Abstract
Compared with the classical structure with only one controller in software-defined networking (SDN), multi-controller topology structure in SDN provides a new type of cross-domain forwarding network architecture with multiple centralized controllers and distributed forwarding devices. However, when the network includes multiple domains, lack of trust among the controllers remains a challenge how to verify the correctness of cross-domain forwarding behaviors in different domains. In this paper, we propose a novel secure multi-controller rule enforcement verification (BlockREV) mechanism in SDN to guarantee the correctness of cross-domain forwarding. We first adopt blockchain technology to provide the immutability and privacy protection for forwarding behaviors. Furthermore, we present an address-based aggregate signature scheme with appropriate cryptographic primitives, which is provably secure in the random oracle model. Moreover, we design a verification algorithm based on hash values of forwarding paths to check the consistency of forwarding order. Finally, experimental results demonstrate that the proposed BlockREV mechanism is effective and suitable for multi-controller scenarios in SDN.
Highlights
Software-defined networking (SDN) is more agile by means of network programming [1]
Compared with the classical SDN network with only one controller, multi-controller framework can provide a new type of cross-domain forwarding network architecture with multiple centralized controllers and distributed forwarding devices and has more benefits of flexibility and scalability
To address the above challenges, we propose a novel secure multi-controller rule enforcement verification (BlockREV) mechanism in SDN to guarantee the correctness of cross-domain forwarding
Summary
Software-defined networking (SDN) is more agile by means of network programming [1]. With the development of edge computing and artificial intelligence (AI) technology, AIenabled SDN provides users with a variety of applications [2]. Execution result of cross-domain forwarding functionality in SDN is a critical factor determining the quality of service (QoS), which motivates us to study multi-controller rule enforcement verification in SDN in this paper. The existing studies in [18,19,20] resorted to the blockchain technology to record all network events, the design of multicontroller rule enforcement verification models still has some challenges when we combine SDN with cryptography and blockchain technology: (i) how to improve the synergistic effect between centralization in SDN and decentralization on blockchain network to optimize network efficiency and security; (ii) how to design the verification scheme to be more efficient and accurate; and (iii) how to protect the privacy of entities and flows on the forwarding path. To address the above challenges, we propose a novel secure multi-controller rule enforcement verification (BlockREV) mechanism in SDN to guarantee the correctness of cross-domain forwarding. A provably secure aggregate signature scheme is designed by cryptography primitive technology to guarantee the effective verification accuracy of multi-controller rule executions.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
