Abstract
Software-defined Networking (SDN) is a representative next generation network architecture, which allows network administrators to programmatically initialize, control, change and manage network behavior dynamically via open interfaces. However, SDN brings new security problems, e.g., controller hijacking, black-hole, unauthorized data modification, etc. It is desirable to develop a unified platfom to enhance the security property and facilitate the security configuration and evaluation. In this paper, we propose OSCO (Open Security-enhanced Compatible OpenFlow) platform, a platform based on Raspberry Pi Single Board Computer (SBC) hardware and SDN network architecture, which supports highly configurable cryptographic algorithm modules, security protocols, flexible hardware extensions and virtualized SDN networks. Furthermore, we present an enhanced OpenFlow protocol to improve the security in SDN data plane. We implement and evaluate the prototype system and the experiment results show that our system conducted security functions with relatively low computational and networking performance overheads.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Crypto++ Library. http://www.cryptopp.com/
Floodlight Controller. http://www.projectfloodlight.org/
NOX Controller. http://www.noxrepo.org/
OpenSSL. http://www.openssl.org/
Open vSwitch. http://www.openvswitch.org/
Pairing-Based Cryptography Library. http://crypto.stanford.edu/pbc/
Ubuntu MATE. http://ubuntu-mate.org/
Wireshark. http://www.woreshark.org/
Raspberry Pi Hardware Specification (2011). http://www.raspberrypi.org/documentation/hardware/
Open Networking Foundation (2015). https://www.opennetworking.org/
Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. IEEE Commun. Surv. Tutor. 17(4), 2317–2346 (2015)
Kloti, R., Kotronis, V., Smith, P.: Openflow: a security analysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP), pp. 1–6. IEEE (2013)
Kohl, J.: The Kerberos network authentication service (V5). RFC 7(3), 167 (1993)
Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19. ACM (2010)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for openflow networks, pp. 121–126 (2012)
Riley, G.F., Henderson, T.R.: The \(ns\)-3 network simulator. In: Wehrle, K., Güneş, M., Gross, J. (eds.) Modeling and Tools for Network Simulation, pp. 15–34. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12331-3_2
Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: Fresco: modular composable security services for softwaredefined networks. In: Proceedings of Network and Distributed Security Symposium (2013)
Wang, M., Liu, J., Mao, J., Cheng, H., Chen, J., Qi, C.: Routeguardian: Constructing secure routing paths in software-defined networking. Tsinghua Sci. Technol. 22(4), 400–412 (2017)
Acknowledgment
This work was supported in part by the National Key R&D Program of China (No. 2017YFB1400700), the National Natural Science Foundation of China (No. 61402029, U17733115), the National Natural Science Foundation of China (No. 61379002, No. 61370190), and the Funding Project of Education Ministry for the Development of Liberal Arts and Social Sciences (No. 12YJAZH136).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Cheng, H., Liu, J., Mao, J., Wang, M., Chen, J. (2018). OSCO: An Open Security-Enhanced Compatible OpenFlow Platform. In: Chellappan, S., Cheng, W., Li, W. (eds) Wireless Algorithms, Systems, and Applications. WASA 2018. Lecture Notes in Computer Science(), vol 10874. Springer, Cham. https://doi.org/10.1007/978-3-319-94268-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-94268-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94267-4
Online ISBN: 978-3-319-94268-1
eBook Packages: Computer ScienceComputer Science (R0)