Designing Fine-Grained Access Control for Software-Defined Networks Using Private Blockchain
- 11 June 2021
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Internet of Things Journal
- Vol. 9 (2), 1542-1559
- https://doi.org/10.1109/jiot.2021.3088115
Abstract
Emerging next-generation Internet yields proper administration of a wide-ranging dynamic network to assist rapid ubiquitous resource accessibility, whilst providing higher channel bandwidth. Since its inception, the traditional static network infrastructure-based solutions involve manual configuration and proprietary controls of networked devices. It then leads to improper utilization of the overall resources, and hence experiences various security threats. Although transport layer security (TLS)-based solution is presently advocated in the said framework, it is vulnerable to many security threats like man-in-the-middle, replay, spoofing, privileged-insider, impersonation, and denial-of-service attacks. Moreover, the current settings of the said tool do not facilitate any secure and reliable mechanisms for data forwarding, application flow routing, new configuration deployment, and network event management. Also, it suffers from the single point of controller failure issue. In this paper, we propose a new private blockchain-enabled fine-grained access control mechanism for the SDN environment. In this regard, attribute-based encryption (ABE) and certificate-based access control protocol are incorporated. This proposed solution can resist several well-known security threats, and alleviate different system-level inconveniences. The formal and informal security inspections and performance-wise comparative study of the proposed scheme endorse better qualifying scores as compared to the other existing competing state-of-art schemes. Besides, the experimental testbed implementation and blockchain simulation show the implementation feasibility of the proposed mechanism.This publication has 49 references indexed in Scilit:
- An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc NetworksIEEE Transactions on Information Forensics and Security, 2015
- A Survey on Software-Defined NetworkingIEEE Communications Surveys & Tutorials, 2014
- Cognition: A Tool for Reinforcing Security in Software Defined NetworksPublished by Springer Science and Business Media LLC ,2014
- Password-Based Authenticated Key Exchange in the Three-Party SettingLecture Notes in Computer Science, 2005
- Practical byzantine fault tolerance and proactive recoveryACM Transactions on Computer Systems, 2002
- Examining smart-card security under the threat of power analysis attacksIEEE Transactions on Computers, 2002
- Universally Composable Notions of Key Exchange and Secure ChannelsLecture Notes in Computer Science, 2002
- The Elliptic Curve Digital Signature Algorithm (ECDSA)International Journal of Information Security, 2001
- Perfectly Secure Key Distribution for Dynamic ConferencesInformation and Computation, 1998
- On the security of public key protocolsIEEE Transactions on Information Theory, 1983