Research Article
Source Encryption Scheme in SDN Southbound
@INPROCEEDINGS{10.1007/978-3-030-19086-6_61, author={Yanlei Wang and Shihui Zheng and Lize Gu and Yongmei Cai}, title={Source Encryption Scheme in SDN Southbound}, proceedings={Advanced Hybrid Information Processing. Second EAI International Conference, ADHIP 2018, Yiyang, China, October 5-6, 2018, Proceedings}, proceedings_a={ADHIP}, year={2019}, month={5}, keywords={SDN OpenFlow Source encryption Kerberos}, doi={10.1007/978-3-030-19086-6_61} }
- Yanlei Wang
Shihui Zheng
Lize Gu
Yongmei Cai
Year: 2019
Source Encryption Scheme in SDN Southbound
ADHIP
Springer
DOI: 10.1007/978-3-030-19086-6_61
Abstract
In light of the existence of the software defined networking (SDN) southbound communication protocol OpenFlow, and manufacturers’ neglect of network security, in this paper, we propose a protection scheme for encryption at the source of the communication data that is based on the Kerberos authentication protocol. This scheme not only completes the identity authentication of and session key assignment for the communication parties on an insecure channel but also employs an efficient AES symmetric encryption algorithm to ensure that messages always exist in the form of ciphertext before they reach the end point and thus obtain end-to-end security protection of communication data. At the end of this paper, we present our experimental results in the form of a forwarding agent. After that, the performance of the Floodlight controller is tested using a CBench testing tool. Our results indicate that the proposed source encryption scheme provides end-to-end encryption of communication data. Although the communication latency increases by approximately 12% when both transport layer security (TLS) and source-encrypted are enabled, the source-encrypted part of the increase is only approximately 4%.