Abstract
Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network’s resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Pujolle, G.: Software Networks Virtualization, SDN, 5G and Security. ISTE Ltd. and Wiley, London and New York (2015)
Kreutz, D., Ramos, F.M.V., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103, 14–76 (2015)
Astuto, B.N., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Comm. Surv. Tutor. 16, 1617–1634 (2014)
The Open Networking Foundation, OpenFlow Switch Specification (2015). https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf
Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Commun. Surv. Tutor. 16(4), 2181–2206 (2014)
Lara, A., Kolasani, A., Ramamurthy, B.: Network innovation using OpenFlow: a survey. IEEE Comm. Surv. Tutor. 16, 493–512 (2014)
Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. IEEE Commun. Surv. Tutor. 17(4), 2317–2346 (2015)
Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)
Local and Metropolitan Area Networks’ Port-Based Network Access Control, IEEE Standard 802.1x (2010)
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP), RFC 3748 (Proposed Standard) (2004). http://www.ietf.org/rfc/rfc3748.txt
Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote Authentication Dial In User Service (RADIUS), RFC 2865 (Draft Standard) (2000). http://www.ietf.org/rfc/rfc2865.txt
Fajardo, V., Arkko, J., Loughney, J., Zorn, G.: Diameter Base Protocol, RFC 6733 (Proposed Standard) (2012). http://www.ietf.org/rfc/rfc6733.txt
Jeong, C., Ha, T., Narantuya, J., Lim, H., Kim, J.: scalable network intrusion detection on virtual SDN environment. In: 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet), pp. 264–265, Luxembourg (2014)
Francois, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. (TON) 20, 1828–1841 (2012)
Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., Zhang, Z.: Enabling security functions with SDN: a feasibility study. Comput. Netw. 85(1389–1286), 19–35 (2015)
Nife, F., Kotulski, Z.: Multi-level stateful firewall mechanism for software defined networks. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds.) CN 2017. CCIS, vol. 718, pp. 271–286. Springer, Cham (2017)
Zerkane, S., Espes, D., Le Parc, P., Cuppens, F.: Software defined networking reactive stateful firewall. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 119–132. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33630-5_9
Pena, J.G., Yu, W.E.: Development of a distributed firewall using software defined networking technology. In: 4th IEEE International Conference on Information Science and Technology, pp. 449–452, Shenzhen, China (2014)
Casado, M., Freedman, M.J., Pettit, J., Luo, J., McKeown, N., Shenker, S.: Ethane: taking control of the enterprise. In: ACM SIGCOMM, Kyoto, Japan, pp. 1–12 (2007)
Nayak, A., Reimers, A., Feamster, N., Clark, R.: Resonance: dynamic access control for enterprise networks. In: Workshop: Research on Enterprise Networking (WREN), Barcelona, Spain (2009)
Dangovas, V., Kuliesius, F.: SDN-driven authentication and access control system. In: The International Conference on Digital Information, Networking, and Wireless Communications (DINWC). Society of Digital Information and Wireless Communication, pp. 20–23 (2014)
Kuliesius, F., Dangovas, V.: SDN enhanced campus network authentication and access control system. In: 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 894–899 (2016)
Mattos, D.M.F., Ferraz, L.H.G., Duarte, O.C.M.B.: AuthFlow: authentication and access control mechanism for software defined networking. Ann. Telecommun. 71(11), 607–615 (2016). https://doi.org/10.1007/s12243-016-0505-z. ISSN 0003–4347
Matias, J., Garay, J., Mendiola, A., Toledo, N., Jacob, E.: FlowNAC: flow-based network access control. In: Third European Workshop on Software-Defined Networks (EWSDN), Budapest, Hungary, pp. 79–84 (2014)
Yakasai, S.T., Guy, C.G.: Flowidentity: software-defined network access control. In: IEEE Conference on Network Function Virtualization and Software Defined Network, pp. 115–120 (2015)
Malinen, J.: Hostapd: IEEE 802.11 AP, IEEE 802.1x/WPA/WPA2/EAP/RADIUS Authenticator. https://w1.fi/hostapd/
Green, K., Junghyun, A., Keecheon, K.: A study on authentication mechanism in SEaaS for SDN. In: IMCOM 2017, Beppu, Japan (2017)
Hauser, F., Schmidt, M., Menth, M.: Establishing a session database for SDN using 802.1x and multiple authentication resources. In: IEEE ICC 2017 SAC Symposium SDN & NFV Track, pp. 1–7 (2017)
Heller, B. Sherwood, R., McKeown, N.: The controller placement problem. In: First Workshop on Hot Topics in Software Defined Networks, ser. HotSDN 2012, pp. 7–12. ACM, New York (2012)
Kreutz, D., Ramos, F.M., Verissimo, P.: Towards secure and dependable software-defined networks. In: Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ser. HotSDN 2013, pp. 55–60. ACM, New York (2013)
FreeRADIUS, FreeRADIUS project. https:freeradius.org/
POX Controller, POX wiki. https://openflow.stanford.edu/display/ONL/POX+Wiki
Mininet: An Instant Virtual Network on your Laptop (or another PC). http://mininet.org
O.vSwitch, Open vSwitch - Production Quality, Multilayer Open Virtual Switch. http://openvswitch.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Nife, F., Kotulski, Z. (2018). New SDN-Oriented Authentication and Access Control Mechanism. In: Gaj, P., Sawicki, M., Suchacka, G., Kwiecień, A. (eds) Computer Networks. CN 2018. Communications in Computer and Information Science, vol 860. Springer, Cham. https://doi.org/10.1007/978-3-319-92459-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-92459-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92458-8
Online ISBN: 978-3-319-92459-5
eBook Packages: Computer ScienceComputer Science (R0)