Skip to main content
SpringerLink
Log in

Authenticated Quality of Service Aware Routing in Software Defined Networks

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11391))

Included in the following conference series:

Abstract

Quality of Service (QoS) aware routing is an ongoing and major problem for traditional networks since they are not able to manage network traffic for immense variety of users due to their inflexible and static architectures. Software Defined Networking (SDN) has emerged to remove these limitations by separating the control plane and the data plane to provide centralized control with the help of programmable controllers. Such improvements also make SDN more flexible than traditional networks in terms of achieving QoS-aware routing for large and medium sized networks. However, providing QoS-aware routing in SDN without using any security mechanism may become a challenging issue. For instance, malicious users in the network may escalate their privileges to monopolize resource utilization. The provision of an authentication mechanism that jointly works with QoS-aware routing is expected to solve the issue. In this paper, we propose an Authenticated QoS-Aware Routing (AQoSAR) for Software Defined Networks to determine routing paths of a single user and a group of users in an authenticated manner. AQoSAR consists of the authentication application and the routing application. In the authentication application, we employ Ciphertext Policy Attribute Based Encryption since it easily operates with huge variety of users by defining attributes such as QoS-aware routing metrics. In the routing application, we propose a routing approach based on a metric list rather than a single metric for determining the QoS level of users. To show the applicability of AQoSAR, the security analysis and the performance analysis are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aghapour, S., Ameri, M., Mohajeri, J.: A multi sender attribute-based broadcast authentication scheme. In: International Symposium on Telecommunications. IEEE (2016)

    Google Scholar 

  2. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Symposium on Security and Privacy. IEEE (2007)

    Google Scholar 

  3. Bin, W., Yan, R.: An attribute-based anonymous authentication scheme. In: International Conference on Emerging Intelligent Data and Web Technologies. IEEE (2013)

    Google Scholar 

  4. Dutra, D., Bagaa, M., Taleb, T., Samdanis, K.: Ensuring end-to-end QoS based on multi-paths routing using SDN technology. In: Global Communications Conference. IEEE (2017)

    Google Scholar 

  5. Egilmez, H., Dane, T., Bagci, T., Tekinalp, M.: OpenQoS: an OpenFlow controller design for multimedia delivery with end-to-end quality of service over software-defined networks. In: Signal & Information Processing Association Annual Summit and Conference. IEEE (2012)

    Google Scholar 

  6. Egilmez, H., Tekinalp, A.: Distributed QoS architectures for multimedia streaming over software defined networks. In: Transactions on Multimedia. IEEE (2014)

    Google Scholar 

  7. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_2

    Chapter  Google Scholar 

  8. Goyal, V., Pandev, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Conference on Computer and Communications Security. ACM (2006)

    Google Scholar 

  9. Guo, L., Zhang, C., Sun, J., Fang, Y.: PAAS: a privacy-preserving attribute-based authentication system for ehealth networks. In: International Conference on Distributed Computing Systems. IEEE (2012)

    Google Scholar 

  10. Guo, L., Zhang, C., Sun, J., Fang, Y.: A privacy-preserving attribute-based authentication system for mobile health networks. In: Transactions on Mobile Computing. IEEE (2014)

    Google Scholar 

  11. Hong, H., Sun, Z., Xia, Y.: Achieving secure and fine-grained data authentication in cloud computing using attribute based proxy signature. In: International Conference on Information Science and Control Engineering. IEEE (2017)

    Google Scholar 

  12. Jiang, J., Huang, H., Liao, J., Chen, S.: Extending Dijkstra’s shortest path algorithm for software defined networking. In: Network Operations and Management Symposium. IEEE (2014)

    Google Scholar 

  13. Khader, D.: Attribute-based authentication scheme. In: Ph.D. dissertation. University of Bath (2009)

    Google Scholar 

  14. Kuliesius, F., Dangovas, V.: SDN-driven authentication and access control system. In: The International Conference on Digital Information, Networking, and Wireless Communications. SDIWC (2014)

    Google Scholar 

  15. Kuliesius, F., Dangovas, V.: SDN enhanced campus network authentication and access control system. In: International Conference on Ubiquitous and Future Networks. IEEE (2016)

    Google Scholar 

  16. Porxas, A., Liny, S., Luoz, M.: QoS-aware virtualization-enabled routing in software-defined networks. In: Next Generation Networking Symposium. IEEE (2015)

    Google Scholar 

  17. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  18. Sahri, N., Mao, J.: Collaborative spoofing detection and mitigation - SDN based looping authentication for DNS services. In: Computer Software and Applications Conference. IEEE (2016)

    Google Scholar 

  19. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22

    Chapter  Google Scholar 

  20. Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054019

    Chapter  Google Scholar 

  21. Wang, M., Liu, J., Mao, J., Cheng, H., Chen, J.: NSV-guard: constructing secure routing paths in software defined networking. In: International Conferences on Big Data and Cloud Computing, Social Computing and Networking, Sustainable Computing and Communications. IEEE (2016)

    Google Scholar 

  22. Won, K., Park, S., You, J.: Mynah: enabling lightweight data plane authentication for SDN controllers. In: Computer Communication and Networks. IEEE (2015)

    Google Scholar 

  23. Yang, H., Oleshchuk, V.: Traceable hierarchical attribute-based authentication for the cloud. In: Workshop on Security and Privacy in the Cloud. IEEE (2015)

    Google Scholar 

  24. Li, Y., Mao, J.: SDN based access authentication and automatic configuration for IPSec. In: International Conference on Computer Science and Network Technology. IEEE (2015)

    Google Scholar 

Download references

Acknowledgement

This work was supported in part by the Scientific and Technical Research Council of Turkey (TUBITAK) under Grant 117E165 and in part by the Turkish State Planning Organization (DPT) through the TAM Project under Grant 2007K120610.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Bogazici University Istanbul, 34342, Istanbul, Turkey

    Samet Aytaç, Orhan Ermiş & Fatih Alagöz

  2. Department of Computer Engineering, Yaşar University, 35100, İzmir, Turkey

    Mehmet Ufuk Çağlayan

Authors
  1. Samet Aytaç
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Orhan Ermiş
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mehmet Ufuk Çağlayan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fatih Alagöz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Orhan Ermiş .

Editor information

Editors and Affiliations

  1. University of Bordeaux, Talence, France

    Akka Zemmari

  2. University of Bordeaux, Talence, France

    Mohamed Mosbah

  3. IMT Atlantique, Brest, France

    Nora Cuppens-Boulahia

  4. IMT Atlantique, Brest, France

    Frédéric Cuppens

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Aytaç, S., Ermiş, O., Çağlayan, M.U., Alagöz, F. (2019). Authenticated Quality of Service Aware Routing in Software Defined Networks. In: Zemmari, A., Mosbah, M., Cuppens-Boulahia, N., Cuppens, F. (eds) Risks and Security of Internet and Systems. CRiSIS 2018. Lecture Notes in Computer Science(), vol 11391. Springer, Cham. https://doi.org/10.1007/978-3-030-12143-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12143-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12142-6

  • Online ISBN: 978-3-030-12143-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation