Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security analysis of software defined networking protocols - OpenFlow, OF-Config and OVSDB

Paper presented at Fifth IEEE International Conference on Communications and Electronics, ICCE 2014, July 30 - August 1, 2014, Da Nang
: Brandt, Markus; Khondoker, Rahamatullah; Marx, Ronald; Bayarou, Kpatcha

Fulltext urn:nbn:de:0011-n-3238618 (802 KByte PDF)
MD5 Fingerprint: 771dbc4f632ac83f97f8f36637690fb4
Created on: 29.1.2015

2014, 5 pp.
International Conference on Communications and Electronics (ICCE) <5, 2014, Da Nang>
Presentation, Electronic Publication
Fraunhofer SIT ()
STRIDE; security analysis; Software Defined Networking (SDN); OpenFlow; OF-CONFIG; OVSDB

Size as well as complexity of communication networks (e.g. enterprise, backbone, data center) are increasing day-by-day. Software-Defined Networking (SDN) promises to enhance manageability of such networks by decoupling control plan of a switch/router from its data plane. However, SDN itself could also introduce security threats e.g. Denial of Service (DoS), etc. on such networks. Protocols which are used for SDN must be analyzed in terms of security or else they bear a severe security risk, if potential security threats are not recognized. This paper analyses three of the most used protocols in SDN; the OpenFlow, OF-Config and OVSDB protocol using Microsofts STRIDE Threat Modeling. Security flaws have been found in all three protocols, especially if no encryption mechanisms like TLS is used.