Now showing 1 - 1 of 1
ItemScenario based security evaluation: Generic OpenFlow network(Aalto University, 2014) Lähteenmäki, Jarno; Tietoliikenne- ja tietoverkkotekniikan laitos; Department of Communications and Networking; Networking Laboratory; Sähkötekniikan korkeakoulu; School of Electrical EngineeringDemand for network programmability was recognized when development of protocolsslowed down due to network inflexibilities in 1980s. Research speeded up andmany proposals were made to solve architectural issues during 2000s. Academicworld put up an initiative to build up new programmable network architecturelater 2000s. OpenFlow was born.In modern public network infrastructures the security of the network architectureis crucial to archive data confidentiality, integrity and authenticity, yet high availability.Many studies have shown that there are many security vulnerabilities andissues on current OpenFlow implementations and even in OpenFlow specificationitself. Many proposals have been made to enhance these known issues. In thisresearch, the scenario based security evaluation of the generic OpenFlow networkarchitecture was carried out using technology publications and literature. Thesecurity evaluation framework was used in security assessment.Proposed risk mitigation patterns were found to be effective on most of the casesfor all 13 identified and evaluated scenarios. Lack of mandatory encryption andauthentication in OpenFlow control channel were most critical risks on generallevel. OpenFlow specification should provide clear guidance how this should beimplemented to guarantee inter-operability between different vendors. Short termsolution is to use IPSec. Second critical issue was that bugs and vulnerabilitiesin OpenFlow controller and switch software are causing major risks for security.Proper quality assurance process, testing methods and evaluation are needed toenhance security on all phases of the software production.Current OpenFlow implementations are suffering poor security. Tolerable levelcan be reached by utilizing small enhancements. There are still many areas whichneed to be researched to archive solid foundation for software defined networks ofthe future.