Skip to main content
SpringerLink
Log in

Achieving Data Security, Access Control and Authentication of Controllers in Hierarchical Software Defined Networking with Attribute Based Encryption

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11982))

Included in the following conference series:

  • 1072 Accesses

Abstract

Software defined networking (SDN) separates the data layer and the control layer to achieve logical centralization, scalability and programmability. In hierarchical software defined networking (HSDN), controllers are classified into the upper controller- Root Controller (RC) and the lower controller- Local Controller (LC) to improve the scalability of the network. HSDN effectively relieve the workload of controllers. However, the features of HSDN puts forward higher requirements of data privacy protection and access control. Because RC stores global network data, it must ensure authorized access and prevent the forged data. The attribute-based encryption scheme can provide fine-grained data access control and data privacy protection of controllers at the same time. When LC accesses data in RC, the algorithm of ciphertext-policy attribute-based encryption with identity authentication (CP-ABE-IA) is presented to protect the data privacy of RC and guarantee the legitimate access of LC. When LC sends message to RC, we propose an algorithm of key-policy attribute based signcryption for multi-access structures (KP-ABSC-MAS). KP-ABSC-MAS provides data privacy protection and verification as well as the authentication of LC.

Supported by the National Natural Science Foundation of China (61672299, 61972208, 61702281, and 61802200), The Natural Science Foundation of the Jiangsu Higher Education Institutions of China (16KJB520033), and in part by Postgraduate Research & Practice Innovation Program of Jiangsu Province.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Jingjing, Z., Di, C., Weiming, W., Rong, J., Xiaochun, W.: The deployment of routing protocols in distributed control plane of SDN. Sci. World J. 2014, 1–8 (2014)

    Google Scholar 

  2. Fu, Y., Bi, J., Gao, K., Chen, Z., Wu, J., Hao, B.: Orion: a hybrid hierarchical control plane of software-defined networking for large-scale networks. In: 2014 IEEE 22nd International Conference on Network Protocols, pp. 569–576. IEEE (2014)

    Google Scholar 

  3. Hassas Yeganeh, S., Ganjali, Y.: Kandoo: a framework for efficient and scalable offloading of control applications. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 19–24. ACM (2012)

    Google Scholar 

  4. Klaedtke, F., Karame, G. O., Bifulco, R., Cui, H.: Access control for SDN controllers. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 219–220. Citeseer (2014)

    Google Scholar 

  5. Mattos, D.M.F., Duarte, O.C.M.B.: AuthFlow: authentication and access control mechanism for software defined networking. Ann. Telecommun. 71(11–12), 607–615 (2016)

    Article  Google Scholar 

  6. Ranjbar, A., Komu, M., Salmela, P., Aura, T.: An SDN-based approach to enhance the end-to-end security: SSL/TLS case study. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 281–288. IEEE (2016)

    Google Scholar 

  7. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  8. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  9. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)

    Google Scholar 

  10. Kim, J., Susilo, W., Guo, F., Au, M. H., Nepal, S.: An efficient KP-ABE with short ciphertexts in prime ordergroups under standard assumption. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 823–834. ACM (2017)

    Google Scholar 

  11. Guo, F., Mu, Y., Susilo, W., Wong, D.S., Varadharajan, V.: CP-ABE with constant-size keys for lightweight devices. IEEE Trans. Inf. Forensics Secur. 9(5), 763–771 (2014)

    Article  Google Scholar 

  12. Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2013)

    Article  Google Scholar 

  13. Zheng, Y.: Signcryption and its applications in efficient public key solutions. In: Okamoto, E., Davida, G., Mambo, M. (eds.) ISW 1997. LNCS, vol. 1396, pp. 291–312. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0030430

    Chapter  Google Scholar 

  14. Xu, Q., Tan, C., Fan, Z., Zhu, W., Xiao, Y., Cheng, F.: Secure data access control for fog computing based on multi-authority attribute-based signcryption with computation outsourcing and attribute revocation. Sensors 18(5), 1609 (2018)

    Article  Google Scholar 

  15. Rao, Y.S., Dutta, R.: Expressive bandwidth-efficient attribute based signature and signcryption in standard model. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 209–225. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08344-5_14

    Chapter  Google Scholar 

  16. Wei, J., Hu, X., Liu, W.: Traceable attribute-based signcryption. Secur. Commun. Netw. 7(12), 2302–2317 (2014)

    Article  Google Scholar 

  17. Liu, X., Xia, Y., Sun, Z.: Provably secure attribute based signcryption with delegated computation and efficient key updating. KSII Trans. Internet Inf. Syst. 11(5), 2646–2659 (2017)

    Google Scholar 

  18. Armando, A., Ranise, S., Traverso, R., Wrona, K.: Compiling NATO authorization policies for enforcement in the cloud and SDNs. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 741–742. IEEE (2015)

    Google Scholar 

  19. Chaudhary, R., Aujla, G.S., Garg, S., Kumar, N., Rodrigues, J.J.: SDN-enabled multi-attribute-based secure communication for smart grid in IIoT environment. IEEE Trans. Ind. Inform. 14(6), 2629–2640 (2018)

    Article  Google Scholar 

  20. Riad, K.: Multi-authority trust access control for cloud storage. In: 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS), pp. 429–433. IEEE (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nanjing University of Posts and Telecommunications, Nanjing, 210003, China

    YuHua Xu & ZhiXin Sun

  2. Key Lab of Broadband Wireless Communication and Sensor Network Technology, Nanjing, 210003, China

    YuHua Xu & ZhiXin Sun

Authors
  1. YuHua Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. ZhiXin Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to ZhiXin Sun .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Beihang University, Beijing, China

    Xiao Zhang

  3. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, Y., Sun, Z. (2019). Achieving Data Security, Access Control and Authentication of Controllers in Hierarchical Software Defined Networking with Attribute Based Encryption. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11982. Springer, Cham. https://doi.org/10.1007/978-3-030-37337-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37337-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37336-8

  • Online ISBN: 978-3-030-37337-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation