Software-Defined Networking (SDN) is being widely implemented by critical infrastructure networks, however providing security features still a challenge. In this work, we present SafeFlow an Automatic Trust Negotiation Protocol for SDN, a first line of defense and fine-grained authentication protocol, in order to deny the access of OpenFlow switches without valid digital credentials. Traditional security approaches based on identity or capabilities do not solve the problem of establishing trust between strangers. One alternative approach to mutual trust establishment is Trust Negotiation, the bilateral exchange of digital credentials to establish trust gradually. The proposed protocol describes Trust Negotiation in OpenFlow protocol, probable extension to the OpenFlow handshake protocol. In this paper, we describe the implementation of SafeFlow. The proposed protocol ensures the security of the infrastructure itself, as there are also other proposals for developing security application on OpenFlow network infrastructure.
Trust Negotiation Protocol Support for Secure Mobile Network Service Deployment