software defined networking security: security for sdn and ...security issues in sdn •why security...
TRANSCRIPT
![Page 1: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/1.jpg)
Software Defined Networking Security: Security for SDN and Security with SDN
Seungwon Shin
Texas A&M University
![Page 2: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/2.jpg)
Contents
• SDN Basic Operation
• SDN Security Issues
![Page 3: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/3.jpg)
SDN Operation
SDN Switch
Host A Host B
L2 Forwarding application
(1) (2) (3)
Controller (e.g., NOX)
SDN Controller
(5)
A B: Forward
Flow Table in SDN Switch
(4)
![Page 4: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/4.jpg)
SDN Security Research
• Two issues
– Security for SDN
• Security issues in SDN itself
– Security with SDN
• Security applications based on SDN
![Page 5: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/5.jpg)
Security Issues in SDN
![Page 6: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/6.jpg)
Security Issues in SDN
• Why security issues?
– SDN is not so mature yet
– There could be some (or many) possible security problems in SDN
– E.g.,
• Rule conflict and Dynamic flow tunneling problem
• Flooding attack problem
![Page 7: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/7.jpg)
Rule Conflict
• Problem – Rule conflicts between flow rule and security policies
• F/W : block all packets from the host A to the host B • SDN flow rule: forward all packets from the host A to the
host B
SDN Switch
Host A Host B
L2 Forwarding application
Controller (e.g., NOX)
SDN Controller
A B: Forward
A B: Block
![Page 8: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/8.jpg)
Dynamic Flow Tunneling
• Problem
– A buggy (or malicious) application can let an attacker evade security policies
SDN Switch
Host A Host B
Malicious or buggy application
Controller (e.g., NOX)
SDN Controller
A C: Replace A with D, D C: Replace C with B D B: Forward Finally, A can contact B
A B: Block
A C D B
![Page 9: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/9.jpg)
Real Problem
• People really care about dynamic tunneling
Chief Architect, Security Division at Juniper talked this problem in RSA 2013
BigSwitch (leading SDN company) mentioned this Problem and our solution in CENIC Workshop 2012
![Page 10: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/10.jpg)
Solution
• FortNOX (SE-FloodLight) – Detect policy conflict with OpenFlow flow rules
• Check if a condition of a flow rule violates the firewall policies
• If there are multiple conditions, find all possible combinations – (A,D) (C, B)
» A C, A B, D C, D B
– Affiliation • SRI International and Texas A&M
![Page 11: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/11.jpg)
Flooding Problem
• Problem – Attacker can flood
• Messages to a controller
• Flow rules in a flow table
Attacker 20.0.0.1
Load balancing application
Controller (e.g., NOX)
SDN Controller
SRC IP -> DST IP
Fake SRC IP
10.0.0.1 -> 20.0.0.1
10.0.0.255 -> 20.0.0.1 10.0.0.1 -> 20.0.0.1 10.0.0.2 -> 20.0.0.1
……
Flow Table
![Page 12: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/12.jpg)
Solution
• Rule merging – Control the rule granularity
• Fine grained flow rule coarse grained flow rule • E.g.,
– 10.0.0.1 20.0.0.1, 10.0.0.2 20.0.0.1, 10….. – 10.0.0.* 20.0.0.1
– Affiliation • Princeton and HP Labs
• Detect and reject malicious packets – Detect IP spoofing and ignore spoofed packets – Affiliation
• SRI International and Texas A&M
![Page 13: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/13.jpg)
Other Critical Problem
• Controller is not safe
– Buggy or Malicious applications can kill the control plane (i.e., controller)
– A malicious application can control a network
– and more issues
![Page 14: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/14.jpg)
Security Applications Based On SDN
![Page 15: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/15.jpg)
Security Applications Based on SDN
• Use SDN technology to make our network secure
• Then, how to?
