Abstract
In software-defined network (SDN), the southbound protocol defines the communication between the control plane and the data plane. The agreed protocol, OpenFlow, suggests securing the southbound communication with Transport Layer Security (TLS). However, most current SDN projects do not implement the security segment, with only a few exceptions such as OpenDayLight, HP VAN SDN, and ONOS implementing TLS in the southbound communication. From the telecommunication providers’ perspective, one of the major SDN consumers besides data centers, the data plane becomes much more complicated with the addition of wireless data plane as it involves numerous wireless technologies. Therefore, the complicated resource management along with the security of such a data plane can hinder the migration to SDN. In this paper, we propose securing the distributed SDN communication with a multidomain capable Identity-Based Cryptography (IBC) protocol, particularly for the southbound and wireless data plane communication. We also analyze the TLS-secured Message Queuing Telemetry Transport (MQTT) message exchanges to find out the possible bandwidth saved with IBC.
Highlights
Software-defined network (SDN) is a new network technology that separates the intelligence of the network by decoupling the control and data planes
Our contributions are listed in detail as follows: (1) We described the security risks involved in SDN and its data plane as well as the reasons it needs to be protected
(5) We described the application of Identity-Based Cryptography (IBC) in helping the communication within the data plane and an analysis to show the possible bandwidth saved with IBC
Summary
Software-defined network (SDN) is a new network technology that separates the intelligence of the network by decoupling the control and data planes. The SDN controllers currently available are vendor specific as those of the time of writing They have neither the agreed east/west-bound protocols nor the security for them, with Open Network Operating System (ONOS) being the exception [7]. In order to minimize the effect following the compromise of a single controller in the distributed SDN, the east/west-bound communication has to be protected. If it is left unprotected, the malicious controller will have the ability to manipulate all other controllers in the entire network. In order to protect the network from being driven by a malicious controller or to prevent a malicious switch or network device from obtaining any network information, the southbound communication must be operated in a secure channel.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
