Visible to the public Biblio

Filters: Keyword is SDN  [Clear All Filters]
Liang, Xiao, Chen, Heyao.  2019.  A SDN-Based Hierarchical Authentication Mechanism for IPv6 Address. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :225–225.
The emergence of IPv6 protocol extends the address pool, but it also exposes all the Internet-connected devices to danger. Currently, there are some traditional schemes on security management of network addresses, such as prevention, traceability and encryption authentication, but few studies work on IPv6 protocol. In this paper, we propose a hierarchical authentication mechanism for the IPv6 source address with the technology of software defined network (SDN). This mechanism combines the authentication of three parts, namely the access network, the intra-domain and the inter-domain. And it can provide a fine-grained security protection for the devices using IPv6 addresses.
Saadeh, Huda, Almobaideen, Wesam, Sabri, Khair Eddin, Saadeh, Maha.  2019.  Hybrid SDN-ICN Architecture Design for the Internet of Things. 2019 Sixth International Conference on Software Defined Systems (SDS). :96–101.
Internet of Things (IoT) impacts the current network with many challenges due to the variation, heterogeneity of its devices and running technologies. For those reasons, monitoring and controlling network efficiently can rise the performance of the network and adapts network techniques according to environment measurements. This paper proposes a new privacy aware-IoT architecture that combines the benefits of both Information Centric Network (ICN) and Software Defined Network (SDN) paradigms. In this architecture controlling functionalities are distributed over multiple planes: operational plane which is considered as smart ICN data plane with Controllers that control local clusters, tactical plane which is an Edge environment to take controlling decisions based on small number of clusters, and strategic plane which is a cloud controlling environment to make long-term decision that affects the whole network. Deployment options of this architecture is discussed and SDN enhancement due to in-network caching is evaluated.
Mai, Hoang Long, Aouadj, Messaoud, Doyen, Guillaume, Mallouli, Wissam, de Oca, Edgardo Montes, Festor, Olivier.  2019.  Toward Content-Oriented Orchestration: SDN and NFV as Enabling Technologies for NDN. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :594–598.
Network Function Virtualization (NFV) is a novel paradigm which enables the deployment of network functions on commodity hardware. As such, it also stands for a deployment en-abler for any novel networking function or networking paradigm such as Named Data Networking (NDN), the most promising solution relying on the Information-Centric Networking (ICN) paradigm. However, dedicated solutions for the security and performance orchestration of such an emerging paradigm are still lacking thus preventing its adoption by network operators. In this paper, we propose a first step toward a content-oriented orchestration whose purpose is to deploy, manage and secure an NDN virtual network. We present the way we leverage the TOSCA standard, using a crafted NDN oriented extension to enable the specification of both deployment and operational behavior requirements of NDN services. We also highlight NDN-related security and performance policies to produce counter-measures against anomalies that can either come from attacks or performance incidents.
Warabino, Takayuki, Suzuki, Yusuke, Miyazawa, Masanori.  2019.  ROS-based Robot Development Toward Fully Automated Network Management. 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). :1–4.

While the introduction of the softwarelization technologies such as SDN and NFV transfers main focus of network management from hardware to software, the network operators still have to care for a lot of network and computing equipment located in the network center. Toward fully automated network management, we believe that robotic approach will be significant, meaning that robot will care for the physical equipment on behalf of human. This paper explains our experience and insight gained throughout development of a network management robot. We utilize ROS(Robot Operating System) which is a powerful platform for robot development and secures the ease of development and expandability. Our roadmap of the network management robot is also shown as well as three use cases such as environmental monitoring, operator assistance and autonomous maintenance of the equipment. Finally, the paper briefly explains experimental results conducted in a commercial network center.

