Visible to the public Biblio

Filters: Keyword is OpenFlow  [Clear All Filters]
2023-02-17
Sharma, Pradeep Kumar, Kumar, Brijesh, Tyagi, S.S.  2022.  STADS: Security Threats Assessment and Diagnostic System in Software Defined Networking (SDN). 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COM-IT-CON). 1:744–751.
Since the advent of the Software Defined Networking (SDN) in 2011 and formation of Open Networking Foundation (ONF), SDN inspired projects have emerged in various fields of computer networks. Almost all the networking organizations are working on their products to be supported by SDN concept e.g. openflow. SDN has provided a great flexibility and agility in the networks by application specific control functions with centralized controller, but it does not provide security guarantees for security vulnerabilities inside applications, data plane and controller platform. As SDN can also use third party applications, an infected application can be distributed in the network and SDN based systems may be easily collapsed. In this paper, a security threats assessment model has been presented which highlights the critical areas with security requirements in SDN. Based on threat assessment model a proposed Security Threats Assessment and Diagnostic System (STADS) is presented for establishing a reliable SDN framework. The proposed STADS detects and diagnose various threats based on specified policy mechanism when different components of SDN communicate with controller to fulfil network requirements. Mininet network emulator with Ryu controller has been used for implementation and analysis.
Rahman, Anichur, Hasan, Kamrul, Jeong, Seong–Ho.  2022.  An Enhanced Security Architecture for Industry 4.0 Applications based on Software-Defined Networking. 2022 13th International Conference on Information and Communication Technology Convergence (ICTC). :2127–2130.
Software-Defined Networking (SDN) can be a good option to support Industry 4.0 (4IR) and 5G wireless networks. SDN can also be a secure networking solution that improves the security, capability, and programmability in the networks. In this paper, we present and analyze an SDN-based security architecture for 4IR with 5G. SDN is used for increasing the level of security and reliability of the network by suitably dividing the whole network into data, control, and applications planes. The SDN control layer plays a beneficial role in 4IR with 5G scenarios by managing the data flow properly. We also evaluate the performance of the proposed architecture in terms of key parameters such as data transmission rate and response time.
ISSN: 2162-1241
2022-04-13
Kesavulu, G. Chenna.  2021.  Preventing DDoS attacks in Software Defined Networks. 2021 2nd International Conference on Range Technology (ICORT). :1—4.
In this paper we discuss distributed denial of service attacks on software defined networks, software defined networking is a network architecture approach that enables the network to be intelligently and centrally controlled using software applications. These days the usage of internet is increased because high availability of internet and low cost devices. At the same time lot of security challenges are faced by network monitors and administrators to tackle the frequent network access by the users. The main idea of SDN is to separate the control plane and the data plane, as a result all the devices in the data plane becomes forwarding devices and all the decision making activities transferred to the centralized system called controller. Openflow is the standardized and most important protocol among many SDN protocols. In this article given the overview of distributed denial of service attacks and prevention mechanisms to these malicious attacks.
2021-12-21
Wu, Kehe, Shi, Jin, Guo, Zhimin, Zhang, Zheng, Cai, Junfei.  2021.  Research on Security Strategy of Power Internet of Things Devices Based on Zero-Trust. 2021 International Conference on Computer Engineering and Application (ICCEA). :79–83.
In order to guarantee the normal operation of the power Internet of things devices, the zero-trust idea was used for studying the security protection strategies of devices from four aspects: user authentication, equipment trust, application integrity and flow baselines. Firstly, device trust is constructed based on device portrait; then, verification of device application integrity based on MD5 message digest algorithm to achieve device application trustworthiness. Next, the terminal network traffic baselines are mined from OpenFlow, a southbound protocol in SDN. Finally, according to the dynamic user trust degree attribute access control model, the comprehensive user trust degree was obtained by weighting the direct trust degree. It obtained from user authentication and the trust degree of user access to terminal communication traffic. And according to the comprehensive trust degree, users are assigned the minimum authority to access the terminal to realize the security protection of the terminal. According to the comprehensive trust degree, the minimum permissions for users to access the terminal were assigned to achieve the security protection of the terminal. The research shows that the zero-trust mechanism is applied to the terminal security protection of power Internet of Things, which can improve the reliability of the safe operation of terminal equipment.
2021-08-31
Rouka, Elpida, Birkinshaw, Celyn, Vassilakis, Vassilios G..  2020.  SDN-based Malware Detection and Mitigation: The Case of ExPetr Ransomware. 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT). :150–155.
