Software-defined networking (SDN) achieves flexible and efficient network management by decoupling control plane from the data plane, where the controller with a global network view is responsible for planning routing for packets. However, the centralized design makes the controller become a potential bottleneck, and adversaries can exploit this vulnerability to launch distributed denial-of-service (DDoS) attacks to the controller. Existing solutions are fundamentally based forged traffic analysis, increasing computational cost and being prone to produce false positives. This paper proposes a safeguard scheme (SGS) for protecting control plane against DDoS attacks, and the main characteristic of SGS is deploying multicontroller in control plane through the controller's clustering. SGS procedures are organized in two modules: anomaly traffic detection and controller dynamic defense. Anomaly traffic detection focuses on switches in data plane to distinguish forged flows from legitimate ones by innovatively adopting four-tuple feature vector. Controller dynamic defense mitigates DDoS attacks' effects on control plane by remapping controller and sending the access control message to switches. The simulation results demonstrate the efficiency of our proposed SGS with real-time DDoS attack defense and high detection accuracy, as well as high-efficiency network resource utilization. INDEX TERMS Software-defined networking, multi-controller, DDoS, network security, anomaly traffic detection.
With the rapid development of the industrial Internet of Things (IIoT) and cloud computing, an increasing number of companies outsource their data to cloud servers to save costs. To protect data privacy, sensitive industrial data must be encrypted before being outsourced to cloud servers. A multiuser searchable encryption (MUSE) scheme was introduced to ensure high efficiency of encrypted data retrieval. In an IIoT system with numerous users, the existing MUSE schemes suffer from certain key exposure problems owing to the limited key protection of smart devices and frequent queries by users. In this study, we propose a parallel key-insulated MUSE scheme for IIoT. This scheme utilizes broadcast encryption technology to implement MUSE. In addition, our scheme introduces a keyinsulated primitive to improve the tolerance to key exposure. The security of our scheme is proved in the random oracle model. The experimental results show that our scheme achieves high computational efficiency.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.