Enhancing east-west interface security in heterogeneous SDN via blockchain.

IF 3.5 4区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

PeerJ Computer Science Pub Date : 2025-05-26 eCollection Date: 2025-01-01 DOI:10.7717/peerj-cs.2914

Hamad Alrashede, Fathy Eassa, Abdullah Marish Ali, Hosam Aljihani, Faisal Albalwy

{"title":"Enhancing east-west interface security in heterogeneous SDN via blockchain.","authors":"Hamad Alrashede, Fathy Eassa, Abdullah Marish Ali, Hosam Aljihani, Faisal Albalwy","doi":"10.7717/peerj-cs.2914","DOIUrl":null,"url":null,"abstract":"Software defined networking (SDN) increasingly integrates multiple controllers from diverse vendors to enhance network scalability, flexibility, and reliability. However, such heterogeneous deployments pose significant security threats, especially at the east-west interface which is connecting these controllers. Existing solutions are inadequate for ensuring robust protection across multi-vendor SDN environments as most of them are meant to a specific type of attacks, use centralized solution, or designed for homogeneous SDN environments. This study proposes a blockchain-based security framework to address existing security gaps within heterogeneous SDN environments. The framework establishes a decentralized, robust, and interoperable security layer for distributed SDN controllers. By utilizing the Ethereum blockchain with customized smart contract-based checks, the proposed approach enables mutual authentication among controllers, secures data exchange, and controls network access. The framework effectively mitigates common SDN threats such as distributed denial-of-service (DDoS), man-in-the-middle (MitM), false data injection, and unauthorized access. Experimental results highlight the practicality of the solution, achieving a stable throughput of approximately 20 transactions per second with an average authentication latency of 28-40 ms. These results demonstrate that the proposed framework not only enhances inter-controller communication security but also maintains the network performance, making it a reliable and scalable solution for real-world SDN deployments.","PeriodicalId":54224,"journal":{"name":"PeerJ Computer Science","volume":"11 ","pages":"e2914"},"PeriodicalIF":3.5000,"publicationDate":"2025-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12192836/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"PeerJ Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.7717/peerj-cs.2914","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/1/1 0:00:00","PubModel":"eCollection","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Software defined networking (SDN) increasingly integrates multiple controllers from diverse vendors to enhance network scalability, flexibility, and reliability. However, such heterogeneous deployments pose significant security threats, especially at the east-west interface which is connecting these controllers. Existing solutions are inadequate for ensuring robust protection across multi-vendor SDN environments as most of them are meant to a specific type of attacks, use centralized solution, or designed for homogeneous SDN environments. This study proposes a blockchain-based security framework to address existing security gaps within heterogeneous SDN environments. The framework establishes a decentralized, robust, and interoperable security layer for distributed SDN controllers. By utilizing the Ethereum blockchain with customized smart contract-based checks, the proposed approach enables mutual authentication among controllers, secures data exchange, and controls network access. The framework effectively mitigates common SDN threats such as distributed denial-of-service (DDoS), man-in-the-middle (MitM), false data injection, and unauthorized access. Experimental results highlight the practicality of the solution, achieving a stable throughput of approximately 20 transactions per second with an average authentication latency of 28-40 ms. These results demonstrate that the proposed framework not only enhances inter-controller communication security but also maintains the network performance, making it a reliable and scalable solution for real-world SDN deployments.

查看原文本刊更多论文

通过区块链增强异构SDN的东西接口安全性。

软件定义网络（SDN）越来越多地集成来自不同厂商的多个控制器，以增强网络的可扩展性、灵活性和可靠性。然而，这种异构部署带来了重大的安全威胁，特别是在连接这些控制器的东西接口上。现有的解决方案不足以确保跨多供应商SDN环境的强大保护，因为它们中的大多数都是针对特定类型的攻击，使用集中式解决方案，或者为同质SDN环境设计的。本研究提出了一个基于区块链的安全框架，以解决异构SDN环境中现有的安全漏洞。该框架为分布式SDN控制器建立了一个分散的、健壮的、可互操作的安全层。通过使用以太坊区块链和定制的基于智能合约的检查，所提出的方法可以实现控制器之间的相互认证，保护数据交换并控制网络访问。该框架有效缓解了DDoS （distributed denial-of-service）、MitM （man-in-the-middle）、虚假数据注入、未经授权访问等常见SDN威胁。实验结果突出了该解决方案的实用性，实现了大约每秒20个事务的稳定吞吐量，平均身份验证延迟为28-40 ms。这些结果表明，所提出的框架不仅提高了控制器间通信的安全性，而且保持了网络性能，使其成为实际SDN部署的可靠和可扩展的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

PeerJ Computer Science Computer Science-General Computer Science

CiteScore

6.10

自引率

5.30%

发文量

332

审稿时长

10 weeks

期刊介绍： PeerJ Computer Science is the new open access journal covering all subject areas in computer science, with the backing of a prestigious advisory board and more than 300 academic editors.