ABSTRACT
As networks grow in size, they become complex in design, and security. Management also becomes more pronounced. Over the years, such networks have evolved from traditional networks to those that can be smartly controlled through programmability. Traditional networks experience many security threats such as Sniffing and Distributed Denial of Service (DDoS). Specifically, these attacks are common in mobile networks such as Mobile IP version 6 (MIPV6). The study, therefore, sought to find out how Software-Defined Networking (SDN) model could be used to contain the security threats in the MIPV6 environment. In this research three interrelated perspectives were supported in the use of the software-defined networking model to contain the two security threats in MIPV6: the software-defined networking model perspective (which dealt with how wireless networking components are programmed and coordinated to achieve synchronicity in managing network resources); device mobility perspective (which looked at how the wireless network components such as laptops, tablets, iPads, and mobile phones move from one access point to the next as they acquire and re-acquire IP addresses); and traditional network model perspective (which dealt with the fact that the wireless network devices are managed independently without any programmability or central coordinating components). The three perspectives enabled testing of the hypotheses. Lab experimental design was adopted for the research. The results showed that sniffing and DDoS attacks could be contained through the use of a Software-Defined Networking model. It was observed that in traditional models where there were no Software-Defined Networking controllers, such networks were prone to sniffing and DDoS attacks. The finding agreed with the hypothesis that traditional network models could be compromised by both the DDoS and sniffing attacks as in the case of MIPV6. In the event of an attack, the SDN controller could disable the compromised components of the network. Hence saving the network from more negative effects. Further, the use of both the control plane and the data plane to segregate network data routing functions from routing decisions also made the SDN a better model for containing security challenges in MIPV6. The study found out that many of the security issues related to SDN networks were similar to those experienced in traditional networks. The study noted that the use of the SDN model had far-reaching benefits in improving network security as compared to the legacy or traditional models. The SDN approach enabled coordinated monitoring and management of forwarding policies among distributed network components, resulting in a more flexible management process. The study validated that separation of the control and data planes in the software-defined networking model enabled multi-tenancy and programmability in networks and introduced centralized management into the MIPV6 network architecture. The finding of the study would be helpful in the formulation of policies around network security measures not only in wireless topologies, but also in wired and hybrid topologies.
TABLE OF CONTENTS
DECLARATION ii
ACKNOWLEDGMENT iii
ABSTRACT iv
LIST OF FIGURES vii
LIST OF TABLES viii
ACRONYMS ix
DEFINITION OF TERMS x
CHAPTER ONE: INTRODUCTION
1.1 Background 1
1.2 The Concept of Software-defined Networking 2
1.2 Research Problem 3
1.3 Research Objectives 4
1.4 Value of the Study 4
1.5 Motivation for the Research 5
CHAPTER TWO: LITERATURE REVIEW
2.1 Introduction 6
2.2 Theoretical Framework of the Study 6
2.3 Conceptual Framework of the Study 8
2.4 Empirical Framework 14
CHAPTER THREE: RESEARCH METHODOLOGY
3.1 Introduction 15
3.2 Research Model and Hypothesis Formulation 15
3.3 Research Design 16
3.4. The Population and Sampling Methods 17
3.5 Methodology 19
3.6 Data Collection 26
3.7 Data Analysis 28
3.8 Reliability and Validity 28
3.9 Ethical Considerations 29
3.10 Summary of Methodology 30
CHAPTER FOUR: DATA ANALYSIS, FINDINGS, AND DISCUSSION
4.1 Introduction 31
4.2 Data Analysis 31
4.3 Research Findings 34
4.5 Discussion of Findings 40
CHAPTER FIVE: SUMMARY, CONCLUSION, AND RECOMMENDATIONS
5.1 Introduction 42
5.2 Summary of Findings 42
5.3 Conclusion 44
5.4 Recommendation for Policy and Practice 45
5.5 Limitations of the Study 46
5.6 Suggestions for Further Study 47
REFERENCES 48
LIST OF FIGURES
Figure 2.1: Conceptual model of an SDN-controlled network… 10
Figure 2.2: The SDN layered architecture 10
Figure 2.3: The MIPV6 Architecture 13
Figure 2.4: A road map of different studies on security, privacy, and trust in M-IoT 16
Figure 3.1: Flow Diagram of Proposed Process 22
Figure 3.2: Network Topology without SDN 23
Figure 3.3: Network Topology with SDN 25
Figure 4.1: Sniffing Attack without SDN 33
Figure 4.2: Sniffing Attack with SDN 33
Figure 4.3: DDoS attack without SDN 34
Figure 4.4: DDoS attack with SDN 34
Figure 4.5: Graph of packet flow for sniffing attack with and without SND 38
Figure 4.6: Graph pf packet flow DDoS attack with and without SDN 39
LIST OF TABLES
Table 3.1: Summary of Network Components 21
Table 3.2: Packet flow per unit time for sniffing attack without SDN 28
Table 3.3: Packet flow per unit time for sniffing attack with SDN 28
