A Secure Communication Framework for Enterprise Networks using SDN

Abstract

In today’s era, large data centers are drawn towards the two popular technologies i.e., Enterprise Integration Patterns (EIP) and Software Defined Networking (SDN). The former is the combination of design patterns that integrates the new and existing business applications in an enterprise environment whereas, the latter is a rapidly evolving networking paradigm that has reshaped the large enterprise network management by introducing programmable planes and centralized control. The SDN-based design provides flexibility in network management which spans over multiple applications e.g., routing, switching, forwarding, and controlling. It reduces the reliance on vendorspecific devices and middlebox solutions like firewalls, IDS, IPS, etc. The promising features of EIP i.e., asynchronous communication, reliability, and that of SDN, namely, robustness, network programmability, agility, and global visibility can be merged, to cope with growing network demands and security. In this research, we introduce a new communication framework for enterprise networks that incorporates EIP in SDN for asynchronous and reliable message exchange among applications. The proposed communication framework integrates multiple technologies such as Virtual Local Area Networks (VLANs), Address Resolution Protocol (ARP), context-aware services, and anonymous communication, to provide accurate, efficient, and secure network services. Moreover, all the above-mentioned technologies are implemented as application modules of the RYU SDN controller, and communication is only allowed between any two applications/services through EIP Channel. To provide communication within the same network, the proposed communication framework utilizes the functionality of VLANs by offering an adaptive VLAN Management module. Using this module, the framework supports reactive VLAN creation and deletion mechanisms between the communicating hosts. Additionally, VLANs are only created for the active duration of the communication. Furthermore, to enable communication between applications from different networks in an enterprise environment, this framework also contains a packet forwarding module where hosts IP addresses are concealed from each other. Furthermore, due to the integration of different technologies, privacy is one of the core issues faced by the enterprise. Host anonymity is one of the techniques to safeguard against privacy attacks; however, the existing anonymization solutions provide better anonymity, but at the cost of higher latency and are most suited for internet traffic. To tackle this issue in an enterprise network, this research offers anonymous communication among hosts in an enterprise environment. Unlike the traditional networks, SDN can modify the header fields of packets as they traverse the network from source to destination. Host anonymity is achieved by replacing the real IP address with the hoax IP address during the transmission of data packets inside the network. Similarly, we also present a context-aware communication framework by leveraging the global visibility feature of SDN. In this context-aware communication, services are discoverable to the clients without disclosing the addresses of actual application servers. By using these context-aware services, network traffic is routed based on the application layer information rather than the network layer information. The evaluation is done using multiple scenarios having different host configurations. We conducted series of experiments to test the accuracy, efficiency, computational complexity, and security of the communication framework. In addition, we also highlighted that the proposed framework is more suitable for heterogeneous network environments such as IoT-based solutions.