Trust Enhanced Security for Routing in SDN

Abstract

Software Defined Networking (SDN) paradigm is the redefinition of conventional networks based on the use of programmable entities together with a clear separation between the data plane and the control plane. The idea behind this new paradigm is to achieve a more flexible network architecture and better management capabilities. However with all these advantages it has been experienced that SDNs are open to new security threats and unfortunately current technologies are not mature enough to overcome those vulnerabilities. As an example we can consider the detection of the compromised switches in the network. Since switches are programmable entities in SDN they are the potential targets for attackers. When a switch is compromised the attacker can use this switch to deploy incorrect packet forwarding and unsubstantiated packet dropping attacks. Current SDN protocols are not able to detect such kinds of attacks in the network and hence the whole network traffic can be affected in the end. One particular assumption is to use an approach that reflects the trust level of switches in the network for the detection of a compromised one. Therefore in this paper we propose Trust Enhanced Security (TES) for routing in SDN. The proposed approach provides three different trust computations to find the most suitable trust level for different states of a network. To show the applicability of the proposed approach we demonstrate a set of simulations based on the detection of compromised switches. Simulation results show that the proposed model operates effectively to detect and eliminate compromised nodes while selecting secure paths.