<p>Software Defined Networking (SDN) enhances network programmability and management by decoupling control and data planes. However, this logically centralized control plane introduces scalability issues and security vulnerabilities. In multi-domain SDN architectures malicious entities can compromise controllers to inject false flow rules, disrupting network integrity. Existing solutions often rely on static cryptographic authorizations, failing to monitor the real-time operational integrity of controllers. To address these limitations, this paper proposes an enhanced blockchain-based control layer security framework in multi-domain SDN (EBCS-SDN). The framework introduced a dynamic trust scoring model, an optimized dual-phase controller authentication mechanism and a decentralized behavioral-deviation hijack detection system to ensure continuous controller accountability. The empirical evaluations in a simulated multi-domain SDN environment demonstrated significant performance and security improvements over existing baselines models Voting-based, Proof-of-work (PoW)-based, DLCA_R_P, and BCS. Simulations in an emulated environment show that the proposed framework optimally reduces controller authentication latency by up to 75% and achieves a hijack detection accuracy of 96.78%. Under these simulated proof-of-concept conditions, the system demonstrated a post-attack throughput of 980 Mbps with detection and isolation times under 1.2&#xa0;s. The proposed framework optimized the CPU utilization at full network nodes. Ultimately, the proposed system provides a scalable, computationally lightweight, and operationally resilient security foundation for SDN deployments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

EBCS-SDN: an enhanced blockchain-based framework for control plane security in multi-domain SDN

  • Muhammad Shahzad,
  • Safdar Rizvi,
  • Talha Ahmed Khan,
  • Nurashikin Saaludin

摘要

Software Defined Networking (SDN) enhances network programmability and management by decoupling control and data planes. However, this logically centralized control plane introduces scalability issues and security vulnerabilities. In multi-domain SDN architectures malicious entities can compromise controllers to inject false flow rules, disrupting network integrity. Existing solutions often rely on static cryptographic authorizations, failing to monitor the real-time operational integrity of controllers. To address these limitations, this paper proposes an enhanced blockchain-based control layer security framework in multi-domain SDN (EBCS-SDN). The framework introduced a dynamic trust scoring model, an optimized dual-phase controller authentication mechanism and a decentralized behavioral-deviation hijack detection system to ensure continuous controller accountability. The empirical evaluations in a simulated multi-domain SDN environment demonstrated significant performance and security improvements over existing baselines models Voting-based, Proof-of-work (PoW)-based, DLCA_R_P, and BCS. Simulations in an emulated environment show that the proposed framework optimally reduces controller authentication latency by up to 75% and achieves a hijack detection accuracy of 96.78%. Under these simulated proof-of-concept conditions, the system demonstrated a post-attack throughput of 980 Mbps with detection and isolation times under 1.2 s. The proposed framework optimized the CPU utilization at full network nodes. Ultimately, the proposed system provides a scalable, computationally lightweight, and operationally resilient security foundation for SDN deployments.