Enabling Secure Mobility with OpenFlow

Author

Namal, Suneth ; Ahmad, Ishtiaq ; Gurtov, Andrei ; Ylianttila, Mika

Author_Institution

Dept. of Commun., Univ. of Oulu, Oulu, Finland

fYear

2013

fDate

11-13 Nov. 2013

Firstpage

1

Lastpage

5

Abstract

Software Defined Networking (SDN) and its one possible realization, OpenFlow, define the trends of future networks. However, the present OpenFlow architecture does not allow the switches to be mobile e.g., in a moving train as it would disrupt flow processing from network switches. We present OFHIP, an architecture that enables OpenFlow switches to change their IP addresses securely during mobility. OFHIP employs IPSec encapsulated security payload (ESP) in transport mode for protection against DoS, data origin authenticity, connectionless integrity, anti-replay protection, and limited traffic flow confidentiality. We demonstrate the benefits of OFHIP compared to present use of SSL in enabling mobility, reducing the connection latency and improving the resilience to known TCP-level attacks.

Keywords

computer network management; computer network security; DoS; IP address; Internet protocols; OFHIP architecture; OpenFlow architecture; TCP-level attacks; anti-replay protection; connectionless integrity; data origin authenticity; distributed-of-service; encapsulated security payload; network switches; software defined networking; traffic flow confidentiality; Control systems; Hip; IP networks; Mobile communication; Protocols; Security; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Future Networks and Services (SDN4FNS), 2013 IEEE SDN for

Conference_Location

Trento

Type

conf

DOI

10.1109/SDN4FNS.2013.6702540

Filename

6702540