Abstract
Software-defined networking (SDN) has enabled elastic networking and resource distribution in cloud computing. The centralization and separation of the Control Plane also offers a high degree of network configurability and management, which can be used to mitigate and manage threats to the network. Space communication networks have historically been restricted and circuit switching in these networks has been a manual process. This thesis examines the potential role of SDN in enabling flexible and secure space communication networks. While SDN can improve the flexibility of space networks, analysis is needed to identify opportunities for leveraging SDN’s security benefits and areas where SDN presents security challenges. The networking security needs of spacecraft missions and their associated assets are evaluated, along with the challenges, opportunities and considerations with SDN. A risk assessment identifies vulnerabilities in an SDN-based communications architecture. Security challenges introduced into the network from integrating SDN are also considered. A risk register summarizes the severity of the attack outcomes, as well as occurrence likelihood. Denial-of-Service (DoS) is identified as a risk that existing controls for space communication networks would not fully address in this scenario. DoS attack strategies are understood and classified, along with mitigation solutions. An SDN-based space network emulation is built to evaluate centralized flow sampling and reconfiguration as a tool for identifying and mitigating DoS behavior on the network. This thesis proposes a novel solution for future SDN-based spacecraft communication networks. This solution will improve flexibility while preserving security and asset resilience. Future work will need to focus on embedded flight hardware implementations and SDN protocol enhancements for space environment compatibility.