Software-Defined Network Vulnerabilities

Software-Defined Network (SDN) is gaining popularity day by day in the enterprise cloud and data-centric network. It provides flexibility to manage large scale complex network which needs time to time reconfiguration. SDN proposes a new paradigm of the programmable network having centralized management. In this approach, a software control program named as the controller is responsible for decision making. Hardware such as routers, switches only forward packets to their destination. Thus the control is decoupled from the data plane providing a more dynamic environment. However, this benefit of SDN also brings in new vulnerabilities. SDN architecture mainly consists of data plane, control plane and application plane. Each layer consists of different attack vectors and possible vulnerabilities. The security aspect of SDN is very important because it inherits the security flaws of the classical network and additional security vulnerabilities of the control plane. In this chapter, the different assets of SDN that need to be protected from attack are described. Threat vectors such as Fake Traffic Flows, Switch Specific Vulnerabilities, Control Plane Communication Attacks, Controller Vulnerabilities, Lack of trust between Controller and Management Applications, etc., that are either intrinsic or extrinsic part of SDN are discussed thoroughly. The security mechanisms, both generic as well as SDN specific, that are to be embedded into the network design are also discussed. SDN will bring a breakthrough in the network architecture if properly designed to manage different vulnerabilities to enhance the security of assets.