Research on SDN Terminal Access Control Based on OpenFlow

doi:10.3969/j.issn.1671-1122.2018.04.004

Abstract

Abstract:

In order to solve the security access problem of SDN terminal based on OpenFlow, an in-depth study of terminal secure access solutions in existing SDN networks is conducted, this paper proposes an network terminal access control system for SDN based on OpenFlow. The system drew on the traditional access control technology combined with the new SDN network based on OpenFlow. It mainly realized the functions of user identity authentication, terminal security status evaluation, authorized services for the user and different QoS control for authorized users in SDN networked environment and analyzed the security of the design system in detail. The network simulation is carried out in Mininet with the second developed RYU controller, and the experiments of access control function test and communication delay performance are carried out. The results showed that this mechanism had a flexible network access control security policy to detect and solved the security threats posed by unsafe terminal access in SDN, which not only realized the user identity authentication but also ensured the security of access terminal and achieved different security status of the terminal’s access authorization. Moreover, the performance test results shows that the OpenFlow-based SDN network terminal access control system can meet the actual needs in terms of authentication delay, platform evaluation delay and communication delay.

Key words: SDN, OpenFlow, terminal access control, authentication, service authorization

CLC Number:

TP309

Zhanzhen WEI, Shourong WANG, Zhaobin LI, Weilong LI. Research on SDN Terminal Access Control Based on OpenFlow[J]. Netinfo Security, 2018, 18(4): 23-31.

Figures/Tables 11

References 21

[1]	ZHANG Chaokun, CUI Yong, TANG Heyi, et al.State-of-the-Art Survey on Software-defined Networking (SDN)[J]. Journal of Software, 2015, 26(1): 62-81.
	张朝昆,崔勇,唐翯祎,等. 软件定义网络(SDN)研究进展[J]. 软件学报,2015,26(1):62-81.
[2]	ONF. OpenFlow1.3.0 specification[EB/OL]., 2017-12-21.
[3]	ONF. Software-Defined Networking: The New Norm for Networks[EB/OL]. , 2017-12-21.
[4]	YAMASAKI Y, MIYAMOTO Y, YAMATO J, et al.Flexible Access Management System for Campus VLAN Based on OpenFlow[C]//IEEE. 2011 IEEE/IPSJ 11th International Symposium on Applications and the Internet, July 18-21, 2011, Munich, Bavaria, Germany. New Jersey: IEEE, 2011: 347-351.
[5]	KINOSHITA S, WATANABE T, YAMATO J, et al.Implementation and Evaluation of an OpenFlow-based Access Control System for Wireless LAN Roaming[C]//IEEE. 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops, July 16-20, 2012, Izmir, Turkey. New Jersey: IEEE, 2012: 82-87.
[6]	ZUO Qingyun, CHEN Ming, ZHAO Guangsong, et al.Research on OpenFlow-based SDN Technologies[J]. Journal of Software, 2013, 24(5): 1078-1097.
	左青云,陈鸣,赵广松,等. 基于OpenFlow的SDN技术研究[J]. 软件学报,2013,24(5):1078-1097.
[7]	SCOTT-HAYWARD S, NATARAJAN S, SEZER S.A Survey of Security in Software Defined Networks[J]. IEEE Communications Surveys & Tutorials, 2016, 18(1): 623-654.
[8]	BENTON K, CAMP L J, SMALL C.OpenFlow Vulnerability Assessment[C]//ACM. 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, August 16, 2013, Hong Kong, China. New York: ACM, 2013: 151-152.
[9]	KULIESIUS F, DANGOVAS V.SDN Enhanced Campus Network Authentication and Access Control System[C]//IEEE. 8th International Conference on Ubiquitous and Future Networks, July 5-8, 2016, Vienna, Austria. New Jersey: IEEE, 2016: 894-899.
[10]	DANGOVAS V, KULIESIUS F. SDN-Driven Authentication and Access Control System[EB/OL]. , 2017-12-23.
[11]	LOU Hengyue, DOU Jun.Research on DoS Attacks Against Control Level in OpenFlow-based SDN[J]. Computer Science, 2015, 42(11A): 341-344.
	楼恒越,窦军. 一种针对基于OpenFlow的SDN网络中控制层面的DoS攻击研究[J]. 计算机科学,2015,42(11A):341-344.
[12]	ZUO Qingyun, ZHANG Haisu.Analysis and Research on Network Security for OpenFlow-based SDN[J]. Netinfo Security, 2015(2): 26-32.
	左青云,张海粟. 基于OpenFlow的SDN网络安全分析与研究[J]. 信息网络安全,2015(2):26-32.
[13]	MATIAS J, GARAY J, MENDIOLA A, et al.FlowNAC: Flow-based Network Access Control[C]//IEEE. 3rd European Workshop on Software Defined Networks, September 1-3, 2014, London, UK. New Jersey: IEEE, 2014: 79-84.
[14]	BENZEKKI K, EL FERGOUGUI A, ABDELBAKI E B E A. Devolving IEEE 802.1X Authentication Capability to Data Plane in Software-defined Networking (SDN) Architecture[J]. Security & Communication Networks, 2016, 9(17): 4369-4377.
[15]	MATTOS D M F, DUARTE O C M B. AuthFlow: Authentication and Access Control Mechanism for Software Defined Networking[J]. Annals of Telecommunications, 2014, 71(11-12): 1-9.
[16]	HESHAM A, SARDIS F, WONG S, et al.A Simplified Network Access Control Design and Implementation for M2M Communication Using SDN[C]//IEEE. 2017 IEEE Wireless Communications and Networking Conference Workshops, March 19-22, 2017, San Francisco, CA, USA. New Jersey: IEEE, 2017: 1-5.
[17]	WU Quanfeng, CHEN Ming, XING Changyou, et al.Design and Implementation of A Flow Access Security System Based on SDN[J]. Journal of Jiangsu University (Natural Science Edition), 2016, 37(2): 201-208.
	吴泉峰,陈鸣,邢长友,等.一种基于SDN的流接入安全系统的设计与实现[J].江苏大学学报(自然科学版),2016,37(2):201-208.
[18]	LIANG Haoming, CHEN Chunlin, LIU Xi, et al.Design and Research on Malicious Web Sites Prevention Model Based on OpenFlow[J]. Netinfo Security, 2017(1): 77-83.
	梁昊鸣,陈春林,刘锡,等. 基于OpenFlow的恶意网站防范模型设计与研究[J]. 信息网络安全,2017(1):77-83.
[19]	YAKASAI S T, GUY C G.FlowIdentity: Software-defined Network Access Control[C]//IEEE. 2015 IEEE Conference on Network Function Virtualization and Software Defined Network, November 18-21, 2015, San Francisco, CA, USA. New Jersey: IEEE, 2016: 115-120.
[20]	KLAEDTKE F, KARAME G O, BIFULCO R, et al.Towards an Access Control Scheme for Accessing Flows in SDN[C]//IEEE. 2015 1st IEEE Conference on Network Softwarization, April 13-17, 2015, London, UK. New Jersey: IEEE, 2015: 1-6.
[21]	QI Yu.Research on the Security of SDN[J]. Netinfo Security, 2016(9): 69-72.
	齐宇. SDN安全研究[J]. 信息网络安全,2016(9):69-72.