Towards adoption of secure communication protocol in Software Defined Networks

Abstract

Software Defined Networking (SDN) decouples the forwarding data plane from the network control plane to provide centralized control and programmability of the data plane elements like switches and routers. Traditionally, this commu-nication between control plane and the data plane (southbound communication) for e.g., using OpenFlow were based on the non-secure protocol like transmission control protocol (TCP), which over-the-years resulted in several security incidents. In order to facilitate secure data communication, the adoption of transport layer security (TLS) has become unavoidable. To this extent, we first present the key qualitative aspects and suitability of using TLS 1.2 and the newer TLS 1.3 for southbound communication. Further, we present extensive quantitative evaluation on Mininet emulator testbed to assess the performance impact of using the TLS 1.2 and TLS 1.3 (for most widely used cipher suites) over TCP to secure the controller-switch communication. Our work shows that the adoption of secure communication channel TLS incurs significant overheads (2 - 6 ×) when compared to baseline TCP (unsecure channel), while TLS 1.3 adds marginal overheads in terms of latency and throughput (≈ 5 %) in comparison to TLS 1.2. Also, we observed that the memory and processing (computational cost) overheads with TLS 1.2 and TLS 1.3 to be negligible, even when supporting a large number of flows. Further, we also discuss the potential adoption of QUIC protocol as an alternative to provide high performance secure communication for the southbound interface.