CACS: A Context-Aware and Anonymous Communication Framework for an Enterprise Network Using SDN

Abstract

The emergence of software-defined networking (SDN) has revolutionized the management of an enterprise network. The SDN-based design provides flexibility in network management, which spans over multiple applications, e.g., routing, switching, forwarding, and controlling. It reduces the reliance on vendor-specific devices and middlebox solutions, such as firewalls, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), etc. Furthermore, due to the integration of different technologies, privacy is one of the core issues faced by the enterprise. Host anonymity is one of the techniques to safeguard against privacy attacks; however, the existing anonymization solutions provide better anonymity, but at the cost of higher latency and are most suited for Internet traffic. To tackle this issue in an enterprise network, we propose an SDN-based communication framework using enterprise integration patterns (EIPs) that offers anonymous communication in an enterprise environment. Host anonymity is achieved by replacing the real IP address with the spoofed IP address during the transmission of data packets inside the network. Unlike the traditional networks, SDN can modify the header fields of packets as they traverse in the network from the source to the destination. In addition to the host anonymity, this framework also provides context-aware communication by leveraging the SDN global visibility characteristic, where application services are discoverable on the network without disclosing the addresses of the application servers. Moreover, context-aware services enable network traffic to be routed based on the application-layer services rather than the network-layer information. In the end, evaluation of the proposed framework is carried out with respect to the performance of anonymous communication, computational complexity, and security of the complete proposed framework. In addition, we also highlighted that the proposed framework is more suitable for heterogeneous network environments such as Internet of Things-based solutions.