[1] F Holik rdquoRequirements on SDN Applications for Smart Citiesrdquo in 5th Inter-national Conference on Communication and Computer Engineering (ICOCOE)Malaysia July 2018
[2] F Holik rdquoSDN Security Protection Methods for IoT Networksrdquo in 5th Inter-national Conference on Communication and Computer Engineering (ICOCOE)Malaysia July 2018
[3] F Holik S Neradova rdquoUsing Raspberry Pi as an SDN Enabled Switchrdquo in 5thInternational Conference on Communication and Computer Engineering (ICO-COE) Malaysia July 2018
These papers were accepted and presented in conferences but they were not yet pub-lished The papers are expected to be published in the following journals
Attachments
Attachment A - SC Topology Script
This attachment shows the complete Python script which creates the topology of theuse case Lancaster Smart City
usrbinpython
from mininetnet import Mininet
from mininetnode import RemoteController Host OVSKernelSwitch
from mininetcli import CLI
from mininetlog import setLogLevel info
def myNetwork()
net = Mininet( topo=None
build=False
ipBase=100008)
info( Adding controllern )
cont=netaddController(name=lan_cont
controller=RemoteController
ip=127001
protocol=tcp
port=6633)
info( Add switchesn)
dtc1s = netaddSwitch(DTC1S cls=OVSKernelSwitch dpid=1)
lan1s = netaddSwitch(LAN1S cls=OVSKernelSwitch dpid=2)
lan2s = netaddSwitch(LAN2S cls=OVSKernelSwitch dpid=3)
lan3s = netaddSwitch(LAN3S cls=OVSKernelSwitch dpid=4)
mor1s = netaddSwitch(MOR1S cls=OVSKernelSwitch dpid=5)
mor2s = netaddSwitch(MOR2S cls=OVSKernelSwitch dpid=6)
mor3s = netaddSwitch(MOR3S cls=OVSKernelSwitch dpid=7)
hey1s = netaddSwitch(HEY1S cls=OVSKernelSwitch dpid=8)
hey2s = netaddSwitch(HEY2S cls=OVSKernelSwitch dpid=9)
hey3s = netaddSwitch(HEY3S cls=OVSKernelSwitch dpid=A)
sco1s = netaddSwitch(SCO1S cls=OVSKernelSwitch dpid=B)
sco2s = netaddSwitch(SCO2S cls=OVSKernelSwitch dpid=C)
sco3s = netaddSwitch(SCO3S cls=OVSKernelSwitch dpid=D)
hwf1s = netaddSwitch(HWF1S cls=OVSKernelSwitch dpid=E)
lss1s = netaddSwitch(LSS1S cls=OVSKernelSwitch dpid=F)
hpp1s = netaddSwitch(HPP1S cls=OVSKernelSwitch dpid=10)
info( Add hostsn)
ser001_dtc = netaddHost(SER001_DTC cls=Host ip=10101 mac=000000000001)
ser002_dtc = netaddHost(SER002_DTC cls=Host ip=10102 mac=000000000002)
sap001_lan = netaddHost(SAP001_LAN cls=Host ip=10211 mac=000000000011)
sip001_lan = netaddHost(SIP001_LAN cls=Host ip=10221 mac=000000000012)
stl001_lan = netaddHost(STL001_LAN cls=Host ip=10231 mac=000000000013)
stl002_lan = netaddHost(STL002_LAN cls=Host ip=10232 mac=000000000014)
sip002_lan = netaddHost(SIP002_LAN cls=Host ip=10222 mac=000000000015)
sap002_lan = netaddHost(SAP002_LAN cls=Host ip=10212 mac=000000000016)
sap003_lan = netaddHost(SAP003_LAN cls=Host ip=10213 mac=000000000017)
stl003_lan = netaddHost(STL003_LAN cls=Host ip=10233 mac=000000000018)
stl001_mor = netaddHost(STL001_MOR cls=Host ip=10331 mac=000000000021)
sps001_mor = netaddHost(SPS001_MOR cls=Host ip=10341 mac=000000000022)
sps004_mor = netaddHost(SPS004_MOR cls=Host ip=10344 mac=000000000023)
evs001_mor = netaddHost(EVS001_MOR cls=Host ip=10351 mac=000000000024)
stl002_mor = netaddHost(STL002_MOR cls=Host ip=10332 mac=000000000025)
sps002_mor = netaddHost(SPS002_MOR cls=Host ip=10342 mac=000000000026)
evs002_mor = netaddHost(EVS002_MOR cls=Host ip=10352 mac=000000000027)
sps003_mor = netaddHost(SPS003_MOR cls=Host ip=10343 mac=000000000028)
