Next Article in Journal
Research and Implementation of Intelligent Control System for Grassland Grazing Robotic Vehicle
Previous Article in Journal
A Multi-Feature Fusion-Based Automatic Detection Method for High-Severity Defects
Previous Article in Special Issue
Efficient Medical Knowledge Graph Embedding: Leveraging Adaptive Hierarchical Transformers and Model Compression
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 12
Issue 14
10.3390/electronics12143077
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Review
Peer-Review Record

Security and Privacy Issues in Software-Defined Networking (SDN): A Systematic Literature Review

Electronics 2023, 12(14), 3077; https://doi.org/10.3390/electronics12143077
by Muhammad Shoaib Farooq *, Shamyla Riaz and Atif Alvi
Reviewer 1:
Tianqi Liu
Reviewer 2: Anonymous
Electronics 2023, 12(14), 3077; https://doi.org/10.3390/electronics12143077
Submission received: 23 May 2023 / Revised: 10 July 2023 / Accepted: 10 July 2023 / Published: 14 July 2023
(This article belongs to the Special Issue Advanced Techniques in Computing and Security)

Round 1

Reviewer 1 Report

In this article, it mainly introduces the development of Software-defined Network, more than 100 references have been cited, some conclusions have been analyzed, I think there are currently the following issues with this article.

(1)    I don't think the abstract was well written. The abstract needs to include the purpose, method, results, and conclusion of the article. The current abstract does not meet this requirement.

(2)    Although this is a review article, when citing references, it is not simply a matter of listing them together, and representative literature should be chosen.

(3)    In chapter 3.1, in Table 1, what is the basis for setting these problems? In this Table, there are 7 questions, but when expressed in writing, it is mentioned that there are six issues?

(4)    In Table 2, what is the basis for setting Quality Assessment?

(5)    Overall, the writing method of this article is more like a textbook than a review, and the authors should pay attention to the writing method.

 

Comments for author File: Comments.pdf

Moderate editing of English language required

Author Response

We have addressed all concerns of reviewer 1

Author Response File: Author Response.docx

Reviewer 2 Report

Why the research in the paper is important:

Software-defined Network (SDN) has radically changed the network infrastructure by decoupling the data plane and control plane. This architectural shift rejuvenates the network layer by granting the re-programmability and centralized management of networks which brings up exciting challenges. Although SDN seems a secured network as compared to conventional networks, still, it is vulnerable and faces rigorous deployment challenges. Moreover, the bifurcation of data and control planes also opens up new security problems. This systematic literature review (SLR) has formalized the problem space by identifying the potential attack scenarios and highlighting the possible vulnerabilities.

Contributions and novelty of the paper with respect to the state of the art:

Eighty-six articles have been selected carefully to formulize the SLR. In this research, an attack taxonomy has been introduced by analyzing the security threats to the application plane, control plane, and data plane of SDN. Moreover, we also review the existing security solutions which are proposed by researchers to secure the SDN planes. In this SLR, we have proposed a collaborative security model after identifying the security attacks comprehensively on SDN planes. Lastly, research gaps, challenges, and future directions have been discussed for the deployment of secure SDN.

The comments with respect to shortcomings and to improve the paper quality of the state-of-the-art:

The followings are the Major issues might include problems with the study’s methodology, techniques, analyses, missing controls or other serious flaws. Please address them carefully to avoid multiple revisions.

See my comments regarding PQC and SCA and lightweight crypto detailed below.

- With any new security measure implementation, you need to make sure you provide benchmark for active/passive side-channel attacks (SCAs). Fault attack and power analysis attack and countermeasures need to be mentioned. Moreover, combined attacks need to be mentioned. I would like to see a paragraph on combined fault and power analysis attacks assessment and countermeasure. At least add a paragraph to describe it, that is enough. Mention and add a paper about "fault detection of ring-LWE on FPGA" too.


- With the advent of post-quantum cryptography (PQC), it is better to add some relevant works to make sure you cover that topic too. This is the hottest topic in cryptography now. When PQC replaces ECC/RSA every security application from smart phones to block chains will be affected. With PQC, ARM Cortex M4 and Cortex-A implementations are important for embedded systems, add previous papers on: (a) Curve448 and Ed448 on Cortex-M4, (b) SIKE on Cortex-M4, (c) SIKE Round 3 on ARM Cortex-M4, (d) Kyber on 64-Bit ARM Cortex-A.

- Please add comparisons in a table (or subsection) so that one could fairly compare your work with similar previous works

- NIST lightweight standardization was finalized in Feb. 2023. Also mention fault attacks as side-channel attacks, these topics to explore and add paper references: (a) Fault detection of architectures of Pomaranch cipher, (b) reliable architectures of grostl hash, (c) fault diagnosis of low-energy Midori cipher, (d) fault diagnosis of RECTANGLE cipher.

- References are not uniformly formatted.

- Please add a subsection and one or more future works for enhancing your presentation

- DPA+DFA for example can be mounted at the same time and their combined countermeasures (for example TI and Error Detection Schemes) can be used for thwarting attacks in combined manner (need to be discussed). Adding a paragraph suffices.

