Security in SDN networks and their applications

Research article. https://doi.org/10.16925/2357-6014.2021.02.09 1 Telematic engineering student. Technological faculty. Francisco Jose de Caldas Distrital University. Bogotá Colombia. Email: retapierot@correo.udistrital.edu.co ORCID: https://orcid.org/0000-0002-9489-699X CvLAC: 00017917322020614933 2 Telematic engineering student. Technological faculty. Francisco Jose de Caldas Distrital University. Bogotá Colombia. Email: edgonzalezc@correo.udistrital.edu.co ORCID: https://orcid.org/0000-0002-7909-7815 CvLAC: 00017917312020614932 3 Professor. Technological faculty. Francisco Jose de Caldas Distrital University. Bogotá Colombia. Email: nnovoat@udistrital.edu.co ORCID: https://orcid.org/0000-0003-3374-7760 Security in SDN networks and their applications


INTRODUCTION
Since organizations have increased their demand for infrastructure, network administrators have had to face the challenge of keeping the entire network operating optimally [1], a task that is not easy due to the continuous scaling requests, interoperability, and high availability, among other aspects, that has been given thanks to the multiple users requests in business applications; saturating the operation of the network and lagging behind the growth needs that organizations demand [2].
What makes the arrival of SDN networks necessary as a solution to this problem. Thanks to the infrastructure offered [3], where the data plane is disaggregated from the control plane, centralizing all administration in a node that is responsible for managing the flow of information that circulates through the control layer [4], by means of flow charts and network security guidelines, across the OpenFlow protocol that allows managing the network as a whole [5], not as a number of individual devices to be managed, with the server itself managing the switches that should send the packets. Concentrating package delivery orders in the control plane. The security problems that SDN networks still face and how the applications that articulate them, have dealt with these drawbacks [6]. Besides the development that they have presented in recent years for technologies such as IoT, Data centers and 5G, which has been e-ISSN 2357-6014 / Vol.17, n°. 2 / may -august 2021 / Bogotá D.C., Colombia Universidad Cooperativa de Colombia evolving the work of SDN networks and projecting the disappearance of traditional networks to make way for the network of the future [7].

Literature review or research history
To develop the topics of this review article, the descriptive method [8] is used, which seeks through the exact description, to know the architecture and processes that make up the SDN networks as a focus of study [9], specifying the most relevant properties through an analysis, without altering the study factor. For this purpose some items will be proposed, which will be developed in depth and related to one another.
Based on this study methodology, it is evident that in recent years the growth and importance of SDN networks as a research topic has increased. Therefore, aspects such as architecture and security [10] are issues that have evolved through various studies, which allows offering a better service with respect to traditional networks and their current disadvantages [11]. Consequently, subtopics will be developed that will contain the following: in SDN Architecture: data layer, control layer and application layer; in security, the work of the SDN control layer, its different advances through the Open Flow protocol and its projection [12] will be highlighted; in articulated applications by SDN, the different advances that technologies such as IoT, data centers and 5G have developed through SDN networks and their emphasis on the security part, will be mentioned [13].  In 2019, Pillutla Harikrishna from India, presented an investigation that showed that the incorporation of SDN networks would help in the mitigation of DDoS attacks, allowing to investigate the flow of data traffic through the reactive process of updating the forwarding rules in the control layer; analyzing the network with a global vision and centralized control in monitoring for a better application of DDoS mitigation. This author proposed a recursively improved self-organizing map and a software-defined network-based mitigation scheme (CRESOM-SDNMS) to ensure the best detection rate during the cloud DDoS attack prevention process [14].
On one hand, Ihsan H Abdulqadder together with his research colleagues from China, in 2019, declared that the security problems faced by SDN, NFV, cloud computing and 5G, focused on the Intrusion Detection and Prevention Systems (IDPS). These researchers exposed, in turn, that the existing IDPS solutions were inadequate, which could cause a great waste of resources and various security threats. To alleviate security concerns or the early detection of an attacker, they proposed an innovative approach known as Multi-Layer Intrusion Detection and Prevention (ML-IDP) in an SDN / NFV enabled 5G network cloud. The proposed approach defends against security attacks using artificial intelligence (AI) [15]. On the other hand, Marcos V.O Assis along with his colleagues from Brazil also in 2019, presented a research related to IoT and SDN networks, exposing the security flaws that still exist. They proposed a near real-time SDN security system, which prevents DDoS attacks on the source network and protects the source SDN controller against deterioration of traffic. For this, a Convolutional Neural Network (CNN) is applied and tested for DDoS detection, describing how the system could mitigate the detected attacks. The performance results were performed in two test scenarios, indicating that the proposed SDN security system holds promise against next-generation DDoS attacks [16].
Alejandro Molina Zarca together with his colleagues from Spain in the present year, 2020; propose a contactless, policy-based security orchestration framework for an autonomous and conflict-free security orchestration in IoT scenarios with SDN / NFV; while ensuring the optimal allocation and chaining of VSF service functions (SFCs). The framework is based on semantic technologies, and considers security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during orchestration [17].
Fahad N. Nife from Poland and Zbigniew Kotulski from Iraq in 2020 propose an application firewall mechanism for SDN, which can be implemented as an extension of the network controller. To provide greater control and visibility into applications running on the network, the system can detect network applications that may affect network performance at some point, while being able to dynamically impose restriction rules on applications. The firewall architecture is designed as four cooperating modules: the Main Module, the Filtering Module, the Application Identification Module and the Security Compliance Module. The proposed mechanism verifies network traffic at the network, transport, and application levels, and installs appropriate security instructions on the network [18].
Amritpal Singh from India with his colleagues in 2020 propose a dynamic scheme called BloomStore, which manages the space by means of secure rules applying a bloom filter in SDN, with this data traffic is handled dynamically to the administrator network resources. A double security check is used for the secure data transfer by means of double hashing, that is, two independent hash functions are used to generate k hash functions. Furthermore, it is proposed that the participating hashing has insertion and query in a flowering set cube [19]. For the SDN physical environment, the average detection accuracy is 97.68% and the average accuracy is 94.67%. For the simulation environment, the average precision is 96.54% and the average precision is 92.06%. Additionally, SA-Detector was compared to existing saturation attack detection methods in terms of the performance metrics mentioned above and the CPU utilization of the controller. The results of the experiment indicate that SA-Detector is effective for the detection of saturation attacks in SDN [22].

SDN Architecture
Since 2013, the concepts of SDN (Software-Defined Networks) and NFV (Network Functions Virtualization) were introduced, which sought to simplify the network architecture and its operation, facilitating scaling, deployment of modifications, insertion of new services, shorten response times and centralize its administration [23], resulting in a more efficient network with a higher economic return. This as a response method to the continuous difficulties that OTTs (over the top media service), high data traffic, the Internet of Things and cloud services have had; those which are destroying traditional networks due to their continuous growth. and infrastructure demand, reflecting the poor architecture provided by traditional networks [24].
Software-Defined Networks (SDN) are made up of three layers: data plane, control plane, and application plane. These three layers allow the automation of the network and a better administration of the resources that are integrated within its architecture, centralizing its management, automating and guaranteeing its scalability [25]. Situation that does not appear in traditional networks that, due to its design, is neither scalable nor profitable. Through this architecture it is possible to disaggregate the control and data planes of network devices such as switches and routers [26]. The control plane has the functionality to make decisions regarding the traffic that interacts with any network device, the data plane carries the transport of data packages in the network [27] and the application plane is made up of business applications of the end user. and access points that were in charge of the information that travels over the network [ 28]. This layer can be reprogrammable by the control layer, which through a set of instructions and rules can configure the functionality of the data layer in router or firewall mode as required through the OpenFlow API.