Lipps, Christoph, Krummacker, Dennis, Schotten, Hans Dieter.  2019.  Securing Industrial Wireless Networks: Enhancing SDN with PhySec. 2019 Conference on Next Generation Computing Applications (NextComp). :1–7.
The requirements regarding network management defined by the continuously rising amount of interconnected devices in the industrial landscape turns it into an increasingly complex task. Associated by the fusion of technologies up to Cyber-Physical Production Systems (CPPS) and the Industrial Internet of Things (IIoT) with its multitude of communicating sensors and actuators new demands arise. In particular, the driving forces of this development, mobility and flexibility, are affecting today's networks. However, it is precisely these wireless solutions, as enabler for this advancement, that create new attack vectors and cyber-security threats. Furthermore, many cryptographic procedures, intended to secure the networks, require additional overhead, which is limiting the transmission bandwidth and speed as well. For this reason, new and efficient solutions must be developed and applied, in order to secure the existing, as well as the future, industrial communication networks. This work proposes a conceptual approach, consisting of a combination of Software-Defined Networking (SDN) and Physical Layer Security (PhySec) to satisfy the network security requirements. Use cases are explained that demonstrate the appropriateness of the approach and it is shown that this is a easy to use and resource efficient, but nevertheless sound and secure approach.
Shafi, Qaisar, Basit, Abdul.  2019.  DDoS Botnet Prevention Using Blockchain in Software Defined Internet of Things. 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :624-628.

Distributed Denial of Service (DDoS) attacks have two defense perspectives firstly, to defend your network, resources and other information assets from this disastrous attack. Secondly, to prevent your network to be the part of botnet (botforce) bondage to launch attacks on other networks and resources mainly be controlled from a control center. This work focuses on the development of a botnet prevention system for Internet of Things (IoT) that uses the benefits of both Software Defined Networking (SDN) and Distributed Blockchain (DBC). We simulate and analyze that using blockchain and SDN, how can detect and mitigate botnets and prevent our devices to play into the hands of attackers.

Saharan, Shail, Gupta, Vishal.  2019.  Prevention and Mitigation of DNS Based DDoS Attacks in SDN Environment. 2019 11th International Conference on Communication Systems Networks (COMSNETS). :571-573.

Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-``network layer'' (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.

Mohammed, Saif Saad, Hussain, Rasheed, Senko, Oleg, Bimaganbetov, Bagdat, Lee, JooYoung, Hussain, Fatima, Kerrache, Chaker Abdelaziz, Barka, Ezedin, Alam Bhuiyan, Md Zakirul.  2018.  A New Machine Learning-based Collaborative DDoS Mitigation Mechanism in Software-Defined Network. 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–8.
Software Defined Network (SDN) is a revolutionary idea to realize software-driven network with the separation of control and data planes. In essence, SDN addresses the problems faced by the traditional network architecture; however, it may as well expose the network to new attacks. Among other attacks, distributed denial of service (DDoS) attacks are hard to contain in such software-based networks. Existing DDoS mitigation techniques either lack in performance or jeopardize the accuracy of the attack detection. To fill the voids, we propose in this paper a machine learning-based DDoS mitigation technique for SDN. First, we create a model for DDoS detection in SDN using NSL-KDD dataset and then after training the model on this dataset, we use real DDoS attacks to assess our proposed model. Obtained results show that the proposed technique equates favorably to the current techniques with increased performance and accuracy.
Lawal, Babatunde Hafis, Nuray, A. T..  2018.  Real-time detection and mitigation of distributed denial of service (DDoS) attacks in software defined networking (SDN). 2018 26th Signal Processing and Communications Applications Conference (SIU). :1–4.
The emergence of Software Defined Network (SDN) and its promises in networking technology has gotten every stakeholder excited. However, it is believed that every technological development comes with its own challenges of which the most prominent in this case is security. This paper presents a real time detection of the distributed denial of service (DDoS) attacks on the SDN and a control method based on the sFlow mitigation technology. sFlow analyses samples of packets collected from the network traffic and generates handling rules to be sent to the controller in case of an attack detection. The implementation was done by emulating the network in Mininet which runs on a Virtual Machine (VM) and it was shown that the proposed method effectively detects and mitigates DDoS attacks.
Wang, Kuang-Ching, Brooks, Richard R., Barrineau, Geddings, Oakley, Jonathan, Yu, Lu, Wang, Qing.  2018.  Internet Security Liberated via Software Defined Exchanges. Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. :19–22.
With software defined networking and network function virtualization technologies, networks can be programmed to have customized processing and paths for different traffic at manageable costs and for massive numbers of applications. Now, picture a future Internet where each entity - a person, an organization, or an autonomous system - has the ability to choose how traffic in their respective network sessions is routed and processed between itself and its counterparts. The network is, essentially, liberated from today's homogeneous IP-based routing and limited connection options. To realize such a network paradigm, we propose a software defined exchange architecture that can provide the needed network programmability, session-level customization, and scale. We present a case study for traffic-analysis-resistant communication among individuals, campuses, or web services, where IP addresses no longer need to have a one-to-one correspondence with service providers.
Akhtar, Nabeel, Matta, Ibrahim, Raza, Ali, Wang, Yuefeng.  2018.  EL-SEC: ELastic Management of Security Applications on Virtualized Infrastructure. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). :778-783.

