The pivotal role of software defined networks to safeguard against cyber attacks: a comprehensive review

Motivation

While there has been an increase in research on SDN, there is still a lack of reviews that not only classify security risks but also conduct a methodical examination of the available countermeasures. This study aims to address this gap by presenting an analysis of the security issues encountered in SDN and discussing possible remedies while pinpointing areas that require additional investigation. By giving this summary of the topic at hand, the article intends to help advance the creation of safer and stronger SDN structures.

Methodology

This study utilizes a systematic literature review (SLR) to organize and present information in an organized manner (Snyder, 2019). The SLR method is crucial for identifying gaps and constraints in existing research while also paving the way, for research directions. To illustrate the process of selecting articles, the PRISMA flowchart was employed with three key stages. Identification, screening, and inclusion.

In the phase of the identification process targeted studies released between 2019 and 2024 for examination while eliminating duplicate and unsuitable records based on the year and source type (like journals and conference articles). The screening stage then refined the selection by excluding records that were not relevant to the research topic and those, with length of content. The final step involved selecting articles that fulfilled all the review criteria.

Search string

The search query utilized to enhance the search outcome quality was (“Software Defined Network” OR “SDN”) AND (“Threats” OR “Challenges”) AND (“Solutions” OR “Countermeasures”). It involves operators such, as “AND” and “OR” connecting the keywords together which aids in expanding or refining the search query effectively.

Data sources

The search string was applied in two databases which are Google Scholar, and Saudi Digital Library.

Screening process

The articles are screened by using a search query while primarily looking at the titles to gauge their relevance to our subject matter. If a article’s relevance was uncertain based on its title, an extra screening measure was implemented by examining the abstract to better evaluate its appropriateness. The selection process for identifying and incorporating articles into this review is detailed in the PRISMA flowchart depicted in Fig. 1.

Selection process

In this study, the PRISMA 2020 framework is used to help organize and manage data flow throughout the review process (Page et al., 2021). To start the research process, two main databases were used to find recent and relevant studies: Google Scholar, which gave 16,100 results, and the Saudi Digital Library, which returned 7,205 results. The following search query is used (“Software Defined Network” OR “SDN”) AND (“Threats” OR “Challenges”) AND (“Solutions” OR “Countermeasures”) to search. Also, the articles that were published between 2019 and 2024 were chosen.

A total of 19,509 records were removed throughout this process and prior to screening for a variety of reasons, including duplicate records or being flagged as ineligible. After a comprehensive review process, 3,796 records underwent detailed examination, resulting in the selection of 20 studies that aligned with the research goals. The remaining 3,776 records were excluded due to factors such as being irrelevant to the subject, outside the designated timeframe, written in a language other than English, or lacking accessibility.

SDN architecture and components

SDNs are a type of network design that enables management and control by separating the data processing and control functions of a network system. This portion is intended to detail the principles and elements of SDNs, like the SDN controller, control layer, application layer, data layer, and their interconnections. It also discusses the OpenFlow (OF) protocol (Wazirali, Ahmad & Alhiyari, 2021), frequently employed to facilitate communication between switches and controllers in SDN as illustrated by Fig. 3.

• Application plane: At the top of the SDN architecture is the application plane, also known as the management plane. Controller’s developers or third parties produce a variety of business and security applications, and this layer serves as their execution platform. Implementing firewalls, access controls, load balancing, routing policies, intrusion prevention systems (IPS), IDS, and network virtualization are among the applications that this layer manages (Shaghaghi et al., 2020).

• Control plane: The control plane plays the role of a middleman between the application layer and the data layer within the SDN framework by ensuring network traffic forwarding and overseeing network operations overall using an SDN controller as the central brain (Chai et al., 2019). This control plane includes the controller for managing network behavior and diverse network applications offering a variety of services to communicate with switches in the data plane to adjust their forwarding actions.

• SDN controller: The SDN controller provides a logical view and control over the whole network, making it the key and most important part of the SDN architecture. It makes it easier to communicate with applications via the northbound interface and the data plane via the southbound interface. The controller communicates with switches in the data plane, issuing instructions to configure their forwarding behavior and exchanging data. Network programs that provide extra network services like load balancing, security, and traffic engineering are also hosted by the controller (Zhu et al., 2020).

