HostSec: A blockchain-based authentication framework for SDN hosts

IF 3.3 4区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Peer-To-Peer Networking and Applications Pub Date : 2024-05-10 DOI:10.1007/s12083-024-01714-x

Majd Latah, Kubra Kalkan

{"title":"HostSec: A blockchain-based authentication framework for SDN hosts","authors":"Majd Latah, Kubra Kalkan","doi":"10.1007/s12083-024-01714-x","DOIUrl":null,"url":null,"abstract":"<p>Software defined networking (SDN) is a novel networking paradigm that aims to achieve global management for the underlying forwarding plane based on its centralization concept. Unfortunately, the newly designed paradigm does not consider security issues related to unauthenticated and unauthorized activities across various SDN layers. Recently, blockchain (BC) technology has proven successful in providing a decentralized, immutable, and fault tolerant ledger. In this study, we take advantage of blockchain characteristics to provide mutual host-controller, PacketIn/PacketOut and host-host authentication methods. We also provide secure Address Resolution Protocol (ARP) and Identity Resolution Protocol (IRP) to protect layer 3 and layer 2 of the SDN network. In addition, both SDN hosts and controllers utilize lattice-based signatures based on Dilithium scheme and Key Encapsulation Methods (KEMs) based on Kyber scheme to provide protection against quantum adversaries. We also compare our work with AuthFlow (Mattos and Duarte in Ann Telecommun 71:607–615, 2016). The results show that HostSec is more secure than AuthFlow due to its ability to detect both host-based and switch-based PacketIn attacks and also reduces the load on the SDN controller. Overall, the experimental results suggest a trade-off between improved security and lower latency.</p>","PeriodicalId":49313,"journal":{"name":"Peer-To-Peer Networking and Applications","volume":"116 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Peer-To-Peer Networking and Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12083-024-01714-x","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Software defined networking (SDN) is a novel networking paradigm that aims to achieve global management for the underlying forwarding plane based on its centralization concept. Unfortunately, the newly designed paradigm does not consider security issues related to unauthenticated and unauthorized activities across various SDN layers. Recently, blockchain (BC) technology has proven successful in providing a decentralized, immutable, and fault tolerant ledger. In this study, we take advantage of blockchain characteristics to provide mutual host-controller, PacketIn/PacketOut and host-host authentication methods. We also provide secure Address Resolution Protocol (ARP) and Identity Resolution Protocol (IRP) to protect layer 3 and layer 2 of the SDN network. In addition, both SDN hosts and controllers utilize lattice-based signatures based on Dilithium scheme and Key Encapsulation Methods (KEMs) based on Kyber scheme to provide protection against quantum adversaries. We also compare our work with AuthFlow (Mattos and Duarte in Ann Telecommun 71:607–615, 2016). The results show that HostSec is more secure than AuthFlow due to its ability to detect both host-based and switch-based PacketIn attacks and also reduces the load on the SDN controller. Overall, the experimental results suggest a trade-off between improved security and lower latency.

Abstract Image

查看原文本刊更多论文

HostSec：基于区块链的 SDN 主机认证框架

软件定义网络（SDN）是一种新型网络范式，旨在根据其集中化概念实现底层转发平面的全局管理。遗憾的是，这种新设计的范例并未考虑与跨 SDN 各层的未认证和未授权活动有关的安全问题。最近，区块链（BC）技术在提供去中心化、不可变和容错分类账方面被证明是成功的。在本研究中，我们利用区块链的特性提供了主机-控制器、包入/包出和主机-主机相互认证方法。我们还提供了安全的地址解析协议（ARP）和身份解析协议（IRP），以保护 SDN 网络的第 3 层和第 2 层。此外，SDN 主机和控制器都使用基于 Dilithium 方案的网格签名和基于 Kyber 方案的密钥封装方法 (KEM)，以提供对量子对手的保护。我们还将我们的工作与 AuthFlow（Mattos 和 Duarte，载于 Ann Telecommun 71:607-615, 2016）进行了比较。结果表明，由于 HostSec 能够检测基于主机和交换机的 PacketIn 攻击，因此比 AuthFlow 更为安全，而且还能降低 SDN 控制器的负载。总体而言，实验结果表明，在提高安全性和降低延迟之间需要权衡利弊。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Peer-To-Peer Networking and Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

8.00

自引率

7.10%

发文量

145

审稿时长

12 months

期刊介绍： The aim of the Peer-to-Peer Networking and Applications journal is to disseminate state-of-the-art research and development results in this rapidly growing research area, to facilitate the deployment of P2P networking and applications, and to bring together the academic and industry communities, with the goal of fostering interaction to promote further research interests and activities, thus enabling new P2P applications and services. The journal not only addresses research topics related to networking and communications theory, but also considers the standardization, economic, and engineering aspects of P2P technologies, and their impacts on software engineering, computer engineering, networked communication, and security. The journal serves as a forum for tackling the technical problems arising from both file sharing and media streaming applications. It also includes state-of-the-art technologies in the P2P security domain. Peer-to-Peer Networking and Applications publishes regular papers, tutorials and review papers, case studies, and correspondence from the research, development, and standardization communities. Papers addressing system, application, and service issues are encouraged.