A Security-Enhanced Monitoring System for Northbound Interface in SDN using Blockchain

In Software-Defined Networking (SDN), Northbound Interface provides APIs, which allow network applications to communicate with SDN controllers. However, a malicious application can access to SDN controller and perform illegal activities via these APIs. Although some studies proposed AAA (Authentication, Authorization, Accounting) systems to protect SDN controllers from malicious applications, their proposed systems also exist several limitations. Attackers can compromise a system, then modify its database or files to gain higher privileges. This system can be taken down because of Single Point of Failure threat. To enhance security for the Northbound interface, we propose a novel system using blockchain, namely BlockAS. It is used to authenticate, authorize and monitor accessing critical controller resources from applications. Specifically, BlockAS leverages blockchain features to maintain the immutability and decentralization of credential data. Our proposed system has five key properties: immutability of database, decentralization, authentication, authorization, and accounting to enhance security for SDN controller and its offered services.