Control layer
This ability has the function of centralizing all the information flow that circulates through the control layer, this thanks to the fact that it configures and manages the nodes, correctly directing the traffic flow, through policies that control the flow tables in the network, forwarding or data diversion, having a broad overview of the entire network [29]. These policies are established through the OpenFlow protocol, which allows controls such as Opendaylight or NSX to send the policies and configurations that are designated for the data plane, there are also APIs such as Restful or Northbound that discriminate global application policies and policies. internal to the network, allowsing the application board to communicate with the control capability [30].

Application layer
This layer contains all end-user business applications and communicates via API north (up) with controllability. It simplifies and automates configuration tasks, services and provides the user with differentiated income according to the profile they have and the service they are going to consume, obtaining statistics that reflect their behavior on the network, and then make decisions about this information [31]; guaranteeing its security and portability since it is functional in any operating system.

IoT (Internet of Things)
IoT has taken a great boom in its development thanks to the promising solutions it has offered in technological diversity, integrating SDN networks capable of efficiently intercommunicating from one node to another at a geographical level, and in turn centralizing everything to the same point of administration. This being a great temptation for the technology industry, which want to implement this novel solution, without forgetting the changes at the infrastructure level that the IoT needs to implement and the security breaches that pose a threat to its execution [32]. Due to this, IoT technology with SDN networks is still an immature domain that has not managed to establish itself as a reliable technological solution. This, in turn, has prevented investors from sponsoring this type of research, where the biggest challenge is to offer reliable security of SDN networks to the user. Different from the type of security that traditional networks offer today, since, when an attack is made on the main node, this can compromise the architecture of the entire SDN network [33], being affected with aspects such as: Protection of limited resources and neglected resources: The majority of IoT nodes are geographically dispersed and neglected, this being a threat, to be victims of a physical attack from which they do not possess any possibility of being saved [34]. In addition to this, the fact of having a physical node at a long distance, incurs the physical architecture that implements might be of great quality and capacity so that it can be self-sustaining. A clear example is the energy regulation of the battery with which the node is powered and an interface that allows continuous monitoring of the node, which guarantees its correct operation. What it leaves as evidence, the little security that this type of nodes has during its activity time due to the resources that are required to support its activity. Security status monitoring: IoT was designed with the notion of being a large interconnection system that houses a huge distributed system that in turn contains subsystems, where the node that is responsible for data collection and content aggregation is the node administrator who manages the resources of each node of the network [35]. The cloud would play a role of great importance in this design, since, being dispersed nodes, the authentication of the nodes for security updates and validations must be done by certifications that would be carried out by means of cryptography methods and the computers do not count with enough architecture to support that high processing due to the significant complexity that these methods require.
Availability of services: IoT projects seek to target smart cities, smart grids, healthcare, transportation and industry; where the availability of the service plays an extremely important role. A simple reboot cannot be seen as a solution to any eventuality. Therefore, when IoT solves its security problems, it will be conceived as a great technological solution that will promote a high impact on society [36].

5G SDN mobile technology
The Software-Defined Network (SDN) is determined by 5G mobile technology, as the future of all its infrastructure by the promising solutions it aims to offer. despite the fact that its progress has not been very noticeable so far, due to security problems Ingeniería Solidaria e-ISSN 2357-6014 / Vol.17, n°. 2 / may -august 2021 / Bogotá D.C., Colombia Universidad Cooperativa de Colombia that it has not managed to overcome in software-defined mobile networks (SDMN).
Although the security challenges it faces are great, its infrastructure potential is strong enough to overcome all these obstacles, consolidating itself as a powerful and secure network [37]. Work has been done and progress has been made on a security controller that is related to the SDN network controller [38]. Security services that could work correctly for end users of mobile networks [39].
Advances in the development of a demo workflow application are of high impact to solve the security problems presented by the SDN network in 5G technology [40]. Since it can offer parameterized service chains according to the need of the application, taking into account relevant aspects such as: network load, user demand and operator needs [41]. These services are sent through a chain optimizer through a GUI [42], when the request is successful, a response is sent to the GUI with the solution, minimizing end-to-end latency times, controlling traffic by means of flow rules [43]. This application also guarantees the integrity of the services, making possible to modify the service chains without altering the others, thanks to the identifier or ID, which allows recognizing the chain of services to be updated, by generating a display of a service chain request. A subset of switches in the WAN SD domain (software-defined red WAN), triggering dynamic adaptive capacity, redirecting traffic through other available switches [44]. SDN seeks to centralize the administration of the network through a controller, allowing the generation of better security implementation benefits to the mobile network. Thanks to the attributes that SDN offers in security, such as: logically centralized intelligence, programmability and abstraction [45]. Improving the architecture that SDN offers, it seeks to implement a fourth layer, which would be in charge of network security, incorporating an agent on the wireless edge, to prevent attacks by this means; besides it allows greater scalability in the network. However, coupling to the fourth layer is not so easy, as a failure in this security layer could paralyze the entire network, leaving it exposed to attacks by the medium [46].

