Who I am • 18 years experience in Cryptography,
Computer and Network Security
• Currently work at Trust Mechanisms, Trusted Systems Research Group, National Security Agency
• Research areas: providing assurance to SDN and IoT architectures.
• Previously NSA/IAD Visiting Professor to Coast Guard Academy
2
SDN Definition “The physical separation of the network control plane from the
forwarding plane, and where the control plane controls several devices.” – Ref: opennetworking.org
Key characteristics:
– Well-defined open standard API connects the data plane with the control plane.
– Network is controlled by software running on regular servers.
3
SDN Architecture
4
SDN Controller
North Bound Links
South Bound Links
Control Layer
(Control Plane)
Apps Apps Apps
Infrastructure Layer
(Data Plane)
Application Layer
OpenFlow Protocol
Net Device
Net Device
Net Device
Net Device
Net Device
Example application:Wireless Mobility
• See host sending traffic at new location
• Modify rules to reroute the traffic
5
Some general SDN Applications • Seamless mobility and migration
• Server load balancing
• Full network utilization
• Dynamic access control
• Using multiple wireless access points
• Adaptive traffic monitoring (blocking DoS)
• Network virtualization/orchestration
• Steering traffic through middleboxes
6
SDN != OpenFlow
• Network device management standards existed before OpenFlow! – OpenFlow’s origin as an API to the dataplane
differentiates it from snmp, netconf, ovsdb, etc.
• Vendors have also developed alternatives/supplements to OpenFlow.
(Cisco OpFlex)
• Overlay networks such as vxlan, STT, can be used to provide a programmable virtual network.
7
Issues with using SDN
• Multiple OpenFlow functions
– Two separate applications (load balancer and firewall) might conflict
– Early OF controllers required careful rewrite of two applications for safe composition. Later controllers automate/abstract this work.
• Network interoperability
– Many characteristics of Southbound connection not well defined either.
8
Issues with using SDN cont.
• OF network devices require a continuous control connection to work
– fail secure and fail standalone defined
– Failover or cluster of controllers needed
• Most work done for cloud/virtualization infrastructure – software switches as much as hardware.
9
• Control Plane/Channels – own the network in one step:
– SDN controllers and applications are software on a regular server.
– Single point of failure allowing control and reconnaissance of the entire network.
– SDN Applications can be malicious or buggy.
– MiTM on Northbound interface can be almost as useful to attacker.
10
Security Issues
• All SDN architectures are hybrid! – Switch provisioning and discovery protocols such
as LLDP and ONIE used for orchestration.
– Not specified in OpenFlow, but needed for SDN function.
– This is a potential avenue for compromise.
• Security functionality – Relying on SDN-controlled flows to enforce traffic
going through inspection and access control requires trust in the application and control software.
11
Security Issues (continured)
SDN Research: Application access control / Root of Trust
• Access control mechanisms on SDN controllers – OpenDaylight and ONOS.
• Applications are authenticated and assigned control/monitor privileges. Based on SRI SEFloodlight work (Securing the Software-Defined Network Control Layer, Porras, Cheung, Fong, Skinner, Yegneswaran)
• Establishing a Root of Trust to Network Devices
12
Modular Controller Applications
13
Controller—OpenFlow, et al.
LB Route Monitor FW
Easier to program, test, and debug
Greater reusability and portability
A module for
each task
Compilation/Security Enforcement Platform
translates to
protocol
Conclusion
• SDN is a moving target
• Many L2/L3 network capabilities being tested and realized
• Security of control channel, controller, apps, problematic
• Enables programmable network management
14