sip001_hey = netaddHost(SIP001_HEY cls=Host ip=10421 mac=000000000031)
sts001_hey = netaddHost(STS001_HEY cls=Host ip=10471 mac=000000000032)
188
sls001_hey = netaddHost(SLS001_HEY cls=Host ip=10461 mac=000000000033)
sip002_hey = netaddHost(SIP002_HEY cls=Host ip=10422 mac=000000000034)
sts002_hey = netaddHost(STS002_HEY cls=Host ip=10472 mac=000000000035)
sls002_hey = netaddHost(SLS002_HEY cls=Host ip=10462 mac=000000000036)
sls003_hey = netaddHost(SLS003_HEY cls=Host ip=10463 mac=000000000037)
sls004_hey = netaddHost(SLS004_HEY cls=Host ip=10464 mac=000000000038)
sls001_sco = netaddHost(SLS001_SCO cls=Host ip=10561 mac=000000000041)
ses001_sco = netaddHost(SES001_SCO cls=Host ip=10581 mac=000000000042)
sls002_sco = netaddHost(SLS002_SCO cls=Host ip=10562 mac=000000000043)
sls003_sco = netaddHost(SLS003_SCO cls=Host ip=10563 mac=000000000044)
sts001_sco = netaddHost(STS001_SCO cls=Host ip=10571 mac=000000000045)
sts002_sco = netaddHost(STS002_SCO cls=Host ip=10572 mac=000000000046)
sls004_sco = netaddHost(SLS004_SCO cls=Host ip=10564 mac=000000000047)
ses002_sco = netaddHost(SES002_SCO cls=Host ip=10582 mac=000000000048)
ctv001_hwf = netaddHost(CTV001_HWF cls=Host ip=10691 mac=000000000051)
ctv002_hwf = netaddHost(CTV002_HWF cls=Host ip=10692 mac=000000000052)
ses001_lss = netaddHost(SES001_LSS cls=Host ip=10781 mac=000000000061)
ses002_lss = netaddHost(SES002_LSS cls=Host ip=10782 mac=000000000062)
ctv001_hpp = netaddHost(CTV001_HPP cls=Host ip=10891 mac=000000000071)
ctv002_hpp = netaddHost(CTV002_HPP cls=Host ip=10892 mac=000000000072)
scd001_hpp = netaddHost(SCD001_HPP cls=Host ip=108101 mac=000000000073)
info( Add linksn)
netaddLink(dtc1s lan2s)
netaddLink(dtc1s mor3s)
netaddLink(dtc1s hey1s)
netaddLink(dtc1s sco1s)
netaddLink(dtc1s hwf1s)
netaddLink(dtc1s lss1s)
netaddLink(dtc1s hpp1s)
netaddLink(ser001_dtc dtc1s)
netaddLink(ser002_dtc dtc1s)
netaddLink(lan1s lan2s)
netaddLink(lan1s lan3s)
netaddLink(lan2s lan3s)
netaddLink(sap001_lan lan1s)
netaddLink(sip001_lan lan1s)
netaddLink(stl001_lan lan1s)
netaddLink(stl002_lan lan1s)
netaddLink(sip002_lan lan2s)
netaddLink(sap002_lan lan2s)
netaddLink(sap003_lan lan3s)
netaddLink(stl003_lan lan3s)
netaddLink(mor1s mor2s)
netaddLink(mor1s mor3s)
netaddLink(mor2s mor3s)
netaddLink(stl001_mor mor1s)
netaddLink(sps001_mor mor1s)
netaddLink(sps004_mor mor1s)
netaddLink(evs001_mor mor1s)
netaddLink(stl002_mor mor2s)
netaddLink(sps002_mor mor2s)
netaddLink(evs002_mor mor3s)
netaddLink(sps003_mor mor3s)
netaddLink(hey1s hey2s)
netaddLink(hey1s hey3s)
netaddLink(hey2s hey3s)
netaddLink(sip001_hey hey1s)
netaddLink(sts001_hey hey1s)
netaddLink(sls001_hey hey1s)
netaddLink(sip002_hey hey2s)
netaddLink(sts002_hey hey2s)
netaddLink(sls002_hey hey2s)
netaddLink(sls003_hey hey3s)
netaddLink(sls004_hey hey3s)
189
netaddLink(sco1s sco2s)
netaddLink(sco1s sco3s)
netaddLink(sco2s sco3s)
netaddLink(sls001_sco sco1s)
netaddLink(ses001_sco sco1s)
netaddLink(sls002_sco sco2s)
netaddLink(sls003_sco sco2s)
netaddLink(sts001_sco sco2s)
netaddLink(sts002_sco sco3s)
netaddLink(sls004_sco sco3s)
netaddLink(ses002_sco sco3s)
netaddLink(ctv001_hwf hwf1s)
netaddLink(ctv002_hwf hwf1s)
netaddLink(ses001_lss lss1s)
netaddLink(ses002_lss lss1s)
netaddLink(ctv001_hpp hpp1s)
netaddLink(ctv002_hpp hpp1s)
netaddLink(scd001_hpp lss1s) Virtual tunnel link
info( Starting networkn)
netbuild()
info( Starting controllersn)
for controller in netcontrollers
controllerstart()
