Ensuring Flexibility and Security in SDN-Based Spacecraft Communication Networks Through Risk Assessment

Software-defined networking (SDN) has enabled elastic networking and resource distribution in cloud computing. The centralization and separation of the Control Plane also offers a high degree of network configurability and management, which can be used to mitigate and manage threats to the network. Space communication networks have historically been restricted and circuit switching in these networks has been a manual process. This study evaluates the potential role of SDN in space communication networks from a networking security standpoint. The evaluation covers the networking security needs of spacecraft missions and their associated assets. The results from the evaluation lead to a risk assessment that identifies vulnerabilities in an SDN-based communications architecture. Security challenges introduced into the network from integrating SDN are also considered. A risk register summarizes the severity of the attack outcomes, as well as occurrence likelihood. The study identifies Denial-of-Service (DoS) attacks as a new threat (presently unmitigated by existing security controls) that would be prevalent in an SDN-based space communication environment. A Mininet-based emulation testbed is built to demonstrate the susceptibility of spacecraft flight software to a flooding DoS attack when on an interconnected SDN-managed network. This type of attack would be highly consequential to mission assets, and therefore SDN-based space communications would need to be resilient to such attacks. Future work will need to be performed to fully characterize DoS attack methods that can apply to the space communication scenario, as well as to devise a comprehensive DoS-resilient solution.