Securing distributed SDN with IBC

In distributed software-defined network (SDN), the east/west-bound protocol describes the communication between the SDN controllers. The security of the east/west-bound protocol ensures that no malicious controllers are eavesdropping on or even driving the network. Southbound protocol defines the communication between the control plane and the data plane. It is also the only SDN communication channel with an agreed protocol, OpenFlow. OpenFlow suggests securing the southbound communication with Transport Layer Security (TLS). However, most current SDN projects do not implement the security segment in both the east/west-bound and southbound communications. Only a few exceptions such as OpenDayLight and HP VAN SDN implement TLS in the southbound communication. In this paper, we propose securing the distributed SDN communication with a multi-domain capable Identity-Based Cryptography (IBC) protocol, particularly for the southbound and east/west-bound communication.