  There are three types of controllers which known as centralized single controller, flat distributed controller, and hierarchical distributed controller (as shown in Fig. 4). Flat and hierarchical subtypes are two further classifications for the distributed controller (Zhu et al., 2019). The different tasks are given to each controller in the SDN architecture. These controller types are elaborated in Table 1.

• Data plane: Another name of data plane is the forwarding plane, takes on the vital responsibility of actually forwarding network traffic in the SDN architecture. It consists of routers or network switches that use the controller’s instructions to find the best path for packets or frames to be forwarded (Kaljic et al., 2019). The controller establishes predetermined rules or policies that the data plane uses to carry out the forwarding procedure.

• Data planes can be classified into two categories: stateless and stateful (Zhang et al., 2021). Network components don’t hold onto network states in a stateless data plane. When they need to execute any new activities, they must ask the controller, as they carry out the decisions made in the control plane. If dynamic network behavior is required, the control plane helps assign tasks to the data plane. Data planes that are stateless can become stateful by help of this delegation, which grants the data plane the ability to store network states and perform actions (Zhang et al., 2021).

• Forwarding decisions, updating and topology discovery are essential tasks within data plane. Two essential services are mostly needed for these tasks: link discovery service (LDS) and host tracking service (HTS) (Deb & Roy, 2022).

• The link layer discovery protocol (LLDP) is used by LDS to collect switch and inter-switch link details. Through the openFlow discovery protocol (OFDP), link information between OF switches is retrieved in SDN networks that use OF. Alternatively, the broadcast domain discovery protocol (BDDP) is used to gather link information between OF switches and traditional switches (Deb & Roy, 2022). The LLDP protocol is the source of both OFDP and BDDP. On the other hand, The HTS keeps track of the network’s hosts and their respective locations. The exchange of packet-in and packet-out messages during the switch-controller handshake is the main function of these services. The intervals of these messages between entities are set by each controller. The controller can efficiently manage network resources and allow traffic rerouting based on real environmental requirements by using the updated topology information. This improves the quality of service (QoS) offered to the applications in the application plane and permits better path discrimination when necessary (Deb & Roy, 2022).

• Northbound API: The Northbound API in SDN is the interface that located between the application layer and the SDN controller. By acting as a network abstraction interface, this API gives management systems and applications running at the top of the SDN a consistent way to communicate with the underlying network infrastructure. Furthermore, the Northbound API is not standardized, each controller specifies APIs that should be used. Right now, the most used API for applications is REST (Latif et al., 2020).

• Southbound API: The Southbound API is the interface that located between the SDN controller and the data plane in a distributed data network. Routers can use this API to implement requests received via the northbound interfaces, determine network flows, and determine network topology. OF is the most widely standardized and used Southbound API and Open vSwitch Database (OVSDB) is another example (Latif et al., 2020).

• OpenFlow protocol: A standardized communication protocol utilized between the switches in the data plane and the SDN controller is called OF. It enables the controller to communicate with the network’s forwarding elements. The OF protocol specifies a collection of commands and messages that allow the controller to configure forwarding rules, collect network traffic statistics, and receive event notifications from the switches. The network can be managed and controlled centrally using this protocol (Latif et al., 2020).

• There is no security protection in OF. The OF switch and the OF controller can optionally establish secure communication connections using plain transmission control protocol (TCP) or transport layer security (TLS) for the primary connections, user datagram protocol (UDP), TCP, or datagram transport layer security (DTLS) for the secondary connections. TLS is advised by the open networking foundation (ONF) starting with version 1.2 (Yigit et al., 2019).

• East/Westbound API: The east/westbound interface uses the Eastbound API to enable the connectivity of distributed controllers. One of the main features of SDN is centralized network control. To provide efficient coordination across dispersed controllers, Eastbound APIs are used for information import and export (Latif et al., 2020). On the other hand, Westbound APIs facilitate communication between the controllers and legacy network components like routers, guaranteeing a smooth transition between SDN and conventional networking components.

