BlockREV: Blockchain-Enabled Multi-Controller Rule Enforcement Verification in SDN

Secur. Commun. Networks Pub Date : 2022-01-11 DOI:10.1155/2022/7294638

Ping Li, Songtao Guo, Jiahui Wu, Quanjun Zhao

{"title":"BlockREV: Blockchain-Enabled Multi-Controller Rule Enforcement Verification in SDN","authors":"Ping Li, Songtao Guo, Jiahui Wu, Quanjun Zhao","doi":"10.1155/2022/7294638","DOIUrl":null,"url":null,"abstract":"Compared with the classical structure with only one controller in software-defined networking (SDN), multi-controller topology structure in SDN provides a new type of cross-domain forwarding network architecture with multiple centralized controllers and distributed forwarding devices. However, when the network includes multiple domains, lack of trust among the controllers remains a challenge how to verify the correctness of cross-domain forwarding behaviors in different domains. In this paper, we propose a novel secure multi-controller rule enforcement verification (BlockREV) mechanism in SDN to guarantee the correctness of cross-domain forwarding. We first adopt blockchain technology to provide the immutability and privacy protection for forwarding behaviors. Furthermore, we present an address-based aggregate signature scheme with appropriate cryptographic primitives, which is provably secure in the random oracle model. Moreover, we design a verification algorithm based on hash values of forwarding paths to check the consistency of forwarding order. Finally, experimental results demonstrate that the proposed BlockREV mechanism is effective and suitable for multi-controller scenarios in SDN.","PeriodicalId":167643,"journal":{"name":"Secur. Commun. Networks","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Secur. Commun. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2022/7294638","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Compared with the classical structure with only one controller in software-defined networking (SDN), multi-controller topology structure in SDN provides a new type of cross-domain forwarding network architecture with multiple centralized controllers and distributed forwarding devices. However, when the network includes multiple domains, lack of trust among the controllers remains a challenge how to verify the correctness of cross-domain forwarding behaviors in different domains. In this paper, we propose a novel secure multi-controller rule enforcement verification (BlockREV) mechanism in SDN to guarantee the correctness of cross-domain forwarding. We first adopt blockchain technology to provide the immutability and privacy protection for forwarding behaviors. Furthermore, we present an address-based aggregate signature scheme with appropriate cryptographic primitives, which is provably secure in the random oracle model. Moreover, we design a verification algorithm based on hash values of forwarding paths to check the consistency of forwarding order. Finally, experimental results demonstrate that the proposed BlockREV mechanism is effective and suitable for multi-controller scenarios in SDN.

查看原文本刊更多论文

BlockREV: SDN中支持区块链的多控制器规则执行验证

与经典的SDN (software-defined networking)中只有一个控制器的结构相比，SDN中的多控制器拓扑结构提供了一种具有多个集中控制器和分布式转发设备的新型跨域转发网络架构。然而，当网络包含多个域时，控制器之间缺乏信任，如何验证不同域中跨域转发行为的正确性仍然是一个挑战。在本文中，我们提出了一种新的安全的SDN多控制器规则强制验证(BlockREV)机制，以保证跨域转发的正确性。我们首先采用区块链技术为转发行为提供不变性和隐私保护。在此基础上，提出了一种基于地址的聚合签名方案，该方案具有合适的密码原语，并证明了该方案在随机oracle模型下的安全性。此外，我们设计了一种基于转发路径哈希值的验证算法来检查转发顺序的一致性。最后，实验结果表明，所提出的BlockREV机制是有效的，适用于SDN中的多控制器场景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Secur. Commun. Networks

自引率

0.00%

发文量