info( Starting switchesn)
netget(DTC1S)start([cont])
netget(LAN1S)start([cont])
netget(LAN2S)start([cont])
netget(LAN3S)start([cont])
netget(MOR1S)start([cont])
netget(MOR2S)start([cont])
netget(MOR3S)start([cont])
netget(HEY1S)start([cont])
netget(HEY2S)start([cont])
netget(HEY3S)start([cont])
netget(SCO1S)start([cont])
netget(SCO2S)start([cont])
netget(SCO3S)start([cont])
netget(HWF1S)start([cont])
netget(LSS1S)start([cont])
netget(HPP1S)start([cont])
info( Post configure switches and hostsn)
ctv001_hwfcmdPrint(ifconfig CTV001_HWF-eth0 inet6 add fc00164)
ctv002_hwfcmdPrint(ifconfig CTV002_HWF-eth0 inet6 add fc00264)
ctv001_hppcmdPrint(ifconfig CTV001_HPP-eth0 inet6 add fc001164)
ctv002_hppcmdPrint(ifconfig CTV002_HPP-eth0 inet6 add fc001264)
ser001_dtccmdPrint(ifconfig SER001_DTC-eth0 inet6 add fc009964)
CLI(net)
netstop()
if __name__ == __main__
setLogLevel( info )
myNetwork()
190
Attachment B - SCPS Workflow
This attachment explains the main workflow of the SCPS1 Initialization of a new thread for statistics polling
File scps_main_modulepy Class MainSCPSModule
def __init__(self args kwargs)
omitted
fd_poller = FDPoller() Thread for periodic polling of information from switches
poller_thread = Thread(target=fd_pollerrun args=(selfSWITCH_POLL_TIMER
selfdatapath_dict))
poller_threadstart()
2 Periodical sending of queries (flow statistics requests) to switches
File fd_pollerpy Class FDPoller
The main function of the thread - periodically calls request in the defined interval
def run(self poll_time datapath_dict)
while True
for dpid datapath in datapath_dictiteritems()
selfsend_flow_stats_request(datapath)
timesleep(poll_time)
Function sends a FlowStatsRequest message for the content of flow table
def send_flow_stats_request(self datapath)
ofp = datapathofproto
ofp_parser = datapathofproto_parser
cookie = cookie_mask = 0
match = ofp_parserOFPMatch() Empty match = request for the entire flow table
req = ofp_parserOFPFlowStatsRequest(datapath 0 ofpOFPTT_ALL ofpOFPP_ANY
ofpOFPG_ANY cookie cookie_mask match)
datapathsend_msg(req)
3 The function for processing received statistics replies
File scps_main_modulepy Class MainSCPSModule
Handler declaration for OpenFlow StatsResponse messages
set_ev_cls(ofp_eventEventOFPFlowStatsReply MAIN_DISPATCHER)
def _flow_stats_reply_handler(self ev)
datapath = evmsgdatapath
flows = []
for stat in evmsgbody
flowdict = Preparation of a new entry into flow dictionary
flowdict[table_id] = stattable_id
flowdict[priority] = statpriority
flowdict[duration_sec] = statduration_sec
flowdict[idle_timeout] = statidle_timeout
flowdict[packet_count] = statpacket_count
flowdict[match] = str(statmatch)
flowdict[instructions] = str(statinstructions)
flowdict[dos_limit] = selfDoS_PROTECTION_PPS_HIGH
flowdict[bf_limit] = selfBF_PROTECTION_PP10S
Custom format of a match (parsed from the string)
flowdict[matchdict] = self_create_match_dict(str(statmatch))
Check if the flow already exists
previous_flowdict = self_flow_exists(datapathid flowdict)
if previous_flowdict = 0
Flow already exists so the statistics will be saved
flowdict = self_add_packet_count_history(previous_flowdict flowdict)
flowsappend(flowdict)
selfflow_tables_dict[datapathid] = flows Save the new flow
Protection modules functions
self_dos_protection(evmsg)
self_brute_force_protection(evmsg)
191
4 Initialization of the REST API class and definition of the function which returnsthe flow table for the switch specified in the dpid argument
