Secure Software-Defined Networking Based on Blockchain (1906.04342v1)

Abstract: Software-Defined Networking (SDN) separates the network control plane and data plane, which provides a network-wide view with centralized control (in the control plane) and programmable network configuration for data plane injected by SDN applications (in the application plane). With these features, a number of drawbacks of the traditional network architectures such as static configuration, non-scalability and low efficiency can be effectively avoided. However, SDN also brings with it some new security challenges, such as single-point failure of the control plane, malicious flows from applications, exposed network-wide resources and a vulnerable channel between the control plane and the data plane. In this paper, we design a monolithic security mechanism for SDN based on Blockchain. Our mechanism decentralizes the control plane to overcome single-point failure while maintaining a network-wide view. The mechanism also guarantees the authenticity, traceability, and accountability of application flows, and hence secures the programmable configuration. Moreover, the mechanism provides a fine-grained access control of network-wide resources and a secure controller-switch channel to further protect resources and communication in SDN.