Publication:
DPSec: A blockchain-based data plane authentication protocol for SDNs

Placeholder

Institution Authors

Research Projects

Organizational Unit

Journal Title

Journal ISSN

Volume Title

Type

Conference paper

Access

info:eu-repo/semantics/restrictedAccess

Publication Status

Published

Journal Issue

Abstract

Software-Defined Networking (SDN) is a promising networking architecture that enables central management along with network programmability. However, SDN brings additional security threats due to untrusted control and data planes. In this work, we focus on authenticating SDN's data plane since it can be exploited to attack SDN's control plane. As a result, the whole SDN network will be paralysed. On the other hand, Blockchain (BC) can be utilized to provide more secure data plane by introducing a fault-tolerant, decentralized and secure ledger without relying on any trusted third-party intermediaries. To this end, in this work we propose, DPSec, a consortium BC-based protocol for authenticating SDN's data plane including SDN switches and hosts. We also provide a proof-of-concept that demonstrates the applicability and feasibility of our protocol in SDNs. Finally, we present a security analysis that shows how DPSec can address several attacks against SDNs including CVE-2018-1000155 vulnerability [1] that targets SDN controllers due to the untrusted data plane.

Date

2020-11-02

Publisher

IEEE

Description

Keywords

Citation

Collections


Page Views

0

File Download

0