Software-Defined Networks (SDNs) are typically designed and operated under the assumption that the underlying routers (and switches) are trustworthy. Recent incidents, however, suggest that this assumption is questionable. The possibility of incorrect or even malicious router behavior introduces a wide range of security problems. The problem is exacerbated by the fact that governments and companies do not have the expertise nor budget to build their own trusted high-performance routing hardware. This paper presents NetCo, an approach to build secure routing using insecure routers. NetCo is inspired by the robust combiner concept known from cryptography, and leverages redundancy to compile a secure whole from insecure parts. We present the basic design of NetCo, and report on a small prototype implementation in OpenFlow. We also sketch a virtualized version of NetCo which, by leveraging SDN traffic engineering flexibilities, can significantly reduce the hardware costs involved in implementing NetCo.

Top