Software-defined security controller-based group management and end-to-end security management

This paper proposes group management and end-to-end security management based on the horizontal model suitable for group based private systems. The software-defined security controller (SDSC), which is located at the center of the control layer, functions as software-defined networking controller responsible for group management and end-to-end security management. The proposed group key rekeying feature uses the unicast method for distributing the signaling messages among the group members which belong to various heterogeneous networks. This network independent and centralized architecture for group key rekeying is advantageous for the dynamic members to constitute secure group. While the group key management is responsible for securing control signaling messages within the group members, the purpose of the end-to-end security management is to protect the end-to-end data traffic within them. To achieve end-to-end security, this paper uses packet key scheme that collaborates with the group key management. Then, the members of the group-based private system are allowed to receive packet key based security service for their end-to-end data traffic. The packet key scheme is based on the idea that the very short lifetime of the packet key with a relatively small key size can provide high level of security and satisfy the latency requirements especially for real-time applications. Because SDSC handles most of the burden in terms of communication and computational load, the workload for group key and end-to-end security management are dramatically reduced from each group member view point. The additional feature of subgroup key management enables each group member to sustain less workload, which solves the scalability issue for the big size private group.