Change search
ReferencesLink to record
Permanent link

Direct link
Security Analysis of a Software Defined Wide Area Network Solution
KTH, School of Information and Communication Technology (ICT).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Enterprise wide area network (WAN) is a private network that connects the computers and other devices across an organisation's branch locations and the data centers. It forms the backbone of enterprise communication. Currently, multiprotocol label switching (MPLS) is commonly used to provide this service. As a recent alternative to MPLS, software-dened wide area networking (SD-WAN) solutions are being introduced as an IP based cloud-networking service for enterprises. SD-WAN virtualizes the networking service and eases the complexity of conguring and managing the enterprise network by moving these tasks to software and a central controller. The introduction of new technologies causes concerns about their security. Also, this new solution is introduced as a replacement for MPLS, which has been considered secure and has been in use for more than 16 years. Thus, there is a need to analyze the security of SD-WAN, which is the goal of this thesis. In this thesis, we perform a security analysis of a commercial SD-WAN solution, by finding its various attack surfaces, associated vulnerabilities and design weaknesses. We choose Nuage VNS, an SD-WAN product provided by Nuage Networks, as the analysis target. As a result, many attack surfaces and security weaknesses were found and reported, especially in the Customer Premises Equipment (CPE). In particular, we found vulnerabilities in the CPE's secure bootstrapping method and demonstrated some attacks by exploiting them. Finally, we propose mitigation steps to avoid the attacks. The results of this thesis will help both the service provider and the SD-WAN solution vendor to know about the attack surfaces and weaknesses of SD-WAN before o ering it to their customers. We also help in implementing the temporary countermeasures to mitigate the attacks. The results have been presented to the service provider and the vendor of the SD-WAN product.

Place, publisher, year, edition, pages
2016. , 71 p.
Series
TRITA-ICT-EX, 116
Keyword [en]
SD-WAN, Nuage VNS, virtual network functions, security
National Category
Engineering and Technology Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-190193OAI: oai:DiVA.org:kth-190193DiVA: diva2:952048
Subject / course
Electrical Engineering
Educational program
Master of Science -Security and Mobile Computing
Examiners
Available from: 2016-08-11 Created: 2016-08-11 Last updated: 2016-08-11Bibliographically approved

Open Access in DiVA

fulltext(1707 kB)59 downloads
File information
File name FULLTEXT01.pdfFile size 1707 kBChecksum SHA-512
f82119be31ff29c7af69bf2114ccb43bb5c46daf7af0fd304486f8c36ba985458a88c2d9c4bc8f2723264858e9b636ce37d35e85751b7179638a649bfccffe23
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and TechnologyElectrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 59 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 39 hits
ReferencesLink to record
Permanent link

Direct link