The application plane, control plane, and data plane are the three main planes that make up the SDN architecture as shown in Fig. 3. The physical network components that make up the data path are contained in the data plane. SDN controller, which is part of the control plane, applies rules to data plane devices. The SDN architecture’s application plane is where these guidelines and policies are created. APIs that are well specified are used to establish communication across these planes. These interfaces are separated into East/Westbound APIs, Northbound APIs, and Southbound APIs in the case of distributed controllers. Southbound API is used for communication between the control and data planes. It transmits data plane device information to the control plane and pushes rules or instructions from the control plane to the data plane devices. Northbound API is used by the control plane and application plane to enable programmability in SDN. Eastbound API is used to establish inter-controller communication across SDN domains, while Westbound API handles legacy domain to SDN domain connection.

Advantages of SDN architecture

SDN possesses several features that differentiate it from traditional networks. The following are SDN’s primary features:

• Centralized vs. distributed control: In traditional networks, the decision making process, for forwarding data is distributed among network devices. Each device independently uses its routing tables and protocols to make these decisions. However in SDN a centralized controller takes on the responsibility of making decisions regarding network behavior and configuring network devices accordingly. This centralized control allows for enforcement of policies and simplifies network management (Farooq, Riaz & Alvi, 2023).

• Network management: SDN architecture simplifies network management by centralizing control and providing a single point of configuration. Using the SDN controller, network administrators can establish and implement policies for the entire network, reducing the complexity of managing individual network devices. This centralized management allows for the allocation, oversight and resolution of network related tasks (Alsaeedi, Mohamad & Al-Roubaiey, 2019).

• Network configuration: In traditional networking, network configurations usually revolve around devices and require manual configuration, on each device. However, SDN provides a programmable and policy based approach, to configuring networks. Network administrators have the ability to centrally define network policies and configurations which are subsequently implemented on network devices through the SDN controller (Zoradia & Indumati, 2023).

• Flexibility: SDN provides a level of flexibility that is unmatched when it comes to configuring networks and deploying services. Network administrators have the ability to adjust network behavior on the fly and adapt to evolving needs by separating the control plane from the data plane. Network services can be rapidly provisioned and customized through software applications running on the controller, allowing for greater agility and innovation (Kaljic et al., 2019).

• Scalability: In traditional networks, scalability becomes a challenge when the complexity of the network increases. Making configuration changes or adding network devices can be time consuming and prone to errors (Kaljic et al., 2019). SDN architecture provides scalability advantages by dividing the control plane from the data plane. Centralized control facilitates the management of large-scale networks more efficiently (Atwal, 2019). Additionally, SDN enables the use of commodity hardware in the data plane, reducing costs and increasing scalability. Scalability of SDN is a concern because one of its main features is centralized control. Among the difficulties presented by a standalone controller are geographic limitations, capacity and performance bottlenecks, and single points of failure. However, it implies that numerous controllers are required to provide short reaction times and good availability when managing a large network, as a single physical controller is insufficient. Thus, having a physically distributed control plane with logical centralization while maintaining the benefits of SDN was a realistic next step forward. One major benefit provided by SDN is the capacity to scale the network dynamically according to demand (Abuarqoub, 2020).

• Network visibility and monitoring: Traditional networks often face limitations in terms of their ability to observe and understand network traffic necessitating the use of monitoring devices, for capturing and analyzing traffic. SDN offers improved visibility by means of monitoring and control. The controller is able to collect and analyze flow data and network statistics providing a view of the network that facilitates network monitoring and troubleshooting capabilities (Zoradia & Indumati, 2023).

• Vendor independence and interoperability: Traditional networks often rely on protocols and configurations that’re specific to certain vendors. This can create limitations when it comes to interoperability between equipment from vendors. SDN on the another hand aims to promote independence from vendors by standardizing protocols used between the controller and network devices such as OF. This allows for multi-vendor deployments, easier integration of new devices, and more interoperable network solutions (Zoradia & Indumati, 2023).

• Network security: Both traditional networks and SDN face security challenges. However, SDN’s centralized control and programmability can help improve network security. SDN allows for fine-grained policy enforcement, rapid response to security incidents, and dynamic adaptation to changing threats. Security policies can be centrally defined and applied consistently across the network (Ahmad & Mir, 2021).

