Software Defined network (SDN) is a
framework to allow network administrators to automatically and dynamically
manage and control a large number of network devices, services, topology, traffic paths, and packet
handling policies using high-level languages and APIs. It
provide us a quality of services Software Defined networks has quickly emerged
as a new promising technology for future networks. SDN separates the control
plane from data plane, and thus it enables the easy addition of new, creative
and power full network functions/protocols. SDN has attracting significant
attention from both academia and industry around the world to make network more
agile and flexible.
SDN is a framework to allow network administrators to automatically and
dynamically manage and control a large number of network devices, services, topology, traffic paths, and packet
handling policies using high-level languages and APIs. It
provide us a quality of services. SDN aim to make network as agile and flexible
as virtual server SDN allows network administrator to shape traffic form a
centralized control without having touch individual switch. SDN is a framework to allow network administrators to
automatically and dynamically manage and control a large number of network
devices, services, topology, traffic paths, and packet
handling policies using high-level languages and APIs .It
provide us a quality of services. Figure 1 describe the architecture design of
Software Defined Network.
1. Architecture Design of SDN
Figure1 depicts a logical view of the SDN
architecture. Network intelligence is (logically) centralized in software-based
SDN controllers, which maintain a global view of the network. As a result, the
network appears to the applications and policy engines as a single, logical
switch. With SDN, enterprises and carriers gain vendor-independent control over
the entire network from a single logical point, which greatly simplifies the
network design and operation. SDN also greatly simplifies the network devices
themselves, since they no longer need to understand and process thousands of
protocol standards but merely accept instructions from the SDN controllers.
Networking is recently an emerging technique that paves the way for
virtualizing the network resources in an on demand manner. Software Defined Network divide the architecture in the different
parts as mentioned in fig 1. are as follow:-
Plane-which actually moves packet from place to place.
Data plane consists of different networking device such as number of router, switch
plane-which control the traffic and shape traffic
plane. When the packet is arrived in a switch the rule and built up in the
firmware of switch which tells where to forward the particular packet. An SDN Controller in SDN is the “brains” of the SDN network,
relaying information to switches/routers ‘below’ (via southbound
APIs) and the applications and business
logic ‘above’ (via northbound APIs).
Recently, as organizations deploy more SDN networks.
and switch are communicates through southbound.
and controller communicates through northbound.
Openflow is a protocol used by SDN for
communication between controllers of SDN i.e. Control plane and Data plane.
Open flow act as an interface between control plane and data plane. Open
Flow is the mostly commonly used SDN language. In an SDN with a centralized control plane the Open Flow protocol
carries the message between SDN controllers and the underlying network
infrastructure, bringing network applications to life .Openflow is developed in Stanford.Standardized by Open Networking Foundation (ONF).It
is layer three communication protocol used in packet forwarding.
Open Flow (OF)
is considered one of the first Software-Defined
Networking standards. It originally defined the
communication protocol in SDN environments
that enables the SDN Controller to
directly interact with the forwarding plane of network devices such as switches
and routers, both physical and virtual (hypervisor-based), so it can better
adapt to changing business requirements. In figure 2 the Openflow
protocol works as a communication medium between two layers of SDN.
Figure 2. OpenFlow Protocol
Security is another major thread in SDN based
network. The first biggest security challenge is to protect controller which
has more intelligence for controlling the data plane. Protecting the controller
or control plane from Denial of Service attacks (DOS). For preventing in from
Attacks we add more security feature in
Distributed Denial Service(DDOS) attack is invasion by attacker(s) to interrupt
legitimate users from getting a service – uses a large amount of compromised users
to exhaust a victim’s resources such as CPU, memory, bandwidth, database, and
socket. It is challenging to distinguish legitimate users from compromised
users because they produce seemingly similar traffic patterns. Attacking
entities in an SDN would be considered an application level attack due to the
companies are deploying or planning to
deploy this technology in their system in order to strengthen their network
architectures, reduce operational costs, and enable new network applications
In 2011, companies including Google, Juniper,
Facebook, and Microsoft have formed a specific organization i.e. The Open Networking Foundation, in order to
accelerate the delivery and use of SDN through promoting Open Flow.
SDN is considered to be a critical information technology trend over the next
five years. By 2016, the estimated knowledge discovery investment for SDN is
estimated to approximately US$2billion.
SDN research history is divided into three
stages, each with its own contributions-
First stage: – active networks (from the
mid-1990s to the early 2000s), which introduced programmable functions in the
network, leading to greater innovation
Second stage: – control and data-plane
separation (from around 2001 to 2007), which developed open interfaces between
the control and data planes.
Third stage: – the Open Flow API and network
operating systems (from 2007 to around 2010), which represented the first
widespread adoption of an open interface and developed ways to make control-
and data-plane separation scalable and practical.
Likewise, SDN is widely employed and is being
used in real world applications by pioneers around the globe .However, there is
one area of SDN that requires further development: security. As
previously stated, SDN is considered to be a significant future network
technology, and it changes the current network architectures and services.
Kornchwala chaipath 1 work on analyzing DDOS attacks on SDN. Analyze the
vulnerability of an SDN security system in the midst of DDOS attack. But it
fails define the suitable mechanism against security attack in SDN. They use
only hybrid mechanism toward security that is not effective.
and Reena Varghese2 introduce a routing protocol for SDN and also introduce a
controller that also introduce in a network that serves as a centralized
manager that proving a secure network by denying access to selfish nodes that
are present in the network. But it fail to define the architecture by using
this in SDN.
Taejun Park and Seungoo3
enabling security functions with
diverse SDN features is explored thoroughly. Furthermore,
focus on discovering issues that might arise throughout the implementation of SDN-based
security applications and discuss how these issues can be addressed. But they
does evaluate any architecture for security in SDN.
Xiaofeng Qiu,Kai Zhang and Ren4 proposed a
mechanism named Global Flow Table (GFT) which can provide security appliances
and operators with paths of all the flows in SDN network, in addition to their
sources, destinations, and setup and terminate time, traffic volume and
and tarandeep singh5 describe the benefits using SDN in multitude environment such as data centre and
network services. Offering and data centre networks. Facing challenges in SDN
like scalability, reliability and security concerns.
and hyung Lee6 tried to cover three main parts of SDN:
applications, the control plane, and the data plane anticipating that our
efforts will help researchers set appropriate and meaningful directions for
future SDN research
Ayoung Lee and Iann7 studied the state-of-the-art in traf?c engineering
for SDN ,and mainly focuses on four thrusts including ?ow management, fault
tolerance, networking topology update,
and traf?c analysis/characterization. In addition, some existing and
representative traf?c engineering tools from both industry and academia are
Sushant Jain and
Ashsok8presented the motivation, design, and evaluation of B4 Software Defined
WAN for our data center to data center connectivity. They present our approach
to separating the network’s control plane from the data plane to enable rapid
deployment of new network control services first such service, centralized
traffic engineering allocates bandwidth among competing services based on application
priority, dynamically communication patterns, and prevailing failure conditions.
Arjun singh and Jonathan
Zolla9 believed that hybrid approach for
simultaneous support of existing routing protocols and novel traffic
engineering services demonstrates an effective technique for gradually introducing
SDN infrastructure into existing deployments. Similarly, leveraging control at
the edge to both measure demand and to adjudicate among competing services based
on relative priority lays a path to increasing WAN utilization and improving
Govind raj and
kong chee10focused on a key emerging trend in Cloud computing is that the
core systems infrastructure, including compute resources, storage and
networking, is increasingly becoming Software-Defined. In particular, instead
of being limited by the physical infrastructure, applications and platforms
will be able to specify their fine-grained needs, thus precisely defining the
virtual environment in which they wish to run.
