Secure Software-Defined Networking Communication Systems for Smart Cities: Current Status, Challenges, and Trends

Mohamed Rahouti, Kaiqi Xiong, Yufeng Xin
2020 IEEE Access  
Smart city is a transformative and progressive vision that aims to revolutionize infrastructure systems and public services in an urban area with modern information technologies. Its ultimate goal is to greatly improve the livability Quality of Service (QoS) of its citizens and to optimize the utilization of its assets and natural resources sustainably. One of the key technical attributes in smart cities is to deploy a large number of sensors to collect data to enable real-time and intelligent
more » ... ecisions for various city functions and citizen needs. Many of the data have strict security requirements as they are either private to citizens or sensitive to critical infrastructures. As a result, how to securely and efficiently deliver and process the dramatically increasing volume of data becomes one of the grand challenges in materializing the smart city vision. In recent years, Software-Defined Networking (SDN) has emerged as a leading communication infrastructure candidate for smart cities. While many efforts have existed to research, prototype, and even deploy SDN on a small scale for some smart city applications, there is still a lack of cohesive understanding about SDN's impact on the secure communication need of smart cities. In this paper, we conduct a comprehensive survey of the core functionality of SDN from the perspective of secure communication infrastructure at different scales. A specific focus is put on the security threats and challenges in accordance with SDN plane-based architectures for various smart city-enabled applications. We further systematically categorize the state-of-art solutions and proposals to apply SDN to support typical smart city applications, such as transportation, health, and energy applications. Lastly, we cast a holistic view of future research trends. INDEX TERMS Communication system, OpenFlow, security, smart city, software defined networks. 12084 VOLUME 9, 2021 M. Rahouti et al.: Secure SDN Communication Systems for Smart Cities These manual security configurations (i.e., firewalls, IPSec, intrusion detection and prevention system (IDPS)) on a distributed set of network entities are vulnerable to inter-domain policy conflict and configuration and implementation errors, which may lead to earnest security ivulnerabilities and breaches [14] . Contrariwise, SDN improves security in a networkingenabled environment due to its centralized control of the network system and holistic visibility of the network behavior and run-time manipulation of inserting/pushing forwarding rules [15] . Therefore, the SDN non-distributed management of network allows for a more efficient enforcement of security policies and reduction of their conflicts. Additionally, security implementations such as security monitoring applications could efficiently inquire flow samples from data-paths via an SDN controller [16] . Once security analysis is finished, the monitoring application may guide the data path components to take action by either denying incoming traffic, redirecting the traffic to security-based middle boxes, or even restricting the traffic within a particular network authority. Moreover, SDN grants an efficient update of security applications and policy implementations. It allows for appending security modules at the controller platform instead of changing the hardware or even updating its firmware [16] . As the SDN controller detaches and centralizes the control plane of a network, it allows for the enforcement and automation of security policies due to the programmability features of the SDN controller. Therefore, SDN can deal with network threats and malicious traffic at runtime by leveraging applications of network security. To better represent an SDN architecture, Figure 2 depicts the main planes/layers of SDN and their functionalities. The three planes are shaped as follows: FIGURE 2. A high-level overview of SDN architecture layers. TABLE 1. A list of acronyms used in this article and corresponding definitions. KAIQI XIONG (Senior Member, IEEE) received the Ph.D. degree in computer science from North Carolina State University. Before returning to academia, he was with IT industry for several years.
doi:10.1109/access.2020.3047996 fatcat:cdxn6xeid5cvnkpqarvzrlvchi