Journal of Cyber Security and Risk Auditing

Journal of Cyber Security and Risk Auditing

ISSN: 3079-5354 (Online)

Publishing model:

: Open access
Scopus Indexed
2025
14.7

CiteScore

Q1
open accessOpen Access

Article

👁️3views

A Hyperledger Fabric Blockchain Framework for Secure Authentication and Flow Verification in Hierarchical SDN

by 

Stefina Macwan Orcid link ;

Sailesh Suryanarayan Iyer Orcid link ;

Rami Shehab Orcid link ;

Amir Alqatish Orcid link

PDF logoPDF

Published: 2026/06/19

Abstract

Software Defined Networking (SDN) has transformed network management by separating the control plane from the data plane. This enables logically centralized control and network-wide policy enforcement. Centralization is especially important in hierarchical SDN architectures used in large-scale, geo-distributed data centers. Our work addresses two major threats in hierarchical SDN: Cluster Membership Exploits (CME), which allow unauthorized controllers to join the controller cluster, and malicious flow manipulation, in which compromised controllers inject unauthorized flow entries. These attacks can threaten the cluster's integrity, enable unauthorized system access, and disrupt tenant segregation. To tackle these problems, we have developed a security architecture that uses Hyperledger Fabric and hierarchical OpenDaylight controllers. This architecture leverages Hyperledger Fabric’s endorsement policies, immutable ledger, and permissioned transaction processing to enforce controller membership validation and flow integrity. All flow installations require approval from both the root controller and the corresponding regional controller. With the help of decentralized consensus mechanisms and the immutability of blockchain, our solution offers secure authentication and authorization of all connections within the cluster, as well as pre-installation verification and tamper-evident logging of flow-related control-plane operations.

Keywords

Software Defined NetworksBlockchain TechnologyCluster Membership ExploitData Centers.

A Hyperledger Fabric Blockchain Framework for Secure Authentication and Flow Verification in Hierarchical SDN is licensed under CC BY 4.0CCBY