Centralized control, adaptable network management, and scalable deployments are made possible by SDN architecture, which consists of the control plane, application plane, data plane, and SDN controller. The OF protocol facilitates network control and configuration by acting as a standardized communication mechanism between the controller and switches. SDN architecture offers advantages, such as simplified network management, increased flexibility, and improved scalability. These benefits make SDN a transformative approach to networking, with significant potential for enhancing network infrastructures.

SDN vs. traditional network

SDN and traditional networking represents two different methods, for designing and overseeing network architecture. Figure 5 shows the comparison of SDN and traditional network architecture. SDN architecture is different than the traditional network in many aspects, include:

The main differences between the traditional network architecture and SDN architecture as clarified in Table 2.

Table 2:

Differences between traditional network and SDN.

Characteristics	SDN	Traditional network
Network control centralized	✓
Programmability	✓
Flexibility of network	High	Low
Complex control network	Low	Medium
Network configuration	High	Low
Management and monitoring	High	Low
Network security	High	Medium

DOI: 10.7717/peerj-cs.2814/table-2

It is worth noting that SDN is not intended to completely replace traditional networking but rather to provide an alternative approach with distinct advantages. In practice, organizations may adopt a hybrid approach, leveraging SDN in certain parts of their network while maintaining traditional networking in other areas.

Major security challenges and vulnerabilities in SDN

SDN provides adaptability and customization options alongside management but comes with distinct security risks and weaknesses as well. The main security concerns and vulnerabilities in SDNs stem from the segregation of control and data functions within the network architecture and the ability to program the network settings through an SDN controller.

1. Control plane attacks: Attackers might focus on the control plane of an SDN environment in order to disrupt or manipulate the behavior of the network. These attacks on the control plane can involve compromising the SDN controller taking advantage of vulnerabilities in the controller software, or intercepting and tampering with the control messages exchanged between the controller and switches (Bhuiyan et al., 2023). A controller that has been compromised or is acting maliciously can cause harm. When a controller is, in the hands of an actor they might send out control instructions that are intended to cause network behavior intercept network traffic or disrupt service. Furthermore if a controller becomes compromised it could manipulate network policies compromise the segmentation of the network or assist attackers in moving within the system (Bhuiyan et al., 2023). SDN controllers play a vital role in network operations security. A breach in this component could result in security risks affecting the entire network (Kreutz, Ramos & Verissimo, 2013; Scott-Hayward, Natarajan & Sezer, 2015).

   • Single point of failure: When the centralized control plane is compromised by the attacker, it opens up a significant vulnerability risk as it could potentially manipulate the entire network.

   • Denial of Service (DoS) Attacks: Commonly known as DoS, can make the network inaccessible by flooding the controller with data traffic, rendering it inoperable.

   • Unauthorized access: A compromised controller may grant entry to network assets, which enables attackers to control traffic flow.

   • Tampering with flow rules: Cyber attackers have the ability to modify the flow rules transmitted by the controller to switches, which may result in manipulating network traffic and redirecting data without authorization.

2. Data plane manipulation: The data plane is vulnerable to attacks as it handles the task of routing packets according to the instructions provided by the control plane. Attackers have the ability to manipulate the data plane, which can result in access or the extraction of data, by modifying or redirecting network traffic. Attackers might take advantage of weaknesses in the switches. Manipulate the controllers configured forwarding rules compromising their integrity (Vadivu & Rajagopalan, 2023; Shaghaghi et al., 2020).

   • Packet injection attacks: Packet injection attacks occur when malicious packets are inserted into the network to take advantage of the forwarding mechanisms within the data plane. If these packets are not verified correctly by the controller, it could potentially put the network at risk of compromise.

   • Packet modification and forgery: Cyber attackers can alter existing packets or create ones illegitimately, which could result in unauthorized entry into systems and potential breaches such as data leaks.

   • Flow table exhaustion: Flow table overload issue occurs when hackers overwhelm the data plane switches with several flow entries, resulting in the exhaustion of the switch flow table and potentially causing performance issues or network breakdowns.

3. Northbound interface vulnerabilities: The connection going north links the SDN controller with applications operating above the SDN system to facilitate their communication and interaction (Rauf et al., 2021).

