New SDN-Oriented Authentication and Access Control Mechanism

Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network’s resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

[1]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[2]  Scott Shenker,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM.

[3]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[4]  Frédéric Cuppens,et al.  Software Defined Networking Reactive Stateful Firewall , 2016, SEC.

[5]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[6]  Huseyin Selcuk Ozturk,et al.  Evaluation of Secure 802.1X Port-Based Network Access Authentication Over 802.11 Wireless Local Area Networks , 2003 .

[7]  Zonghua Zhang,et al.  Enabling security functions with SDN: A feasibility study , 2015, Comput. Networks.

[8]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[9]  Green Kim,et al.  A study on authentication mechanism in SEaaS for SDN , 2017, IMCOM.

[10]  Vainius Dangovas,et al.  SDN enhanced campus network authentication and access control system , 2016, 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN).

[11]  Byrav Ramamurthy,et al.  Network Innovation using OpenFlow: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[12]  Rob Sherwood,et al.  The controller placement problem , 2012, HotSDN@SIGCOMM.

[13]  William Emmanuel Yu,et al.  Development of a distributed firewall using software defined networking technology , 2014, 2014 4th IEEE International Conference on Information Science and Technology.

[14]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[15]  Mark Schmidt,et al.  Establishing a session database for SDN using 802.1X and multiple authentication resources , 2017, ICC 2017.

[16]  JongWon Kim,et al.  Scalable network intrusion detection on virtual SDN environment , 2014, 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet).

[17]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[18]  Nerea Toledo,et al.  FlowNAC: Flow-based Network Access Control , 2014, 2014 Third European Workshop on Software Defined Networks.

[19]  Vainius Dangovas,et al.  SDN-Driven Authentication and Access Control System , 2014 .

[20]  Zbigniew Kotulski,et al.  Multi-level Stateful Firewall Mechanism for Software Defined Networks , 2017, CN.

[21]  Russell J. Clark,et al.  Resonance: dynamic access control for enterprise networks , 2009, WREN '09.

[22]  Dianxiang Xu,et al.  Security of Software Defined Networks: A survey , 2015, Comput. Secur..

[23]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[24]  Guy Pujolle Software Networks: Virtualization, SDN, 5G and Security , 2015 .

[25]  Sadiq T. Yakasai,et al.  FlowIdentity: Software-defined network access control , 2015, 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN).

[26]  Otto Carlos Muniz Bandeira Duarte,et al.  AuthFlow: authentication and access control mechanism for software defined networking , 2016, Ann. des Télécommunications.