Data centers
Data centers came to solve the problems of technologies such as: cloud applications, virtual machine migration or backups [47]; as they process high data traffic on geographically distributed nodes and provide 24/7 service [48]. For this reason, aspects such as the architecture being implemented, costs, consumption and reliability; have great relevance in its execution [49]. DCs (Data Centers) need intelligent intra-DC and inter-DC traffic control techniques. Therefore, the control plane, which is in charge e-ISSN 2357-6014 / Vol.17, n°. 2 / may -august 2021 / Bogotá D.C., Colombia Universidad Cooperativa de Colombia of managing policies and the data plane, must take great care with aspects such as: availability, maturity, operator preference and functional requirements; which in turn can be: intra-DC traffic that must be flexible to control, adaptive to forwarded entries and dynamic context policies [50]. Studies have focused on control plane options that are tailored to data center requirements, such as a flexible Open Flow protocol for network and open interface control, a generalized multiprotocol label change (GMPLS) with optional Route Calculation (PCE) [51], as it offers maturity, operator-grade, and multi-domain support to control optical networks, slow migrations, and economic return; through the heterogeneous control plane that integrates GMPLS, PCE and SDN.
Automated coordination, configuration and management is provided, this blueprint allows network simplification and better integration with operating systems [52].
While the administration of the control plane is based on a central node that administers the services, resources and security policies [53]; the nodes must be segmented or divided into multiple subdomains to guarantee the scalability of the network [54]. In this regard, there are two interconnection models that are the border links and the border nodes. Where the border links represent the model of two network nodes, residing in different domains that are interconnected by a shared link [55], moreover no entity in the subdomain, must have visibility to the network topology, due to security policies. And the link of border nodes where more than one node that belongs to a different domain, are reported for interconnection fines [56].
An SDN controller as a centralized entity and with full visibility of the Open Flow and GMPLS subdomains, operates the entire network as a single domain (as shown in Figure. 3), in this model the centralized SDN controller locally separates the domains to allow provisioning through dedicated interfaces at given demarcation points, scheduling cross-connections through OpenFlow, requiring the establishment of segments to the GMPLS boundary nodes, via the provisioning interface, or sending the provisioning task to ASPCE [ 57].

