Achieving data security, access control and authentication of controllers in hierarchical software defined networking with attribute based encryption

Abstract

Software defined networking (SDN) separates the data layer and the control layer to achieve logical centralization, scalability and programmability. In hierarchical software defined networking (HSDN), controllers are classified into the upper controller- Root Controller (RC) and the lower controller- Local Controller (LC) to improve the scalability of the network. HSDN effectively relieve the workload of controllers. However, the features of HSDN puts forward higher requirements of data privacy protection and access control. Because RC stores global network data, it must ensure authorized access and prevent the forged data. The attribute-based encryption scheme can provide fine-grained data access control and data privacy protection of controllers at the same time. When LC accesses data in RC, the algorithm of ciphertext-policy attribute-based encryption with identity authentication (CP-ABE-IA) is presented to protect the data privacy of RC and guarantee the legitimate access of LC. When LC sends message to RC, we propose an algorithm of key-policy attribute based signcryption for multi-access structures (KP-ABSC-MAS). KP-ABSC-MAS provides data privacy protection and verification as well as the authentication of LC.