Hong ong and
Kannan raj 11 described that the Software-Defined Networking plays an
important role in paving the way for effectively virtualizing and managing the
network resources in an on demand manner. Still, many research challenges
remain: how to achieve network Quality of Service (QoS), optimal load
balancing, scalability, and security. Hence, it is the main objective of this
article to survey the current research work and describes the ongoing efforts
to address these challenging issues.
Mahmod fereg and Richard 12 presented a comprehensive
survey of existing authentication and privacy-preserving schemes for 4G and 5G
cellular networks. We start by providing an overview of existing surveys that
deal with 4G and 5G cellular networks. Then, we give a classification of threat
models in 4G and 5G cellular networks in four categories, including, attacks
against privacy, attacks against integrity, attacks against availability, and
attacks against authentication. We also provide a classification of
countermeasures into three types of categories, including, cryptography
methods, human’s factors, and intrusion detection methods.
Brooker, Yu Fu and Richard 13 studied on connected vehicle
security and privacy issues. We identify the stakeholders within the automotive
ecosystem and the assets they need to protect. Existing attacks on connected
vehicles are presented. Discussions of security and privacy solutions are also
Sandhya and Yash Singha14 presented a comprehensive survey of hybrid
SDN models, techniques, inter-paradigm coexistence and interaction mechanisms.
Firstly, we delineate an overview of hybrid SDN roots and consequently we
discuss the definition, architectural pillars, benefits and limitations of
hybrid SDN. Further, we categorize the different models under various headings
that can be used for deploying hybrid SDN. Challenges arise in the deployment of hybrid SDN.
Paul and Tim15 studied and included
definition of the three main components of such an SDN network, their
respective roles, and how they interact with one another. These three
components are the SDN controller, the SDN devices (switches), and SDN
applications. Important OpenFlow terminology such as flow, flow entry, and flow
table are introduced
Chuck Black and Timothy 16 attempted
to leverage existing APIs and protocols which exist on devices and on SDN
controllers which include support for these legacy protocols, implemented as
southbound plug-ins. The third type of SDN, SDN via Hypervisor-Based
Overlay Networks, involves the use of network virtualization
protocols such as VXLAN, NVGRE, and STT, to bypass the physical network
altogether, providing SDN-type improvements implemented in the virtual switches
present in hypervisors.
The first biggest security challenge is to
protect controller which has more intelligence for controlling the data plane.
Protecting the controller or control plane from Denial of Service attacks is a
In our research we focus on challenge on
security of SDN controller form Denial of Service Attacks that is unauthorized
access in SDN controller part that administrate and controls the data plane of
SDN. To formulate this problem we add a security feature to controller of the
control plane that controls the data plane.
We use Elliptical cryptography (ECC)
technique as a security feature for SDN controller. Elliptical curve
cryptography is public key cryptography technique based on elliptical curve
that is faster and more effective. Elliptic Curve Cryptography can yield a
level of security with 164 bit key other system with 1024 bit key.
To formulate the security problem in SDN
controller we implement the Elliptical curve cryptography in the controller
part of SDN.
ELLIPTIC CURVE CYPTOGRAHPY SYSTEM-
the formulation of ECC in SDN system in the following manner
PUBLIC POINT: P
Shared secret key
Figure 3. Key
Exchanging Mechanism Using ECC
In figure 3 we give the idea of ECC (Elliptic
Curve Cryptography) with SDN networks that we will later use it to prevent main
controller form different security attacks. In our research we describe the
Elliptic Curve Cryptography using Software Defined Networks in the following
Data plane and control plane
both choose the public point P on elliptic curve.
Then they separately choose
the private key k which generates Q1 and Q2 public keys
Control plane and data plane
then exchange these public keys.
Control plane and data plane
both multiply the other public key by their own private to get a shared secret
3.2 PROPOSED ARCHITECTURE FOR SDN USING ECC TECHNIQUE-
research after analysis Elliptic Curve Cryptography and SDN network system we
proposed an architecture that will use by SDN in control plane that is its
controller to defend against DDOS. In figure-
4 we proposed an architecture using ECC (Elliptic Curve cryptography).
Figure 4. SDN (Software Defined Networks) Using