论文信息 - OSCO: An Open Security-Enhanced Compatible OpenFlow Platform

OSCO: An Open Security-Enhanced Compatible OpenFlow Platform

Software-defined Networking (SDN) is a representative next generation network architecture, which allows network administrators to programmatically initialize, control, change and manage network behavior dynamically via open interfaces. However, SDN brings new security problems, e.g., controller hijacking, black-hole, unauthorized data modification, etc. It is desirable to develop a unified platfom to enhance the security property and facilitate the security configuration and evaluation. In this paper, we propose OSCO (Open Security-enhanced Compatible OpenFlow) platform, a platform based on Raspberry Pi Single Board Computer (SBC) hardware and SDN network architecture, which supports highly configurable cryptographic algorithm modules, security protocols, flexible hardware extensions and virtualized SDN networks. Furthermore, we present an enhanced OpenFlow protocol to improve the security in SDN data plane. We implement and evaluate the prototype system and the experiment results show that our system conducted security functions with relatively low computational and networking performance overheads.

Jianwei Liu | Mengmeng Wang | Jian Mao | Haosu Cheng | Jie Chen

[1] Andrei V. Gurtov,et al. Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[2] Paul Smith,et al. OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[3] Mabry Tyson,et al. A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[4] Jianwei Liu,et al. RouteGuardian: Constructing secure routing paths in software-defined networking , 2017 .

[5] Mabry Tyson,et al. FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[6] Nick McKeown,et al. A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[7] Nick McKeown,et al. OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[8] George F. Riley,et al. The ns-3 Network Simulator , 2010, Modeling and Tools for Network Simulation.

[9] Fernando M. V. Ramos,et al. Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[10] Kim-Kwang Raymond Choo,et al. Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[11] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .