Abstract
Quality of Service (QoS) aware routing is an ongoing and major problem for traditional networks since they are not able to manage network traffic for immense variety of users due to their inflexible and static architectures. Software Defined Networking (SDN) has emerged to remove these limitations by separating the control plane and the data plane to provide centralized control with the help of programmable controllers. Such improvements also make SDN more flexible than traditional networks in terms of achieving QoS-aware routing for large and medium sized networks. However, providing QoS-aware routing in SDN without using any security mechanism may become a challenging issue. For instance, malicious users in the network may escalate their privileges to monopolize resource utilization. The provision of an authentication mechanism that jointly works with QoS-aware routing is expected to solve the issue. In this paper, we propose an Authenticated QoS-Aware Routing (AQoSAR) for Software Defined Networks to determine routing paths of a single user and a group of users in an authenticated manner. AQoSAR consists of the authentication application and the routing application. In the authentication application, we employ Ciphertext Policy Attribute Based Encryption since it easily operates with huge variety of users by defining attributes such as QoS-aware routing metrics. In the routing application, we propose a routing approach based on a metric list rather than a single metric for determining the QoS level of users. To show the applicability of AQoSAR, the security analysis and the performance analysis are presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aghapour, S., Ameri, M., Mohajeri, J.: A multi sender attribute-based broadcast authentication scheme. In: International Symposium on Telecommunications. IEEE (2016)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Symposium on Security and Privacy. IEEE (2007)
Bin, W., Yan, R.: An attribute-based anonymous authentication scheme. In: International Conference on Emerging Intelligent Data and Web Technologies. IEEE (2013)
Dutra, D., Bagaa, M., Taleb, T., Samdanis, K.: Ensuring end-to-end QoS based on multi-paths routing using SDN technology. In: Global Communications Conference. IEEE (2017)
Egilmez, H., Dane, T., Bagci, T., Tekinalp, M.: OpenQoS: an OpenFlow controller design for multimedia delivery with end-to-end quality of service over software-defined networks. In: Signal & Information Processing Association Annual Summit and Conference. IEEE (2012)
Egilmez, H., Tekinalp, A.: Distributed QoS architectures for multimedia streaming over software defined networks. In: Transactions on Multimedia. IEEE (2014)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_2
Goyal, V., Pandev, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Conference on Computer and Communications Security. ACM (2006)
Guo, L., Zhang, C., Sun, J., Fang, Y.: PAAS: a privacy-preserving attribute-based authentication system for ehealth networks. In: International Conference on Distributed Computing Systems. IEEE (2012)
Guo, L., Zhang, C., Sun, J., Fang, Y.: A privacy-preserving attribute-based authentication system for mobile health networks. In: Transactions on Mobile Computing. IEEE (2014)
Hong, H., Sun, Z., Xia, Y.: Achieving secure and fine-grained data authentication in cloud computing using attribute based proxy signature. In: International Conference on Information Science and Control Engineering. IEEE (2017)
Jiang, J., Huang, H., Liao, J., Chen, S.: Extending Dijkstra’s shortest path algorithm for software defined networking. In: Network Operations and Management Symposium. IEEE (2014)
Khader, D.: Attribute-based authentication scheme. In: Ph.D. dissertation. University of Bath (2009)
Kuliesius, F., Dangovas, V.: SDN-driven authentication and access control system. In: The International Conference on Digital Information, Networking, and Wireless Communications. SDIWC (2014)
Kuliesius, F., Dangovas, V.: SDN enhanced campus network authentication and access control system. In: International Conference on Ubiquitous and Future Networks. IEEE (2016)
Porxas, A., Liny, S., Luoz, M.: QoS-aware virtualization-enabled routing in software-defined networks. In: Next Generation Networking Symposium. IEEE (2015)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Sahri, N., Mao, J.: Collaborative spoofing detection and mitigation - SDN based looping authentication for DNS services. In: Computer Software and Applications Conference. IEEE (2016)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054019
Wang, M., Liu, J., Mao, J., Cheng, H., Chen, J.: NSV-guard: constructing secure routing paths in software defined networking. In: International Conferences on Big Data and Cloud Computing, Social Computing and Networking, Sustainable Computing and Communications. IEEE (2016)
Won, K., Park, S., You, J.: Mynah: enabling lightweight data plane authentication for SDN controllers. In: Computer Communication and Networks. IEEE (2015)
Yang, H., Oleshchuk, V.: Traceable hierarchical attribute-based authentication for the cloud. In: Workshop on Security and Privacy in the Cloud. IEEE (2015)
Li, Y., Mao, J.: SDN based access authentication and automatic configuration for IPSec. In: International Conference on Computer Science and Network Technology. IEEE (2015)
Acknowledgement
This work was supported in part by the Scientific and Technical Research Council of Turkey (TUBITAK) under Grant 117E165 and in part by the Turkish State Planning Organization (DPT) through the TAM Project under Grant 2007K120610.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Aytaç, S., Ermiş, O., Çağlayan, M.U., Alagöz, F. (2019). Authenticated Quality of Service Aware Routing in Software Defined Networks. In: Zemmari, A., Mosbah, M., Cuppens-Boulahia, N., Cuppens, F. (eds) Risks and Security of Internet and Systems. CRiSIS 2018. Lecture Notes in Computer Science(), vol 11391. Springer, Cham. https://doi.org/10.1007/978-3-030-12143-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-12143-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12142-6
Online ISBN: 978-3-030-12143-3
eBook Packages: Computer ScienceComputer Science (R0)