Security Analysis of SDN WiFi Applications

Mobile devices like smartphones, tablets and laptops demand highly-available and ubiquitous wireless networks, also named as Wireless Fidelity (WiFi) or Wireless Local Area Network (WLAN). The steadily rising amount of mobile devices implies new requirements claimed by administrators of enterprise wireless networks and owners of guest WiFi spots, such as the secure management of client authentication or the ability of load balancing. This work analyzes Odin, which solves the client association problem of wireless clients and OpenWiFi, a prototypical approach that separates authentication, access and accounting to raise the efficiency and lower the administrative effort for guest WiFi owners. Both technologies utilize SDN to regulate their objectives. This does not only bring benefits, but also implies new security aspects. Especially because SDN in WiFi is a young sector, developers need to make sure that their software ensures a proper security level. Subsequently, both technologies are evaluated by applying the threat modeling technique STRIDE. The decision on this framework is elucidated by comparing it against other possible alternatives. Our analysis reveals that both projects do not consider security at the beginning called security by design. Fortunately, Odin and OpenWiFi can be extended by suitable countermeasures to mitigate relevant threats. These are proposed in the respective subsection of their security analysis. Conclusively, optimization suggestions pertaining to both technologies are made.