This paper investigates the use of Software-Defined Networking (SDN) in the detection and mitigation of malware threat, focusing on the example of ExPetr ransomware. Extensive static and dynamic analysis of ExPetr is performed in a purpose-built SDN testbed. The results acquired from this analysis are then used to design and implement an SDN-based solution to detect the malware and prevent it from spreading to other machines inside a local network. Our solution consists of three security mechanisms that have been implemented as components/modules of the Python-based POX controller. These mechanisms include: port blocking, SMB payload inspection, and HTTP payload inspection. When malicious activity is detected, the controller communicates with the SDN switches via the OpenFlow protocol and installs appropriate entries in their flow tables. In particular, the controller blocks machines which are considered infected, by monitoring and reacting in real time to the network traffic they produce. Our experimental results demonstrate that the proposed designs are effective against self-propagating malware in local networks. The implemented system can respond to malicious activities quickly and in real time. Furthermore, by tuning certain thresholds of the detection mechanisms it is possible to trade-off the detection time with the false positive rate.
2021-07-07
Wang, Yang, Wei, Xiaogang.  2020.  A Security Model of Ubiquitous Power Internet of Things Based on SDN and DFI. 2020 Information Communication Technologies Conference (ICTC). :55–58.
Security is the basic topic for the normal operation of the power Internet of Things, and its growing scale determines the trend of dynamic deployment and flexible expansion in the future to meet the ever-changing needs. While large-scale networks have a high cost of hardware resources, so the security protection of the ubiquitous power Internet of Things must be lightweight. In this paper, we propose to build a platform of power Internet of things based on SDN (Software Defined Network) technology and extend the openflow protocol by adding some types of actions and meters to achieve the purpose of on-demand monitoring, dynamic defense and flexible response. To achieve the purpose of lightweight protection, we take advantage of DFI(Deep Flow Inspection) technology to collect and analyze traffic in the Internet of Things, and form a security prevention and control strategy model suitable for the power Internet of Things, without in-depth detection of payload and without the influence of ciphertext.
2021-02-16
Lotfalizadeh, H., Kim, D. S..  2020.  Investigating Real-Time Entropy Features of DDoS Attack Based on Categorized Partial-Flows. 2020 14th International Conference on Ubiquitous Information Management and Communication (IMCOM). :1—6.
With the advent of IoT devices and exponential growth of nodes on the internet, computer networks are facing new challenges, with one of the more important ones being DDoS attacks. In this paper, new features to detect initiation and termination of DDoS attacks are investigated. The method to extract these features is devised with respect to some openflowbased switch capabilities. These features provide us with a higher resolution to view and process packet count entropies, thus improving DDoS attack detection capabilities. Although some of the technical assumptions are based on SDN technology and openflow protocol, the methodology can be applied in other networking paradigms as well.
Abdulkarem, H. S., Dawod, A..  2020.  DDoS Attack Detection and Mitigation at SDN Data Plane Layer. 2020 2nd Global Power, Energy and Communication Conference (GPECOM). :322—326.
In the coming future, Software-defined networking (SDN) will become a technology more responsive, fully automated, and highly secure. SDN is a way to manage networks by separate the control plane from the forwarding plane, by using software to manage network functions through a centralized control point. A distributed denial-of-service (DDoS) attack is the most popular malicious attempt to disrupt normal traffic of a targeted server, service, or network. The problem of the paper is the DDoS attack inside the SDN environment and how could use SDN specifications through the advantage of Open vSwitch programmability feature to stop the attack. This paper presents DDoS attack detection and mitigation in the SDN data-plane by applying a written SDN application in python language, based on the malicious traffic abnormal behavior to reduce the interference with normal traffic. The evaluation results reveal detection and mitigation time between 100 to 150 sec. The work also sheds light on the programming relevance with the open daylight controller over an abstracted view of the network infrastructure.
Zhai, P., Song, Y., Zhu, X., Cao, L., Zhang, J., Yang, C..  2020.  Distributed Denial of Service Defense in Software Defined Network Using OpenFlow. 2020 IEEE/CIC International Conference on Communications in China (ICCC). :1274—1279.
Software Defined Network (SDN) is a new type of network architecture solution, and its innovation lies in decoupling traditional network system into a control plane, a data plane, and an application plane. It logically implements centralized control and management of the network, and SDN is considered to represent the development trend of the network in the future. However, SDN still faces many security challenges. Currently, the number of insecure devices is huge. Distributed Denial of Service (DDoS) attacks are one of the major network security threats.This paper focuses on the detection and mitigation of DDoS attacks in SDN. Firstly, we explore a solution to detect DDoS using Renyi entropy, and we use exponentially weighted moving average algorithm to set a dynamic threshold to adapt to changes of the network. Second, to mitigate this threat, we analyze the historical behavior of each source IP address and score it to determine the malicious source IP address, and use OpenFlow protocol to block attack source.The experimental results show that the scheme studied in this paper can effectively detect and mitigate DDoS attacks.
2020-08-24
Sophakan, Natnaree, Sathitwiriyawong, Chanboon.  2019.  A Secured OpenFlow-Based Software Defined Networking Using Dynamic Bayesian Network. 2019 19th International Conference on Control, Automation and Systems (ICCAS). :1517–1522.
