A novel Security Mechanism for Software Defined Network Based on Blockchain

Xian Guo, Chen Wang, Laicheng Cao, Yongbo Jiang, Yan Yan

The decoupling of the data plane and the control plane in the Software-Defined Network (SDN) can increase the flexibility of network management and operation. And it can reduce the network limitations caused by the hardware. However, the centralized scheme in SDN also can introduce some other security issues such as the single point of failure, the data consistency in multiple-controller environment and the spoofing attack initiated by a malicious device in the data plane. To solve these problems, a security framework for SDN based on Blockchain (BCSDN) is proposed in this paper. BCSDN adopts a physically distributed and logically centralized multi-controller architecture. LLDP protocol is periodically used to obtain the link state information of the network, and a Merkle tree is established according to the collected link information and the signature is generate based on KSI for each link that submitted by a switch by the main controller selected by using the PoW mechanism. Such, the dynamic change of network topology is recorded on Blockchian and the consistency of the topology information among multiple controllers can be guaranteed. The main controller issues the signature to the corresponding switch and a controller checks the legitimate of a switch by verifying the signature when it requests the flow rule table from the controller later. The signature verification ensures the authenticated communication between a controller and a switch. Finally, the simulation of the new scheme is implemented in Mininet platform that is a network emulation platform and experiments are done to verify our novel solution in our simulation tool. And we also informally analysis the security attributes that provided by our BCSDN.