   • Application manipulation: Harmful apps could take advantage of weaknesses in the northbound interface to influence the controller’s actions and make alterations to network settings.

   • Lack of authentication and access control: Weak access control systems within the northbound API may potentially enable malicious actors to run privileged commands that could modify network settings or obtain confidential information.

   • Impersonation attacks: Impersonation incidents occur when attackers impersonate legitimate apps or services to gain unauthorized entry into SDN control functions.

4. Southbound interface vulnerabilities: The connection going south from the SDN controller links up with the network’s base infrastructure, like switches and routers, mostly using OpenFlow protocol that carries its set of security vulnerabilities (Tupakula et al., 2022).

   • Lack of encryption in communication: Communication between the controller and the switches through the interface could be at risk of being intercepted or altered without proper encryption measures, like TLS, in place.

   • Man-in-the-Middle (MitM) attacks: Cyber attackers might carry out MitM attacks to intercept communication between the controller and switches, which could lead to altering commands or injecting instructions.

   • Protocol misconfigurations: Mistakes in setting up protocols like OpenFlow can make the network susceptible to security threats.

5. East-West interface vulnerabilities The east/westbound interface uses the Eastbound API to enable the connectivity of distributed controllers. One of the main features of SDN is centralized network control to provide efficient coordination across multiple controllers (Latif et al., 2020). On the other hand, this interface is utilized for load balancing and redundancy but contains some security vulnerabilities.

   • Inter-controller trust issues: Issues with trust between controllers can arise when communication between them is not properly protected. If one controller is compromised, it could have an effect and impact other controllers in the network, resulting in a widespread compromise of the entire system.

   • Lack of provenance verification: Proper verification of the source is crucial as it prevents parties from inserting false data into the system, which could result in inaccurate routing or flow of traffic within the network.

6. Controller overload: SDNs are in charge of handling network tasks. However, they are also vulnerable to being targeted by attacks (Hamdan et al., 2021).

   • DoS attacks: This type of attack uses traffic to overload its capability to manage genuine traffic and ultimately leads to network downtime.

   • Flow rule overloading: Attackers have the ability to take advantage of weaknesses in the flow rule management system to overwhelm the controller with an abundance of flow rule requests. This can result in a decrease in performance or even system failure.

7. Lack of standardized security frameworks: A major obstacle to SDN security is the lack of established security frameworks and protocols that are standardized across the board (Jimenez et al., 2021).

   • Inconsistent security measures across vendors: SDNs pose a challenge in implementing network-wide security policies due to differences in security features offered by each vendor.

   • Interface standardization issues: When there are no standards for the interfaces going north and southbound in the system, it can be tricky to ensure secure communication between the SDN controller, the applications it runs, and the network infrastructure underneath.

Implications on information security, network availability, and data confidentiality

Unauthorized entry, into the SDN infrastructure, which includes the controller, switches, and network applications can lead to security breaches. Individuals who gain access have the ability to manipulate network settings listen in on data transmission launch attacks, within the infrastructure, or compromise the confidentiality, integrity, and availability of network management functions (Toshniwal et al., 2019). Here, the implications of attacks on information security, network availability, and data confidentiality were discussed. Then, Table 8 provides an example of each situation.

• Information security: Security issues in SDN can give rise to entry into data, interception of information and unauthorized alteration of network settings. These risks can jeopardize the confidentiality, integrity and availability of network traffic potentially resulting in data breaches and unauthorized exposure of information (Deb & Roy, 2022).

• Network availability: Attacks that focus on the control or data plane have the potential to disrupt network availability resulting in service outages or decreased performance. When the SDN controller is compromised or when forwarding behavior is manipulated attackers can create network congestion redirect traffic to existent destinations or launch DoS attacks. These actions negatively impact the availability and overall performance of network services (Deb & Roy, 2022).

• Data confidentiality: The security of data can be at risk if unauthorized individuals gain access to network traffic or manipulate the data flow. When sensitive information is transmitted through the network there is a possibility that it could be intercepted which may result in data breaches and hence exposure of sensitive data or even compromise encryption keys (Rahouti et al., 2022).

SDN introduces unique security challenges and vulnerabilities, these include attacks, on the control plane, manipulation of the data plane, unauthorized access and malicious behavior by controllers. It is crucial to address these security concerns in SDN environments to safeguard information security, maintain network availability, and preserve data confidentiality. Real life examples and case studies highlight the significance of tackling these issues to ensure the resilience and integrity of SDN systems.

Countermeasures and security solutions

Addressing security challenges in SDN requires the implementation of robust security mechanisms and solutions. This section provides a comprehensive analysis of existing security measures, including traditional security measures and emerging technologies along with their effectiveness in mitigating the identified security challenges in SDN.

• Access controls: to ensure that authorized entities can access and make changes to the SDN infrastructure. It is beneficial to implement access controls, like attribute based access control (ABAC) and role based access control (RBAC). These access controls can be applied at the controller, switch and application levels to safeguard against access and control plane attacks (Hu et al., 2021).

• Authentication: implementing robust authentication methods, such, as authentication between the controller and switches plays a key role in safeguarding the SDN infrastructure against unauthorized access. Employing techniques, like certificates, multifactor authentication and secure exchange protocols enhance the overall authentication process (Hu et al., 2021).

• Encryption: securing the confidentiality and integrity of information transmitted within the SDN environment involves encrypting the control and data plane traffic. One way to achieve this is, by implementing techniques like TLS or Internet Protocol Security (IPsec) which can be applied to establish communication channels between the controller and switches and switches themselves (Hu et al., 2021).

• Firewalling: installing firewalls, within the SDN infrastructure is crucial, for filtering and overseeing network traffic safeguarding against access and defending against a range of attacks. Firewalls serve the purpose of upholding security policies identifying irregularities and offering a layer of protection (Hu et al., 2021).

Traditional security measures, such as access controls, authentication, encryption, and firewalling, can be applied in SDN environments (Chica, Imbachi & Vega, 2020). However, the dynamic nature of SDN requires adaptations and extensions to traditional security mechanisms. For example:

• Access controls should consider the changing nature of network flows and the ability to program network policies.

• Authentication methods should take into account the nature of SDN controllers and switches to ensure the safe transmission of control messages.

• Encryption methods need to consider the scalability and performance demands of SDN along, with the distribution of encryption keys.

• Firewalls should have the ability to analyze and control network traffic at the application layer considering the changing network behavior in SDN.

Here, the significant role of emerging technologies in protecting SDN architecture is presented.

• Artificial Intelligence (AI): AI has the potential to enhance SDN security by offering threat detection, anomaly detection and behavioral analysis. By analyzing network traffic patterns in real time, AI algorithms can identify any deviations. Promptly detect possible security breaches (Alhaj & Dutta, 2022).

• Blockchain: BC technology has the potential to improve security in SDN by introducing logging mechanisms that are both tamper proof and decentralized. Its application can ensure that control plane messages remain authentic and their integrity intact while also enabling the detection and mitigation of any manipulations of the control plane (Choudhary & Dorle, 2022).

• Software defined security (SDSec): SDSec aims to incorporate security features into the SDN infrastructure. This entails utilizing security controllers, security applications and security service chaining to implement and adapt security policies in response, to security events (Sallam, Refaey & Shami, 2019).

• Intent-based networking (IBN): IBNs main objective is to ensure that the networks actions are in line with business and security policies at a level. It achieves this by converting high level intentions into network configurations. This approach allows for a policy oriented approach to secure SDN, which can result in improved management and implementation of security policies (Sallam, Refaey & Shami, 2019).

Future directions for secure SDN

Some critical security issues with SDN architectures still require thorough examination through additional research.

• Scalability and performance trade-offs in security solutions: While existing SDN security frameworks—such as blockchain-based authentication systems and AI-driven anomaly detection tools—enhance protection, they often impose significant latency and computational burdens. To address these trade-offs, future work should prioritize the development of lightweight cryptographic protocols, optimized blockchain consensus algorithms, and decentralized AI architectures. These innovations must achieve robust security guarantees while preserving the operational efficiency of the network infrastructure. Advancing this balance will be critical for deploying scalable, high-performance SDN solutions in latency-sensitive environments (Chica, Imbachi & Vega, 2020).

