Advertisement

QKDFlow: QKD Based Secure Communication Towards the OpenFlow Interface in SDN

  • Yan Peng
  • Chunqing Wu
  • Baokang ZhaoEmail author
  • Wanrong Yu
  • Bo Liu
  • Shasha Qiao
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 699)

Abstract

Software Defined Networks (SDN) decouples control plane and data plane, which simplifies network management. However, there are still some security threats which limit the large scale deployment of SDN. In this paper, we present a solution which integrates Quantum Key Distribution (QKD) technology with SDN in the southbound interface to fulfill secure communication between controller and switches. Rather than merely employ Transport Level Security (TLS) protocol in OpenFlow standard, the proposed scheme can prevent the Man-In-The-Middle (MITM) attack.

Keywords

SDN QKD TLS Openflow Man-In-The-Middle attack 

Notes

Acknowledgements

This work was supported by NSFC No. 61202488, and Guangxi Cooperative Innovation Center of cloud computing and Big Data (No. YD16505).

References

  1. 1.
    Open Network Foundation: Software-defined networking: the new norm for networks. ONF White Paper (2012)Google Scholar
  2. 2.
    McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38, 69–74 (2008)CrossRefGoogle Scholar
  3. 3.
    MIT Technology Review: 10 breakthrough technologies, TR10: software-defined networking. http://www2.technologyreview.com/article/412194/tr10-software-defined-networking/ (2009)
  4. 4.
    ONF: OpenFlow Switch Specification V1.5.1Google Scholar
  5. 5.
    Dierks T., Rescorla, E.: Transport Layer Security Protocol. Network Working Group, RFC 5246 (2008)Google Scholar
  6. 6.
    Das, M.L., Samdaria, N.: On the security of SSL/TLS-enabled applications. Appl. Comput. Inform. 10, 68–81 (2014)CrossRefGoogle Scholar
  7. 7.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). doi: 10.1007/BFb0055716 CrossRefGoogle Scholar
  8. 8.
    Ray, M., Dispensa, S.: Renegotiating TLS (2009). http://extendedsubset.com/Renegotiating_TLS.pdf
  9. 9.
    Marlinspike, M.: New tricks for defeating SSL in practice. In: BlackHat (2009)Google Scholar
  10. 10.
    Shin, D., Lopes, R: An empirical study of visual security cues to prevent the SSL stripping attack. In: Proceedings of the Computer Security Applications Conference (ACSAC 2011), pp. 287–296 (2011)Google Scholar
  11. 11.
    Zhao, S., Wang, D., Zhao, S., Yang, W., Ma, C.: Cookie-proxy: a scheme to prevent SSL Strip attack. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 365–372. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34129-8_34 CrossRefGoogle Scholar
  12. 12.
    Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS) 2013 (2013)Google Scholar
  13. 13.
    Zetter, K.: DigiNotar files for bankruptcy in wake of devastating hack. Wired Mag. (2011)Google Scholar
  14. 14.
    Sasaki, M., Fujiwara, M., Ishizuka, H., Klaus, W., Wakui, K., Takeoka, M., Miki, S., Yamashita, T., Wang, Z., Tanaka, A.: Field test of quantum key distribution in the Tokyo QKD Network. Opt. Express 19, 10387–10409 (2011)CrossRefGoogle Scholar
  15. 15.
    Yin, H.-L., Chen, T.-Y., Yu, Z.-W., Liu, H., You, L.-X., Zhou, Y.-H., Chen, S.-J., Mao, Y., Huang, M.-Q., Zhang, W.-J.: Measurement device independent quantum key distribution over 404 km optical fibre. arXiv preprint arXiv:1606.06821 (2016)

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  • Yan Peng
    • 1
  • Chunqing Wu
    • 1
  • Baokang Zhao
    • 1
    • 2
    Email author
  • Wanrong Yu
    • 1
  • Bo Liu
    • 1
  • Shasha Qiao
    • 3
  1. 1.College of ComputerNational University of Defense TechnologyChangshaChina
  2. 2.Guangxi Cooperative Innovation Center of Cloud Computing and Big DataGuilin University of Electronic TechnologyGuilinChina
  3. 3.PLA 75833 UNITPudongChina

Personalised recommendations