Abstract
Software defined network(SDN) one of most popular and influential technique is an emerging network architecture. It has attracted great attention to reform its performance and extend its applications in recent years. Although this new architecture provides all parties with a common programming environment to drive differentiation, almost all studies focus on efficiency and utility. Few efforts have been made to enforce authentications or access control in SDN. In this paper, we propose a hierarchical attribute-based access control scheme by incorporating the hierarchical identity based encryption and cipherpolicy attribute based encryption(CP-ABE) system. Combing the hierarchical structure and the characteristic inherited from CP-ABE, the prosed scheme gains not only scalability, but also flexibility and fine-gained access control. Based on this we then present an authentication protocol for this special architecture to enhance the ability of controllers in SDN for managing the users, devices and data flows flexibly.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mckeown, N., Anderson, T., Balakrishnan, H., et al.: OpenFlow: Enabling Innovation in Campus Networks. ACM SIGCOMM Computer Communication Review 38(2), 69074 (2008)
Yang, L., Dantu, R., Anderson, T., Gopal, R.: IETF RFC 3746 (April 2004)
Jain, S., Kumar, A., Mandal, S., et al.: B4: Experience with a Globally-Deployed Software Defined WAN. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, August 12-16, pp. 3–19 (2013)
http://www.sdncentral.com/news/sdn-nfv-technology-trends-watch-2014/2014/01/
Hartman, S., Wasserman, M.: Security Requirements in the Software Defined Networking Model (2012), http://tools.ietf.org/html/draft-hartman-sdnsec-requirements-00
OpenFlow switch Consortium. OpenFlow Specification V1.0 (2013), http://www.openflow.org/
Benton, K.L., Camp, J., Small, C.: OpenFlow Vulnerability Assessment. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151–152. ACM (2013)
Casado, M., Freedman, M.J., Pettit, J., Luo, J., Mckeown, N., Ethane, S.S.: Taking control of the enterprise. In: Proceeding of SIGCOMM 2007, Proceedings of the 2007 Conference on Applications,Technologies, Architectures, and Protocols for Computer Communications, pp. 1–12 (2007)
Koponen, T., Casado, M., Gude, N., Stribling, J., et al.: Onix: a distributed control platform for large-scale production networks. In: Proceedings of the 9th USENIX Conference on Operating Systems Designing and Implemention (2010)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 22(11), 770–772 (1981)
Peyravian, M., Zunic, N.: Methods for protecting password transmission. Computers and Security 19(5), 466–469 (2000)
Chen, X., Feng, D.: Direct Anonymous Attestation Based on Bilinear Maps. Journal of Software 21(8), 2070–2078 (2010)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, pp. 132–145 (2004)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceeding of ACM Conference on Computer and Communications Security, pp. 89–98 (2006)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007)
Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute based encryption. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 579–591. Springer, Heidelberg (2008)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Computers & security 30(5), 320–331 (2011)
Wan, Z., Liu, J., Deng, R.H.: HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. IEEE Transactions on Information Forensics and Security 7(2), 743–754 (2012)
Beimel, A.: Secure Schemes for Secret Sharing and Key Distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)
Yu, S., Wang, C., Ren, K., Lou, W.: Achiving secure, scalable, and fine-grained data access control in cloud computing. In: Proceeding of IEEE INFOCOM 2010, pp. 1–9 (March 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Shuangyu, H., Jianwei, L., Jian, M., Jie, C. (2014). Hierarchical Solution for Access Control and Authentication in Software Defined Networks. In: Au, M.H., Carminati, B., Kuo, CC.J. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 8792. Springer, Cham. https://doi.org/10.1007/978-3-319-11698-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-11698-3_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11697-6
Online ISBN: 978-3-319-11698-3
eBook Packages: Computer ScienceComputer Science (R0)