M2C: A Blockchain-Based Certificate Batching Architecture for Software-Defined Networks
摘要
Software-Defined Networking (SDN) enhances network flexibility but introduces security and scalability challenges in multi-controller environments, particularly for certificate-based authentication via Transport Layer Security (TLS). Centralized Certificate Authorities (CAs) suffer from single-point-of-failure risks and high verification overhead, unsuitable for large-scale SDN. We propose M2C, a blockchain-based certificate management scheme leveraging a distributed CA and Boneh-Lynn-Shacham (BLS) signature aggregation to ensure secure and efficient SDN communication. Using a permissioned Hyperledger Fabric blockchain for low-latency consensus, M2C employs smart contracts to automate certificate issuance, updating, and revocation, ensuring auditable certificate and revocation transparency. Its batch verification, powered by parallelized BLS signature processing, reduces verification complexity from O(n) to O(1). Our prototype demonstrates a certificate verification latency of 10.532 ms (vs. 998 ms for prior blockchain approaches) and a throughput of 356 status proofs per second with 10 root nodes, achieving a 36% bandwidth reduction compared to serial processing. M2C’s parallel processing and distributed architecture offer significant performance gains, making it ideal for scalable SDN deployments.