Floodlight
Additive Increase Multiplicative Decrease
Resource Management of switches and controller though trust
values.
Single Layer Fair Queuing
Multi Layer Fair Queuing
Controller Resource Saturation
Avant Guard
LineSwitch
FloodGuard
Controller Protection Protocol
Flow Ranger
Flow Table overflow/ Switch TCAM
memory saturation attack
AuthFlow
FRESCO
Rosemary
LegoSDN
FortNOX
Security Proposals
Host authentication just above the MAC layer for low overhead and fine
grained access control (IEEE 802.1X and EAP)
Authentication method used: MS-CHAP v2 , here virtual routers/hosts
are authenticated against a database using username and password as
credentials (LDAP). LDAP also stores other parameters that define
privileges for network access.
Credential based authentication that uses mapping of host identity into
new flow field to define forwarding rules.
Different levels of access to network resources according to credentials
(containerizing applications)
Limitations of AuthFlow
Current implementation uses RADIUS authentication against a LDAP
database. It was proposed to extend to methods such as EAP-TLS
(based on certificate exchanging for accessing credentials).
EAP is weak in the realm of authentication (even EAP-TLS). The keys
exchanged are heard by everyone and an attack can be easily
performed by sniffing the protocol communication and then inject
misleading messages or fake error messages which decreases the
probability of the client connecting to the router.
Certain mechanisms such as EAP queuing enhancement have been
proposed to overcome certain attacks. However, to make AuthFlow
more secure we have to come up with innovative solutions.
Future Work
Overcome the shortcomings in AuthFlow. (EAP
mechanism)
Try to incorporate AuthFlow in FortNOX for determination
of appropriate security authorization levels.
Or employ LegoSDN as first line defense to identify a
failing application and then combine it with FortNOX.
Developing an algorithm in BAN for the enhanced EAP
mechanism
Formal verification of the same through Scyther.
Thank You