Hierarchical solution for access control and authentication in software defined networks

Abstract

Software defined network(SDN) one of most popular and influential technique is an emerging network architecture. It has attracted great attention to reform its performance and extend its applications in recent years. Although this new architecture provides all parties with a common programming environment to drive differentiation, almost all studies focus on efficiency and utility. Few efforts have been made to enforce authentications or access control in SDN. In this paper, we propose a hierarchical attribute-based access control scheme by incorporating the hierarchical identity based encryption and cipherpolicy attribute based encryption(CP-ABE) system. Combing the hierarchical structure and the characteristic inherited from CP-ABE, the prosed scheme gains not only scalability, but also flexibility and fine-gained access control. Based on this we then present an authentication protocol for this special architecture to enhance the ability of controllers in SDN for managing the users, devices and data flows flexibly.