Trust Enhanced Security for Routing in SDN

Bulbul N. S., Ermis O., Bahtiyar Ş., Caglayan M. U., ALAGÖZ F.

1st International Conference on 6G Networking (6GNet), Paris, France, 6 - 08 July 2022 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/6gnet54646.2022.9830213
  • City: Paris
  • Country: France
  • Keywords: SDN, secure routing, trust, probing
  • Istanbul Technical University Affiliated: Yes


Software Defined Networking (SDN) paradigm is the redefinition of conventional networks based on the use of programmable entities together with a clear separation between the data plane and the control plane. The idea behind this new paradigm is to achieve a more flexible network architecture and better management capabilities. However, with all these advantages, it has been experienced that SDNs are open to new security threats and unfortunately, current technologies are not mature enough to overcome those vulnerabilities. As an example, we can consider the detection of the compromised switches in the network. Since switches are programmable entities, in SDN, they are the potential targets for attackers. When a switch is compromised, the attacker can use this switch to deploy incorrect packet forwarding and unsubstantiated packet dropping attacks. Current SDN protocols are not able to detect such kinds of attacks in the network and hence the whole network traffic can be affected in the end. One particular assumption is to use an approach that reflects the trust level of switches in the network for the detection of a compromised one. Therefore, in this paper, we propose Trust Enhanced Security (TES) for routing in SDN. The proposed approach provides three different trust computations to find the most suitable trust level for different states of a network. To show the applicability of the proposed approach, we demonstrate a set of simulations based on the detection of compromised switches. Simulation results show that the proposed model operates effectively to detect and eliminate compromised nodes while selecting secure paths.