User login

Search Projects

Project Members

Adam Coxhead admin

Improved security for network clients using OpenFlow

OpenFlow is a open network protocol used in Software Defined Networking(SDN) which allows for the high level routing decisions of a switch to be separated from its hardware and instead moved to a separate controller running in software. OpenFlow is the protocol by which this separate controller and the switch communicate with one another. Separating the controller from the hardware like this allows for more complex routing of traffic.
The aim of my project is to improve the security and efficiency of network protocols using OpenFlow, initially focusing on improving the security of ARP.

24

May

2013

Had to give my in class presentation this week, which went alright. Have pretty much finished off writing my interim report this week as well. Other than that, I have spent some time reading up about spanning tree successors and implementations that have been done in OpenFlow to get an idea of what is out there.

17

May

2013

Worked on my in class presentation for this project this week as well as starting my Interim report.

10

May

2013

This week my time was nearly entirely divided up between preparing for my 552 test and writing my lit review for 513 so haven't had much time to spend on my project.

03

May

2013

Continued to have a look into layer 2 loops this week. Played around with my controller a bit, so that for known typologies it would stop broadcast loops as well as continue to use the shortest path between switches.

26

Apr

2013

Spent a large portion of this week getting familiar with OpenFlow version 1.2, taking the simple_switch.py Ryu comes with as an example which is designed for version 1.0 and rewriting with the features of 1.2 in mind. This was mainly to help me get familiar with it.
Otherwise this week has been primarily a "work out what next" week so I had a look into loops in a layer two network and how using OpenFlow I could prevent broadcast loops.

19

Apr

2013

Pretty much finished off phase 1 of this project this week. I worked on a second approach to addressing the security of ARP requests, this time working solely in the controller unlike the previous approach, which used a combination of the controller and a script running on another virtual machine. Basically this approach had the controller mapping IP addresses to MAC addresses and responding to ARP requests itself. This allows for an easier way to learn about static IP's which was a weakness of the first approach.

I have also had a chat with Richard and we have discussed a general overview of the next phase of this project. My plan is to iron out and start this next phase next week.

12

Apr

2013

Not much achieved on my project this week. However with the break coming up I have allocated a large portion of time to working on this. I have also planned out my next stage which is to have the controller responding to arp queries.

05

Apr

2013

Spent time this week looking into Ryu. I basically looked through the simple layer 2 switch code and worked out what each part was doing and how. Also looked at some of the other features it provides and how to go about using them. Following that I looked into creating rules for a switch using Ryu. Once I had that I modified the layer 2 switch code to intercept all ARP requests and output them to the port the DHCP server/ arp response script were running on.

29

Mar

2013

Short week this week due to Easter. Had some other assignments to be working on this week. However I was able to
write a new python script that works like a merging of the two scripts I had last week. i.e. when it sees an arp packet, it queries a DHCP server for relevant information and forges a response to the machine that sent the request. I looked tcpdump output to make sure this response was being sent correctly.

Next week I hope to look into the controller side of things,
re-familiarising myself with ryu and looking into introducing rules to the switch

22

Mar

2013

This week I spent my time getting a ISC DHCP server up and running on one of my vm's connected to the OVS switch and made sure it was handing out leases and that everything was running as it should.

Next I spent some time looking into "Pypureomapi" witch is a Python implementation of the DHCP OMAPI protocol. Looked at some of the example code and now have a simple script on the vm running the DHCP server that can query the DHCP server for information about leases.

The last thing I looked into was "Scapy", Richard found a webpage for me about how it can be used to sniff for arp packets and respond. I wrote another script that sniffs for arp packets on an interface and prints the src and destination addresses for that arp packet.

15

Mar

2013

Proposal was due this week.
so not much progress was made, majority of my time was put into writing my proposal. The other time I had, I used for finishing up assignments for other classes.
However in writing my report did manage to get a more concrete idea of how I want to proceed with my project and what it entails which is good.

08

Mar

2013

This week my main focus was to learn about the enviroment and tools I will be working in for my project.

Initially met up with Richard to discuss my project in a bit more depth to give me a better idea as to what I would be looking at doing. Also had a chat with Chris in order to find a bit more about openvswitch and ryu, how he has been using them and what sort of setup he would suggest for my project.

After the talk with Richard and Chris spent the rest of the week looking at setting an enviroment up for my project. This consited of an OVS switch and with some help from Brad some lxc containers to connect up to it.

Got the ryu simple_switch.py up and running