HostSec: A blockchain-based authentication framework for SDN hosts

IF 3.3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Majd Latah, Kubra Kalkan
{"title":"HostSec: A blockchain-based authentication framework for SDN hosts","authors":"Majd Latah, Kubra Kalkan","doi":"10.1007/s12083-024-01714-x","DOIUrl":null,"url":null,"abstract":"<p>Software defined networking (SDN) is a novel networking paradigm that aims to achieve global management for the underlying forwarding plane based on its centralization concept. Unfortunately, the newly designed paradigm does not consider security issues related to unauthenticated and unauthorized activities across various SDN layers. Recently, blockchain (BC) technology has proven successful in providing a decentralized, immutable, and fault tolerant ledger. In this study, we take advantage of blockchain characteristics to provide mutual host-controller, PacketIn/PacketOut and host-host authentication methods. We also provide secure Address Resolution Protocol (ARP) and Identity Resolution Protocol (IRP) to protect layer 3 and layer 2 of the SDN network. In addition, both SDN hosts and controllers utilize lattice-based signatures based on Dilithium scheme and Key Encapsulation Methods (KEMs) based on Kyber scheme to provide protection against quantum adversaries. We also compare our work with AuthFlow (Mattos and Duarte in Ann Telecommun 71:607–615, 2016). The results show that HostSec is more secure than AuthFlow due to its ability to detect both host-based and switch-based PacketIn attacks and also reduces the load on the SDN controller. Overall, the experimental results suggest a trade-off between improved security and lower latency.</p>","PeriodicalId":49313,"journal":{"name":"Peer-To-Peer Networking and Applications","volume":"116 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Peer-To-Peer Networking and Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12083-024-01714-x","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Software defined networking (SDN) is a novel networking paradigm that aims to achieve global management for the underlying forwarding plane based on its centralization concept. Unfortunately, the newly designed paradigm does not consider security issues related to unauthenticated and unauthorized activities across various SDN layers. Recently, blockchain (BC) technology has proven successful in providing a decentralized, immutable, and fault tolerant ledger. In this study, we take advantage of blockchain characteristics to provide mutual host-controller, PacketIn/PacketOut and host-host authentication methods. We also provide secure Address Resolution Protocol (ARP) and Identity Resolution Protocol (IRP) to protect layer 3 and layer 2 of the SDN network. In addition, both SDN hosts and controllers utilize lattice-based signatures based on Dilithium scheme and Key Encapsulation Methods (KEMs) based on Kyber scheme to provide protection against quantum adversaries. We also compare our work with AuthFlow (Mattos and Duarte in Ann Telecommun 71:607–615, 2016). The results show that HostSec is more secure than AuthFlow due to its ability to detect both host-based and switch-based PacketIn attacks and also reduces the load on the SDN controller. Overall, the experimental results suggest a trade-off between improved security and lower latency.

Abstract Image

HostSec:基于区块链的 SDN 主机认证框架
软件定义网络(SDN)是一种新型网络范式,旨在根据其集中化概念实现底层转发平面的全局管理。遗憾的是,这种新设计的范例并未考虑与跨 SDN 各层的未认证和未授权活动有关的安全问题。最近,区块链(BC)技术在提供去中心化、不可变和容错分类账方面被证明是成功的。在本研究中,我们利用区块链的特性提供了主机-控制器、包入/包出和主机-主机相互认证方法。我们还提供了安全的地址解析协议(ARP)和身份解析协议(IRP),以保护 SDN 网络的第 3 层和第 2 层。此外,SDN 主机和控制器都使用基于 Dilithium 方案的网格签名和基于 Kyber 方案的密钥封装方法 (KEM),以提供对量子对手的保护。我们还将我们的工作与 AuthFlow(Mattos 和 Duarte,载于 Ann Telecommun 71:607-615, 2016)进行了比较。结果表明,由于 HostSec 能够检测基于主机和交换机的 PacketIn 攻击,因此比 AuthFlow 更为安全,而且还能降低 SDN 控制器的负载。总体而言,实验结果表明,在提高安全性和降低延迟之间需要权衡利弊。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Peer-To-Peer Networking and Applications
Peer-To-Peer Networking and Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS
CiteScore
8.00
自引率
7.10%
发文量
145
审稿时长
12 months
期刊介绍: The aim of the Peer-to-Peer Networking and Applications journal is to disseminate state-of-the-art research and development results in this rapidly growing research area, to facilitate the deployment of P2P networking and applications, and to bring together the academic and industry communities, with the goal of fostering interaction to promote further research interests and activities, thus enabling new P2P applications and services. The journal not only addresses research topics related to networking and communications theory, but also considers the standardization, economic, and engineering aspects of P2P technologies, and their impacts on software engineering, computer engineering, networked communication, and security. The journal serves as a forum for tackling the technical problems arising from both file sharing and media streaming applications. It also includes state-of-the-art technologies in the P2P security domain. Peer-to-Peer Networking and Applications publishes regular papers, tutorials and review papers, case studies, and correspondence from the research, development, and standardization communities. Papers addressing system, application, and service issues are encouraged.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信