nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

New SDN-Oriented Authentication and Access Control Mechanism

verfasst von : Fahad Nife, Zbigniew Kotulski

Erschienen in: Computer Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network’s resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel On Improving Communication System Performance in Some Virtual Private Networks

Nächstes Kapitel Full Network Coverage Monitoring Solutions – The netBaltic System Case

Pujolle, G.: Software Networks Virtualization, SDN, 5G and Security. ISTE Ltd. and Wiley, London and New York (2015)

Kreutz, D., Ramos, F.M.V., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103, 14–76 (2015)CrossRef

Astuto, B.N., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Comm. Surv. Tutor. 16, 1617–1634 (2014)CrossRef

The Open Networking Foundation, OpenFlow Switch Specification (2015). https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf

Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Commun. Surv. Tutor. 16(4), 2181–2206 (2014)CrossRef

Lara, A., Kolasani, A., Ramamurthy, B.: Network innovation using OpenFlow: a survey. IEEE Comm. Surv. Tutor. 16, 493–512 (2014)CrossRef

Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. IEEE Commun. Surv. Tutor. 17(4), 2317–2346 (2015)CrossRef

Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)CrossRef

Local and Metropolitan Area Networks’ Port-Based Network Access Control, IEEE Standard 802.1x (2010)

10.

Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP), RFC 3748 (Proposed Standard) (2004). http://www.ietf.org/rfc/rfc3748.txt

11.

Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote Authentication Dial In User Service (RADIUS), RFC 2865 (Draft Standard) (2000). http://www.ietf.org/rfc/rfc2865.txt

12.

Fajardo, V., Arkko, J., Loughney, J., Zorn, G.: Diameter Base Protocol, RFC 6733 (Proposed Standard) (2012). http://www.ietf.org/rfc/rfc6733.txt

13.

Jeong, C., Ha, T., Narantuya, J., Lim, H., Kim, J.: scalable network intrusion detection on virtual SDN environment. In: 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet), pp. 264–265, Luxembourg (2014)

14.

Francois, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. (TON) 20, 1828–1841 (2012)CrossRef

15.

Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., Zhang, Z.: Enabling security functions with SDN: a feasibility study. Comput. Netw. 85(1389–1286), 19–35 (2015)CrossRef

16.

Nife, F., Kotulski, Z.: Multi-level stateful firewall mechanism for software defined networks. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds.) CN 2017. CCIS, vol. 718, pp. 271–286. Springer, Cham (2017)CrossRef

17.

Zerkane, S., Espes, D., Le Parc, P., Cuppens, F.: Software defined networking reactive stateful firewall. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 119–132. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33630-5_9CrossRef

18.

Pena, J.G., Yu, W.E.: Development of a distributed firewall using software defined networking technology. In: 4th IEEE International Conference on Information Science and Technology, pp. 449–452, Shenzhen, China (2014)

19.

Casado, M., Freedman, M.J., Pettit, J., Luo, J., McKeown, N., Shenker, S.: Ethane: taking control of the enterprise. In: ACM SIGCOMM, Kyoto, Japan, pp. 1–12 (2007)CrossRef

20.

Nayak, A., Reimers, A., Feamster, N., Clark, R.: Resonance: dynamic access control for enterprise networks. In: Workshop: Research on Enterprise Networking (WREN), Barcelona, Spain (2009)

21.

Dangovas, V., Kuliesius, F.: SDN-driven authentication and access control system. In: The International Conference on Digital Information, Networking, and Wireless Communications (DINWC). Society of Digital Information and Wireless Communication, pp. 20–23 (2014)

22.

Kuliesius, F., Dangovas, V.: SDN enhanced campus network authentication and access control system. In: 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 894–899 (2016)

23.

Mattos, D.M.F., Ferraz, L.H.G., Duarte, O.C.M.B.: AuthFlow: authentication and access control mechanism for software defined networking. Ann. Telecommun. 71(11), 607–615 (2016). https://doi.org/10.1007/s12243-016-0505-z. ISSN 0003–4347CrossRef

24.

Matias, J., Garay, J., Mendiola, A., Toledo, N., Jacob, E.: FlowNAC: flow-based network access control. In: Third European Workshop on Software-Defined Networks (EWSDN), Budapest, Hungary, pp. 79–84 (2014)

25.

Yakasai, S.T., Guy, C.G.: Flowidentity: software-defined network access control. In: IEEE Conference on Network Function Virtualization and Software Defined Network, pp. 115–120 (2015)

26.

Malinen, J.: Hostapd: IEEE 802.11 AP, IEEE 802.1x/WPA/WPA2/EAP/RADIUS Authenticator. https://w1.fi/hostapd/

27.

Green, K., Junghyun, A., Keecheon, K.: A study on authentication mechanism in SEaaS for SDN. In: IMCOM 2017, Beppu, Japan (2017)

28.

Hauser, F., Schmidt, M., Menth, M.: Establishing a session database for SDN using 802.1x and multiple authentication resources. In: IEEE ICC 2017 SAC Symposium SDN & NFV Track, pp. 1–7 (2017)

29.

Heller, B. Sherwood, R., McKeown, N.: The controller placement problem. In: First Workshop on Hot Topics in Software Defined Networks, ser. HotSDN 2012, pp. 7–12. ACM, New York (2012)

30.

Kreutz, D., Ramos, F.M., Verissimo, P.: Towards secure and dependable software-defined networks. In: Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ser. HotSDN 2013, pp. 55–60. ACM, New York (2013)

31.

FreeRADIUS, FreeRADIUS project. https:freeradius.org/

32.

POX Controller, POX wiki. https://openflow.stanford.edu/display/ONL/POX+Wiki

33.

Mininet: An Instant Virtual Network on your Laptop (or another PC). http://mininet.org

34.

O.vSwitch, Open vSwitch - Production Quality, Multilayer Open Virtual Switch. http://openvswitch.org/

Titel: New SDN-Oriented Authentication and Access Control Mechanism
verfasst von: Fahad Nife
Zbigniew Kotulski
Verlag: Springer International Publishing
Buch: Computer Networks
Print ISBN: 978-3-319-92458-8

Electronic ISBN: 978-3-319-92459-5

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-92459-5_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"