The concept of Virtualized Network Functions (VNFs) aims to move Network Functions (NFs) out of dedicated hardware devices into software that runs on commodity hardware. A single NF consists of multiple VNF instances, usually running on virtual machines in a cloud infrastructure. The elastic management of an NF refers to load management across the VNF instances and the autonomic scaling of the number of VNF instances as the load on the NF changes. In this paper, we present EL-SEC, an autonomic framework to elastically manage security NFs on a virtualized infrastructure. As a use case, we deploy the Snort Intrusion Detection System as the NF on the GENI testbed. Concepts from control theory are used to create an Elastic Manager, which implements various controllers - in this paper, Proportional Integral (PI) and Proportional Integral Derivative (PID) - to direct traffic across the VNF Snort instances by monitoring the current load. RINA (a clean-slate Recursive InterNetwork Architecture) is used to build a distributed application that monitors load and collects Snort alerts, which are processed by the Elastic Manager and an Attack Analyzer, respectively. Software Defined Networking (SDN) is used to steer traffic through the VNF instances, and to block attack traffic. Our results show that virtualized security NFs can be easily deployed using our EL-SEC framework. With the help of real-time graphs, we show that PI and PID controllers can be used to easily scale the system, which leads to quicker detection of attacks.

Chowdhary, Ankur, Huang, Dijiang, Alshamrani, Adel, Kang, Myong, Kim, Anya, Velazquez, Alexander.  2019.  TRUFL: Distributed Trust Management Framework in SDN. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.
Software Defined Networking (SDN) has emerged as a revolutionary paradigm to manage cloud infrastructure. SDN lacks scalable trust setup and verification mechanism between Data Plane-Control Plane elements, Control Plane elements, and Control Plane-Application Plane. Trust management schemes like Public Key Infrastructure (PKI) used currently in SDN are slow for trust establishment in a larger cloud environment. We propose a distributed trust mechanism - TRUFL to establish and verify trust in SDN. The distributed framework utilizes parallelism in trust management, in effect faster transfer rates and reduced latency compared to centralized trust management. The TRUFL framework scales well with the number of OpenFlow rules when compared to existing research works.
Xiao, Lili, Xiang, Shuangqing, Zhuy, Huibiao.  2018.  Modeling and Verifying SDN with Multiple Controllers. Proceedings of the 33rd Annual ACM Symposium on Applied Computing. :419-422.

SDN (Software Defined Network) with multiple controllers draws more attention for the increasing scale of the network. The architecture can handle what SDN with single controller is not able to address. In order to understand what this architecture can accomplish and face precisely, we analyze it with formal methods. In this paper, we apply CSP (Communicating Sequential Processes) to model the routing service of SDN under HyperFlow architecture based on OpenFlow protocol. By using model checker PAT (Process Analysis Toolkit), we verify that the models satisfy three properties, covering deadlock freeness, consistency and fault tolerance.