References

  1. Nisar, K., Jimson, E.R., Hijazi, M.H.A., Welch, I., Hassan, R., Aman, A.H.M., Sodhro, A.H., Pirbhulal, S. and Khan, S., 2020. A survey on the architecture, application, and security of software defined networking: Challenges and open issues. Internet of Things, 12, p.100289. https://doi.org/10.1016/j.iot.2020.100289
  2. Lin, C.H., Li, C.Y. and Wang, K., 2018, December. Setting malicious flow entries against SDN operations: attacks and countermeasures. In 2018 IEEE Conference on Dependable and Secure Computing (DSC) (pp. 1-8). IEEE. 10.1109/DESEC.2018.8625101
  3. Hossein, A., Watts, M. and Ahmadi, K., 2019. An overview of multi-controller architecture in software-defined networking. In Proceedings of the CITRENZ Conference (p. 2019).
  4. Bringhenti, D., Yusupov, J., Zarca, A.M., Valenza, F., Sisto, R., Bernabe, J.B. and Skarmeta, A., 2022. Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks. Computer Networks, 213, p.109123. https://doi.org/10.1016/j.comnet.2022.109123
  5. Bhuiyan, Z.A., Islam, S., Islam, M.M., Ullah, A.A., Naz, F. and Rahman, M.S., 2023. On the (in) security of the control plane of sdn architecture: A survey. IEEE Access, 11, pp.91550-91582. 10.1109/ACCESS.2023.3307467
  6. Alqobaty, A. and Ahmed, N.A.M., 2024. Hybrid architecture for a scalable Data Center Network Based on Blockchain and SDN. مجـلـة جـامـعـة السـعيد للعلـوم التطبيقية, 7(1), pp.1-29.
  7. Duy, P.T., Do Hoang, H., Nguyen, A.G.T. and Pham, V.H., 2022. B-DAC: a decentralized access control framework on northbound interface for securing SDN using blockchain. Journal of Information Security and Applications, 64, p.103080. https://doi.org/10.1016/j.jisa.2021.103080
  8. Deng, M., Lyu, Y., Yang, C., Xu, F., Ahmed, M., Yang, N., Xu, Z. and Ke, C., 2024. Lightweight trust management scheme based on blockchain in resource-constrained intelligent IoT systems. IEEE Internet of Things Journal, 11(15), pp.25706-25719. 10.1109/JIOT.2024.3380850
  9. Lakhlef, H., Lerner, T., Kebir, A., El Atia, N., Du, X. and Ingardin, V., 2024, June. Blockchain-Enabled SDN Solutions for IoT: Advancements, Discussions, and Strategic Insights. In 2024 IEEE Symposium on Computers and Communications (ISCC) (pp. 1-6). IEEE. 10.1109/ISCC61673.2024.10733649
  10. Abou El Houda, Z., Hafid, A.S. and Khoukhi, L., 2019. Cochain-SC: An intra-and inter-domain DDoS mitigation scheme based on blockchain using SDN and smart contract. IEEE Access, 7, pp.98893-98907. 10.1109/ACCESS.2019.2930715
  11. Vukolić, M. and Vukoli, M., 2015. The quest for scalable blockchain fabric: proof-of-work vs. BFT replication the quest for scalable blockchain fabric: proof-of-work vs. BFT replication. In Inter-national Workshop on Open Problems in Network. https://doi.org/10.1007/978-3-319-39028-4_9
  12. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S. and Turner, J., 2008. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM computer communication review, 38(2), pp.69-74. https://doi.org/10.1145/1355734.1355746
  13. Hu, J., Reed, M., Al-Naday, M. and Thomos, N., 2020, June. Blockchain-aided flow insertion and verification in software defined networks. In 2020 Global Internet of Things Summit (GIoTS) (pp. 1-6). IEEE. 10.1109/GIOTS49054.2020.9119638
  14. Berdik, D., Otoum, S., Schmidt, N., Porter, D. and Jararweh, Y., 2021. A survey on blockchain for information systems management and security. Information Processing & Management, 58(1), p.102397. https://doi.org/10.1016/j.ipm.2020.102397
  15. Krishnamohan, T., 2020. Blockflow: a decentralized sdn controller using block-chain. Theviyanthan Krishnamohan, Kugathasan Janarthanan, Peramune PRLC, Ranaweera AT (2020). 10.29322/IJSRP.10.03.2020.p9991
  16. Sahay, R., Meng, W. and Jensen, C.D., 2019. The application of Software Defined Networking on securing computer networks: A survey. Journal of Network and Computer Applications, 131, pp.89-108. https://doi.org/10.1016/j.jnca.2019.01.019
  17. Yurekten, O. and Demirci, M., 2021. SDN-based cyber defense: A survey. Future Generation Computer Systems, 115, pp.126-149. https://doi.org/10.1016/j.future.2020.09.006
  18. Maruthupandi, J., Prasanna, S., Jayalakshmi, P., Mareeswari, V. and Sanjeevi, P., 2021. Route manipulation aware software-defined networks for effective routing in SDN controlled MANET by disney routing protocol. Microprocessors and Microsystems, 80, p.103401. https://doi.org/10.1016/j.micpro.2020.103401
  19. Xie, R., Cao, J., Li, Q., Sun, K., Gu, G., Xu, M. and Yang, Y., 2022. Disrupting the SDN control channel via shared links: Attacks and countermeasures. IEEE/ACM Transactions on Networking, 30(5), pp.2158-2172. 10.1109/TNET.2022.3169136
  20. Sharma, S., Kumar, A., Bhushan, M., Goyal, N. and Iyer, S.S., 2021. Is blockchain technology secure to work on?. In Blockchain and AI technology in the industrial internet of things (pp. 66-80). IGI Global Scientific Publishing.
  21. Patel, P.B., Thakor, H.P. and Iyer, S., 2019, March. A comparative study on cyber crime mitigation models. In 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 466-470). IEEE.
  22. Schmid, S. and Suomela, J., 2013, August. Exploiting locality in distributed SDN control. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (pp. 121-126). https://doi.org/10.1145/2491185.249119
  23. Blial, O., Ben Mamoun, M. and Benaini, R., 2016. An overview on SDN architectures with multiple controllers. Journal of Computer Networks and Communications, 2016(1), p.9396525. https://doi.org/10.1155/2016/9396525
  24. Wang, H.Z., Zhang, P., Xiong, L., Liu, X. and Hu, C.C., 2016. A secure and high-performance multi-controller architecture for software-defined networking. Frontiers of Information Technology & Electronic Engineering, 17(7), pp.634-646. https://doi.org/10.1631/FITEE.1500321
  25. Badotra, S. and Singh, J., 2017. Open Daylight as a Controller for Software Defined Networking. International Journal of Advanced Research in Computer Science, 8(5).
  26. Suh, D., Jang, S., Han, S., Pack, S., Kim, T. and Kwak, J., 2016, June. On performance of OpenDaylight clustering. In 2016 IEEE NetSoft Conference and Workshops (NetSoft) (pp. 407-410). IEEE. 10.1109/NETSOFT.2016.7502476
  27. Lara, A., Kolasani, A. and Ramamurthy, B., 2013. Network innovation using openflow: A survey. IEEE communications surveys & tutorials, 16(1), pp.493-512. 10.1109/SURV.2013.081313.00105
  28. Enns, R., 2006. NETCONF configuration protocol (No. rfc4741).
  29. Moriarty, K.M., 2020. Transforming Information Security: Optimizing Five Concurrent Data Trends to Reduce Resource Drain. Emerald Publishing Limited. https://doi.org/10.1108/9781839099281
  30. Ferraiolo, D., Cugini, J. and Kuhn, D.R., 1995, December. Role-based access control (RBAC): Features and motivations. In Proceedings of 11th annual computer security application conference (pp. 241-48).
  31. Mohanta, B.K., Panda, S.S. and Jena, D., 2018, July. An overview of smart contract and use cases in blockchain technology. In 2018 9th international conference on computing, communication and networking technologies (ICCCNT) (pp. 1-4). IEEE. 10.1109/ICCCNT.2018.8494045
  32. Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y. and Muralidharan, S., 2018, April. Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the thirteenth EuroSys conference (pp. 1-15). https://doi.org/10.1145/3190508.319053
  33. Ravi, N. and Shalinie, S.M., 2021. BlackNurse-SC: A novel attack on SDN controller. IEEE Communications Letters, 25(7), pp.2146-2150. DOI: 10.1109/lcomm.2021.3075898
  34. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., Kallitsis, M. and Kumar, D., 2017. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17) (pp. 1093-1110).
  35. Hu, J., Reed, M., Thomos, N., AI-Naday, M.F. and Yang, K., 2020. Securing SDN-controlled IoT networks through edge blockchain. IEEE Internet of Things Journal, 8(4), pp.2102-2115. https://doi.org/10.1109/JIOT.2020.3017354
  36. Mozumder, A.H. and Basha, M.J., 2025. SmartSecChain-SDN: A Blockchain-Integrated Intelligent Framework for Secure and Efficient Software-Defined Networks. arXiv preprint arXiv:2511.05156. 10.14445/23488549/IJECE-V12I10P117
  37. Garg, S., Goyal, S. and Bhandari, A., 2025. A lightweight blockchain based scalable and collaborative mitigation framework against new flow DDoS attacks in SDN enabled autonomous systems. Scientific Reports, 15(1), p.36002. https://doi.org/10.1038/s41598-025-19989-2
SCImago Journal & Country Rank