A Secure Fault Recovery Approach Using OwnShip-Proof Model for Controller Cluster of Software Defined Networks

doi:10.3969/j.issn.1671-1122.2016.12.003

Abstract

Abstract:

Control plane is the core of software defined network, which is responsible for network management and control. Current research focus on the performance, the stability, and the security of controllers, while take no attention on the security of fault recovery progress, by which the attackers could pretend to be a controller and obtain the resources of the network from the backups of control plane. We propose a secure recovery approach based on OwnShip-Proof model to address this threat. Our method employs hash tree to map one backup file with different controllers before backup and recovery procedure, and during the recovery, the controller should provide the solution of the challenge generated through OwnShip-Proof model by the server that stored the backup file. Then the server verify the solution and decide to recovery or not. The testing results show that our approach is able to decrease the memory space used to store the backup file and defense the attackers from the forged recovery attack. Compared with the ordinary method, the performance difference of the two methods would narrow down with the increasing of the size of the backup file.

Key words: SDN, cyber security, fault recovery, controller cluster

CLC Number:

TP393

Zehui WU, Qiang WEI. A Secure Fault Recovery Approach Using OwnShip-Proof Model for Controller Cluster of Software Defined Networks[J]. Netinfo Security, 2016, 16(12): 13-18.

Figures/Tables 7

References 15

[1]	KREUTZ D,RAMOS V,ESTEVES P.Software-defined Networking: A Comprehensive Survey[J]. Journal of Proceedings of the IEEE, 2015, 103(1): 14-76.
[2]	ALSMADI I, XU D.Security of Software Defined Networks: a Survey[J]. Journal of Computer and Security, 2015, 53(3): 79-108.
[3]	SCOTT S, NATARAJAN S,SEZER S.A Survey of Security in Software Defined Networks[J]. Journal of Communications Surveys & Tutorials, 2015, 18(2): 1-21.
[4]	王蒙蒙,刘建伟,陈杰,等. 软件定义网络: 安全模型、机制及研究进展综述[J].软件学报,2016, 27(4):969-992
[5]	ZHOU Y, ZHU M, XIAO L, et al.A Load Balancing Strategy of SDN Controller Based on Distributed Decision[C]//IEEE.TRUSTCOM '14 Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, September 24-26, 2014,Beijing, China.New Jersey:IEEE,2014:851-856.
[6]	LUO M. Design and Implementation of a Scalable SDN-OF Controller Cluster[EB/OL].,2015-7-2.
[7]	PORRAS P, CHEUNG S, FONG M, et al. Securing the Software-Defined Network Control Layer[EB/OL]..
[8]	SHIN S, SONG Y, LEE T, et al.Rosemary: a Robust, Secure, and High-performance Network Operating System[C] //CCS '14.2014 ACM SIGSAC Conference on Computer and Communications Security,November 3 - 7,2014,The Scottsdale Plaza Resort,Scottsdale,Arizona,USA.New York:ACM,2014: 78-89.
[9]	HALEVI S, HARNIK D, PINKAS B, et al.Proofs of Ownership in Remote Storage Systems[C]// ACM.18th ACM conference on Computer and communications security,October 17 - 21, 2011,Chicago,Illinois,USA. New York:ACM,2011: 491-500.
[10]	COURTOIS T,GRAJEK M,NAIK R.Optimizing SHA256 in Bitcoin Mining[M]. Berlin Heidelberg:Springer,2014.
[11]	Ryubook.RYU SDN Framework[EB/OL]. .
[12]	Mininet.An Instant Virtual Network on your Laptop[EB/OL]. ,2016-5-26.
[13]	蒋宽,杨鹏.基于数据包回溯的软件定义网络中的故障排除[J]. 信息网络安全,2016(3):71-76.
[14]	OpenDaylight.OpenDaylight:开源SDN平台[EB/OL]. ,2016-5-26.
[15]	张永强,卢伟龙,唐春明. 一种高效实用的基于云服务的数字签名方案研究[J]. 信息网络安全,2016(7):1-6.