Google and Facebook are just two companies using software-defined networks, in this case the network protocol OpenFlow. In 2011, IU opened a software-defined networking laboratory at InCNTRE to study how well OpenFlow products and the software-defined networking products from different vendors work together. The lab is currently the largest test bed for software-defined networking in the world.
"Google uses SDN networks for its data centres; their physical networks are secure, and everyone in the organisation is trusted", L. Jean Camp stated. "But like the Internet in the 1980s, the lack of technical security is a result of the organisational and economic environment, so avoiding the same vulnerabilities and trust failures that occur now in the current Internet for future software-defined Internet connections require understanding the security now."
SDN works by providing network administrators control over network traffic without physical access to the network's hardware, in turn simplifying networking, enhancing opportunities for network virtualization, improving efficiency of data transfer and allowing for fine-grained control over network forwarding behaviour. This is done by decoupling the control plane - the router component that decides where a data packet is sent and how it interacts with others based on path-determining algorithms - from the data plane, which has packet-forwarding nodes that move traffic to selected destinations.
"Next-generation networking will utilize software as much as hardware, and these resulting software-defined networks will have incredible potential", L. Jean Camp stated. "They can make networks more secure, more reliable and more manageable. However, if the security in these networks is not done well, attackers will take advantage of the same potential. That is, attacks could be more affordable, more reliable and easier to manage."
Analyzing possible vulnerabilities is a challenge when building resilience into a system that, on one hand, allows network operators and researchers to customize their own networks while, on the other hand, permitting modern computer science principles to build more dependable and functional networks. One of the primary charges of the new work will be to identify and illustrate the resolution of what Camp called "an exemplary security challenge" that would be essential to realizing the full potential for SDN.
"For example, a primary security issue is that since the control plane is no longer physically contained in a single device - it instead actually traverses the network - you've provided an additional attack surface", L. Jean Camp stated.
Using an OpenFlow network, the IU team will conduct threat modelling related to OpenFlow protocols like device authentication; to individual devices like switches, controllers and even participants; and to multi-controller environments, or the system as a whole.
Funding for the one-year project comes from the Department of Defense's Defense Advanced Research Projects Agency.