Blockchain-Aided Flow Insertion and Verification in Software Defined Networks

The Internet of Things (IoT) connected by Software Defined Networking (SDN) promises to bring great benefits to cyber-physical systems. However, the increased attack surface offered by the growing number of connected vulnerable devices and complex nature of SDN control plane applications could overturn the huge benefits of such a system. This paper addresses the vulnerability of some unspecified security flaw in the SDN control plane application (such as a zero-day software vulnerability) which can be exploited to insert malicious flow rules in the switch that do not match network policies. Specifically, we propose a blockchain-as-a-service (BaaS) based framework that supports switch flow verification and insertion; and additionally provides straightforward deployment of blockchain technology within an existing SDN infrastructure. While use of an external BaaS brings straightforward deployment, it obscures knowledge of the blockchain agents who are responsible for flow conformance testing through a smart blockchain contract, leading to potential exploitation. Thus, we design a strategy to prevent the blockchain agents from acting arbitrarily, as this would result in what is termed a "moral hazard". We achieve this by developing a novel mathematical model of the fair reward scheme based on game theory. To understand the performance of our system, we evaluate our model using a Matlab based simulation framework. The simulation results demonstrate that the proposed algorithm balances the needs of the blockchain agents to maximise the overall social welfare, i.e. the sum of profits across all parties.