Toward a Trust-Based Authentication Framework of Northbound Interface in Software Defined Networking

Software Defined Networking (SDN) – a new rising terminology of network is recently gained more and more interest in both academic and industrial field. Not only decoupling of its control plane and data plane, SDN also provides the whole view of entire network for better and more flexible network management. Despite the benefits of the global view of the whole network, SDN with a single point of failure at the controller encounters some drawbacks and additional challenge for security. A malicious OpenFlow application (OF app) can access to SDN controller to perform illegal activities due to the lack of the authentication protocol in Northbound interface to ensure that only trusted, and authorized applications access critical network resources. The information about the whole network, such as topology data, flow information or statistics can be retrieved. Even worse the entire network can be controlled from the compromised controller. In this paper, we introduce Trust Trident - a framework of securing trustworthy authentication between applications and controller, with the controller-independent capability. It gives network administrator a fully and fine-grained observation of OF apps communicating with the controller. Threats in Northbound interface and counter measurements by our plugin are classified and evaluated according to the threat categories from the STRIDE methodology.