Network security protocols such as IPsec have been used for many years to ensure robust end-to-end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per-packe...Network security protocols such as IPsec have been used for many years to ensure robust end-to-end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per-packet protection offered by the protocol is not very compatible with OpenFlow and tlow-like behavior. OpenFlow architecture cannot aggregate IPsee-ESP flows in transport mode or tunnel mode because layer-3 information is encrypted and therefore unreadable. In this paper, we propose using the Security Parameter Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows. This enables IPsec to conform to the packet-based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architecture is particularly suited to secure group communication.展开更多
文摘Network security protocols such as IPsec have been used for many years to ensure robust end-to-end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per-packet protection offered by the protocol is not very compatible with OpenFlow and tlow-like behavior. OpenFlow architecture cannot aggregate IPsee-ESP flows in transport mode or tunnel mode because layer-3 information is encrypted and therefore unreadable. In this paper, we propose using the Security Parameter Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows. This enables IPsec to conform to the packet-based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architecture is particularly suited to secure group communication.