the results are analyzed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.484-510
• /
• 2017

Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

• ETRI Journal
• /
• v.41 no.4
• /
• pp.452-464
• /
• 2019

The use of wireless body area networks (WBANs) in healthcare applications has made it convenient to monitor both health personnel and patient status continuously in real time through wearable wireless sensor nodes. However, the heterogeneous and complex network structure of WBANs has some disadvantages in terms of control and management. The software-defined network (SDN) approach is a promising technology that defines a new design and management approach for network communications. In order to create more flexible and dynamic network structures in WBANs, this study uses the SDN approach. For this, a WBAN architecture based on the SDN approach with a new energy-aware routing algorithm for healthcare architecture is proposed. To develop a more flexible architecture, a controller that manages all HUBs is designed. The proposed architecture is modeled using the Riverbed Modeler software for performance analysis. The simulation results show that the SDN-based structure meets the service quality requirements and shows superior performance in terms of energy consumption, throughput, successful transmission rate, and delay parameters according to the traditional routing approach.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.17-23
• /
• 2022

Network slicing is a promising paradigm and significant evolution for adjusting the heterogeneous services based on different requirements by placing dynamic virtual network functions (VNF) forwarding graph (VNFFG) and orchestrating service function chaining (SFC) based on criticalities of Quality of Service (QoS) classes. In system architecture, software-defined networks (SDN), network functions virtualization (NFV), and edge computing are used to provide resourceful data view, configurable virtual resources, and control interfaces for developing the modified deep reinforcement learning agent (MDRL-A). In this paper, task requests, tolerable delays, and required resources are differentiated for input state observations to identify the non-critical/critical classes, since each user equipment can execute different QoS application services. We design intelligent slicing for handing the cross-domain resource with MDRL-A in solving network problems and eliminating resource usage. The agent interacts with controllers and orchestrators to manage the flow rule installation and physical resource allocation in NFV infrastructure (NFVI) with the proposed formulation of completion time and criticality criteria. Simulation is conducted in SDN/NFV environment and capturing the QoS performances between conventional and MDRL-A approaches.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.376-388
• /
• 2022

The expansion of new applications and business models is being significantly fueled by the development of Fifth Generation (5G) networks, which are becoming more widely accessible. The creation of the newest intelligent vehicular networks and applications is made possible by the use of Vehicular Ad hoc Networks (VANETs) and Software Defined Networking (SDN). Researchers have been concentrating on the integration of SDN and VANET in recent years, and they have examined a variety of issues connected to the architecture, the advantages of software-defined VANET services, and the new features that can be added to them. However, the overall architecture's security and robustness are still in doubt and have received little attention. Furthermore, new security threats and vulnerabilities are brought about by the deployment and integration of novel entities and a number of architectural components. In this study, we comprehensively examine the good and negative effects of the most recent SDN-enabled vehicular network topologies, focusing on security and privacy. We examine various security flaws and attacks based on the existing SDVN architecture. Finally, a thorough discussion of the unresolved concerns and potential future study directions is provided.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.231-243
• /
• 2022

The expansion of new applications and business models is being significantly fueled by the development of Fifth Generation (5G) networks, which are becoming more widely accessible. The creation of the newest intelligent vehicular net- works and applications is made possible by the use of Vehicular Ad hoc Networks (VANETs) and Software Defined Networking (SDN). Researchers have been concentrating on the integration of SDN and VANET in recent years, and they have examined a variety of issues connected to the architecture, the advantages of software defined VANET services, and the new features that can be added to them. However, the overall architecture's security and robustness are still in doubt and have received little attention. Furthermore, new security threats and vulnerabilities are brought about by the deployment and integration of novel entities and several architectural components. In this study, we comprehensively examine the good and negative effects of the most recent SDN-enabled vehicular network topologies, focusing on security and privacy. We examine various security flaws and attacks based on the existing SDVN architecture. Finally, a thorough discussion of the unresolved concerns and potential future study directions is provided.