An SDN-based approach to enhance the end-to-end security: SSL/TLS case study

Alireza Ranjbar, Miika Komu, Patrik Salmela, Tuomas Aura

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

22 Citations (Scopus)


End-to-end encryption is becoming the norm for many applications and services. While this improves privacy of individuals and organizations, the phenomenon also raises new kinds of challenges. For instance, with the increase of devices using encryption, the volumes of outdated, exploitable encryption software also increases. This may create some distrust amongst the users against security unless its quality is enforced in some ways. Unfortunately, deploying new mechanisms at the end-points of the communication is challenging due to the sheer volume of devices, and modifying the existing services may not be feasible either. Hence, we propose a novel method for improving the quality of the secure sessions in a centralized way based on the SDN architecture. Instead of inspecting the encrypted traffic, our approach enhances the quality of secure sessions by analyzing the plaintext handshake messages exchanged between a client and server. We exploit the fact that many of today's security protocols negotiate the security parameters such as the protocol version, encryption algorithms or certificates in plaintext in a protocol handshake before establishing a secure session. By verifying the negotiated information in the handshake, our solution can improve the security level of SSL/TLS sessions. While the approach can be extended to many other protocols, we focus on the SSL/TLS protocol in this paper because of its wide-spread use. We present our implementation for the OpenDaylight controller and evaluate its overhead to SSL/TLS session establishment in terms of latency.

Original languageEnglish
Title of host publicationProceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
Number of pages8
ISBN (Electronic)9781509002238
Publication statusPublished - 30 Jun 2016
MoE publication typeA4 Article in a conference publication
EventIEEE/IFIP Network Operations and Management Symposium - Istanbul, Turkey
Duration: 25 Apr 201629 Apr 2016


ConferenceIEEE/IFIP Network Operations and Management Symposium
Abbreviated titleNOMS


  • Centralized policy management
  • Flow verification
  • Handshake analysis
  • Software-Defined Networking


Dive into the research topics of 'An SDN-based approach to enhance the end-to-end security: SSL/TLS case study'. Together they form a unique fingerprint.

Cite this