Highly secure communication service architecture using SDN switch

There is an increasing demand for secure communication services that can dynamically reflect user needs. Conventional dedicated services such as an Internet VPN or IPVPN using IPsec and MPLS have inherent shortcomings, making it difficult for them to dynamically reflect user requirements when faced with limited network resources. It is also quite important for communication services to deal effectively with man-in-the-middle (MITM) attacks, a threat that users are certainly aware of. In this paper, we proposed a state-of-the-art SDN service architecture that can reflect user requests easily, dynamically and flexibly. We also proposed a robust network mechanism that can avoid MITM attacks and network eavesdropping by applying a new network address translation method. The most important characteristics of the method are that it can easily increase security strength without terminal host/server side encoding and decoding procedures. As the number of divisions and duplications is adjustable, it is possible to strengthen the security level according to user requests. We implemented an SDN switch to evaluate the performance of the proposed SDN architecture and verified that a secure communication service using the proposed method is realizable. We expect this method to be applied to the construction of future secure SDN services.