Residential SDN Research

While the software-defined networking (SDN) paradigm has had a significant impact on enterprise networks, in particular in data centers, it has not spread to residential users. But, the fundamental properties of SDNs, namely the outsourcing of management and control, are key enablers of a shift in how we manage residential networks.

In our research, we have modified the TP-LINK TL-WR1043ND v2 wireless router with a custom OpenWRT firmware image that enables OpenFlow support. We then created an OpenFlow controller in the Amazon EC2 cloud and configured the router to elevate traffic to the cloud controller. In our research, we confirmed that the latency overheads inherent in the approach would be acceptable in practice.

This research project will study the data collected from multiple residential routers to evaluate the feasibility of OpenFlow. The approach will also examine the feasibility of selectively proxying traffic through VMs in EC2 to enable IDS and protocol-aware firewalling techniques.

When complete, we expect to have results showing the viability of cloud-based network defenses for residential networks directly via cloud computing providers or through third-party services running in cloud environments.

Tutorials for Others

Yu Liu, a PhD student working on the residential SDN project, created a tutorial for others when setting up OpenFlow on similar consumer-grade routers. It is available at https://web.cs.wpi.edu/~yliu25/floodlightsetup.html.

Related Publications

1. Curtis R. Taylor, Tian Guo, Craig A. Shue, Mohamed E. Najd, "On the Feasibility of Cloud-Based SDN Controllers for Residential Networks," IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), November 2017.
   [ Abstract ] [ Full Paper ]
   Residential networks are home to increasingly diverse devices, including embedded devices that are part of the Internet of Things phenomenon, leading to new management and security challenges. However, current residential solutions that rely on customer premises equipment (CPE), which often remains deployed in homes for years without updates or maintenance, are not evolving to keep up with these emerging demands. Recently, researchers have proposed to outsource the tasks of managing and securing residential networks to cloud-based security services by leveraging software-defined networking (SDN). However, the use of cloud-based infrastructure may have performance implications.
    
   In this paper, we measure the performance impact and perception of a residential SDN using a cloud-based controller through two measurement studies. First, we recruit 270 residential users located across the United States to measure residential latency to cloud providers. Our measurements suggest the cloud controller architecture provides 90% of end-users with acceptable performance with judiciously selected public cloud locations. When evaluating web page loading times of popular domains, which are particularly latency-sensitive, we found an increase of a few seconds at the median. However, optimizations could reduce this overhead for top websites in practice.
2. Curtis R. Taylor, Craig A. Shue, "Validating Security Protocols with Cloud-Based Middleboxes," IEEE Conference on Communications and Network Security (CNS), October 2016.
   [ Abstract ] [ Full Paper ]
   Residential networks pose a unique challenge for security since they are operated by end-users that may not have security expertise. Residential networks are also home to devices that may have lackluster security protections, such as Internet of Things (IoT) devices, which may introduce vulnerabilities. In this work, we introduce TLSDeputy, a middlebox-based system to protect residential networks from connections to inauthentic TLS servers. By combining the approach with OpenFlow, a popular software-defined networking protocol, we show that we can effectively provide residential network-wide protections across diverse devices with minimal performance overheads.
3. Curtis R. Taylor, Craig A. Shue, Mohamed E. Najd, "Whole Home Proxies: Bringing Enterprise-Grade Security to Residential Networks," IEEE ICC Communication and Information Systems Security Symposium, May 2016.
   [ Abstract ] [ Full Paper ]
   While enterprise networks follow best practices and security measures, residential networks often lack these protections. Home networks have constrained resources and lack a dedicated IT staff that can secure and manage the network and systems. At the same time, homes must tackle the same challenges of securing heterogeneous devices when communicating to the Internet. In this work, we explore combining software-defined networking and proxies with commodity residential Internet routers. We evaluate a "whole home" proxy solution for the Skype video conferencing application to determine the viability of the approach in practice. We find that we are able to automatically detect when a device is about to use Skype and dynamically intercept all of the Skype communication and route it through a proxy while not disturbing unrelated network flows. Our approach works across multiple operating systems, form factors, and versions of Skype.

Press Releases and Videos

This project is described in a press release from WPI as well as in the following video that demonstrates how the technology works.

Acknowledgement of Support

This material is based upon work supported by the National Science Foundation under Grant No. 1651540. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.