Hussein, A., Salman, O., Chehab, A., Elhajj, I., Kayssi, A..  2019.  Machine Learning for Network Resiliency and Consistency. 2019 Sixth International Conference on Software Defined Systems (SDS). :146–153.
Being able to describe a specific network as consistent is a large step towards resiliency. Next to the importance of security lies the necessity of consistency verification. Attackers are currently focusing on targeting small and crutial goals such as network configurations or flow tables. These types of attacks would defy the whole purpose of a security system when built on top of an inconsistent network. Advances in Artificial Intelligence (AI) are playing a key role in ensuring a fast responce to the large number of evolving threats. Software Defined Networking (SDN), being centralized by design, offers a global overview of the network. Robustness and adaptability are part of a package offered by programmable networking, which drove us to consider the integration between both AI and SDN. The general goal of our series is to achieve an Artificial Intelligence Resiliency System (ARS). The aim of this paper is to propose a new AI-based consistency verification system, which will be part of ARS in our future work. The comparison of different deep learning architectures shows that Convolutional Neural Networks (CNN) give the best results with an accuracy of 99.39% on our dataset and 96% on our consistency test scenario.
Hao, Zheng, Lin, Zhaowen, Li, Ran.  2018.  A SDN/NFV Security Protection Architecture with a Function Composition Algorithm Based on Trie. Proceedings of the 2Nd International Conference on Computer Science and Application Engineering. :176:1–176:8.
Software1 Defined Network (SDN) is a new type of network architecture that has advantages over traditional network. For SDN, security is a basic issue. SDN controller has received considerable attention in the researches on SDN security. Researchers assign security tasks to SDN controllers generally, but it puts a heavy burden on the SDN controller and leads to a decrease in system stability. On the basis of previous work, we propose a new security protection architecture based on SDN/NFV. Meanwhile, a security function virtual machine pool is designed in infrastructure layer in architecture. It can create virtual machines and manage the ip addresses of the virtual machines automatically, which improves the flexibility and expandability of the architecture. Moreover, a function composition algorithm based on Trie (FCT) has been introduced. We deploy the security protection architecture on VMware cloud platform to validate the availability of the architecture and use experimental data to prove FCT algorithm has good performance.
Cho, Joo Yeon, Szyrkowiec, Thomas.  2018.  Practical Authentication and Access Control for Software-Defined Networking over Optical Networks. Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges. :8-13.

A framework of Software-Defined Networking (SDN) provides a centralized and integrated method to manage and control modern optical networks. Unfortunately, the centralized and programmable structure of SDN introduces several new security threats, which may allow an adversary to take over the entire operation of the network. In this paper, we investigate the potential security threats of SDN over optical networks and propose a mutual authentication and a fine-grained access control mechanism, which are essential to avoid an unauthorized access to the network. The proposed schemes are based only on cryptographic hash functions and do not require an installation of the complicated cryptographic library such as SSL. Unlike conventional authentication and access control schemes, the proposed schemes are flexible, compact and, in addition, are resistant to quantum computer attacks, which may become critical in the near future.

Shan-Shan, Jia, Ya-Bin, Xu.  2018.  The APT Detection Method Based on Attack Tree for SDN. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :116-121.

SDN with centralized control is more vulnerable to suffer from APT than traditional network. To accurately detect the APT that the SDN may suffer from, this paper proposes the APT detection method based on attack tree for SDN. Firstly, after deeply analyzing the process of APT in SDN, we establish APT attack model based on attack tree. Then, correlation analysis of attack behavior that detected by multiple detection methods to get attack path. Finally, the attack path match the APT attack model to judge whether there is an APT in SDN. Experiment shows that the method is more accurate to detect APT in SDN, and less overhead.