Author Response

We have addressed all concerns of reviewer 2

Author Response File: Author Response.docx

Reviewer 3 Report

The paper presented is a very comprehensive coverage of the subject matter. The selection of references is adequate. The articles presented in the review correspond to global trends in science and represent the state of the art in the topic of software-defined networks. In my opinion, such a comprehensive article fits into the review scheme and should be published.

Author Response

We are grateful to the reviewer for accepting our manuscript in the Electronics journal.

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

Accept

Author Response

Thank you for accepting our manuscript in this prestigious journal

Reviewer 2 Report

Authors have addressed some of my comments but they need to address all the followings as well.

 

This is an acceptable paper on important topic, so you need to include prior papers for each of these separately, add a recent paper on PQC and on fault detection of each of these separately: (a) SIKE on Cortex-M4, (b) SIKE Round 3 on ARM Cortex-M4, (c) Kyber on 64-Bit ARM Cortex-A, (d) Cryptographic accelerators on Ed25519.

 

Same thing for fault attack of lightweight ciphers, add for each of these a paper: (a) Fault detection of architectures of Pomaranch cipher, (b) reliable architectures of grostl hash, (c) fault diagnosis of low-energy Midori cipher. 

 

Can you also comment on hardware/software platforms, ASIC vs. FPGA vs. ARM/RISC-V, adding 1-2 sentences is enough.

 

Author Response

Reviewer#2

 

Comment 1: This is an acceptable paper on important topic, so you need to include prior papers for each of these separately, add a recent paper on PQC and on fault detection of each of these separately: (a) SIKE on Cortex-M4, (b) SIKE Round 3 on ARM Cortex-M4, (c) Kyber on 64-Bit ARM Cortex-A, (d) Cryptographic accelerators on Ed25519.

 

Response: Suggestion incorporated. We have updated the manuscript by adding suggested work including:

(a) SIKE on Cortex-M4, (b) SIKE Round 3 on ARM Cortex-M4: [152] Anastasova, M., Azarderakhsh, R., & Kermani, M. M. (2021). Fast strategies for the implementation of SIKE round 3 on ARM Cortex-M4. IEEE Transactions on Circuits and Systems I: Regular Papers, 68(10), 4129-4141.

 

(c) Kyber on 64-Bit ARM Cortex-A: [157] Sanal, P., Karagoz, E., Seo, H., Azarderakhsh, R., & Mozaffari-Kermani, M. (2021, November). Kyber on ARM64: Compact implementations of Kyber on 64-bit ARM Cortex-A processors. In Security and Privacy in Communication Networks: 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part II (pp. 424-440). Cham: Springer International Publishing.

 

(d) Cryptographic accelerators on Ed25519: [153] Bisheh-Niasar, M., Azarderakhsh, R., & Mozaffari-Kermani, M. (2021). Cryptographic accelerators for digital signature based on Ed25519. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 29(7), 1297-1305.

 

Comment 2: Same thing for fault attack of lightweight ciphers, add for each of these a paper: (a) Fault detection of architectures of Pomaranch cipher, (b) reliable architectures of grostl hash, (c) fault diagnosis of low-energy Midori cipher.

 

Response: Suggestion incorporated. We have cited following articles which are most relevant to our work:

(a) Fault detection of architectures of Pomarance cipher: [149]Sarker, A., Kermani, M. M., & Azarderakhsh, R. (2020). Fault detection architectures for inverted binary ring-LWE construction benchmarked on FPGA. IEEE Transactions on Circuits and Systems II: Express Briefs, 68(4), 1403-1407.

 

(b) reliable architectures of grostl hash: [155] Mozaffari-Kermani, M., & Reyhani-Masoleh, A. (2011, October). Reliable hardware architectures for the third-round SHA-3 finalist Grostl benchmarked on FPGA platform. In 2011 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (pp. 325-331). IEEE.

 

(c) fault diagnosis of low-energy Midori cipher: [156] Aghaie, A., Kermani, M. M., & Azarderakhsh, R. (2016). Fault diagnosis schemes for low-energy block cipher Midori benchmarked on FPGA. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 25(4), 1528-1536.

 

 

Comment 3: Can you also comment on hardware/software platforms, ASIC vs. FPGA vs. ARM/RISC-V, adding 1-2 sentences is enough.

 

 

Response: Thank you for highlighting this point. We have already cited four different articles on ASIC vs. FPGA vs. ARM/RISC-V including:

[150]     He, P., Bao, T., Xie, J., & Amin, M. (2022). FPGA Implementation of Compact Hardware Accelerators for Ring-Binary-LWE based Post-Quantum Cryptography. ACM Transactions on Reconfigurable Technology and Systems.

 

[155]     Mozaffari-Kermani, M., & Reyhani-Masoleh, A. (2011, October). Reliable hardware architectures for the third-round SHA-3 finalist Grostl benchmarked on FPGA platform. In 2011 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (pp. 325-331). IEEE.

 

[156]     Aghaie, A., Kermani, M. M., & Azarderakhsh, R. (2016). Fault diagnosis schemes for low-energy block cipher Midori benchmarked on FPGA. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 25(4), 1528-1536.

 

[196]     Naous, J., Erickson, D., Covington, G. A., Appenzeller, G., & McKeown, N. (2008, November). Implementing an OpenFlow switch on the NetFPGA platform. In Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 1-9).

Back to TopTop