SOFTWARE DEFINED NETWORKS: DIALECTING SECURITY

Abstract

OpenFlow is the standard used in Software Defined Networks. It handles the communication between the network devices. However, there are some weaknesses linked to OpenFlow. With the use of TLS as a security solution, it inherits the vulnerabilities of TLS in downgrade attacks. Furthermore, TLS is optional. To enhance the security in OpenFlow, previous research work provided a solution that comes with the notion of protocol dialects. Protocol dialects are variations of an existing implementation of an open-source protocol, such as OpenFlow. They are implemented either by adding proxies or directly modifying the protocol to the core. The protocol dialect we analyze in this research follows the first approach by manipulating the protocol in such a way that the actual devices continue to function as before, but additional security measures are put in place with the use of proxies. Desired additional functionality, additional security measures, and changes in fields of the actual protocol are performed within the proxies. The devices “think” that they are communicating with each other exactly as before, but in reality a proxy is standing in front of each device, and the actual communication takes place with the proxies' mediation. In this research, we aim to show the enhanced security of the dialected OpenFlow protocol. We follow the computational analysis model to conduct a security proof for the dialect, and we also analyze some difficulties in conducting such a proof.