OpenFlow has been the main standard protocol of software defined networking (SDN) since the launch of this new networking paradigm. It is a programmable network protocol that controls traffic flows among switches and routers regardless of their platforms. Its security relies on the optional implementation of Transport Layer Security (TLS) which has been proven vulnerable. The aim of this research was to develop a secured OpenFlow, so-called Secured-OF. A stateful firewall was used to store state information for further analysis. Dynamic Bayesian Network (DBN) was used to learn denial-of-service attack and distributed denial-of-service attack. It analyzes packet states to determine the nature of an attack and adds that piece of information to the flow table entry. The proposed Secured-OF model in Ryu controller was evaluated with several performance metrics. The analytical evaluation of the proposed Secured-OF scheme was performed on an emulated network. The results showed that the proposed Secured-OF scheme offers a high attack detection accuracy at 99.5%. In conclusion, it was able to improve the security of the OpenFlow controller dramatically with trivial performance degradation compared to an SDN with no security implementation.
2020-06-29
Ahalawat, Anchal, Dash, Shashank Sekhar, Panda, Abinas, Babu, Korra Sathya.  2019.  Entropy Based DDoS Detection and Mitigation in OpenFlow Enabled SDN. 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN). :1–5.
Distributed Denial of Service(DDoS) attacks have become most important network security threat as the number of devices are connected to internet increases exponentially and reaching an attack volume approximately very high compared to other attacks. To make the network safe and flexible a new networking infrastructure such as Software Defined Networking (SDN) has come into effect, which relies on centralized controller and decoupling of control and data plane. However due to it's centralized controller it is prone to DDoS attacks, as it makes the decision of forwarding of packets based on rules installed in switch by OpenFlow protocol. Out of all different DDoS attacks, UDP (User Datagram Protocol) flooding constitute the most in recent years. In this paper, we have proposed an entropy based DDoS detection and rate limiting based mitigation for efficient service delivery. We have evaluated using Mininet as emulator and Ryu as controller by taking switch as OpenVswitch and obtained better result in terms of bandwidth utilization and hit ratio which consume network resources to make denial of service.
2020-05-11
Abhilash, Goyal, Divyansh, Gupta.  2018.  Intrusion Detection and Prevention in Software Defined Networking. 2018 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). :1–4.
Software defined networking is a concept proposed to replace traditional networks by separating control plane and data plane. It makes the network more programmable and manageable. As there is a single point of control of the network, it is more vulnerable to intrusion. The idea is to train the network controller by machine learning algorithms to let it make the intelligent decisions automatically. In this paper, we have discussed our approach to make software defined networking more secure from various malicious attacks by making it capable of detecting and preventing such attacks.
2020-03-23
Rathore, Heena, Samant, Abhay, Guizani, Mohsen.  2019.  A Bio-Inspired Framework to Mitigate DoS Attacks in Software Defined Networking. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–5.
Software Defined Networking (SDN) is an emerging architecture providing services on a priority basis for real-time communication, by pulling out the intelligence from the hardware and developing a better management system for effective networking. Denial of service (DoS) attacks pose a significant threat to SDN, as it can disable the genuine hosts and routers by exhausting their resources. It is thus vital to provide efficient traffic management, both at the data layer and the control layer, thereby becoming more responsive to dynamic network threats such as DoS. Existing DoS prevention and mitigation models for SDN are computationally expensive and are slow to react. This paper introduces a novel biologically inspired architecture for SDN to detect DoS flooding attacks. The proposed biologically inspired architecture utilizes the concepts of the human immune system to provide a robust solution against DoS attacks in SDNs. The two layer immune inspired framework, viz innate layer and adaptive layer, is initiated at the data layer and the control layer of SDN, respectively. The proposed model is reactive and lightweight for DoS mitigation in SDNs.
2020-03-02
Yoshikawa, Takashi, Date, Susumu, Watashiba, Yasuhiro, Matsui, Yuki, Nozaki, Kazunori, Murakami, Shinya, Lee, Chonho, Hida, Masami, Shimojo, Shinji.  2019.  Secure Staging System for Highly Confidential Data Built on Reconfigurable Computing Platform. 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). :308–313.
Cloud use for High Performance Computing (HPC) and High Performance Data Analytics (HPDA) is increasing. The data are transferred to the cloud and usually left there even after the data being processed. There is security concern for such data being left online. We propose secure staging system to prepare not only data but also computing platform for processing the data dynamically just while the data is processed. The data plane of the secure staging system has dynamic reconfigurability with several lower-than-IP-layer partitioning mechanisms. The control plane consists of a scheduler and a resource provisioner working together to reconfigure the partitioning in the data plane dynamically. A field trial system is deployed for treating secure data in dental school to be processed in the computer center with the location distance of 1km. The system shows high score in the Common Vulnerability Scoring System (CVSS) evaluation.
2020-02-26
Almohaimeed, Abdulrahman, Asaduzzaman, Abu.  2019.  Incorporating Monitoring Points in SDN to Ensure Trusted Links Against Misbehaving Traffic Flows. 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ). :1–4.

