RouteGuardian: Constructing Secure Routing Paths in Software-Defined Networking

Mengmeng Wang; Jianwei Liu; Jian Mao; Haosu Cheng; Jie Chen; Chan Qi

doi:10.23919/TST.2017.7986943

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (15.2 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

RouteGuardian: Constructing Secure Routing Paths in Software-Defined Networking

Mengmeng Wang, Jianwei Liu, Jian Mao(

), Haosu Cheng, Jie Chen, Chan Qi

School of Electronic and Information Engineering, Beihang University, Beijing 100191, China.

Show Author Information

Abstract

Software-Defined Networking (SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However, traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose RouteGuardian, a reliable security-oriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, RouteGuardian supports dynamic routing reconfiguration according to the latest network status. We prototyped RouteGuardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.

Keywords

Software-Defined Networking (SDN)network security virtualization capacity-based routing security-oriented routing dynamic routing reconfiguration

References

[1]

McKeown N., Anderson T., Balakrishnan H., Parulkar G., Peterson L., Rexford J., Shenker S., and Turner J., Openflow: Enabling innovation in campus networks, SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69-74, 2008.

Crossref Google Scholar

[2]

Casado M., Freedman M. J., Pettit J., Luo J., McKeown N., and Shenker S., Ethane: Taking control of the enterprise, in Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM07, Kyoto, Japan, 2007, pp. 1-12.

Crossref

[3]

Casado M., Garfinkel T., Akella A., Freedman M. J., Boneh D., McKeown N., and Shenker S., SANE: A protection architecture for enterprise networks, in 15th USENIX Security Symposium, USENIX Association, 2006, pp. 1-15.

Crossref

[4]

Kreutz D., Ramos F. M. V., Esteves Verissimo P., Esteve Rothenberg C., Azodolmolky S., and Uhlig S., Software-defined networking: A comprehensive survey, Proceedings of the IEEE, vol. 103, no. 1, pp. 14-76, 2015.

Crossref Google Scholar

[5]

Nunes B. A. A., Mendonca M., Nguyen X.-N., Obraczka K., and Turletti T., A survey of software-defined networking: Past, present, and future of programmable networks, IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1617-1634, 2014.

Crossref Google Scholar

[6]

Li X., Wu H., Gruenbacher D., Scoglio C., and Anjali T., Efficient routing for middlebox policy enforcement in software-defined networking, Computer Networks, vol. 110, pp. 243-252, 2016.

Crossref Google Scholar

[7]

Shin S., Xu L., Hong S., and Gu G., Enhancing network security through Software Defined Networking (SDN), in Proceedings of the 25th International Conference on Computer Communication and Networks (ICCCN’16), Waikoloa, HI, USA, 2016, pp. 1-9.

[8]

Shin S., Yegneswaran V., Porras P., and Gu G., Avant-guard: Scalable and vigilant switch flow management in software-defined networks, in 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS13, Berlin, Germany, 2013, pp. 413-424.

[9]

Porras P., Cheung S., Fong M., Skinner K., and Yegneswaran V., Securing the software-defined network control layer, in Proceedings of 2015 Annual Network and Distributed System Security Symposium, NDSS15, San Diego, CA, USA, 2015, pp. 1-15.

Crossref

[10]

Porras P., Shin S., Yegneswaran V., Fong M., Tyson M., and Gu G., A security enforcement kernel for openflow networks, in Proceedings of the First Workshop on Hot Topics in Software Defined Networks, HotSDN12, Helsinki, Finland, 2012, pp. 121-126.

[11]

Scott-Hayward S., Kane C., and Sezer S., Operationcheckpoint: Sdn application control, in Proceedings of the 22nd International Conference on Network Protocols, ICNP14, 2014, pp. 618-623.

Crossref

[12]

Hong S., Xu L., Wang H., and Gu G., Poisoning network visibility in software-defined networks: New attacks and countermeasures, in Proceedings of 2015 Annual Network and Distributed System Security Symposium, NDSS15, San Diego, CA, USA, 2015.

Crossref

[13]

Wen X., Chen Y., Hu C., Shi C., and Wang Y., Towards a secure controller platform for openflow applications, in Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN13, Hong Kong, China, 2013, pp. 171-172.

[14]

Shin S., Song Y., Lee T., Lee S., Chung J., Porras P., Yegneswaran V., Noh J., and Kang B. B., Rosemary: A robust, secure, and high-performance network operating system, in ACM SIGSAC Conference on Computer and Communications Security, CCS14, Scottsdale, AZ, USA, 2014, pp. 78-89.

[15]

Wang H., Xu L., and Gu G., Floodguard: A dos attack prevention extension in software-defined networks, in Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN15, 2015, pp. 239-250.

Crossref

[16]

Sonchack J., Aviv A. J., Keller E., and Smith J. M., Enabling practical software-defined networking security applications with OFX, in Proceedings of the Network and Distributed System Security Symposium 2016, NDSS’16, San Diego, CA, USA, 2016, pp. 1-15.

Crossref

[17]

Shin S., Wang H., and Gu G., A first step toward network security virtualization: From concept to prototype, Information Forensics and Security, IEEE Transactions on, vol. 10, no. 10, pp. 2236-2249, 2015.

