IA-DD: An SDN Topological Poisoning Attack Defense Scheme Based on Blockchain
【Author】 Gu, Bin; Wang, Xingwei; Yang, Kaiqi; Wang, Yu; He, Qiang
【Source】2022 18TH INTERNATIONAL CONFERENCE ON MOBILITY, SENSING AND NETWORKING, MSN
【影响因子】
【Abstract】Software defined networking (SDN) have the advantages of centralized control, global visibility, and programmability, but these features also bring new security issues, such as Topological Poisoning Attack (TPA), where attackers can attack topology discovery services by stealing host locations or forging link information. Considering the three levels of identity, data package and path, this paper designs a chain authentication defense scheme. The scheme includes authentication mechanism, transaction information storage mechanism, source IP authentication mechanism and smart contract notification mechanism. The received packets are authenticated by digital signature algorithm, and the trusted identity and location information are stored securely. At the same time, an improved block storage structure is designed to avoid data redundancy, and malicious information is processed by smart contract notification and stream rule installation. The experimental results show that the defense scheme designed in this paper can effectively defend against TPA attacks. Compared with the benchmark mechanism, the deployment of this scheme has less impact on controller performance and less impact on the delay of topology discovery in SDN.
【Keywords】Software defined networking; topological poisoning attack; blockchain; digital signature; consensus.
【发表时间】2022
【收录时间】2023-06-04
【文献类型】
【主题类别】
--
评论