DOI QR코드

DOI QR Code

A Secure Switch Migration for SDN with Role-based IBC

  • Received : 2017.05.12
  • Accepted : 2017.08.28
  • Published : 2017.09.30

Abstract

Despite the Openflow's switch migration occurs after the channel was established in secure manner (optional), the current cryptography protocol cannot prevent the insider attack as the attacker possesses a valid public/private key pair. There are methods such as the certificate revocation list (CRL) or the online certificate status protocol (OCSP) that tries to revoke the compromised certificate. However, these methods require a management system or server that introduce additional overhead for the communication. Furthermore, these methods are not able to mitigate power abuse of an insider. In this paper, we propose a role-based identity-based cryptography (RB-IBC) that integrate the identity of the node along with its role so the nodes within the network can easily mitigate any role abuse of the nodes. Besides that, by combining with IBC, it will eliminate the need of exchanging certificates and hence improve the performance in a secure channel.

Keywords

References

  1. J.H. Lam, S.G. Lee, H.J. Lee, et al. "Securing Distributed SDN with IBC". 2015 Seventh IEEE International Conference on Ubiquitous and Future Networks (ICUFN), pp 921-925. July 2015.
  2. N. Mckeown, T. Anderson, H. Balakrishnan, et al. "OpenFlow". ACM SIGCOMM Computer Communication Review, 38(2), pp 69-74. April 2008, New York, USA. doi:10.1145/1355734.1355746
  3. A. Shamir, "Identity-Based Cryptosystems and Signature Schemes", Proceedings of CRYPTO '84, Section I, pp 47-53, 1985, doi:10.1007/3-540-39568-7_5.
  4. Ryuichi Sakai, K. Ohgishi, Masao Kasahara, "Cryptosystems based on pairing", Symposium on Cryptography and Information Security 2000 (SCIS 2000), Okinawa, Japan, Jan 26-28, 2000.
  5. Dan Boneh and Matthew Franklin, "Identity-Based Encryption from the Weil Pairing", The Proceedings of 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-23, 2001. doi: 10.1007/3-540-44647-8_13.
  6. N.P. Smart, "An Identity based Authenticated Key Agreement Protocol based on the Weil Pairing", Electronics Letters Volume 38, Issue 13, pp 630-632, 20 June 2002. doi:10.1049/el:20020387.
  7. Liqun Chen and Caroline Kudla, "Identity Based Authenticated key Agreement Protocols from Pairings", The Proceedings of 16th IEEE Computer Security Foundations Workshop, 30 June - 2 July 2003, doi:10.1109/CSFW.2003.1212715.
  8. David F. Ferraiolo, Janet A. Cugini, and D. Richard Kuhn, "Role-based access control (RBAC): Features and motivations." The Proceedings of 11th Annual Computer Security Application Conference. pp 241-248. December 11, 1995.
  9. J.S. Park, R. Sandhu and G.J. Ahn, "Role-based Access Control on the Web", ACM Transactions on Information and System Security (TISSEC), 4(1), pp 37-71, Feb 2001, New York, USA. doi: 10.1145/383775.383777
  10. D. Nali, C. Adams, A. Miri. "Using Mediated Identity-Based Cryptography to Support Role-Based Access Control". International Conference on Information Security 2004. Lecture Notes in Computer Science (LNCS), 3225, pp 245-256, Springer, Berlin, Heidelberg. doi: 10.1007/978-3-540-30144-8_21
  11. S. Shin, V. Yegneswaran, P. Porras, et al. "AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks". Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security. pp. 413-424, 04-08 Nov, 2013, Berlin, Germany. doi: 10.1145/2508859.2516684