QKDFlow: QKD Based Secure Communication Towards the OpenFlow Interface in SDN
Software Defined Networks (SDN) decouples control plane and data plane, which simplifies network management. However, there are still some security threats which limit the large scale deployment of SDN. In this paper, we present a solution which integrates Quantum Key Distribution (QKD) technology with SDN in the southbound interface to fulfill secure communication between controller and switches. Rather than merely employ Transport Level Security (TLS) protocol in OpenFlow standard, the proposed scheme can prevent the Man-In-The-Middle (MITM) attack.
KeywordsSDN QKD TLS Openflow Man-In-The-Middle attack
This work was supported by NSFC No. 61202488, and Guangxi Cooperative Innovation Center of cloud computing and Big Data (No. YD16505).
- 1.Open Network Foundation: Software-defined networking: the new norm for networks. ONF White Paper (2012)Google Scholar
- 3.MIT Technology Review: 10 breakthrough technologies, TR10: software-defined networking. http://www2.technologyreview.com/article/412194/tr10-software-defined-networking/ (2009)
- 4.ONF: OpenFlow Switch Specification V1.5.1Google Scholar
- 5.Dierks T., Rescorla, E.: Transport Layer Security Protocol. Network Working Group, RFC 5246 (2008)Google Scholar
- 8.Ray, M., Dispensa, S.: Renegotiating TLS (2009). http://extendedsubset.com/Renegotiating_TLS.pdf
- 9.Marlinspike, M.: New tricks for defeating SSL in practice. In: BlackHat (2009)Google Scholar
- 10.Shin, D., Lopes, R: An empirical study of visual security cues to prevent the SSL stripping attack. In: Proceedings of the Computer Security Applications Conference (ACSAC 2011), pp. 287–296 (2011)Google Scholar
- 12.Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS) 2013 (2013)Google Scholar
- 13.Zetter, K.: DigiNotar files for bankruptcy in wake of devastating hack. Wired Mag. (2011)Google Scholar
- 15.Yin, H.-L., Chen, T.-Y., Yu, Z.-W., Liu, H., You, L.-X., Zhou, Y.-H., Chen, S.-J., Mao, Y., Huang, M.-Q., Zhang, W.-J.: Measurement device independent quantum key distribution over 404 km optical fibre. arXiv preprint arXiv:1606.06821 (2016)