dc.description.abstract | OpenFlow is a widely used protocol in Software Defined Networking
(SDN). Transport layer security (TLS) is used for communication security
between the SDN controller and each of the OpenFlow switches. How-
ever, OpenFlow does not provide any cryptographic security through
OpenFlow.
This thesis explores the possibility of adding encryption to the datap-
ath that can be controlled from a Software Defined Networking (SDN)
controller. A virtual testbed is created using Pox, Open vSwitch (OVS),
and Virtualbox. In the virtual testbed, different encryption concepts
are tried out, and related performance testing is performed. Then, the
solution is ported to a physical network consisting of a computer, two
Raspberry Pi devices, and a router. A replay attack was tested on Generic
Routing Encapsulation (GRE) and Internet Protocol Security (IPsec).
The performance overhead from encryption and Pre Shared Key (PSK)
renewal was evaluated. Some leaking traffic was discovered when changing
PSK. Different ways of changing the PSK were tried out and evaluated.
The best solution turned out to be adding new tunnel endpoints with a
new PSK. | |