ARCHITECTURE BASED ON TOR NETWORK FOR SECURING THE COMMUNICATION OF NORTHBOUND INTERFACE IN SDN
AbstractSoftware-defined networking (SDN) is an emerging technology that separated its architecture into three layers. Applications layer and Control layer communicates through the Northbound Interface (NBI), these communications can be targeted to fingerprinting even with the encryption applied. With the growth of cyber-attacks and zero-day vulnerabilities in network environments, SDN is more open to security issues than other technologies due to the isolation of its architecture. In this paper, we proposed a new architecture to add an extra layer of Tor network to anonymize the communication of NBI, the development of the combination of SDN and Tor experiment using VMware virtual machines for SDN controller, GNS3 networks and Wireshark for NBI traffic analysis. In the results of maximizing the security of SDN, anonymous communication can prevent NBI from the fingerprinting by allowing the requests and responses messages going through multiple nodes before reaching the destination comparing with the current SDN architecture that using direct communications. Lastly, we discussed the results towards the STRIDE model to show and ensure how the combination of SDN and Tor can provide the security and privacy to the SDN Network
Dargin, M. 2018. Secure your SDN controller. Network World.
Singh,D. and Kumar,S. 2019.Software Defined Networking (SDN) Challenges, issues and Solution. International journal of computer sciences and engineering, 7(1):884-889.
Cao, J., Yang, Z., Sun, K., Li,Q., Xu,M. and. Han, P. 2019. Fingerprinting SDN Applications via Encrypted Control Traffic. Beijing, China: 22nd International Symposium on Research in Attacks, Intrusions and Defences.
Hogg, S. 2014. SDN Security Attack Vectors and SDN Hardening. Network World.
Do Hoang,H., Phan,D.and Pham,V. 2019.A Security-Enhanced Monitoring System for Northbound Interface in SDN using Blockchain. The Tenth International Symposium.
Tseng,Y., Zhang,Z. and Nait-Abdesselam,F. 2016.ControllerSEPA: A Security-Enhancing SDN Controller Plug-in for OpenFlowApplications. 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT).
Bagher,S., Natanzi,S. and Majma,M. 2017.Secure Northbound Interface for SDN Applications with NTRU Public KeyInfrastructure. Tehran, Iran: 4th International Conference on Knowledge-Based Engineering and Innovation (KBEI-2017).
Kobus, R. 2019. Could the Blockchain Provide True Anonymity? Retrived from: Hackernoon.com. Last Accessed Date: 15 February, 2020.
Meskanen, T. And Renvall, A. 2006. A wrap error attack against NTRUEncrypt. Discrete Applied Mathematics. Vol-154(2).
Howgrave-Graham,N., Nguyen,P.Q., Pointcheval,D. and Proos,J.2003. the Impact of Decryption Failure on the Security OF NTRU encryption. 23rd Annual International Cryptology Conference.
Bierman, A., YumaWorks, Bjorklund, M. 2014. Tail-f Systems. Watsen, Juniper Networks, Fernando R. and Cisco. 2014 RESTCONF Protocol.
Laan, J.J. 2015. Securing the SDN northbound interface with the AID of anomaly detection. Master Research Report submitted Faculty of Science, University of Amsterdam. Retrived from: https://delaat.net/rp/2014-2015/p73/report.pdf.
Ruffy,F., Hommel,W. and von Eye,F. 2016.A STRIDE-based Security Architecture for Software-Defined Networking. ICN2016: The Fifteenth International Conference on Networks.
Oktian,Y.E., Lee, S.G., Lee, H.J. and Lam,J.H. 2015. Secure your Northbound SDN API. 2015 Seventh International Conference on Ubiquitous and Future Networks, Sapporo.
Weng,J., Weng,J., Zhang,Y., Luo,W. and Lan,W., 2019"BENBI: Scalable and Dynamic Access Control on the Northbound Interface of SDN-Based VANET," in IEEE Transactions on Vehicular Technology, vol. 68, no. 1, Jan.
Cui,H., Karame,G.O., Klaedtke,F. and Bifulco,R.2016.On the Fingerprinting of Software-Defined Networks. in IEEE Transactions on Information Forensics and Security.11(10), Oct.
Hoang,N.P. and Pishva,D.2015.A TOR-based anonymous communication approach to secure smart home appliances. 2015 17th International Conference on Advanced Communication Technology (ICACT), Seoul.
The submitter hereby warrants that the Work (collectively, the “Materials”) is original and that he/she is the author of the Materials. To the extent the Materials incorporate text passages, figures, data or other material from the works of others, the undersigned has obtained any necessary permissions. Where necessary, the undersigned has obtained all third party permissions and consents to grant the license above and has all copies of such permissions and consents.
The submitter represents that he/she has the power and authority to make and execute this assignment. The submitter agrees to indemnify and hold harmless the COMPUSOFT from any damage or expense that may arise in the event of a breach of any of the warranties set forth above. For authenticity, validity and originality of the research paper the author/authors will be totally responsible.