軟體定義網路(Software-Defined Network, 簡稱SDN)是一種網路架構的新概念。
對比於傳統的網路架構，SDN的特性可以使得網路管理者能夠更加輕易地去管理以及
監控整個網路環境，但有藉於完全不同的架構導致產生異於傳統網路的安全議題。其
中一項安全議題，是關於在SDN控制器以及其底下的節點之間必須建立安全通道，這
個通道是否安全會涉及到整個網路的訊息正確性。因此，本篇論文提出一種建立在橢
圓曲線密碼學(Elliptic Curve Cryptography ,簡稱ECC)的抗洩漏金鑰分配機制。此機制分
為兩個階段，第一，發佈金鑰的階段用於新節點加入SDN的網路，第二，控制器為將
要傳送的節點分配對稱式鑰匙，以至於可以建立安全通道來的傳遞資訊。我們提出的
金鑰分配機制是為了可以達到新節點迅速及安全的加入，而且除了被控制器定義路徑
包含的節點，其他節點皆無法去窺探封包中的內容，同時達到傳輸中封包的機密性。

Software-Defined Network (SDN) is a new concept of network architecture. Due to the properties
of SDN, managing and monitoring an entire network is easier than the traditional networking.
However, the new architecture leads to additional security issues. One of the security
issues is secure communication between SDN controller and network nodes. The security issue
affects exchange of the credible control messages between SDN controller and network nodes.
Therefore, this paper proposes a leakage-resistant key distribution mechanism based on Elliptic
Curve Cryptography (ECC).
The mechanism provides two phase, the first phase that the SDN controller distributes a longterm
key to the new network nodes, and the second phase that the SDN controller distributes
short-term symmetric keys to the network nodes for secure packet transmission. The proposed
key distribution mechanism can support the fast and secure joining of new network nodes in
SDN. Also, except for the nodes in the same path, other nodes have not the capability of decrypting
the transmitted packets for secure communications in SDN.

論文審定書 i
Acknowledgments iv
摘要 v
Abstract vi
List of Figures ix
List of Tables x
Chapter 1 Introduction 1
1.1 Contributions 3
1.2 Organization 4
Chapter 2 Preliminaries 5
2.1 Software-Defined Network 5
2.2 Elliptic Curve Cryptography 7
2.3 Definitions of Security 8
2.3.1 IND-CCA game 8
2.3.2 PRP game 8
Chapter 3 Related Works 10
Chapter 4 Our Construction 12
4.1 Definitions of Parties in SDN 12
4.2 Initialization 13
4.3 Registration of The New Node 14
4.3.1 The Detail of Registration 14
4.4 Path Key Distribution 18
4.4.1 Timing of Running Path Key Distribution Mechanism 18
4.4.2 Path Key Distribution 18
Chapter 5 Security Proof 23
5.1 Mutual Authentication for Registration and Path Key Distribution phases 23
5.1.1 Security Model 23
5.1.2 Security Proof 24
5.2 Key Exchange for Registration Phase 29
5.2.1 Security Model 29
5.2.2 Security Proof 30
5.3 Key Distribution for Path Distribution Phase 31
5.3.1 Security Model I 31
5.3.2 Security Proof 32
Chapter 6 Comparison 39
Chapter 7 Conclusion 41
Bibliography 41

[1] F. Bannour, S. Souihi, and A. Mellouk. Distributed sdn control: Survey, taxonomy, and
challenges. IEEE Communications Surveys Tutorials, 20(1):333–354, Firstquarter 2018.
[2] A. Feghali, R. Kilany, and M. Chamoun. Sdn security problems and solutions analysis.
In 2015 International Conference on Protocol Engineering (ICPE) and International
Conference on New Technologies of Distributed Systems (NTDS), pages 1–5, July 2015.
[3] Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru M. Parulkar, Larry L. Peterson,
Jennifer Rexford, Scott Shenker, and Jonathan Turner. Openflow: enabling innovation in
campus networks. Computer Communication Review, 38:69–74, 2008.
[4] Dominik Samociuk. Secure communication between openflow switches and controllers.
AFIN, 2015.
[5] Jun Huy Lam, Sanggon Lee, Hoon-Jae Lee, and Yustus Eko Oktian. Securing sdn
southbound and data plane communication with ibc. Mobile Information Systems,
2016:1708970:1–1708970:12, 2016.
[6] Kevin Benton, L. Jean Camp, and Chris Small. Openflow vulnerability assessment. ACM,
2013.
[7] M. R. Clark and K. M. Hopkinson. Towards an understanding of the tradeoffs in adversary
models of smart grid privacy protocols. In 2013 IEEE Power Energy Society General
Meeting, pages 1–5, July 2013.
[8] Arash Shaghaghi, Mohamed Ali Kâafar, Rajkumar Buyya, and Sanjay Jha. Softwaredefined
network (sdn) data plane security: Issues, solutions and future directions. CoRR,
abs/1804.00262, 2018.
[9] ONF. SDN architecture, 2014.
[10] 張衛峰. 深度解析SDN：利益、戰略、技術、實踐. 碁峰, 2014.
[11] S. B. H. Natanzi and M. R. Majma. Secure distributed controllers in sdn based on ecc
public key infrastructure. In 2017 International Conference on Electrical and Computing
Technologies and Applications (ICECTA), pages 1–5, Nov 2017.
[12] M. Aydos, B. Sunar, and C. K. Koc. An elliptic curve cryptography based authentication
and key agreement protocol for wireless communication. In In 2nd International Workshop
on Discrete Algorithms and Methods for Mobile Computing and Communications
Symposium on Information Theory, 1998.
[13] Alan O. Freier, Philip Karlton, and Paul C. Kocher. The secure sockets layer (ssl) protocol
version 3.0. RFC, pages 1–67, 2011.
[14] Jun Huy Lam, Sanggon Lee, Hoon-Jae Lee, and Yustus Eko Oktian. Securing sdn
southbound and data plane communication with ibc. Mobile Information Systems,
2016:1708970:1–1708970:12, 2016.
[15] T. Ylonen and C. Lonvick. The Secure Shell (SSH) Protocol Architecture, 2006.
[16] AES 256bit Encryption/Decryption and storing in the database using java.
https://medium.com/@danojadias/aes-256bit-encryption-decryption-/
/and-storing-in-the-database-using-java-2ada3f2a0b14, 2016. [Online;
accessed 25-August-2018].
[17] Digital-Signature-using-RSA-and-SHA-256. https://github.com/henmja/
Digital-Signature-using-RSA-and-SHA-256, 2018. [Online; accessed 25-
August-2018].
[18] ECCKeyAgreement.java. https://gist.github.com/ymnk/
fec39e033394ee2ec47c, 2018. [Online; accessed 25-August-2018].
[19] Class BigInteger. https://docs.oracle.com/javase/7/docs/api/java/math/
BigInteger.html. [Online; accessed 25-August-2018].
[20] Class Cipher. https://docs.oracle.com/javase/7/docs/api/javax/crypto/
Cipher.html. [Online; accessed 25-August-2018].
[21] Class KeyPairGenerator. https://docs.oracle.com/javase/7/docs/api/java/
security/KeyPairGenerator.html. [Online; accessed 25-August-2018].