• Enhancing threat intelligence and adaptive security: Present security solutions are dependent on static block-based technologies or classic learning machine approaches that cannot adapt to real-time threats. There is a need for research in self-learning AI models, federated learning for distributed IDS/IPS, and real-time threat intelligence sharing frameworks to enhance automated attack detection and mitigation (Alashhab et al., 2024).

• Standardization of security frameworks and interoperability issues: The absence of standardized security protocols for SDN controllers and APIs is a problem that complicates security enforcement. Future work should focus on further exploring and proposing vendor-neutral, standardized security frameworks that provide seamless interoperability while securing diverse SDN deployments (Hu et al., 2021).

• Quantum-resilient security mechanisms: With the rise of quantum computing, RSA and ECC may become traditional encryption schemes. Research is needed to explore how to integrate quantum-resistant cryptographic algorithms into SDN architectures for future-proof network security (Saritha, Reddy & Babu, 2022).

• Trust and authentication in distributed SDN environments: A problem is that in multi-controller SDN architectures, trust among controllers is difficult to establish, particularly if East-West APIs are used. Future studies should develop decentralized authentication frameworks based on Zero-Trust security models and identity management using blockchain (Azab et al., 2019).

• Self-healing and autonomous security for SDN: For future SDN security, we should move towards autonomous self-healing systems that can identify, counter, and recover from attacks without human intervention. This entails evolution in the areas of AI-driven predictive analytics, automated threat response, and intent-based security policies (Oladosu et al., 2021).

• Software-defined security services: Moving forward one of the areas that holds promise is the creation of security services that can be customized to suit network conditions and evolving threats. This entails incorporating security measures into the SDN infrastructure enabling the provisioning and adjustment of security policies and controls in response, to network context and security needs (Zarca et al., 2019).

• Automated security orchestration: In the future advancements, SDN need to focus on automating security orchestration and response. This entails integrating security incident response systems with SDN controllers to enable automated actions, for threat mitigation and remediation. Utilizing decision making algorithms and policy driven approaches can facilitate security responses throughout the SDN infrastructure (Bringhenti et al., 2019).

To achieve this, the gaps in research presented in this article must be addressed; this will strengthen SDN security, promote its adoption in critical infrastructure such as 5G, IoT, and the cloud, and offer a future research direction in this domain.

Open research challenges in secure SDN

Many studies have already been conducted to address different scenarios and security challenges related to SDN architecture. Still, there are many unsolved issues related to SDN architecture that need to be solved. This section discovers open research challenges to secure SDN that need further attention.

Because of the dynamic nature of the SDN architecture, many authors focus on authorization issues in the SDN application plane and emphasize the importance of granularity in permissions (Toshniwal et al., 2019). Also, being the main problem is the trust between applications and the controller, a new research opportunity emerges here to establish a standardized policy that verifies the levels of security in SDN applications. In the control plane, fault tolerance mechanisms are implemented by distributed controllers to recover the service after failure of the system, such as a DoS attack. However, there is disagreement among many authors about how to achieve the balance between consistency and resilience (Ahmad & Mir, 2021). According to Brewer’s theorem, it is not possible to guarantee both availability and consistency after a partition in distributed environments. Although ODL and ONOS controllers use the RAFT algorithm for fault tolerance or strong consistency, there are still gaps to fill in terms of improving its performance and preserving information between controllers after a service interruption. The researchers have to take an action regarding this point from the security perspective. At the data plane, the split and distribution technique adds risk to flow rules because they can overload a node, be lost, or duplicated while propagating which lead to create a new research opportunity.

In addition, most authors focus on addressing attacks that may target the planes of the SDN architecture while ignoring security issues related to interfaces. However, the possibility of attack scenarios will increase in the absence of standardized interfaces. Therefore, standardizing interfaces is considered as the most significant challenges for the security of SDN architecture.

Addressing these research challenges will help advance the state of secure SDN and ensure that future SDN deployments are resilient, scalable, and capable of defending against emerging threats. Collaboration between academia, industry, and standardization bodies is essential to drive research and innovation in these areas.