Sahoo, Kshira Sagar, Tiwary, Mayank, Sahoo, Sampa, Nambiar, Rohit, Sahoo, Bibhudatta, Dash, Ratnakar.  2018.  A Learning Automata-Based DDoS Attack Defense Mechanism in Software Defined Networks. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :795-797.

The primary innovations behind Software Defined Networks (SDN)are the decoupling of the control plane from the data plane and centralizing the network management through a specialized application running on the controller. Despite all its capabilities, the introduction of various architectural entities of SDN poses many security threats and potential target. Especially, Distributed Denial of Services (DDoS) is a rapidly growing attack that poses a tremendous threat to both control plane and forwarding plane of SDN. Asthe control layer is vulnerable to DDoS attack, the goal of this paper is to provide a defense system which is based on Learning Automata (LA) concepts. It is a self-operating mechanism that responds to a sequence of actions in a certain way to achieve a specific goal. The simulation results show that this scheme effectively reduces the TCP connection setup delay due to DDoS attack.

Shi, Jiangyong, Zeng, Yingzhi, Wang, Wenhao, Yang, Yuexiang.  2018.  Feedback Based Sampling for Intrusion Detection in Software Defined Network. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :95-99.

Cloud computing is being deployed more and more widely. However, the difficulty of monitoring the huge east-west traffic is a great security concern. In this paper, we proposed FBSample, a sampling method which employs the central control feature of SDN and feedback information of IDS. Evaluation results show FBSample can largely reduce the amount of packets to be transferred while maintaining a relatively high detection precision.

Hamza, Ayyoob, Gharakheili, Hassan Habibi, Sivaraman, Vijay.  2018.  Combining MUD Policies with SDN for IoT Intrusion Detection. Proceedings of the 2018 Workshop on IoT Security and Privacy. :1-7.

The IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in the form of access control lists (ACLs) is expected to limit the attack surface on IoT devices; however, little is known about how MUD policies will get enforced in operational networks, and how they will interact with current and future intrusion detection systems (IDS). We believe this paper is the first attempt to translate MUD policies into flow rules that can be enforced using SDN, and in relating exception behavior to attacks that can be detected via off-the-shelf IDS. Our first contribution develops and implements a system that translates MUD policies to flow rules that are proactively configured into network switches, as well as reactively inserted based on run-time bindings of DNS. We use traces of 28 consumer IoT devices taken over several months to evaluate the performance of our system in terms of switch flow-table size and fraction of exception traffic that needs software inspection. Our second contribution identifies the limitations of flow-rules derived from MUD in protecting IoT devices from internal and external network attacks, and we show how our system is able to detect such volumetric attacks (including port scanning, TCP/UDP/ICMP flooding, ARP spoofing, and TCP/SSDP/SNMP reflection) by sending only a very small fraction of exception packets to off-the-shelf IDS.

Gillani, Fida, Al-Shaer, Ehab, Duan, Qi.  2018.  In-Design Resilient SDN Control Plane and Elastic Forwarding Against Aggressive DDoS Attacks. Proceedings of the 5th ACM Workshop on Moving Target Defense. :80-89.

Using Software-defined Networks in wide area (SDN-WAN) has been strongly emerging in the past years. Due to scalability and economical reasons, SDN-WAN mostly uses an in-band control mechanism, which implies that control and data sharing the same critical physical links. However, the in-band control and centralized control architecture can be exploited by attackers to launch distributed denial of service (DDoS) on SDN control plane by flooding the shared links and/or the Open flow agents. Therefore, constructing a resilient software designed network requires dynamic isolation and distribution of the control flow to minimize damage and significantly increase attack cost. Existing solutions fall short to address this challenge because they require expensive extra dedicated resources or changes in OpenFlow protocol. In this paper, we propose a moving target technique called REsilient COntrol Network architecture (ReCON) that uses the same SDN network resources to defend SDN control plane dynamically against the DDoS attacks. ReCON essentially, (1) minimizes the sharing of critical resources among data and control traffic, and (2) elastically increases the limited capacity of the software control agents on-demand by dynamically using the under-utilized resources from within the same SDN network. To implement a practical solution, we formalize ReCON as a constraints satisfaction problem using Satisfiability Modulo Theory (SMT) to guarantee a correct-by-construction control plan placement that can handle dynamic network conditions.