The growing trend toward information technology increases the amount of data travelling over the network links. The problem of detecting anomalies in data streams has increased with the growth of internet connectivity. Software-Defined Networking (SDN) is a new concept of computer networking that can adapt and support these growing trends. However, the centralized nature of the SDN design is challenged by the need for an efficient method for traffic monitoring against traffic anomalies caused by misconfigured devices or ongoing attacks. In this paper, we propose a new model for traffic behavior monitoring that aims to ensure trusted communication links between the network devices. The main objective of this model is to confirm that the behavior of the traffic streams matches the instructions provided by the SDN controller, which can help to increase the trust between the SDN controller and its covered infrastructure components. According to our preliminary implementation, the behavior monitoring unit is able to read all traffic information and perform a validation process that reports any mismatching traffic to the controller.

2020-02-10
Midha, Sugandhi, Triptahi, Khushboo.  2019.  Extended TLS Security and Defensive Algorithm in OpenFlow SDN. 2019 9th International Conference on Cloud Computing, Data Science Engineering (Confluence). :141–146.

Software Defined Network (SDN) is a revolutionary networking paradigm which provides the flexibility of programming the network interface as per the need and demand of the user. Software Defined Network (SDN) is independent of vendor specific hardware or protocols and offers the easy extensions in the networking. A customized network as per on user demand facilitates communication control via a single entity i.e. SDN controller. Due to this SDN Controller has become more vulnerable to SDN security attacks and more specifically a single point of failure. It is worth noticing that vulnerabilities were identified because of customized applications which are semi-independent of underlying network infrastructure. No doubt, SDN has provided numerous benefits like breaking vendor lock-ins, reducing overhead cost, easy innovations, increasing programmability among devices, introducing new features and so on. But security of SDN cannot be neglected and it has become a major topic of debate. The communication channel used in SDN is OpenFlow which has made TLS implementation an optional approach in SDN. TLS adoption is important and still vulnerable. This paper focuses on making SDN OpenFlow communication more secure by following extended TLS support and defensive algorithm.

