Research Output

Delegation of Authentication to the Data Plane in Software-Defined Networks

  OpenFlow is considered as the most known protocol for Software Defined Networking (SDN). The main drawback of OpenFlow is the lack of support of new header definitions, which is required by network operators to apply new packet encapsulations. While SDN's logically centralized control plane could enhance network security by providing global visibility of the network state, it still has many side effects. The intelligent controllers that orchestrate the dumb switches are overloaded and become prone to failure. Delegating some level of control logic to the switches can offload the controllers from local state based decisions that do not require global network-wide knowledge. Thus, this paper, to the best of our knowledge, is the first to propose the delegation of typical security functions from specialized middleboxes to the data plane. We leverage the opportunities offered by P4 language to implement the functionality of authenticating nodes using port knocking. Our experimental results indicate that our proposed technique improves the network overall availability by offloading the controller as well as reducing the traffic in the network without noticeable negative impact on switches' performance.

Citation

Almaini, A., Al-Dubai, A., Romdhani, I., & Schramm, M. (2020). Delegation of Authentication to the Data Plane in Software-Defined Networks. In 2019 IEEE International Conferences on Ubiquitous Computing & Communications (IUCC) and Data Science and Computational Intelligence (DSCI) and Smart Computing, Networking and Services (SmartCNS), (58-65). https://doi.org/10.1109/iucc/dsci/smartcns.2019.00038

Authors

Keywords

Software-Defined Networking (SDN), data plane programmability, port scan, security, P4

Monthly Views:

Available Documents