点击次数：

论文类型：期刊论文

发表时间：2018-07-10

发表刊物：INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS

收录刊物：SCIE

卷号：31

期号：10

ISSN号：1074-5351

关键字：efficient; link discovery; port classification; SDN; secure

摘要：Software-defined networking simplifies network management by decoupling the control plane from the data plane and centralizing it to the controller. As the brain of the network, the controller gains up-to-date holistic network visibility via topology discovery. However, as a key service of topology discovery, the link discovery service opens problems on efficiency and security. On the one hand, sending link discovery packets to all ports wastes not only the limited controller resources (such as CPU and memory) but also control channel bandwidth. On the other hand, attackers may use these packets to create fake links and perform link fabrication attack. Because of the centralized control paradigm, wasting controller resources may degrade network performance, and all the fake links may severely poison the network topology, even causing the denial of service or man-in-the-middle attack. In this paper, we propose an efficient and secure link discovery scheme to improve link discovery performance and resist link fabrication attack caused by the software-defined networking link discovery service. By adopting port classification technique and directionally transmitting packets to appropriate ports, our approach can reduce or eliminate redundant packets and improve link discovery performance. Meanwhile, we adopt the directional packet transmitting approach and the time-marked hash-based message authentication code authenticate scheme to resist the link fabrication attack. A prototype system is implemented on the basis of POX controller and Mininet simulator to evaluate our scheme. Simulation results demonstrate that our scheme can solve the link fabrication problems with less overload of both the control plane and the data plane.