2020-01-21
Saadeh, Huda, Almobaideen, Wesam, Sabri, Khair Eddin, Saadeh, Maha.  2019.  Hybrid SDN-ICN Architecture Design for the Internet of Things. 2019 Sixth International Conference on Software Defined Systems (SDS). :96–101.
Internet of Things (IoT) impacts the current network with many challenges due to the variation, heterogeneity of its devices and running technologies. For those reasons, monitoring and controlling network efficiently can rise the performance of the network and adapts network techniques according to environment measurements. This paper proposes a new privacy aware-IoT architecture that combines the benefits of both Information Centric Network (ICN) and Software Defined Network (SDN) paradigms. In this architecture controlling functionalities are distributed over multiple planes: operational plane which is considered as smart ICN data plane with Controllers that control local clusters, tactical plane which is an Edge environment to take controlling decisions based on small number of clusters, and strategic plane which is a cloud controlling environment to make long-term decision that affects the whole network. Deployment options of this architecture is discussed and SDN enhancement due to in-network caching is evaluated.
2019-12-18
Lawal, Babatunde Hafis, Nuray, A. T..  2018.  Real-time detection and mitigation of distributed denial of service (DDoS) attacks in software defined networking (SDN). 2018 26th Signal Processing and Communications Applications Conference (SIU). :1–4.
The emergence of Software Defined Network (SDN) and its promises in networking technology has gotten every stakeholder excited. However, it is believed that every technological development comes with its own challenges of which the most prominent in this case is security. This paper presents a real time detection of the distributed denial of service (DDoS) attacks on the SDN and a control method based on the sFlow mitigation technology. sFlow analyses samples of packets collected from the network traffic and generates handling rules to be sent to the controller in case of an attack detection. The implementation was done by emulating the network in Mininet which runs on a Virtual Machine (VM) and it was shown that the proposed method effectively detects and mitigates DDoS attacks.
2019-09-09
Almohaimeed, A., Asaduzzaman, A..  2019.  A Novel Moving Target Defense Technique to Secure Communication Links in Software-Defined Networks. 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ). :1–4.
Software-defined networking (SDN) is a recently developed approach to computer networking that brings a centralized orientation to network control, thereby improving network architecture and management. However, as with any communication environment that involves message transmission among users, SDN is confronted by the ongoing challenge of protecting user privacy. In this “Work in Progress (WIP)” research, we propose an SDN security model that applies the moving target defense (MTD) technique to protect communication links from sensitive data leakages. MTD is a security solution aimed at increasing complexity and uncertainty for attackers by concealing sensitive information that may serve as a gateway from which to launch different types of attacks. The proposed MTD-based security model is intended to protect user identities contained in transmitted messages in a way that prevents network intruders from identifying the real identities of senders and receivers. According to the results from preliminary experiments, the proposed MTD model has potential to protect the identities contained in transmitted messages within communication links. This work will be extended to protect sensitive data if an attacker gets access to the network device.
2019-06-28
Shi, Jiangyong, Zeng, Yingzhi, Wang, Wenhao, Yang, Yuexiang.  2018.  Feedback Based Sampling for Intrusion Detection in Software Defined Network. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :95-99.

Cloud computing is being deployed more and more widely. However, the difficulty of monitoring the huge east-west traffic is a great security concern. In this paper, we proposed FBSample, a sampling method which employs the central control feature of SDN and feedback information of IDS. Evaluation results show FBSample can largely reduce the amount of packets to be transferred while maintaining a relatively high detection precision.

2019-06-17
Shif, L., Wang, F., Lung, C..  2018.  Improvement of security and scalability for IoT network using SD-VPN. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–5.

The growing interest in the smart device/home/city has resulted in increasing popularity of Internet of Things (IoT) deployment. However, due to the open and heterogeneous nature of IoT networks, there are various challenges to deploy an IoT network, among which security and scalability are the top two to be addressed. To improve the security and scalability for IoT networks, we propose a Software-Defined Virtual Private Network (SD-VPN) solution, in which each IoT application is allocated with its own overlay VPN. The VPN tunnels used in this paper are VxLAN based tunnels and we propose to use the SDN controller to push the flow table of each VPN to the related OpenvSwitch via the OpenFlow protocol. The SD-VPN solution can improve the security of an IoT network by separating the VPN traffic and utilizing service chaining. Meanwhile, it also improves the scalability by its overlay VPN nature and the VxLAN technology.

