Design and implementation of a secured SDN system based on hybrid encrypted algorithms

Software defined network suggests centralizing network knowledge in one network portion by separating the routing (control plane) mechanism from the transmission network packet operation (data plane). The control plane is composed of one, two or more controllers which are considered as software-defined networking (SDN) network brain where the real intelligence is incorporated. The process of separating the control unit from the data unit led to a problem related to poor security of data sent in the network, so solutions to these problems had to be found. In this paper, address this problem by implementing robust algorithms to encrypt information, based on advanced encryption standard (AES), Rivest – Shamir – Adleman (RSA), and hybrid encryption algorithms to guarantee data protection and authenticity. The results showed that the hybrid coding method is better in terms of security and improved time (faster than RSA alone) by applying several scenarios in the SDN network to a set of encrypted files.


INTRODUCTION
Currently, Internet systems such as cloud services and social networks adjust their network needs dynamically (e.g., topology, bandwidth requirements, and routing information). Software defined networks was developed as a new network architecture to solve the problem to make it more versatile in software-enabled network control. With software-defined networking (SDN), a centralized network with a controller based on software can maintain the network as a whole to simplify network architecture and operation since it is only logical [1].
SDN is a dynamic, cost-effective, manageable, and adaptable architecture that is suited for dynamic design of current technologies with high-bandwidth [2]. SDN works to strip the data plane from the control plane and programmatically it controls the flow entries using a high-level program. The SDN controller converts the applications layer specifications to the infrastructure layer instructions and configurations [3]. The operators in SDN can easily change the flow tables in switches, and the computing devices can operate as control systems to simplify the management and usage of SDNs [4]. Separation process leads to weakening the security ratio of the information sent in the network, so Protection of data is one of the important things that researchers care about, including the use of encryption methods. Protection is a primary concern for digital connections every day [5]. Encryption can protect data transformation and data authentication storage [6].  Irfan et al. [7] proposed developing a software specified network security architecture using a special controller type (flowvisor) with advanced encryption standard (AES) encryption algorithm and the measurement time of encryption and decryption files. Chao et al. [8] studied how can SDN help to identify and mitigate compromised switches under a practical model of threat. Three promising strategies introduced, compared and addressed the research problems. First is to detect errors, second is a way to detect malicious keys, and third is a method of minimizing malfunctions by encrypting the contents of the package. Tselios et al. [9] provide a summary of SDN protection in connection to internet of things (IoT) clouds, identify the Blockchain architecture leaders, and advocates the factors that make Blockchain an effective solution security element. This solution enables the encrypted transmission of data between interconnected nodes irrespective of network size or geographical distribution. Mahmud et al. [10] analyze the public and private key generation output of Rivest-Shamir-Adleman (RSA) and enterprise resource planning (ERP) central component (ECC) system to protect the patients' medical report based on a portable document format (PDF) file that comes from a database and the ECC method results, which gives the highest intensity per bit of any smaller key cryptosystem.

TELKOMNIKA Telecommun Comput El Control
Sharma et al. [11] proposed a novel technique, i.e., the experimental results of the ILPS for safe sharing of confidential health information in big data by enabling fine-grained access using the RSA key mechanism. The results show that the proposed solution protects privacy with substantially reduced key management complexity. Sari et al. [12] study uses the RSA algorithm with the Genetic algorithm to generate a stronger and more quickly, and efficient presentation of the encryption to securely send an e-mail. The results show that the advantage of the avalanche effect has increased. Thus, key optimization affects the output of bit changes in the data encrypted. Furthermore, Rahmadani et al. [13] proposed rivest cipher 4 algorithm (RC4A)-RSA hybrid algorithm, which enhances RC4A keys security by encryption of keys before sending them to the recipient. RC4A encrypts the data, and RSA will encrypt the KSA RC4A key before sending it to recipients. The hybrid algorithm of encryption and decryption is 88.77% quicker than RSA. This paper assesses and contrasts the performance of certain encryption (AES+RSA) methods based on security and time.

