Research On SDN Cross-domain Routing Based On Blockchain

Software Defined Networks(SDN)can manage the network through controllers,which is efficient and flexible,and is increasingly used in Cloud Data Centers.In recent years,Cloud technology has been widely used in various industries.Different organizations would exchange data across Cloud Data Centers,which requires SDN controllers in each Data Center to coordinately manage the cloud network and route data packets across different management domains.Obviously,the premise of controller cooperation is that there exist the trust relationships among each other.The existing collaborative routing mechanisms of distributed control architectures all require third-party trust centers to establish trust relationships for controllers.However,both the trust centers and the authenticated entities are under the threat of attack,meaning the trust relationships among controllers in the existing mechanisms are fragile.Furthermore,in the existing works,only under the condition that a controller is certified,other controllers will trust the routing rules calculated by it and assist the relevant routing packets.Nevertheless,due to threats such as malicious applications and single-point failures of controllers in SDN,unreliable routing rules can also be generated by certified controllers.Therefore,the existing mechanisms cannot guarantee that the cross-domain routing is credible and cannot establish a secure cross-domain routing;In addition,in the current Internet protocol,information in packet headers such as the source and destination addresses are public.Attackers can easily obtain the identity of senders and receivers,track and trace the source of the message,so as to further acquire the privacy of the source and destination correspondents.It can be seen that privacy is very important in the communication process.Researchers on anonymous communication have focus on this issue.However,both traditional anonymous communication schemes and new anonymous communication schemes base on SDN are difficult to balance the routing efficiency and anonymity,and cannot be directly applied to the SDN of the distributed control architecture.This article is inspired by the technology of blockchain to reach consensus among nodes in a decentralized manner,and conducts research on cross-domain routing of SDN.We propose a blockchain-based credible SDN cross-domain routing scheme and an anonymous routing scheme,respectively,which achieve security and privacy protection during SDN cross-domain routing.(1)We first design a distributed SDN control architecture based on Blockchain.In the proposed architecture,the controller and the blockchain node are on the same physical node,and they interact with each other through APIs.Then we define the specific content of cross-domain routing transactions and network status update transactions that stored in the block.In addition,a Blockchain update method based on the sliding window mechanism is proposed.Nodes of Blockchain rely on the consensus mechanism to confirm whether the information shared by each other is trustworthy.At the same time,the sliding window mechanism can periodically clean up useless network state change events accumulated in the ledger.Our architecture allows the system to achieve the consistent understanding of the global state in a decentralized manner with low storage overhead,thereby freeing the system from relying on a centralized trust institution.(2)Based on the architecture above,to ensure the security of cross-domain routing,a trusted cross-domain routing mechanism is proposed.Firstly,a method for synchronizing network status information between controllers in two different phases(the initialization phase and the status update phase)is defined,and the consensus of each controller on the global network status information is taken as the premise of controllers' cross-domain collaborative routing.After ensuring that the controller has a consistent and reliable knowledge of the network,a specific scheme for the controller's cross-domain collaborative routing is devised,including six steps: request,simulation execution,collection of endorsements,sort,sync blocks,and obtain routing rules.(3)To protect the privacy of communication between the source and the destination nodes in cross-domain routing,a SDN cross-domain anonymous routing mechanism based on pseudonym changes is proposed.By modifying the address of the anonymous data packet to a fake address generated by the controller,we achieve the privacy protection of the identity in the communication.Considering the situation that SDN needs to match the header information when routing data packets,if the pseudonymized addresses of different packets are same,conflicts will appear,so we also develop a hash check method to avoid address conflicts.Furthermore,an enhanced anonymity scheme based on phantom routing idea and multicast mechanism is designed for traffic analysis attacks to provide stronger anonymity protection for both communication parties.(4)We comprehensively analyze and evaluate the proposed solution in terms of security,anonymity,and energy efficiency.Specifically,for the security of this solution,a detailed security analysis is given from two aspects: the establishment of the credible relationships of the distributed controllers based on the consortium blockchain and the security of the routing mechanism.Aiming at the anonymity of our scheme,on the basis of the privacy protection requirements of anonymous communication,a detailed analysis is conducted in combination with the threat model,and the experimental simulations are performed to verify that the scheme can guarantee a sufficient number of pseudonyms,and that the enhanced scheme can effectively enhance anonymity.To indicate the performance of our solution,experimental simulations are also performed in terms of storage performance,time performance,and bandwidth overhead.It is verified that the proposal has good performance while ensuring security and anonymity.