File scps_main_modulepy Class SCPRestAPI
class SCPRestAPI(ControllerBase)
def __init__(self req link data config)
super(SCPRestAPI self)__init__(req link data config)
selfsc_app = data[SC_REST_INSTANCE]
Function listens on URL scflowsdpid for HTML requests
route(sc URL_FLOWS methods=[GET] requirements=)
def list_flows(self req kwargs)
dpid = kwargs[dpid] Switch DPID from the HTML request argument
flows = selfsc_appget_flows(dpid)
if flows == 0
return Response(status=404)
body = jsondumps(flows) Data is encoded into JSON format
return Response(content_type=applicationjson body=body)
5 Function of the web application which is executed when the URL rdquodos monito-ringrdquo is accessed The function sends a URL request to the REST API of the mainmodule (rdquoscflowsrdquo with the dpid of the first switch) A successful result will renderthe dos protectionhtml web page
File scps_web_apppy Web application (no class)
URL_FLOWS = scflows
omitted
approute(dos_monitoring)
def dos_monitoring()
data = get_data_from_connection_GET(URL_FLOWS + 0000000000000001)
if data == -1
return render_template(page-error-500html)
else
return render_template(dos_protectionhtml data=data
nodes=getConnectedNodes(data) topo=sc_lan_topo)
6 Examples of returned data usage in a html file
File dos_protectionhtml Web application (no class)
lttdgt
if flowrule[priority] == 8
ltdiv class=color-dangergt DoS attack detected Blocking the traffic ltdivgt
elif flowrule[packet_count_history]|length == 10
if ((flowrule[packet_count_history][9] - flowrule[packet_count_history][8])
flowrule[dos_limit] 100) gt 75
ltdiv class=color-warninggtUnusual traffic detected Utilization over 75 ltdivgt
else
The device is working correctly
endif
endif
lttdgt
omitted
lttdgtltspangt
topo[flowrule[matchdict][eth_src]][1]
ltspangtlttdgt
192
- List of Figures and Tables
- List of Abbreviations
- Introduction
- Theoretical Background
-
- Software Defined Networking
-
- Introduction
- SDN History
- Existing SDN Deployments
- SDN Architecture
- OpenFlow
-
- SDN Related Concepts
-
- Hybrid SDN
- SDN Related Protocols
- Network Function Virtualization
- Programmable Data Plane
-
- Internet of Things
-
- IoT Architecture
- Other IoT Architectures
- Future of IoT
-
- IoT Application Domains
-
- Smart Cities
- Smart City Domains
- Smart Mobility
-
- Related Work
-
- General SDN Research
- SDN in Internet of Things
- SDN in Specific IoT Areas
-
- SDN in Smart Cities
- SDN in Smart Grid Networks
- SDN in Smart Homes
- SDN in Smart Mobility
-
- SDN in Data Centres and Clouds
-
- Thesis Objectives
-
- Finding SDN Research Gap - Security
- Narrowing Research Scope
-
- SDN Applicability in IoT Application Domains
- Smart City as Area of IoT
- Aim of Thesis
-
- Thesis Motivation
-
- Traditional Networks Security Approach in SCs
- SDN Security Approach in SCs
-
- Thesis Goals and Contribution
-
- Thesis Goals
- Thesis Contribution
-
- Analysis of Smart Cities
-
- Smart Cities Architecture
-
- Smart Buildings Architecture
- Smart Grids Architecture
- Smart Homes Architecture
- Smart Mobility Architecture
-
- Analysis of SC Communication Protocols
-
- Smart City L2 Protocols
- SC Domain Specific L2 Protocols
- Smart City L7 Protocols
- Smart City Security Protocols
- Summary of Analysis
-
- Security Analysis of Smart Cities
-
- Attacks on SC Applications
- Privacy Issues
- Security Threats
-