Premium
Design, implementation, and performance evaluation of identity‐based cryptography in ONOS
Author(s) -
Lam JunHuy,
Lee SangGon,
Lee HoonJae,
Eko Oktian Yustus
Publication year - 2017
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.1990
Subject(s) - computer science , eavesdropping , computer network , cryptography , secure communication , computer security , secure channel , distributed computing , encryption
Summary Distributed Software‐Defined Network introduces a new communication channel: the East/West‐bound communication where the controllers synchronize the network information to achieve the logically centralized view of the network. The East/West‐bound communication can be divided into 2 types, the intra‐cluster and inter‐cluster communication. Intra‐cluster communication happens within the control plane while inter‐cluster communication usually happens on the application plane through the northbound communication of each controller. The security of the East/West‐bound communication ensures that no malicious controllers are eavesdropping on or even driving the network. However, most current Software‐Defined Network projects do not implement the security mechanism for the East/West‐bound communication with Open Networking Operating System (ONOS) being the exception. In ONOS, Transport Layer Security (TLS) was used to secure the intra‐cluster communication, but the complicated key management of TLS could be a hindrance for practical implementation. Hence, Identity‐based cryptography protocol was proposed to solve this TLS issue of our previous implementation. In this paper, we have designed, implemented, and evaluated the identity‐based cryptography protocol to secure the East/West‐bound intra‐cluster communication of ONOS.