Table 3.4: Packet flow per unit time for DDoS attack without SDN 28
Table 3.5: Packet flow per unit time for DDoS attack with SDN 28
LIST OF ACRONYMS
AP - Access Point
BGP - Border Gateway Protocol
BSSID - Basic Service Set Identifier
BU - Binding Update
CN - Correspondence Node
CoA - Care of Address
HA - Home Address
IDS - Intrusion Detection System
IETF - Internet Engineering Task Force
IPSec - Internet Protocol Security
LVAP - Light Virtual Access Point
IPv4 - Internet Protocol version 4
MIPV6 - Mobile Internet Protocol Version 6
NF - Network Function
ONP - Open Network Foundation
OSPF - Open Shortest Path First
RARP - Reverse Address Resolution Protocol
SDN - Software Defined Networking
SDWN - Software-Defined Wireless Network
SOC - Service Operation Center
TCP/IP - Transport Control Protocol/Internet Protocol
WLAN - Wireless Local Area Network
DEFINITION OF TERMS
Distributed Denial of Service Attack: A malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a high volume of Internet traffic.
Light Virtual Access Point: A dynamically assigned to a physical access point near the current location of the terminal.
Local Area Network: A computer network that links devices within a building or a group of adjacent buildings with a radius of less than 1 km.
Mobile IP v6: The protocol developed as a subset of Internet Protocol version 6 to support mobile connections.
Software-Defined Networking: An approach to networking that uses software-based controllers or application programming interfaces to communicate with underlying hardware infrastructure and direct traffic on a network.
Smart IoT: A smart device that has support for Internet connectivity and can interact with other devices over the internet and grant remote access to users for managing the devices based on their needs.
Sniffing Attack: Theft or interception of data by capturing the network traffic using an application known as a packet sniffer.
CHAPTER ONE
INTRODUCTION
1.1 Background
Traditional network models provide some flexibility in coordination among network devices which must be configured or programmed manually. Any small change in the network can have negative ripple effect on its entire performance. A number of factors make the traditional network management approach outdated namely, growing demands to improve performance of the network, huge volumes of generated data and advanced network designs (Wang, Tao & Lin, 2016). Security is also another concern in all types of networks whether wired or wireless. One of the key advances in networks is the introduction of software programming features to strengthen the network and ensure central coordination of network resources which has resulted in software-defined networking architecture. The architecture compartmentalizes the network into two planes that coordinate together to improve performance of the network. The two planes are the data plane and the control plane (Othmane, Mouad & Redouane, 2017).
According to Zewairi (2017), the data plane is responsible for network data transmission. It is specifically responsible for system configuration, management, and routing table information exchanges. The data plane, also known as the forwarding plane, is in charge of the actual transmission of traffic to the destination network based on the logic of the control plane. The two planes work synchronously and they are distributed throughout the network (Maham et al., 2019). This concept has also been applied in the containment of security threats in both wired (LANs) and wireless (WLANs) networks based on the IP version 4 address. There is a need to extend it to other domains such as Mobile IP version 6 (MIPV6) to contain key security threats such as Sniffing attacks, Distributed Denial of Service (DDoS) attacks, and damage control.
1.2 The Concept of Software-defined Networking
Software-Defined Networking (SDN) is a model that seeks to improve network performance in terms of its control and flexibility under different conditions. Its emergence as a secure, flexible, and well-managed model enables it to provide central network control and management (Bakhshi, 2018). The function is performed through a central controller known as the Software-Defined Networking Controller (SDNc). Once the network has been segregated into control function and data function, it is able to coordinate all the activities such as data transmission, error detection and correction (Zewairi, 2017).
The ease of programming the network using the SDN model makes it exploitable in network security processes such as monitoring, analysis, and response (Cox et al., 2016). The other advantage of the Software-Defined Networking model is that it is adaptable, manageable, cost- effective, and dynamic. Originally, it was used in the wired networks, however, with the widespread adoption of the mobile devices such as smartphones, tablets, smartwatches, laptop computers, and hand-held gaming consoles, it is now used in wireless networks as well (Maham et al., 2019). The wireless networks are applied in all spheres of life such as businesses, homes and even public places. They also make one-to-one mapping of a client and a light virtual access point with a unique and different Basic Service Set Identifier (BSSID) possible.
