Developing an SDN security model (EnsureS) based on lightweight service path validation with batch hashing and tag verification

S Pradeep; Yogesh Kumar Sharma; Umesh Kumar Lilhore; Sarita Simaiya; Abhishek Kumar; Sachin Ahuja; Martin Margala; Prasun Chakrabarti; Tulika Chakrabarti

doi:10.1038/s41598-023-44701-7

Developing an SDN security model (EnsureS) based on lightweight service path validation with batch hashing and tag verification

Sci Rep. 2023 Oct 13;13(1):17381. doi: 10.1038/s41598-023-44701-7.

Authors

S Pradeep¹, Yogesh Kumar Sharma², Umesh Kumar Lilhore³, Sarita Simaiya⁴, Abhishek Kumar⁵, Sachin Ahuja⁵, Martin Margala⁶, Prasun Chakrabarti⁷, Tulika Chakrabarti⁷

Affiliations

¹ Department of Computer Science and Engineering, Malla Reddy Engineering College for Women, UGC Autonomous Institution, Maisammaguda, Secunderabad, Telangana, India.
² Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Guntur, AP, India.
³ Department of Computer Science and Engineering, Chandigarh University, Gharuan, Mohali, Punjab, 140413, India. umeshlilhore@gmail.com.
⁴ APEX Institute of Technology (AIT), CSE, Chandigarh University, Gharuan, Mohali, Punjab, 140413, India.
⁵ Department of Computer Science and Engineering, Chandigarh University, Gharuan, Mohali, Punjab, 140413, India.
⁶ School of Computing, University of Louisiana at Lafayette, Lafayette, USA.
⁷ Sir Padampat, Singhania University, Udaipur, Rajasthan, 313601, India.

Abstract

Software-defined networking (SDN) has significantly transformed the field of network management through the consolidation of control and provision of enhanced adaptability. However, this paradigm shift has concurrently presented novel security concerns. The preservation of service path integrity holds significant importance within SDN environments due to the potential for malevolent entities to exploit network flows, resulting in a range of security breaches. This research paper introduces a model called "EnsureS", which aims to enhance the security of SDN by proposing an efficient and secure service path validation approach. The proposed approach utilizes a Lightweight Service Path Validation using Batch Hashing and Tag Verification, focusing on improving service path validation's efficiency and security in SDN environments. The proposed EnsureS system utilizes two primary techniques in order to validate service pathways efficiently. Firstly, the method utilizes batch hashing in order to minimize computational overhead. The proposed EnsureS algorithm enhances performance by aggregating packets through batches rather than independently; the hashing process takes place on each one in the service pathway. Additionally, the implementation of tag verification enables network devices to efficiently verify the authenticity of packets by leveraging pre-established trust relationships. EnsureS provides a streamlined and effective approach for validating service paths in SDN environments by integrating these methodologies. In order to assess the efficacy of the Proposed EnsureS, a comprehensive series of investigations were conducted within a simulated SDN circumstance. The efficacy of Proposed EnsureS was then compared to that of established methods. The findings of our study indicate that the proposed EnsureS solution effectively minimizes computational overhead without compromising on the established security standards. The implementation successfully reduces the impact of different types of attacks, such as route alteration and packet spoofing, increasing SDN networks' general integrity.