Authenticated Quality of Service Aware Routing in Software Defined Networks

  • Samet Aytaç
  • Orhan ErmişEmail author
  • Mehmet Ufuk Çağlayan
  • Fatih Alagöz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


Quality of Service (QoS) aware routing is an ongoing and major problem for traditional networks since they are not able to manage network traffic for immense variety of users due to their inflexible and static architectures. Software Defined Networking (SDN) has emerged to remove these limitations by separating the control plane and the data plane to provide centralized control with the help of programmable controllers. Such improvements also make SDN more flexible than traditional networks in terms of achieving QoS-aware routing for large and medium sized networks. However, providing QoS-aware routing in SDN without using any security mechanism may become a challenging issue. For instance, malicious users in the network may escalate their privileges to monopolize resource utilization. The provision of an authentication mechanism that jointly works with QoS-aware routing is expected to solve the issue. In this paper, we propose an Authenticated QoS-Aware Routing (AQoSAR) for Software Defined Networks to determine routing paths of a single user and a group of users in an authenticated manner. AQoSAR consists of the authentication application and the routing application. In the authentication application, we employ Ciphertext Policy Attribute Based Encryption since it easily operates with huge variety of users by defining attributes such as QoS-aware routing metrics. In the routing application, we propose a routing approach based on a metric list rather than a single metric for determining the QoS level of users. To show the applicability of AQoSAR, the security analysis and the performance analysis are presented.


Software Defined Networking QoS Aware Routing in SDN Attribute Based Authentication Public Key Encryption Multi-constrained Shortest Path Problem 



This work was supported in part by the Scientific and Technical Research Council of Turkey (TUBITAK) under Grant 117E165 and in part by the Turkish State Planning Organization (DPT) through the TAM Project under Grant 2007K120610.


  1. 1.
    Aghapour, S., Ameri, M., Mohajeri, J.: A multi sender attribute-based broadcast authentication scheme. In: International Symposium on Telecommunications. IEEE (2016)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Symposium on Security and Privacy. IEEE (2007)Google Scholar
  3. 3.
    Bin, W., Yan, R.: An attribute-based anonymous authentication scheme. In: International Conference on Emerging Intelligent Data and Web Technologies. IEEE (2013)Google Scholar
  4. 4.
    Dutra, D., Bagaa, M., Taleb, T., Samdanis, K.: Ensuring end-to-end QoS based on multi-paths routing using SDN technology. In: Global Communications Conference. IEEE (2017)Google Scholar
  5. 5.
    Egilmez, H., Dane, T., Bagci, T., Tekinalp, M.: OpenQoS: an OpenFlow controller design for multimedia delivery with end-to-end quality of service over software-defined networks. In: Signal & Information Processing Association Annual Summit and Conference. IEEE (2012)Google Scholar
  6. 6.
    Egilmez, H., Tekinalp, A.: Distributed QoS architectures for multimedia streaming over software defined networks. In: Transactions on Multimedia. IEEE (2014)Google Scholar
  7. 7.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). Scholar
  8. 8.
    Goyal, V., Pandev, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Conference on Computer and Communications Security. ACM (2006)Google Scholar
  9. 9.
    Guo, L., Zhang, C., Sun, J., Fang, Y.: PAAS: a privacy-preserving attribute-based authentication system for ehealth networks. In: International Conference on Distributed Computing Systems. IEEE (2012)Google Scholar
  10. 10.
    Guo, L., Zhang, C., Sun, J., Fang, Y.: A privacy-preserving attribute-based authentication system for mobile health networks. In: Transactions on Mobile Computing. IEEE (2014)Google Scholar
  11. 11.
    Hong, H., Sun, Z., Xia, Y.: Achieving secure and fine-grained data authentication in cloud computing using attribute based proxy signature. In: International Conference on Information Science and Control Engineering. IEEE (2017)Google Scholar
  12. 12.
    Jiang, J., Huang, H., Liao, J., Chen, S.: Extending Dijkstra’s shortest path algorithm for software defined networking. In: Network Operations and Management Symposium. IEEE (2014)Google Scholar
  13. 13.
    Khader, D.: Attribute-based authentication scheme. In: Ph.D. dissertation. University of Bath (2009)Google Scholar
  14. 14.
    Kuliesius, F., Dangovas, V.: SDN-driven authentication and access control system. In: The International Conference on Digital Information, Networking, and Wireless Communications. SDIWC (2014)Google Scholar
  15. 15.
    Kuliesius, F., Dangovas, V.: SDN enhanced campus network authentication and access control system. In: International Conference on Ubiquitous and Future Networks. IEEE (2016)Google Scholar
  16. 16.
    Porxas, A., Liny, S., Luoz, M.: QoS-aware virtualization-enabled routing in software-defined networks. In: Next Generation Networking Symposium. IEEE (2015)Google Scholar
  17. 17.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  18. 18.
    Sahri, N., Mao, J.: Collaborative spoofing detection and mitigation - SDN based looping authentication for DNS services. In: Computer Software and Applications Conference. IEEE (2016)Google Scholar
  19. 19.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). Scholar
  20. 20.
    Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998). Scholar
  21. 21.
    Wang, M., Liu, J., Mao, J., Cheng, H., Chen, J.: NSV-guard: constructing secure routing paths in software defined networking. In: International Conferences on Big Data and Cloud Computing, Social Computing and Networking, Sustainable Computing and Communications. IEEE (2016)Google Scholar
  22. 22.
    Won, K., Park, S., You, J.: Mynah: enabling lightweight data plane authentication for SDN controllers. In: Computer Communication and Networks. IEEE (2015)Google Scholar
  23. 23.
    Yang, H., Oleshchuk, V.: Traceable hierarchical attribute-based authentication for the cloud. In: Workshop on Security and Privacy in the Cloud. IEEE (2015)Google Scholar
  24. 24.
    Li, Y., Mao, J.: SDN based access authentication and automatic configuration for IPSec. In: International Conference on Computer Science and Network Technology. IEEE (2015)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Samet Aytaç
    • 1
  • Orhan Ermiş
    • 1
    Email author
  • Mehmet Ufuk Çağlayan
    • 2
  • Fatih Alagöz
    • 1
  1. 1.Department of Computer EngineeringBogazici University IstanbulIstanbulTurkey
  2. 2.Department of Computer EngineeringYaşar UniversityİzmirTurkey

Personalised recommendations