Author
Kalkan, Kubra, Latah, Majd
Publication Date
2024-05-10
Publication Place
-
Springer Nature
Subject
Security protocol, Authentication, Host security, Sdn security, Blockchain (bc), Software defined networking (sdn)
Type
Periodical
Language
English
Digital
Yes
Manuscript
No
Library
Özyeğin University
Library Asset ID
1936-6442
Record ID
70a6b863-4756-41e7-8b04-868a0ef0b2ce
Library Location
Computer Science
Date
2024-05-10
Sample Text
Software defined networking (SDN) is a novel networking paradigm that aims to achieve global management for the underlying forwarding plane based on its centralization concept. Unfortunately, the newly designed paradigm does not consider security issues related to unauthenticated and unauthorized activities across various SDN layers. Recently, blockchain (BC) technology has proven successful in providing a decentralized, immutable, and fault tolerant ledger. In this study, we take advantage of blockchain characteristics to provide mutual host-controller, PacketIn/PacketOut and host-host authentication methods. We also provide secure Address Resolution Protocol (ARP) and Identity Resolution Protocol (IRP) to protect layer 3 and layer 2 of the SDN network. In addition, both SDN hosts and controllers utilize lattice-based signatures based on Dilithium scheme and Key Encapsulation Methods (KEMs) based on Kyber scheme to provide protection against quantum adversaries. We also compare our work with AuthFlow (Mattos and Duarte in Ann Telecommun 71:607-615, 2016). The results show that HostSec is more secure than AuthFlow due to its ability to detect both host-based and switch-based PacketIn attacks and also reduces the load on the SDN controller. Overall, the experimental results suggest a trade-off between improved security and lower latency.
DOI
10.1007/s12083-024-01714-x
Cilt
17
