Secured Communication Channels in Software-Defined Networks

SDN brings new opportunities to alleviate the existing security deficiencies of traditional networks. However, it also introduces new issues, a primary one being the vulnerabilities related to data and control plane communications. This work presents a security architecture to address security problems regarding data exchange in software-defined networks. To this end, a cryptographic key generation application is proposed to generate certificates that are used for securing communication of SDN entities (controller, switch, and application). We also provide an overview of related literature focusing on key elements in such architecture. In our model, TLS can be activated between SDN nodes to provide confidentiality, integrity, authentication, and authorization with special certificate fields. Besides, an integrated security module further strengthens the communication security by applying ACL, hardening TLS configuration and reducing the impact of private key hijacking. It also facilitates security administration tasks via per-channel activation/ deactivation of TLS protocol and monitoring of real-time security alarms.