Abstract
AbstractAttacks against the forwarding path could deviate data packets from the predefined route to achieve ulterior purposes, which has posed a serious threat to the software-defined network. Previous studies attempted to solve this security issue through complex authentication or traffic statistics methods. However, existing schemes have the disadvantages of high bandwidth overhead and high process delay. Hence, this article proposed a lightweight forwarding path verification mechanism based on P4 implementation. First, we deployed inband network telemetry to obtain path information, and then performed the path verification inside each hop in the programmable data plane to ensure that various attacks against forwarding paths could be intercepted. Finally, complete path verification information would convey to the control plane for backup. Corresponding experimental results demonstrate that our mechanism can effectively improve the security of the packet forwarding path with acceptable throughput and delay.KeywordsPath verificationSDNP4INT
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
