{"title":"利用分布式区块链技术确保集中式SDN控制","authors":"Suhail Ahmad, A. H. Mir","doi":"10.7494/csci.2023.24.1.4605","DOIUrl":null,"url":null,"abstract":"Software Defined Networks (SDN) advocates segregation of network control logic, forwarding functions and management applications into different planes to achieve network programmability, automated and dynamic flow control in next generation networks. It promotes deployment of novel and augmented network management functions to have flexible, robust, scalable and cost-effective network deployments. All these features introduce new research challenges and require secure communication protocols among the segregated network planes. This manuscript focuses on the security issue of southbound interface which operates between the SDN control and data plane. We have highlighted the security threats associated with an unprotected southbound interface and the issues related with the existing TLS based security solution. A lightweight blockchain based decentralized security solution is proposed for southbound interface to secure the resources of logically centralized SDN controllers and distributed forwarding devices from opponents. The proposed mechanism can operate in multi-domain SDN deployment and can be used with wide range of network controllers and data plane devices. In addition to it, the proposed security solution is analyzed in terms of security features, communication and reauthentication overhead.","PeriodicalId":23063,"journal":{"name":"Theor. Comput. Sci.","volume":"49 5 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Securing Centralized SDN control with Distributed Blockchain Technology\",\"authors\":\"Suhail Ahmad, A. H. Mir\",\"doi\":\"10.7494/csci.2023.24.1.4605\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software Defined Networks (SDN) advocates segregation of network control logic, forwarding functions and management applications into different planes to achieve network programmability, automated and dynamic flow control in next generation networks. It promotes deployment of novel and augmented network management functions to have flexible, robust, scalable and cost-effective network deployments. All these features introduce new research challenges and require secure communication protocols among the segregated network planes. This manuscript focuses on the security issue of southbound interface which operates between the SDN control and data plane. We have highlighted the security threats associated with an unprotected southbound interface and the issues related with the existing TLS based security solution. A lightweight blockchain based decentralized security solution is proposed for southbound interface to secure the resources of logically centralized SDN controllers and distributed forwarding devices from opponents. The proposed mechanism can operate in multi-domain SDN deployment and can be used with wide range of network controllers and data plane devices. In addition to it, the proposed security solution is analyzed in terms of security features, communication and reauthentication overhead.\",\"PeriodicalId\":23063,\"journal\":{\"name\":\"Theor. Comput. Sci.\",\"volume\":\"49 5 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Theor. Comput. Sci.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.7494/csci.2023.24.1.4605\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Theor. Comput. Sci.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7494/csci.2023.24.1.4605","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Securing Centralized SDN control with Distributed Blockchain Technology
Software Defined Networks (SDN) advocates segregation of network control logic, forwarding functions and management applications into different planes to achieve network programmability, automated and dynamic flow control in next generation networks. It promotes deployment of novel and augmented network management functions to have flexible, robust, scalable and cost-effective network deployments. All these features introduce new research challenges and require secure communication protocols among the segregated network planes. This manuscript focuses on the security issue of southbound interface which operates between the SDN control and data plane. We have highlighted the security threats associated with an unprotected southbound interface and the issues related with the existing TLS based security solution. A lightweight blockchain based decentralized security solution is proposed for southbound interface to secure the resources of logically centralized SDN controllers and distributed forwarding devices from opponents. The proposed mechanism can operate in multi-domain SDN deployment and can be used with wide range of network controllers and data plane devices. In addition to it, the proposed security solution is analyzed in terms of security features, communication and reauthentication overhead.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
