Packet Access Control Mechanism Based on Cipher Identification in Software-defined Network

Abstract

Software defined networking (SDN) decouples the controller plane from the data plane, offering flexible network configure and management. Because of this architecture, the SDN network is vulnerable to threats caused by user identity forgery, such as illegal intrusion and DDoS attacks. In this paper, we propose a control and forwarding mechanism based on cipher identification in SDN. All packets are encapsulated with cipher identification and signed by private keys based on cipher identification. In order to prevent the forged packets, mechanism verifies the signature at the entrance and exit of the network. The cipher identifier is designed as a matching field recognized by the SDN switch, and the network forwarding behavior is defined based on the cipher identifier.