BENBI: Scalable and Dynamic Access Control on the Northbound Interface of SDN-Based VANET

Recently, emerging SDN-based VANET (i.e., vehicular ad hoc network based on software-defined networking) enables VANET management to be programmable and flexible. It introduces SDN controllers to maintain network-wide resources and SDN applications to program configurations through arbitrarily acces...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on vehicular technology Ročník 68; číslo 1; s. 822 - 831
Hlavní autoři: Weng, Jia-Si, Weng, Jian, Zhang, Yue, Luo, Weiqi, Lan, Weiming
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York IEEE 01.01.2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Access control
Applications programs
broadcast encryption
Configurations
Encryption
Knowledge engineering
Mobile ad hoc networks
northbound interface
Programmable controllers
Public key
Software-defined networking
VANET
Vehicular ad hoc networks
ISSN:0018-9545, 1939-9359
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Recently, emerging SDN-based VANET (i.e., vehicular ad hoc network based on software-defined networking) enables VANET management to be programmable and flexible. It introduces SDN controllers to maintain network-wide resources and SDN applications to program configurations through arbitrarily accessing resources via the northbound interface (NBI). However, this brings with it security issues on the NBI, such as network-wide resource exposure and configuration manipulation. Most of the existing works employed permission systems to restrict resource access; these solutions are generally controller-dependent, which means controller codes need to be modified for giving access permissions to external applications. In this paper, we propose a scalable and dynamic access control scheme on the NBI for SDN-based VANET, named BENBI. In the proposed scheme, we dynamically and flexibly control network resources by employing broadcast encryption, rather than altering source codes of the controller or updating permission lists with various degrees of granularity. Moreover, the resources are encrypted during transmission so that they are only available to authorized applications. Finally, we implement a prototype of BENBI. The experimental results demonstrate that the cost of allocating secret keys is independent of the number of SDN entities being appointed, which indicates the scalability of our scheme.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0018-9545
1939-9359
DOI:10.1109/TVT.2018.2880238