BLOCKCHAIN FOR SDN
ATTACK PERSPECTIVE RESEARCH
We have elected to put our money and faith in a mathematical framework that is free of politics, human error and dominance— VIPUL GUPTA
MOTIVATION
Blockchain can rip apart the world of dominance into transparency, recording, accountability, dominate worlds, and whatnot. That’s the amount of tremendous energy blockchain has in itself. Just imagine the wonders that cryptocurrency is already badging on itself and bringing in this world, the extravagant amount of money that is pouring in into cryptocurrency from across the globe.
Duh!! that was just Elon musk taking his DOGE for a walk to moon
Now that is all about the potential in just one domain of Blockchain. These factors turned to be very crucial reasons in a nutshell for me to intake BLOCKSDN as a research project under the supervision of the CSE dept. of Bennett university under my professor as my research project.
INTRODUCTION
Software-defined networking technology (SDN) is one of the most popularly accepted, programmable, adaptable, and dynamic network architecture which makes it suitable to be used for the high-bandwidth and dynamic nature of today’s different types of dynamic applications. It is a programmable network and provides manifold advantages over other architectures and is used in mobility, IoT, cloud, 5g networking, and a lot more fields but due to its centralized architecture including its dependence on the centralized controller is prone to a variety of attacks and failures.
Distributed denial of service (DDoS), a man in the middle, impersonation are some of the most popular attacks caused due to Address Resolution Protocol (ARP) poisoning. Blockchain as a service framework will be presented wherein the blockchain model will be used to provide the necessary security as a separate service for the SDN architecture by using OMNET++ for the simulation of the network and evaluation of the delay, efficiency, and comparability of the proposed approach.
PROBLEMS WITH SDN
The construction of the SDN has to deal with a variety of gaps as well weaknesses that can lead to various attacks in different architecture levels due to its centralized architecture. The separation of the control and data planes distributes all the functions and reduces the loads on each layer.
However, this will result in several security problems, such as a single point of failure. Unauthorized access, data theft, data manipulation, compromised programs, Distributed Denial of Service (DDoS), and configuration problems are all major security concerns and attacks in the SDN architecture.
BLOCKCHAIN AS A SERVICE FOR SDN: SOLUTION
The blockchain is used in the proposed scheme to store data from more than one layer of SDN architecture. Each layer adds to the chain by creating transactions that become part of the block’s records. The developed transactions in blockchain are separated by blocks using cryptographic hashes.
The simulated controller checks transaction or flow table entries in the suggested scheme, and then the real SDN controller updates the same after locating the correct flow entries switch. To spread the load to the controllers, the controller should be synchronized. As a result, the load balancer module allows a single switch to the controller at a time to prevent parallel transfers to the controller. Blockchain provides decentralized connectivity by ensuring that network elements collaborate on OF table entries by modifying them all at once rather than independently. As a consequence, if a switch is tampered with, the controller will detect it easily by checking the switches OF tables, restoring trust.
Wait you might be thinking why it hasn’t been brought into effect yet?? Well, i’ll answer this below but lets first have a quick view over the results of my research first.
EXPERIMENTATION AND RESULTS
OMNET++ simulator is used to conduct the experiment in a virtual environment. Initially, two servers are deployed as hosts to generate traffic in the proposed system. To avoid sending all traffic to the real SDN controller, the virtual controller is deployed. On the basis of previously stored values in the flow table, the virtual controller uses the blockchain scheme to determine if the request is legitimate. The switches double-check the entries after the controller updates them. This is accomplished by examining the information contained in each request provided by the switches. The acknowledgment of each switch is treated as a single block that is sent
to the other switches. The delay of packets and the rate at which they are transmitted can be seen using a graphical representation on Wireshark, with the X-axis representing a one-second interval and the Y-axis representing the number of packets sent in that interval. As a result, a cumulative packet rate tally is given using the below results found. The results of the simulations such as the time elapsed, time is taken to generate hash codes in seconds have been depicted below.
WHAT CHALLENGED ME AND WHAT I FOUND!!
- Learning about SDN and blockchain architectures individually.
- How blockchain can be implemented to SDN architectures to mitigate the vulnerable attacks to it like DDoS, a man in the middle attack, traffic diversion and ARP spoofing attack.
- A whole new network analysis and simulation tool OMNeT++.
- Simulating different attacks in the OMNeT++ tool and analyzing the efficiency, delay and latency of the proposed algorithm.
CONCLUSION
Due to its agile and modular nature, SDN has been implemented in real-world systems, allowing for the effective connection of various components. The logically centralized controller, on the other hand, may pose a severe single point of failure danger. Security networks, on the other hand, maybe provisioned independently using network feature virtualization. This thesis suggested a blockchain-based protection protocol to limit distributed denial of service attacks started by a malicious switch, based on this feature of SDN architecture. Based on the results of the tests, it has been determined that blockchain offers a secure and effective way to protect switches in SDN architecture from an attacker. The simulated controller inspects the switches as they transmit packets to ensure that the requests for flow entry updates are coming from legitimate switches. Each block in the blockchain is modified and forwarded to the actual controller until it has been tested.
Well, to be honest, whatever came through in my research I could successfully implement some part of my research and come up with the above results. I hope you liked the blog and got to know a lot from this. This blog covers only 30% of my research on SDN. Well, there’s a lot more I have done and discovered already over this problem.
