An Identity-Based Encryption Method for SDN-Enabled Source Routing Systems

Abstract

In this study, we consider endpoints communicating over a software-defined networking (SDN)-based architecture using source routing, i.e., packets are routed through a path selected by the packet sender, and we provide a security solution that enforces the selected path. In particular, our solution allows a sender to select the path that a packet should go through using a constant-size cryptographic construction which is referred to as the authenticator. A recipient can examine an authenticator and verify that the received packet has followed the path selected by the sender. Additionally, any intermediate "programmable"switch can verify whether or not it is included in the path of a packet. Our solution can be used even for paths that include multiple recipients (e.g., multicast paths), as well as multiple parallel paths (e.g., multipath transmissions). We implement our solution by leveraging identity-based encryption (IBE), so it can be used by any sender that knows the identifiers of the links that compose the desired path, i.e., information that the sender usually already knows as part of the source routing protocol. Our solution is realistic since it can be implemented over a variety of platforms with tolerable overhead.