Change search
ReferencesLink to record
Permanent link

Direct link
Security Analysis of a Software Defined Wide Area Network Solution
KTH, School of Information and Communication Technology (ICT).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Enterprise wide area network (WAN) is a private network that connects the computers and other devices across an organisation's branch locations and the data centers. It forms the backbone of enterprise communication. Currently, multiprotocol label switching (MPLS) is commonly used to provide this service. As a recent alternative to MPLS, software-dened wide area networking (SD-WAN) solutions are being introduced as an IP based cloud-networking service for enterprises. SD-WAN virtualizes the networking service and eases the complexity of conguring and managing the enterprise network by moving these tasks to software and a central controller. The introduction of new technologies causes concerns about their security. Also, this new solution is introduced as a replacement for MPLS, which has been considered secure and has been in use for more than 16 years. Thus, there is a need to analyze the security of SD-WAN, which is the goal of this thesis. In this thesis, we perform a security analysis of a commercial SD-WAN solution, by finding its various attack surfaces, associated vulnerabilities and design weaknesses. We choose Nuage VNS, an SD-WAN product provided by Nuage Networks, as the analysis target. As a result, many attack surfaces and security weaknesses were found and reported, especially in the Customer Premises Equipment (CPE). In particular, we found vulnerabilities in the CPE's secure bootstrapping method and demonstrated some attacks by exploiting them. Finally, we propose mitigation steps to avoid the attacks. The results of this thesis will help both the service provider and the SD-WAN solution vendor to know about the attack surfaces and weaknesses of SD-WAN before o ering it to their customers. We also help in implementing the temporary countermeasures to mitigate the attacks. The results have been presented to the service provider and the vendor of the SD-WAN product.

Place, publisher, year, edition, pages
2016. , 71 p.
Keyword [en]
SD-WAN, Nuage VNS, virtual network functions, security
National Category
Engineering and Technology Electrical Engineering, Electronic Engineering, Information Engineering
URN: urn:nbn:se:kth:diva-190193OAI: diva2:952048
Subject / course
Electrical Engineering
Educational program
Master of Science -Security and Mobile Computing
Available from: 2016-08-11 Created: 2016-08-11 Last updated: 2016-08-11Bibliographically approved

Open Access in DiVA

fulltext(1707 kB)113 downloads
File information
File name FULLTEXT01.pdfFile size 1707 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and TechnologyElectrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 113 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 75 hits
ReferencesLink to record
Permanent link

Direct link