More Like this

1. Blockchain-Enabled Collaborative Intrusion Detection in Software Defined Networks

   Fan, Wenjun; Park, Younghee; Kumar, Shubham; Ganta, Priyatham; Zhou, Xiaobo; Chang, Sang-Yoon Chang (January 2021, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom))

   null (Ed.)

   Collaborative intrusion detection system (CIDS) shares the critical detection-control information across the nodes for improved and coordinated defense. Software-defined network (SDN) introduces the controllers for the networking control, including for the networks spanning across multiple autonomous systems, and therefore provides a prime platform for CIDS application. Although previous research studies have focused on CIDS in SDN, the real-time secure exchange of the detection relevant information (e.g., the detection signature) remains a critical challenge. In particular, the CIDS research still lacks robust trust management of the SDN controllers and the integrity protection of the collaborative defense information to resist against the insider attacks transmitting untruthful and malicious detection signatures to other participating controllers. In this paper, we propose a blockchain-enabled collaborative intrusion detection in SDN, taking advantage of the blockchain’s security properties. Our scheme achieves three important security goals: to establish the trust of the participating controllers by using the permissioned blockchain to register the controller and manage digital certificates, to protect the integrity of the detection signatures against malicious detection signature injection, and to attest the delivery/update of the detection signature to other controllers. Our experiments in CloudLab based on a prototype built on Ethereum, Smart Contract, and IPFS demonstrates that our approach efficiently shares and distributes detection signatures in real-time through the trustworthy distributed platform. 

   more » « less
2. P4Chain: A Multichain Approach for Real-Time Anomaly Traffic Detection in P4 Network

   Ajayi, O; Akinyemi, T; Saadawi, O (October 2023, IEEE 14th Annual Ubiquitous Computing, Electronics & Mobile Communications (UEMCON 2023))

   Programming Protocol-independent Packet Processors (P4) is an open-source domain-specific language to aid the data plane devices in programming packet forwarding. It has a variety of constructs optimized for this purpose. With P4, one can program ASICs, PISA chips, FPGAs, and many network devices since the language constructs allow true independence in some aspects that OpenFlow could not support. However, there are some challenges facing this technology. The first challenge is that P4 does not account for malicious traffic detection in the data plane pipeline. 2. The controllers have no secure medium of attack signature exchange. This ongoing work presents a multichain solution for detecting malicious traffic and exchanging attack signatures among controllers. This architecture uses an Artificial Immune System (AIS) based Intrusion Detection System (IDS), which runs on a distributed blockchain network, to introspect the P4 data plane to analyze and detect anomaly traffic flows. This IDS resides on the SideChain smart contracts and constantly monitors the traffic flow at the data planes based on introspection. Once malicious traffic is detected on any SideChain, the signatures are extracted and passed through the signature forwarding node to the MainChain for real-time storage. The malicious signatures are sent to all controllers via the mainchain network. We minimize the congestion the solution can cause to the P4 network by utilizing a load balancer to serve the SideChain. To evaluate the performance, we evaluate the False Positive Rate (FPR), Detection Rate (DR), and Accuracy (ACC) of the IDS. We also compute the execution time, performance overhead, and scalability of the proposed solution. 

   more » « less
3. Consortium Blockchain-Based Architecture for Cyber-attack Signatures and Features Distribution

   https://doi.org/10.1109/UEMCON47517.2019.8993036  

   Ajayi, O.; Igbe, O.; Sadaawi, T. (October 2019, 10th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON))

   One of the effective ways of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Though IDS identify malicious activities in a network, it might be difficult to detect distributed or coordinated attacks because they only have single vantage point. To combat this problem, cooperative intrusion detection system was proposed. In this detection system, nodes exchange attack features or signatures with a view of detecting an attack that has previously been detected by one of the other nodes in the system. Exchanging of attack features is necessary because a zero-day attacks (attacks without known signature) experienced in different locations are not the same. Although this solution enhanced the ability of a single IDS to respond to attacks that have been previously identified by cooperating nodes, malicious activities such as fake data injection, data manipulation or deletion and data consistency are problems threatening this approach. In this paper, we propose a solution that leverages blockchain’s distributive technology, tamper-proof ability and data immutability to detect and prevent malicious activities and solve data consistency problems facing cooperative intrusion detection. Focusing on extraction, storage and distribution stages of cooperative intrusion detection, we develop a blockchain-based solution that securely extracts features or signatures, adds extra verification step, makes storage of these signatures and features distributive and data sharing secured. Performance evaluation of the system with respect to its response time and resistance to the features/signatures injection is presented. The result shows that the proposed solution prevents stored attack features or signature against malicious data injection, manipulation or deletion and has low latency. 

   more » « less
4. A Scalable Blockchain Framework for Secure Data and Computational Resource Management in SDN

   https://doi.org/10.1109/GCWkshp64532.2024.11100329  

   Das, Debashis; Landrum, La Chiara; Chatterjee, Pushpita; Ghosh, Uttam (December 2024, IEEE)

   The rapid evolution of Software-Defined Networking (SDN) has transformed network management by decoupling the control and data planes. It provides centralized control, enhanced flexibility, and programmability of network management services. However, this centralized control introduces security vulnerabilities and challenges related to data integrity, unauthorized access, and resource management. In addition, it brings forth significant challenges in secure and scalable data storage and computational resource management. These challenges are further increased by the need for real-time processing and the ever-increasing volume of data. To address these challenges, this paper presents a scalable blockchain-based framework for security and computational resource management in SDN architectures. The proposed framework ensures decentralized and tamper-resistant data handling and utilizes smart contracts for automated resource allocation. Due to the need for advanced security and scalability in SDN networks, this work incorporates sharding to improve parallel processing capabilities. The performance of sharded versus non-sharded blockchain systems under various network conditions is evaluated. Our findings demonstrate that the sharded blockchain model enhances scalability and throughput with robust security and fault tolerance. The framework is also assessed for its performance, scalability, and security to enhance SDN resilience against data breaches, malicious activities, and inefficient resource distribution. 

   more » « less
5. ZTRAN: Prototyping Zero Trust Security xApps for Open Radio Access Network Deployments

   https://doi.org/10.1109/MWC.001.2300419  

   Abdalla, Aly S; Moore, Joshua; Adhikari, Nisha; Marojevic, Vuk (April 2024, IEEE Wireless Communications)

   The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This article proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN. 

   more » « less