Crossref Google Scholar

[18]

POX, http://www.noxrepo.org/pox/about-pox/, Accessed on May 9, 2016.

Crossref

[19]

Mahmoud M. M. E. A., Lin X., and Shen X. S., Secure and reliable routing protocols for heterogeneous multihop wireless networks, IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 4, pp. 1140-1153, 2015.

Crossref Google Scholar

[20]

Mininet, http://mininet.org/, Accessed on May 11, 2016.

[21]

Katoh N., Ibaraki T., and Mine H., An efficient algorithm for k shortest simple paths, Networks, vol. 12, no. 4, pp. 411-427, 1982.

Crossref Google Scholar

[22]

Huang M., Liang W., Xu Z., Xuz W., Guo S., and Xu Y., Dynamic routing for network throughput maximization in software-defined networks, in the 35th Annual IEEE International Conference on Computer Communications, INFOCOM 2016, 2016, pp. 1-9.

Crossref

[23]

Shen S., Huang L., Yang D., and Chen W., Reliable multicast routing for software-defined networks, in 2015 IEEE Conference on Computer Communications (INFOCOM), 2015, pp. 181-189.

Crossref

[24]

Lee M. and Sheu J., An efficient routing algorithm based on segment routing in software-defined networking, Computer Networks, vol. 103, pp. 44-55, 2016.

Crossref Google Scholar

[25]

Agarwal S., Kodialam M., and Lakshman T. V., Traffic engineering in software defined networks, in 2013 Proceedings IEEE INFOCOM, 2013, pp. 2211-2219.

Crossref

[26]

Lee D., Hong P., and Li J., RPA-RA: A resource preference aware routing algorithm in software defined network, in 2015 IEEE Global Communications Conference (GLOBECOM), 2015, pp. 1-6.

Crossref

[27]

Huang H., Guo S., Li P., Ye B., and Stojmenovic I., Joint optimization of rule placement and traffic engineering for QoS provisioning in software defined network, IEEE Transactions on Computers, vol. 64, no.12, pp. 3488-3499, 2015.

Crossref Google Scholar

[28]

Wan K., Luo X-F., Jiang Y., and Xu K., The flow-oriented scheduling algorithms in SDN system, (in Chinese), Chinese Journal of Computers, vol. 39, no. 6, pp. 1208-1223, 2016.

Google Scholar

[29]

Yoon C. and Lee S., Attacking SDN infrastructures: Are we ready for the next-gen networking? in Proceedings of Black Hat USA 2016, Las Vegas, NV, USA, 2016.

[30]

Park T., Kim Y., and Shin S., UNISAFE: A union of security actions for software switches, in Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, SDN-NFV Security’16, New York, NY, USA, 2016, pp. 13-18.

Crossref

[31]

Johnson A. M., Syverson P., Dingledine R., and Mathewson N., Trust-based anonymous communication: Adversary models and routing algorithms, in Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS11, New York, NY, USA, 2011, pp. 175-186.

[32]

Chen I., Bao F., Chang M., and Cho J., Dynamic trust management for delay tolerant networks and its application to secure routing, IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 5, pp. 1200-1210, 2014.

Crossref Google Scholar

[33]

Kang M. S. and Gligor V. D., Routing bottlenecks in the Internet: Causes, exploits, and countermeasures, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS’14, New York, NY, USA, 2014, pp. 321-333.

Crossref

[34]

Chen C., Asoni D. E., Barrera D., Danezis G., and Perrig A., HORNET: High-speed onion routing at the network layer, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS’15, New York, NY, USA, 2015, pp. 1441-1454.

[35]

Zhang L., Cai Z., Lu J., and Wang X., Mobility-aware routing in delay tolerant networks, Personal and Ubiquitous Computing, vol. 19, no. 7, pp. 1111-1123, 2015.

Crossref Google Scholar

[36]

Cai Z., Goebel R., and Lin G., Size-constrained tree partitioning: Approximating the multicast k-tree routing problem, Theoretical Computer Science, vol. 412, no. 3, pp. 240-245, 2011.

Crossref Google Scholar

[37]

Cai Z., Lin G., and Xue G., Improved approximation algorithms for the capacitated multicast routing problem, in Computing and Combinatorics: 11th Annual International Conference, Springer, 2005, pp. 136-145.

Crossref

[38]

Cai Z., Chen Z., and Lin G., A 3.4713-approximation algorithm for the capacitated multicast tree routing problem, Theoretical Computer Science, vol. 410, no. 52, pp. 5415-5424, 2009.

Crossref Google Scholar

Tsinghua Science and Technology

Volume 22 Issue 4,
August 2017

Pages 400-412

DOI: 10.23919/TST.2017.7986943

Cite this article:

Wang M, Liu J, Mao J, et al. RouteGuardian: Constructing Secure Routing Paths in Software-Defined Networking. Tsinghua Science and Technology, 2017, 22(4): 400-412. https://doi.org/10.23919/TST.2017.7986943

574

Views

Downloads

Crossref

N/A

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 20 November 2016

Revised: 28 December 2016

Accepted: 10 January 2017

Published: 20 July 2017