SOFTWARE DEFINED NETWORKS: DIALECTING SECURITY
Xie, Geoffrey G.
MetadataShow full item record
OpenFlow is the standard used in Software Defined Networks. It handles the communication between the network devices. However, there are some weaknesses linked to OpenFlow. With the use of TLS as a security solution, it inherits the vulnerabilities of TLS in downgrade attacks. Furthermore, TLS is optional. To enhance the security in OpenFlow, previous research work provided a solution that comes with the notion of protocol dialects. Protocol dialects are variations of an existing implementation of an open-source protocol, such as OpenFlow. They are implemented either by adding proxies or directly modifying the protocol to the core. The protocol dialect we analyze in this research follows the first approach by manipulating the protocol in such a way that the actual devices continue to function as before, but additional security measures are put in place with the use of proxies. Desired additional functionality, additional security measures, and changes in fields of the actual protocol are performed within the proxies. The devices “think” that they are communicating with each other exactly as before, but in reality a proxy is standing in front of each device, and the actual communication takes place with the proxies' mediation. In this research, we aim to show the enhanced security of the dialected OpenFlow protocol. We follow the computational analysis model to conduct a security proof for the dialect, and we also analyze some difficulties in conducting such a proof.
RightsCopyright is reserved by the copyright owner.
Showing items related by title, author, creator and subject.
SOFTWARE-DEFINED NETWORKS: PROTOCOL DIALECTS Sjoholmsierchio, Michael (Monterey, CA; Naval Postgraduate School, 2019-12);Software-defined networks (SDNs) are attractive to businesses and the military because they enable centralized and policy-based control at per flow level. However, current SDN standards by the Open Networking Foundation ...
Security analysis of session initiation protocol Dobson, Lucas E. (Monterey, California. Naval Postgraduate School, 2010-06);The goal of this thesis is to investigate the security of the Session Initiation Protocol (SIP). This was accomplished by researching previously discovered protocol and implementation vulnerabilities, evaluating the ...
Homeland Security Affairs Journal, Volume II - 2006: Issue 2, July Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...