1.1.2 The Concept of Mobile IP version 6 (MIPV6)
The Mobile IP version 6 supports mobility for Internet Protocol version 6. It allows reserving of one internet address everywhere as well as allowing applications using the same address to maintain transport and upper-layer connections where there is change of location. MIPV6 also allows mobility between homogeneous and heterogeneous media (Samuel, 2018). In wireless networks supported by the MIPV6, each mobile node consists of two IP addresses namely, home address and care-of address. The home address is usually a permanent Internet Protocol address whose purpose is to identify the mobile node irrespective of its location. On the other hand, the care-of address usually changes at any new point of connection and also provides all the information on the current situation of the mobile node. Any time a mobile node arrives in any network it acquires a care-of address (Tsuguo et al., 2016). The address is used throughout the time the mobile node is in the location of the visited network. The mobile node or device is also able to get the care-off address using the methods of the IP version 6 Neighborhood Discovery which makes both the stateful and stateless auto configuration possible.
The ability of the IP version 6 to support mobility is not available in IP version 4. The mobility functionality is usually complex which raises a number of concerns in regards to security Mobility in IP version 6 environment uses two types of addresses, the real address which is a typical IPV6 address contained in an extension header and the mobile address which is a temporary address (Samuel, 2018). The characteristics of the networks, therefore, makes the temporary component of a mobile node susceptible to various attacks such as sniffing and DDoS on the home agent. To ward off this challenge, mobility requires special security mechanisms which network administrators must be cognizant of (Tim, 2002).
1.2 Research Problem
Several studies have been conducted on improvement of security using Mobile-Defined Networking model. However, one of the issues still open in the Software-Defined Networks is security exploitation in regards to mobility. Some of the security challenges with Mobile Internet Protocol version 6 (MIPV6) are the sniffing and Distributed Denial of Service (DDoS) attacks. According to Tony (2016), Rene et al (2018), and Maham et al (2019), several studies have been done on Software-Defined Networking as a model to address security challenges. However, these have been confined to wired network architectures. The findings have also been on IPv4 where the SDN model has been employed to coordinate all decisions of networks through a central authority known as the SDN controller which manages all network connections and associated data flows (Scott et al., 2016). Very few studies have also focused on the comparison of performance between SDN models and traditional models concerning security. With mobility, different devices can move from one access point to the other leading to the introduction of foreign objects in mobile/wireless networks. These can pose security challenges in shared networks where management and control are not done centrally through an SDN controller. The study, therefore, sought to find out how the use of Software-Defined Networking model could be used to improve security in a Mobile Internet Protocol version 6 environment.
1.3 Research Objectives
The following were the research objectives of the study:
(i) Apply a Software-Defined Networking model to contain Sniffing and DDoS security threats in the Mobile Internet Protocol version 6 (MIPV6).
(ii) Explore effects of Sniffing and DDoS security threats in the Mobile Internet Protocol version 6 (MIPV6).
(iii) Determine Software-Defined Networking mechanisms for containing Sniffing and DDoS security threats in the Mobile Internet Protocol version 6 (MIPV6).
(iv) Show that the Software-Defined Networking model can better contain Sniffing and DDoS security threats in MIPV6 as compared to traditional network models.
1.4 Value of the Study
The discussions of the study would be instrumental to theory development by future researchers and academicians. The concepts and theories advanced in the study would be handy in augmenting their background knowledge in regards to various thematic areas such as software- defined networking, network service orchestration, and Mobile Internet Protocol version 6 (MIPV6). In addition, the study would also be used as reference point by the researchers and academicians.
As a researcher, the study would enhance my understanding of security challenges inherent in the Mobile Internet Protocol version 6 (MIPV6) environment which was an emerging knowledge domain, and how software-defined networking and network service orchestration models could be applied to solve those challenges in wireless networks. To the community, the study would help in solving various network mobility security threats that affect Quality of Service (QoS), traffic overload as well as policies around it. In this way, it would enhance the development of new or improvement of existing commercial products, technology advancements, and or in industrial development that could have a huge economic impact.
1.5 Motivation for the Research
The research study was motivated chiefly by the need to augment the knowledgebase in the area of the Distributed Computing Technology through the application of software-defined networking and security in Mobile Internet Protocol version 6 (MIPV6). This would help foster critical thinking and analytical skills through hands-on learning. Through this study, the researcher would also be able to define his academic, personal, and career path through the acquisition of specialized knowledge leading to the attainment of a master’s degree.
Login To Comment