Blockchain-Aided Flow Insertion and Verification in Software Defined Networks

TL;DR

This paper introduces a blockchain-based framework for verifying and inserting flow rules in SDN to prevent security vulnerabilities, employing game theory to ensure fair agent behavior and demonstrating effectiveness through simulations.

Contribution

It proposes a novel blockchain-as-a-service framework with a game-theoretic reward scheme to enhance security and fairness in SDN flow management.

Findings

The framework effectively verifies flow rules to prevent malicious insertions.

Simulation results show balanced social welfare among blockchain agents.

The approach enhances SDN security with minimal deployment complexity.

Abstract

The Internet of Things (IoT) connected by Software Defined Networking (SDN) promises to bring great benefits to cyber-physical systems. However, the increased attack surface offered by the growing number of connected vulnerable devices and complex nature of SDN control plane applications could overturn the huge benefits of such a system. This paper addresses the vulnerability of some unspecified security flaw in the SDN control plane application (such as a zero-day software vulnerability) which can be exploited to insert malicious flow rules in the switch that do not match network policies. Specifically, we propose a blockchain-as-a-service (BaaS) based framework that supports switch flow verification and insertion; and additionally provides straightforward deployment of blockchain technology within an existing SDN infrastructure. While use of an external BaaS brings straightforward deployment, it obscures knowledge of the blockchain agents who are responsible for flow conformance testing through a smart blockchain contract, leading to potential exploitation. Thus, we design a strategy to prevent the blockchain agents from acting arbitrarily, as this would result in what is termed a "moral hazard". We achieve this by developing a novel mathematical model of the fair reward scheme based on game theory. To understand the performance of our system, we evaluate our model using a Matlab based simulation framework. The simulation results demonstrate that the proposed algorithm balances the needs of the blockchain agents to maximise the overall social welfare, i.e. the sum of profits across all parties.