An SDN-based approach to enhance the end-to-end security: SSL/TLS case study

Alireza Ranjbar, Miika Komu, Patrik Salmela, Tuomas Aura

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference contributionScientificvertaisarvioitu

22 Sitaatiot (Scopus)


End-to-end encryption is becoming the norm for many applications and services. While this improves privacy of individuals and organizations, the phenomenon also raises new kinds of challenges. For instance, with the increase of devices using encryption, the volumes of outdated, exploitable encryption software also increases. This may create some distrust amongst the users against security unless its quality is enforced in some ways. Unfortunately, deploying new mechanisms at the end-points of the communication is challenging due to the sheer volume of devices, and modifying the existing services may not be feasible either. Hence, we propose a novel method for improving the quality of the secure sessions in a centralized way based on the SDN architecture. Instead of inspecting the encrypted traffic, our approach enhances the quality of secure sessions by analyzing the plaintext handshake messages exchanged between a client and server. We exploit the fact that many of today's security protocols negotiate the security parameters such as the protocol version, encryption algorithms or certificates in plaintext in a protocol handshake before establishing a secure session. By verifying the negotiated information in the handshake, our solution can improve the security level of SSL/TLS sessions. While the approach can be extended to many other protocols, we focus on the SSL/TLS protocol in this paper because of its wide-spread use. We present our implementation for the OpenDaylight controller and evaluate its overhead to SSL/TLS session establishment in terms of latency.

OtsikkoProceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
ISBN (elektroninen)9781509002238
DOI - pysyväislinkit
TilaJulkaistu - 30 kesäk. 2016
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisuussa
TapahtumaIEEE/IFIP Network Operations and Management Symposium - Istanbul, Turkki
Kesto: 25 huhtik. 201629 huhtik. 2016


ConferenceIEEE/IFIP Network Operations and Management Symposium


Sukella tutkimusaiheisiin 'An SDN-based approach to enhance the end-to-end security: SSL/TLS case study'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä