Secure Switch Migration Protocol With Openflow

In the current OpenFlow's switch migration protocol, network switches grant permission to any role request message from the controllers as long as the generation_id of the message falls within the allowed range. Any controller can request for a master role on the network switch even if it is not a genuine controller as the switch has no way to differentiate a genuine controller from a malicious controller. OpenFlow suggested securing the channel with Transport Layer Security (TLS) if the concern is on security but TLS alone cannot stop a malicious or compromised controller from migrating the network switch and gaining control of it. In this paper, we propose an enhanced switch migration protocol on top of the Role-Based Identity-Based Cryptography (RB-IBC) in order to allow the network switch to determine genuine switch migrations and mitigate any role abuse of the nodes. In the future, more enhancements of RB-IBC can be made possible to further secure the network by preventing attack such as replay attack and improve the performance.