Cryptographic Algorithm Invocation in IPsec: Guaranteeing the Communication Security in the Southbound Interface of SDN Networks | SpringerLink
Skip to main content
Springer Nature Link
Log in

Cryptographic Algorithm Invocation in IPsec: Guaranteeing the Communication Security in the Southbound Interface of SDN Networks

  • Conference paper
  • First Online:
Communications and Networking (ChinaCom 2018)

Included in the following conference series:

Abstract

Due to the static configuration of IPsec cryptographic algorithms, the invocation of these algorithms cannot be dynamically self-adaptable to the traffic fluctuation of software-defined networking (SDN) southbound communication. In this paper, an invocation mechanism, based on the Free-to-Add (FTA) scheme, is proposed to optimize the invocation mode of cryptographic algorithms in traditional IPsec. To balance the link security and communication performance, a feedback-based scheduling approach is designed for the controller of IPsec-applied SDN to replace flexibly and switch synchronously the IPsec cryptographic algorithms in use according to the real-time network status. The feedback information is applied to decide which appropriate algorithm(s) should be employed for the cryptographic process in a special application scenario. The validity and effectiveness of the proposed invocation mechanism are verified and evaluated on a small-scale SDN/OpenFlow platform with the deployed IPsec security gateway. The results show that the FTA-based mechanism invokes IPsec encryption algorithms consistently with the requirement for communication security in the SDN southbound interface, and the impact of the IPsec cryptographic process on the network performance will be reduced even if the network traffic fluctuates markedly.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kreutz, D., Ramos, F.M.V., Veríssimo, P., et al.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)

    Article  Google Scholar 

  2. Liyanage, M., Ahmed, I., Okwuibe, J., et al.: Enhancing security of software defined mobile networks. IEEE Access 5, 9422–9438 (2017)

    Article  Google Scholar 

  3. Chen, M., Qian, Y., Mao, S., et al.: Software-defined mobile networks security. Mobile Netw. Appl. 21(5), 1–15 (2016)

    Google Scholar 

  4. OpenFlow Switch Specification v1.5.1. http://OpenFlowSwitch.org

  5. Wang, M., Liu, J., Chen, J., et al.: Software defined networking: security model, threats and mechanism. J. Softw. 27(4), 969–992 (2016)

    MathSciNet  MATH  Google Scholar 

  6. Shu, Z., Wan, J., Li, D., et al.: Security in software-defined networking: Threats and countermeasures. Mobile Netw. Appl. 21(5), 764–776 (2013)

    Article  Google Scholar 

  7. Porras, P.A., Cheung, S., Fong, M.W., et al.: Securing the software-defined network control layer. In: Proceedings of Network and Distributed System Security (NDSS) Symposium, pp. 1–15. San Diego, USA (2015)

    Google Scholar 

  8. Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18(1), 623–654 (2016)

    Article  Google Scholar 

  9. Ferguson, A.D., Guha, A., Liang, C., et al.: Participatory networking: an API for application control of SDNs. In: Proceedings of ACM Special Interest Group on Data Communication (SIGCOMM), pp. 327–338. Hong Kong, China (2013)

    Article  Google Scholar 

  10. Huang, X., Yu, R., Kang, J., et al.: Software defined networking for energy harvesting Internet of Things. IEEE Internet Things J. 5(3), 1389–1399 (2018)

    Google Scholar 

  11. Marin-Lopez, R., Lopez-Millan, G.: Software-defined networking (SDN)-based IPsec flow protection. I2NSF Internet-Draft. July 2018. draft-ietf-i2nsf-sdn-ipsec-flow-protection-02. https://datatracker.ietf.org/doc/draft-ietf-i2nsf-sdn-ipsec-flow-protection/

  12. Al-Khatib, A.A., Hassan, R.: Impact of IPSec protocol on the performance of network real-time applications: A review. Int. J. Netw. Secur. 19, 800–808 (2017)

    Google Scholar 

  13. Yang, X., Wang, D., Feng, W., Wu, J., Tang, W.: Cryptographic algorithm invocation based on software-defined everything in IPsec. Wirel. Commun. Mobile Comput. (WCMC) 2018 (2018). https://doi.org/10.1155/2018/8728424. Article ID 8728424

    Google Scholar 

Download references

Acknowledgement

The work described in this paper was carried out with the support of the National Natural Science Foundation of China (61772562), the China Education and Research Network (CERNT) Innovation Project (NGII20150106), and the Fundamental Research Funds for the Central Universities, South-Central University for Nationalities (CZY18014).

Author information

Authors and Affiliations

  1. College of Computer Science, South-Central Univ. for Nationalities, Wuhan, 430074, China

    Deqiang Wang, Wan Tang, Ximin Yang & Wei Feng

Authors
  1. Deqiang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wan Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ximin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wan Tang .

Editor information

Editors and Affiliations

  1. School of Electronic Engineering, University of Electronic Science and Technology of China, Chengdu, Sichuan, China

    Xingang Liu

  2. University of Electronic Science and Technology of China, Chengdu, China

    Dai Cheng

  3. University of Electronic Science and Technology of China, Chengdu, China

    Lai Jinfeng

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, D., Tang, W., Yang, X., Feng, W. (2019). Cryptographic Algorithm Invocation in IPsec: Guaranteeing the Communication Security in the Southbound Interface of SDN Networks. In: Liu, X., Cheng, D., Jinfeng, L. (eds) Communications and Networking. ChinaCom 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 262. Springer, Cham. https://doi.org/10.1007/978-3-030-06161-6_57

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-06161-6_57

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-06160-9

  • Online ISBN: 978-3-030-06161-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation