HiAuth: Hidden Authentication for Protecting Software Defined Networks

Abdullaziz, Osamah Ibrahiem; Wang, Li-Chun; Chen, Yu-Jia

doi:10.1109/tnsm.2019.2909116

Cited by 18 publications

(19 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It has a network‐wide traffic view to keep track of only a limited number of suspicious flows and applies a set of algorithms to perform Adaptive Correlation Analysis to detect a wide range of DDoS attacks. In another line of work, there have also been proposals for authentication mechanisms to extend OpenFlow communication 70,136,148 …”

Section: Solutions Focused On the Control Planementioning

confidence: 99%

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Dalmazo¹,

Marques

Costa

et al. 2021

Int J Network Mgmt

View full text Add to dashboard Cite

Summary Design flaws and vulnerabilities inherent to network protocols, devices, and services make Distributed Denial of Service (DDoS) a persisting threat in the cyberspace, despite decades of research efforts in the area. The historical vertical integration of traditional IP networks limited the solution space, forcing researchers to tweak network protocols while maintaining global compatibility and proper service to legitimate flows. The advent of Software‐Defined Networking (SDN) and advances in Programmable Data Planes (PDP) changed the state of affairs and brought novel possibilities to deal with such attacks. In summary, the ability of bringing together network intelligence to a control plane, and offloading flow processing tasks to the forwarding plane, opened up interesting opportunities for network security researchers unlike ever. In this article, we dive into recent research that relies on SDN and PDP to detect, mitigate, and prevent DDoS attacks. Our literature review takes into account the SDN layered view as defined in RFC7426 and focuses on the data, control, and application planes. We follow a systematic methodology to capture related articles and organize them into a taxonomy of DDoS defense mechanisms focusing on three facets: activity level, deployment location, and cooperation degree. From the analysis of existing work, we also highlight key research gaps that may foster future research in the field.

show abstract

Section: Solutions Focused On the Control Planementioning

confidence: 99%

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Dalmazo¹,

Marques

Costa

et al. 2021

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…However, most of the protocols in the literature are susceptible to various attacks like "Address Resolution Protocol (ARP)" poisoning, "distributed Denial-of-Service (DDoS)", 1,2 insider attacks, impersonation, and replay attacks. [3][4][5] • ARP is a protocol that maps the network addresses to the corresponding hardware addresses, such as "media access control address (MAC address)" and populates the ARP cache with false information to launch DoS or "man-in-the-middle (MITM)" attacks. However, the current implementation of this protocol in SDN is insecure and vulnerable to ARP attack, where an attacker can easily poison the ARP table of the hosts and leads to the MITM attack and DoS attack.…”

Section: Motivationmentioning

confidence: 99%

“…However, most of the protocols in the literature are susceptible to various attacks like ARP poisoning, DDoS, 1 insider attacks, impersonation, and replay attacks. 3,4 In addition, the nature of the SDN controller is a central server, which is a single point of failure and can lead to several data breaches. Therefore, the blockchain-based solution makes a system to be much stronger from the security aspect point of view.…”

Section: Literature Surveymentioning

confidence: 99%

SDN‐chain: Privacy‐preserving protocol for software defined networks using blockchain

Shashidhara

Ahuja

Lajuvanthi

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

Software-defined networking (SDN) is a programmable architecture for networking domain in which the security is provided by devising the network policies with the help of the network administrator. This is very cumbersome for the administrator to handle different attacks at various planes in SDN architecture. Blockchain can be used to prevent various attacks in SDN by providing a decentralization authentication environment. In this article, a secure Blockchain-based privacy-preserving protocol is proposed to thwart various security vulnerabilities in the SDN architecture. The proposed approach uses Modified-Delegated Proof of Stake as the consensus protocol to ensure safety and reliability in the network. Besides, a security protocol is designed using cryptographic primitives and analyzed using a detailed security analysis. Initially, the consensus protocols are implemented using solidity smart contracts and deployed to the public Blockchain using Ethereum. Consequently, the proposed approach is simulated on OMNet++ using INET framework. The experimental results show that the proposed SDN-Chain is secure, efficient, less incentive to centralize, and practically implementable in resource-limited wireless and mobile environments.

show abstract

“…We propose a new architecture called ARNAB to provide mobile service continuity. ARNAB stands for: Architecture for transparent service continuity via double-tier migration 3 . The term ARNAB means rabbit in Arabic and it is dubbed for the architecture because it illustrates the behavior of the service hopping through the infrastructure following the user.…”

Section: The Arnab Architecturementioning

confidence: 99%

“…F UTURE wireless networks will soon provide ultra-reliable and low latency services, such as industrial automation, e-health, and entertainment applications. For a delaysensitive service, multi-access edge computing (MEC), network function virtualization (NFV) [1], and software defined networking (SDN) [2] [3] are three key network technologies. First, the MEC reduces end-to-end latency by bringing the services closer to the edge of the network.…”

Section: Introductionmentioning

confidence: 99%

Enabling Mobile Service Continuity Across Orchestrated Edge Networks

Abdullaziz

Wang

Chundrigar

et al. 2020

IEEE Trans. Netw. Sci. Eng.

Self Cite

View full text Add to dashboard Cite

Edge networking has become an important technology for providing low-latency services to end users. However, deploying an edge network does not guarantee continuous service for mobile users. Mobility can cause frequent interruptions and network delays as users leave the initial serving edge. In this paper, we propose a solution to provide transparent service continuity for mobile users in large-scale WiFi networks. The contribution of this work has three parts. First, we propose ARNAB architecture to achieve mobile service continuity. The term ARNAB means rabbit in Arabic, which represents an Architecture for Transparent Service Continuity via Double-tier Migration. The first tier migrates user connectivity, while the second tier migrates user containerized applications. ARNAB provides mobile services just like rabbits hop through the WiFi infrastructure. Second, we identify the root-causes for prolonged container migration downtime. Finally, we enhance the container migration scheme by improving system response time. Our experimental results show that the downtime of ARNAB container migration solution is 50% shorter than that of the state-of-the-art migration.

show abstract

HiAuth: Hidden Authentication for Protecting Software Defined Networks

Cited by 18 publications

References 48 publications

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

SDN‐chain: Privacy‐preserving protocol for software defined networks using blockchain

Enabling Mobile Service Continuity Across Orchestrated Edge Networks

Contact Info

Product

Resources

About