As Software Defined Networking (SDN) enables third party applications to be integrated into the architecture, a malicious application could have as much of a detrimental effect on the network as a compromised controller. In order to avoid the deployment of malicious/compromised applications, controllers and applications should establish a trusted connection and authenticate the identity of applications and their flows before exchanging control messages. Application flows may be considered network configurations sent by applications that are managed by controllers, which install network configurations into switches. Without authentication, applications may inject malicious configurations into network devices at will, which could reduce network availability, reliability, and/or even lead to a network breakdown. Presented herein are techniques involving a Transaction model that can be utilized to authenticate applications and their flows and further provide trust establishment between a controller and a switch in multi-provider SDN deployment.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.