RESEARCH METHOD 2.1. Rivest-Shamir-Adleman (RSA)
The RSA encryption method is one of the most common public-key encryption standard used to protect the transmission of data [14]. RSA is also referred to as public-key encryption where each user produces two keys [15]. The Overall process of the encryption and decryption algorithm shown in Figure 1. Maximum size of keys (4096 bits) is used in this article. To improve the robustness of the algorithm, padding bits will be used. OAEP is a common algorithm standardized in PKCS#1 used with RSA algorithm to generate pad bits randomly [16].

Advanced encryption standard (AES)
NIST proposed the AES in 2001 [17]. It is a symmetric-key block cipher [18]. The key length of AES varying between 128, 192, and 256 bits [19]. AES handles 128-bit form plaintext blocks [20]. The 128-bit plaintext is 16 bytes, and the bytes are grouped in a 4*4 matrix that is, four rows and four columns, the key length decides the number of rounds to be performed, 10,12, and 14 rounds for 128, 192, and 256 bit key size, respectively [21]. It encrypts blocks of plaintext, each block contains 128 bits and using a different value of key 128 bit (16 bytes), 192 bit (24 bytes) or 256 bit (32 bytes) depending on the number of rounds 10, 12 or 14 [22]. The maximum size of key (256 bits) are used in this paper. The Overall flowchart of the encryption and decryption algorithm of the AES algorithm is shown in Figure 2.

Hybrid
The proposed cryptosystem presents a data protection solution; it combines two separate encryption algorithms. Both the symmetrical and asymmetrical algorithms (AES+RSA) are used and the strengths of the two algorithms are incorporated in the hybrid encryption system. In general, the public and private key remains more secure with hybrid encryption ciphers, which makes this hybrid algorithm less vulnerable to encryption [24]. It hybridizes the asymmetric key, key exchange and secret sharing [25].

Hybrid algorithm for encryption and decryption files
The original data will be encrypted by AES algorithm using 256 bits of key length to generate encrypted text. AES key is encrypted by using 4096-bit public key of the RSA algorithm to guarantee the protection of the AES algorithm, and an insecure third party cannot access the key. The decryption process is the opposite of encryption. The RSA private key is used to decode the new encrypted key to get the AES key. Finally, AES key decrypts the encrypted text to get the original data. The block diagram of the hybrid algorithm file encryption and decryption methods is shown in Figure 3.

Mininet
The most commonly used network simulator is Mininet. In a personal computer, create a network and develop the services can be done by the users [26]. It uses the virtualization of OS-levels to provide rapid simulation speeds and scalability strengths; the OpenFlow protocol is wholly supported and works with open-sourced SDN projects [27]. Mininet is simpler to use than any other simulation environment, and is also open source [28]. Three scenarios for SDN topologies (single, linear, and tree) as shown in Figures 4 (a), (b), and (c) respectively. Data sent during these scenarios is protected using the hybrid algorithm.

Securing data
Securing data sent in SDN network by using reliable algorithms, which are AES and RSA algorithms, and building them in a way that reduces delay time, improved data security, and compares results with the published research Israa Hashim Latif [29]. Different sizes of text files were used. The results showed improvement in time (slightly higher than the AES algorithm and much less than the RSA algorithm), as shown in Table 1

Throughput
The production rate or the rate at which something is produced is the throughput. To calculate the throughput for each algorithm by dividing the sum of transmitted files size by algorithm total evaluation Time for coding and decoding operations [24]. Throughput of AES, RSA, and hybrid algorithms, as shown in Table 2. The throughput in (MB/Sec.) of AES, RSA, and hybrid algorithms is shown in Figure 6. The results showed increased throughput compared to the results of Israa Hashim Latif [29].

SDN network
The files encrypted using the hybrid algorithm will be sent in the SDN network in three scenarios (single, linear, and tree). HPE VAN controller is used [30]. The time taken for transmission as shown in the Table 3. Total transmission time of files through SDN network as shown in Table 4. The Figure 7 shown the sending time of files. Figure 8 shows the overall time for sending files through SDN network.

CONCLUSION
Based on the results mentioned above, it is possible to infer that the AES-RSA hybrid algorithm can boost security by encrypting keys in distributing AES keys before sending it to the recipient. According to encryption and decryption methods, the hybrid AES-RSA algorithm is 72.77% faster than RSA. The files encoded by the hybrid method were sent through the SDN network in three scenarios (single, linear, and tree), where the results showed that a single topology representation of the network gives less time while sending files.