Toward a Trust-Based Authentication Framework of Northbound Interface in Software Defined Networking

Duy, Phan The; Hien, Do Thi Thu; Vuong, Nguyen Van; Au, Nguyen Ngoc Hai; Pham, Van-Hau

doi:10.1007/978-3-030-30149-1_22

Cited by 4 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several studies have been conducted to enhance the security of the northbound interface and ensure secure communications between the application and SDN controller. Most of the proposed solutions can be classified as centralized-based solutions [4,6,7,12,[19][20][21][22][23][24][25][26] or blockchainbased solutions [14,[27][28][29][30][31][32].…”

Section: Related Workmentioning

confidence: 99%

“…Phan The Duy et al [7] have introduced a Trust Trident authentication framework for securing NBIs. The framework provides services of AAA mechanisms based on the centralization model in order to secure the communications between the application and SDN controller against malicious applications.…”

Section: Centralized-based Solutionsmentioning

confidence: 99%

“…In this policy, the application is blocked and its trust level is considered to be malicious if the number of unauthorized HTTP requests exceeds eleven times. Set according to [7], the threshold can be tolerated to some extent, as some over-privileged requests caused by mistaken and illegitimate Read permissions cannot amend the state of the network, compared to Write permissions.…”

Section: Set Blockchain Apimentioning

confidence: 99%

“…Network policies can be implemented by the SDN applications that communicate with the SDN controller through northbound interfaces. REST APIs are widely used by most SDN controllers in the northbound interface [1,2,[4][5][6][7]. Accordingly, we use a REST API as a means of communication between the application plane and the SDN controller.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

BCNBI: A Blockchain-Based Security Framework for Northbound Interface in Software-Defined Networking

et al. 2022

View full text Add to dashboard Cite

Software-defined networking (SDN) has emerged as a flexible and programmable network architecture that takes advantage of the benefits of global visibility and centralized control over a network. One of the main properties of the SDN architecture is the ability to offer a northbound interface (NBI), which enables network applications to access the SDN controller resources. However, the NBI can be compromised by a malicious application due to the lack of standardization and security aspects in the most current NBI designs. Therefore, in this paper, we propose a novel comprehensive security solution for securing the application–controller interface, named BCNBI. We propose a controller-independent lightweight blockchain architecture and exploit the security features of blockchain while limiting the blockchain’s computational overhead. BCNBI automatically verifies application and SDN controller credentials through token-based authentication. The proposed solution enforces fine-grained access control for each application’s API request and classifies the permission set into strict and normal policies, in order to add an extra level of security. In addition, the trustworthiness of applications is evaluated in order to prevent malicious activities. We implemented our blockchain-based solution to analyze its security, based on the confidentiality–integrity–availability model criteria, and evaluated the introduced overhead in terms of processing time and packet overhead. The experimental results demonstrate that the BCNBI can effectively secure the NBI, based on the fundamental security goals, while introducing insignificant overhead.

show abstract