SECURITY
Response mechanisms from the threats that compromise the functionality of the SDN network such as: brute force attacks, Phishing, DDos, Advanced Persistent Threat (APT) or Ransomware; they are ineffective [58], since many times the user performs a simple restart to return the system to a safe state [59]. These types of solutions in a Data Center, a medical center or an industry are deficient, due to their critical functionality, since the availability of the service must be guaranteed at all times and in each subsystem that integrates the SDN network [60], because the administration is centralized in a main node that when attacked would leave the entire system in a critical state [61]. Therefore, the control plane that is in charge of assigning the security policies that will be implemented in the network, must consider the response actions to the threats to which the system is exposed [62].
Security mechanisms have been developed to mitigate the threats faced by the SDN network, handling recognition filters that analyze the content and validity of packets as the Gateway does, which is the first line of security that is presented in the net; being responsible for certifying the source of the packets traveling on the platform [63]. Being as important this work of the gateway, the control plane must somehow confirm the assertiveness of the Gateway. This type of validation on packet content is a fairly rigorous and sensitive task for network security, which is why it has been sought to implement the Blockchain technology that performs packet verification instantaneously and has been implemented by public and private organizations, tamper-proof of being replicated, which is shared with network subdomains [64]. The implemented data structure generates a security Hash that is created at the moment of detecting the packet and this Hash will contain the ID of the information that this packet contains. With this if any data of the packet information is modified, the original Hash can be compared with the one generated by the modification that is made and when comparing the Hash, it will be evidenced that the detected packet was altered regarding the original information of the packet [65].
The security hash is generated in the content of the block or in its header. It contains a subset of the general registry of records made by all interconnected subdomains that have access to the system and that have a reference to the hash of the previous blocks. By means of this method, a link between blocks is generated, which is connected in the form of a chain, as shown in Figure 4.  As it can be seen, the only block with a slightly different structure is the first one, which is known as Genesis and which is in charge of allowing distribution with all clients who have access to the Blockchain network. It can also be used as a key for encrypted content on the network [66]. Through this process, the network nodes are able to analyze the content stored in the data structure, allowing a real-time impression of the state of the network [67]. The data structure that Blockchain uses is distributed, which allows the nodes belonging to the network to communicate instantly.
Nodes that have tracking authorization can validate the data stored in the packages that enter the system, regardless the volume of information. A fully reliable distributed and encrypted database is available as it is constantly updated due to its distributed structure [68]. immediately. The Genesis block, being the main node of the chain, is the strongest, so violating its security is quite complex [69]. These security features make Blockchain an effective method for the control plane in the SDN network [70].

OpenFlow
The most popular standard for SDN network administrators is OpenFlow, since it allows more effective control of routing tables remotely [71]. This OpenFlow protocol Chart that stores package data such as: source address, destination address, source port, destination port, DSCP, user ID, project ID, and number of protocol [72], [75].  Backing up information for the organization has always been a topic of great importance. Through cloud orchestration, it addresses the composition of elements in the system, which support network activities, coordination and administration of services [73]. This in order to reduce the use of the network architecture, leaving the management of the system more profitable for the network administrator, which can be in charge of modifying the security of the control plane that is the main node of the network, and therefore, it would be the most considered point to attack due to threats from the organization. Considering that as this is the main point of administration and management of the network, it must have all the necessary levels of security and have plans of action against the risks that may be generated in the activity of the network.

DISCUSSION AND CONCLUSIONS
Security in SDN networks has taken a good course as security developments have increased in recent years. Advances can be seen from Multi-Layer Intrusion Detection and Prevention (ML-IDP) in an SDN / NFV enabled 5G network cloud to protect against security attacks using artificial intelligence; to security systems against DDoS attacks on the source network, protecting the SDN controller from sources against the deterioration of traffic through a Convolutional Neural Network.
The current advances in SDN security and the benefits offered by this architecture will be the force that will prevail in the technologies of the future.
In this article, a review of the most relevant categories of the SDN network model has been developed, as well as specific developments in security, allowing a frame of reference for future research in the security area, as this is the focus of study. For this, a description of the architecture and the network layers was made, contextualizing the reader in the functionality of its components and the importance of each of these.
The technologies that articulate SDN networks such as IoT, Data centers and 5G were documented detailing how SDN is incorporated into its applications and the challenges it has to face to be consolidated in each one of them. In addition, there was an emphasis on the security problem that SDN has had, since its centralized administration model implies a great risk if an attack is received on this node, implying the fall of the entire network and the denial of services. In the same way, developments have been implemented to correct this danger, through security policies that are responsible for preventing all kinds of attacks against the core of the network, through the OpenFlow protocol that allows managing the network as a whole, making easier for the network administrator, to manage hardware and software devices. The review Ingeniería Solidaria e-ISSN 2357-6014 / Vol.17, n°. 2 / may -august 2021 / Bogotá D.C., Colombia Universidad Cooperativa de Colombia was limited to the latest advances that have been developed in SDN networks, their significant progress and the result of the research that showed that the obstacles faced by this security architecture will no longer be an impediment to its development in the future, [74].