Dixit, Vaibhav Hemant, Doupé, Adam, Shoshitaishvili, Yan, Zhao, Ziming, Ahn, Gail-Joon.  2018.  AIM-SDN: Attacking Information Mismanagement in SDN-Datastores. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :664-676.

Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore's design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. We finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.

Park, Taejune, Xu, Zhaoyan, Shin, Seungwon.  2018.  HEX Switch: Hardware-Assisted Security Extensions of OpenFlow. Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges. :33-39.

Software-defined networking (SDN) and Network Function Virtualization (NFV) have inspired security researchers to devise new security applications for these new network technology. However, since SDN and NFV are basically faithful to operating a network, they only focus on providing features related to network control. Therefore, it is challenging to implement complex security functions such as packet payload inspection. Several studies have addressed this challenge through an SDN data plane extension, but there were problems with performance and control interfaces. In this paper, we introduce a new data plane architecture, HEX which leverages existing data plane architectures for SDN to enable network security applications in an SDN environment efficiently and effectively. HEX provides security services as a set of OpenFlow actions ensuring high performance and a function of handling multiple SDN actions with a simple control command. We implemented a DoS detector and Deep Packet Inspection (DPI) as the prototype features of HEX using the NetFPGA-1G-CML, and our evaluation results demonstrate that HEX can provide security services as a line-rate performance.

Shif, L., Wang, F., Lung, C..  2018.  Improvement of security and scalability for IoT network using SD-VPN. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–5.

The growing interest in the smart device/home/city has resulted in increasing popularity of Internet of Things (IoT) deployment. However, due to the open and heterogeneous nature of IoT networks, there are various challenges to deploy an IoT network, among which security and scalability are the top two to be addressed. To improve the security and scalability for IoT networks, we propose a Software-Defined Virtual Private Network (SD-VPN) solution, in which each IoT application is allocated with its own overlay VPN. The VPN tunnels used in this paper are VxLAN based tunnels and we propose to use the SDN controller to push the flow table of each VPN to the related OpenvSwitch via the OpenFlow protocol. The SD-VPN solution can improve the security of an IoT network by separating the VPN traffic and utilizing service chaining. Meanwhile, it also improves the scalability by its overlay VPN nature and the VxLAN technology.

Arsalan, A., Rehman, R. A..  2018.  Prevention of Timing Attack in Software Defined Named Data Network with VANETs. 2018 International Conference on Frontiers of Information Technology (FIT). :247–252.

Software Defined Network (SDN) is getting popularity both from academic and industry. Lot of researches have been made to combine SDN with future Internet paradigms to manage and control networks efficiently. SDN provides better management and control in a network through decoupling of data and control plane. Named Data Networking (NDN) is a future Internet technique with aim to replace IPv4 addressing problems. In NDN, communication between different nodes done on the basis of content names rather than IP addresses. Vehicular Ad-hoc Network (VANET) is a subtype of MANET which is also considered as a hot area for future applications. Different vehicles communicate with each other to form a network known as VANET. Communication between VANET can be done in two ways (i) Vehicle to Vehicle (V2V) (ii) Vehicle to Infrastructure (V2I). Combination of SDN and NDN techniques in future Internet can solve lot of problems which were hard to answer by considering a single technique. Security in VANET is always challenging due to unstable topology of VANET. In this paper, we merge future Internet techniques and propose a new scheme to answer timing attack problem in VANETs named as Timing Attack Prevention (TAP) protocol. Proposed scheme is evaluated through simulations which shows the superiority of proposed protocol regarding detection and mitigation of attacker vehicles as compared to normal timing attack scenario in NDN based VANET.