Haosu Cheng scite author profile

Software-Defined Networking (SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However, traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose RouteGuardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, RouteGuardian supports dynamic routing reconfiguration according to the latest network status. We prototyped RouteGuardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.

show abstract

OSCO: An Open Security-Enhanced Compatible OpenFlow Platform

Cheng

Liu

Mao

et al. 2018

View full text Add to dashboard Cite

A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN

Cheng

Liu

Mao

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Software-defined networking (SDN) is a representative next generation network architecture, which allows network administrators to programmatically initialize, control, change, and manage network behavior dynamically via open interfaces. SDN is widely adopted in systems like 5G mobile networks and cyber-physical systems (CPS). However, SDN brings new security problems, e.g., controller hijacking, black-hole, and unauthorized data modification. Traditional firewall or IDS based solutions cannot fix these challenges. It is also undesirable to develop security mechanisms in such an ad hoc manner, which may cause security conflict during the deployment procedure. In this paper, we propose OSCO (Open Security-enhanced Compatible OpenFlow) platform, a unified, lightweight platform to enhance the security property and facilitate the security configuration and evaluation. The proposed platform supports highly configurable cryptographic algorithm modules, security protocols, flexible hardware extensions, and virtualized SDN networks. We prototyped our platform based on the Raspberry Pi Single Board Computer (SBC) hardware and presented a case study for switch port security enhancement. We systematically evaluated critical security modules, which include 4 hash functions, 8 stream/block ciphers, 4 public-key cryptosystems, and key exchange protocols. The experiment results show that our platform performs those security modules and SDN network functions with relatively low computational (extra 2.5% system overhead when performing AES-256 and SHA-256 functions) and networking performance overheads (73.7 Mb/s TCP and 81.2Mb/s UDP transmission speeds in 100Mb/s network settings).

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Haosu Cheng

Machine learning based low-rate DDoS attack detection for SDN enabled IoT networks

RouteGuardian: Constructing secure routing paths in software-defined networking

OSCO: An Open Security-Enhanced Compatible OpenFlow Platform

A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN

Contact Info

Product

Resources

About