SOFTWARE-DEFINED NETWORKS: PROTOCOL DIALECTS

Thumbnail Image
Files
19Dec_Sjoholmsierchio_Michael.pdf (4.28 MB)
Authors
Sjoholmsierchio, Michael
Subjects
network security
software-defined networks
protocol dialect
Advisors
Xie, Geoffrey G.
Hale, Britta
Date of Issue
2019-12
Date
Dec-19
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Software-defined networks (SDNs) are attractive to businesses and the military because they enable centralized and policy-based control at per flow level. However, current SDN standards by the Open Networking Foundation do not require the use of encryption or authentication for communication between controllers and switches. We propose a novel method to add message authentication to SDN control plane traffic via the use of a protocol dialect. A protocol dialect is a variation of an existing implementation of an open-source protocol such as OpenFlow, achieved by either adding proxies or directly modifying the binary code to incorporate new security measures or remove unused features. This research provides a framework for systematic creation and evaluation of a protocol dialect, and presents a novel design of a protocol dialect for OpenFlow. The protocol dialect includes three derivatives and provides authentication that not only is independent of Transport Layer Security (TLS) but also may mitigate some attacks, e.g., cipher-suite downgrade attacks, against TLS. Performance measurements from a Mininet experiment show that the derivatives did not significantly impact the communication latency of OpenFlow, adding less than 1% overhead when TLS is not enabled and less than 22% with TLS enabled.
Type
Thesis
Description
URI
https://hdl.handle.net/10945/64066
Series/Report No
Department
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections
Theses