OpenFlow Communications and TLS Security in Software-Defined Networks

摘要

The adoption of Software-Defined Networking (SDN), a networking approach where data traffic control and execution are made independent of each other, is an ongoing process that some companies are considering as an option but have not embraced yet due to different factors. Incorporating this new paradigm into an existing network defines a shift in networking technology with different benefits expected to derive from this implementation. These benefits include (1) the ability to use customised business specific applications, (2) reduce overhead costs on legacy network infrastructure, taking full control of network, (3) reduce network application update time, increase productivity, and (4) apply increased security among others. However, the security of SDN itself has been a subject of debate. This is mainly because, the communication standard used by SDN, known as OpenFlow, and developed by the Open Network Foundation, does not enforce the implementation of the Transport Layer Security (TLS) but defines it only as optional. This could then make the network infrastructure vulnerable and therefore affect the overall security of a company. Security plays a significant part in an organisation and it is one of the determinants of the success of SDN. OpenFlow security relies on the implementation of TLS, which has been proven vulnerable, and therefore bringing to mind the question on how secure organisation's data is when the implementation of secure data transfer is treated with laxity. This paper focuses on securing OpenFlow communication in SDN by summarising TLS security flaws and recommending ways of improving TLS security thereby securing OpenFlow communication.