Abstract
Multicontroller software‐defined networks have been widely adopted to enable management of large‐scale networks. However, they are vulnerable to several attacks including false data injection, which creates topology inconsistency among controllers. To deal with this issue, we propose BMC‐SDN, a security architecture that integrates blockchain and multicontroller SDN and divides the network into several domains. Each SDN domain is managed by one master controller that communicates through blockchain with the masters of the other domains. The master controller creates blocks of network flow updates, and its redundant controllers validate the new block based on a proposed reputation mechanism. The reputation mechanism rates the controllers, i.e., block creator and voters, after each voting operation using constant and combined adaptive fading reputation strategies. The evaluation results demonstrate a fast and optimal detection of fraudulent flow rule injection.
Highlights
Software-defined networks (SDNs) [1] have been widely deployed in many application fields, as they replace the conventional TCP/IP architecture with another one that decouples the networking devices from their control management
Multicontroller softwaredefined network (SDN) could be targeted by several attacks [4,5,6], including false data injection, where a compromised controller sends fraudulent flow information to other controllers. This could cause routing malfunctions, routing loops, and incorrect functionality of firewalls. To deal with this issue, we propose a security architecture that integrates blockchain technology with multicontroller SDN
In Based Multicontroller SoftwareDefined Network (BMC-SDN), we focus on the security of the control layer and the east-west communication of this layer
Summary
Software-defined networks (SDNs) [1] have been widely deployed in many application fields, as they replace the conventional TCP/IP architecture with another one that decouples the networking devices from their control management. Multicontroller SDN could be targeted by several attacks [4,5,6], including false data injection, where a compromised controller sends fraudulent flow information to other controllers This could cause routing malfunctions, routing loops, and incorrect functionality of firewalls. From [7] that deploys many controllers for fault-tolerance purposes, our architecture is aimed at ensuring a secure and trustworthy intercontroller communication To this end, the proposed architecture considers a master controller and redundant controllers for each network domain. The architecture integrates a reputation mechanism that rates the controllers after each voting operations using constant and adaptive fading reputation strategies In this way, malicious master controllers and redundant controllers that provide incorrect voting will be detected.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callSimilar Papers
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
