SECURING CENTRALIZED SDN CONTROL WITH DISTRIBUTED BLOCKCHAIN TECHNOLOGY

Software-Defined Networks (SDN) advocate the segregation of network control logic, forwarding functions and management applications into different planes to achieve network programmability and automated and dynamic flow control in next-generation networks. It promotes the deployment of novel and augmented network-management functions in order to have flexible, robust, scalable, and cost-effective network deployments. All of these features introduce new rese-arch challenges and require secure communication protocols among segregated network planes. This manuscript focuses on the security issue of the south-bound interface that operates between the SDN control and the data plane. We have highlighted the security threats that are associated with an unpro-tected southbound interface and those issues that are related to the existing TLS-based security solution. A lightweight blockchain-based decentralized se-curity solution is proposed for the southbound interface to secure the resources of logically centralized SDN controllers and distributed forwarding devices from opponents. The proposed mechanism can operate in multi-domain SDN deploy-ment and can be used with a wide range of network controllers and data plane devices. In addition to this, the proposed security solution has been analyzed in terms of its security features, communication, and re-authentication overhead.