SILedger A Block chain and ABE-based Access Control for Applications in SDN-IoT Networks
Abstract
The Software Defined Network in Internet of Things (SDN-IoT) is enjoying growing popularity due to its flexibility, automaticity and programmability. However, there still lack proper permission management on SDN-IoT applications (SIApps), especially when the SIApp’s required northbound interfaces are located in multiple heterogeneous controllers without mutual trust. Existing access control methods are usually based on centralized models, proprietary controllers, trusting conditions or manual operation. It can incur unnecessary performance degradation and poor scalability. To solve this problem, this paper proposes the SIApps’ ledger (SILedger), an open, trusted, and decentralized access control mechanism based on blockchain and attribute-based encryption (ABE). It can not only support effective authorization of SIApps in heterogeneous and untrusted SDN-IoT control domains, but also record all interactions between SIApps and resources, and thus facilitate SIApps’ further charging, analysis and audit. The main idea is that the SIApps are authorized using access tokens encrypted by ABE, and these tokens are seen as the currency of blockchain to be distributed. Specifically, we re-design blockchain transaction, token encryption, token initialization and token update schemes to achieve cross-domain, fine-grained and flexible SIApps’ permission management. In order to mitigate the delay and complexity problem of blockchain and ABE, we devise the access control framework that separates authorization from call process of SIApps. Finally, we perform security analysis and implement a FISCO-BCOS-based prototype for SILedger. The experimental results show that it can provide effective access control for SIApps with negligible overheads.
Existing System
? Existing works that provide application flow authentication or flow secure constraint are to extend an individual secure module on a controller rather than a monolithic secure module in a multi-controllers environment. ? In a network with the physically decentralized control plane, simply combing those existing schemes fails to effectively solve all the common security issues simultaneously, because all secure modules must work seamlessly among multiple controllers. ? We utilize the existing stable Blockchain platform to implement our requirements rather than building a new Blockchain. ? Key Generation is the second phase that is executed at the AA, which should exist on the cloud or the fog/edge node.
Disadvantages
? Many solutions (including blockchain based) have been proposed to overcome these problems. ? In a system consisting of multiple SDN networks, problems like security, performance, reliability, and scalability arise due to the centralized control architecture. ? Several existing studies focus on the problem of state consistency among numerous controllers. ? Although there are multiple studies in the literature offering a reliable and scalable solution to the distributed network for management, however, none of these studies have solved this problem completely.
Proposed System
• The proposed system is evaluated to have less cryptographic load by offloading the IoT nodes with Edge nodes. • To prevent data leakage and to protect user privacy, the authors have proposed a solution to isolate and serve different information retrieval requests for each type of personal information. • Therefore, in this paper, we have proposed a permissioned blockchain based data provenance mechanism which offloads the computational load of (1) hash calculation for blockchain and (2) cryptographic load of digital signature by outsourcing the mechanism to the Edge nodes. • Data integrity, sender authentication and data accuracy can be ensured by using this algorithm in the proposed system.
Advantages
? We built a normal distributed SDN to compare the flow rule table update performance of our proposed Blockchain IoT architecture in large-scale network. ? It can be seen from the experimental results that the performance of our proposed architecture (permissioned Blockchain based SDN) continuously improves as compare to the public blockchain based SDN in terms of percentage time reduction as the rate of packet-in arrival increases. ? The system improves the networks performance and capacity in the face of network attacks such as spoofing and DDoS/DoS attacks. ? We performed extensive experiments to evaluate our approach in terms of accuracy, scalability, security, and efficiency.