– Build network security applications with SDN
– Cooperate with existing security devices
![Page 16: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/16.jpg)
Access Control in A Cloud Network
• Problems – Access control for a cloud network
• Inside attacks – A tenant can attack another tenants
– Need to install F/W to protect each tenant
– However,
– Hard to install access control policies in a cloud network • Many network links
• Complicated and different access control policies
![Page 17: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/17.jpg)
Solution
• CloudPolice – New access control for a cloud network
environment
– Installed at each VM
– Features • Scalable (millions of tenants)
• Flexible (easy to change)
• Robust to DoS attacks
– Affiliation • UCB and Princeton
![Page 18: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/18.jpg)
CloudPolice
• Overall operation – CloudPolice at a source sends a control packet before sending data flow
– CloudPolice at a destination investigates access control policies for a source, and it returns response message to a source
– CloudPolice at a source performs some operations based on the received messages
![Page 19: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/19.jpg)
Network Separation/Isolation
• Problem
– A cloud or an enterprise network needs to separate logical networks for each tenant
– Solution
• VLAN – However, limitation in creation: 4096
![Page 20: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/20.jpg)
Solution
• FlowVisor
– Create virtual networks with SDN
– Ideally, no limitation
– Affiliation
• Stanford and BigSwitch FlowVisor
Controller 1 Controller 2
Alice Virtual Network Bob Virtual Network
Physical Network
OpenFlow switch
App 1 App 2 App 1 App 2
![Page 21: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/21.jpg)
Home Network Instrumentation
• Problem
– Home network elements are commonly used for network attacks
• Bot infected hosts
– However, it is not easy to investigate each home network element
• Need to install third-party applications
• No standard
![Page 22: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/22.jpg)
Solution
• Bismark project
– Embed an OpenFlow switch module into each AP
– Monitor home network traffic (1)
– Detect attacks (2)
– Enforce a flow rule to handle attacks (3)
– Affiliation
• GIT
Alice home network Bob home network John home network
Controller
Security Application
(1) (1) (1)
(2) Detect attacks
(e.g., botnet, spam)
(3) (3) (3)
![Page 23: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/23.jpg)
Security Aware Routing
• Problem – It is not easy to protect a cloud network, even
though we have installed network security devices
– Why? • Attack from inside
– Most network security devices monitor traffic from outside
• Dynamic configuration – VM migration
– Network configuration change
– Where do we need to install security devices?
![Page 24: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/24.jpg)
Solution
• CloudWatcher
– Provide new routing algorithms, and they guarantee that specified network security devices can monitor specific network flows
– Affiliation
• Texas A&M University
![Page 25: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/25.jpg)
CloudWatcher
• New Routing algorithms – Multipath naïve
– Shortest through
– Multipath shortest
– Shortest inside
- Sample network - S: start node, E: end node R: router, C: security device
![Page 26: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/26.jpg)
CloudWatcher
• Basic routing scheme (NOT CloudWatcher’s idea)
– Find the shortest path between a start host and an end host
– Path: S R1 R5 R6 E
• Problem
– It does not pass through the security device C (R4)
![Page 27: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/27.jpg)
CloudWatcher
• Multipath shortest – Improved version of multipath naïve – Two phase
• Find the shortest path (P1) – S R1 R5 R6 E
• Find the shortest path between routers on the path P1 and R4 – R6 R4 – R6 {R4, E}
![Page 28: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/28.jpg)
Routing Algorithms
Multi-path naive
Shortest through
![Page 29: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/29.jpg)
Summary
• Security issues in SDN
– Rule conflict and Dynamic flow tunneling
– Flooding problem
• Security applications with SDN
– Access control for a cloud network
– Network separation
– Home network instrumentation
– Security-Aware routing
![Page 30: Software Defined Networking Security: Security for SDN and ...Security Issues in SDN •Why security issues? –SDN is not so mature yet –There could be some (or many) possible security](https://reader033.vdocuments.mx/reader033/viewer/2022060514/5f83061a13c27f544c6bf1ba/html5/thumbnails/30.jpg)
Thank you, Question ?