2019-04-29
Jevtic, Stefan, Lotfalizadeh, Hamidreza, Kim, Dongsoo S..  2018.  Toward Network-based DDoS Detection in Software-defined Networks. Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication. :40:1–40:8.
To combat susceptibility of modern computing systems to cyberattack, identifying and disrupting malicious traffic without human intervention is essential. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress.
2019-01-21
Dixit, Vaibhav Hemant, Kyung, Sukwha, Zhao, Ziming, Doupé, Adam, Shoshitaishvili, Yan, Ahn, Gail-Joon.  2018.  Challenges and Preparedness of SDN-based Firewalls. Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. :33–38.

Software-Defined Network (SDN) is a novel architecture created to address the issues of traditional and vertically integrated networks. To increase cost-effectiveness and enable logical control, SDN provides high programmability and centralized view of the network through separation of network traffic delivery (the "data plane") from network configuration (the "control plane"). SDN controllers and related protocols are rapidly evolving to address the demands for scaling in complex enterprise networks. Because of the evolution of modern SDN technologies, production networks employing SDN are prone to several security vulnerabilities. The rate at which SDN frameworks are evolving continues to overtake attempts to address their security issues. According to our study, existing defense mechanisms, particularly SDN-based firewalls, face new and SDN-specific challenges in successfully enforcing security policies in the underlying network. In this paper, we identify problems associated with SDN-based firewalls, such as ambiguous flow path calculations and poor scalability in large networks. We survey existing SDN-based firewall designs and their shortcomings in protecting a dynamically scaling network like a data center. We extend our study by evaluating one such SDN-specific security solution called FlowGuard, and identifying new attack vectors and vulnerabilities. We also present corresponding threat detection techniques and respective mitigation strategies.

2018-06-11
Abdulqadder, I. H., Zou, D., Aziz, I. T., Yuan, B..  2017.  Modeling software defined security using multi-level security mechanism for SDN environment. 2017 IEEE 17th International Conference on Communication Technology (ICCT). :1342–1346.

Software Defined Networking (SDN) support several administrators for quicker access of resources due to its manageability, cost-effectiveness and adaptability. Even though SDN is beneficial it also exists with security based challenges due to many vulnerable threats. Participation of such threats increases their impact and risk level. In this paper a multi-level security mechanism is proposed over SDN architecture design. In each level the flow packet is analyzed using different metric and finally it reaches a secure controller for processing. Benign flow packets are differentiated from non-benign flow by means of the packet features. Initially routers verify user, secondly policies are verified by using dual-fuzzy logic design and thirdly controllers are authenticated using signature based authentication before assigning flow packets. This work aims to enhance entire security of developed SDN environment. SDN architecture is implemented in OMNeT++ simulation tool that supports OpenFlow switches and controllers. Finally experimental results show better performances in following performance metrics as throughput, time consumption and jitter.

2018-05-09
Aseeri, Ahmad, Netjinda, Nuttapong, Hewett, Rattikorn.  2017.  Alleviating Eavesdropping Attacks in Software-defined Networking Data Plane. Proceedings of the 12th Annual Conference on Cyber and Information Security Research. :1:1–1:8.
Software-Defined Networking (SDN) is an emerging paradigm that introduces a concept of programmable networks to enhance the agility in networking management. By separating concerns of the data plane and the control plane, implementing network switching as packet forwarding, and using centralized software to logically control the entire networks, SDN makes it simpler to automate and configure the network to respond to high-level policy enforcement and dynamically changing network conditions. As SDN becomes more prevalent, its security issues are increasingly critical. Eaves-dropping attacks are one of the most common and important network attacks because they are relatively easy to implement and their effects can escalate to more severe attacks. This paper addresses the issue of how to cope with eavesdropping attacks in the SDN data plane by using multiple routing paths to reduce the severity of data leakage. While this existing approach appears to be considerably effective, our simple analysis uncovers that without a proper strategy of data communication, it can still lead to 100% of data exposure. The paper describes a remedy along with illustrations both analytically and experimentally. The results show that our proposed remedy can avoid such catastrophe and further reduces the percentage of risk from data exposure approximately by a factor of 1/n where n is the number of alternate disjoint paths.