Blockchain Based Software Defined Perimeter (SDP) in Support of Authentication and Authorization

Software Defined Perimeter (SDP) leverages software to implement network security isolation. It could be used to secure the application infrustructure. The controller in SDP is centralized and exposed in the Internet during implementation, which is vulnerable to DDoS attacks. A blockchain based decentralized SDP mechanism is proposed in this paper. The multiple SDP controllers form a blockchain network, and they are responsible for implementing the host authentication and authorization. The authorization policies are defined by the accepting SDP hosts. The policy can be recorded into the ledger, and then the authorization is implemented by the SDP controllers in the blockchain. The policy can also be kept by the accepting SDP host because of the privacy preserving, and then the authorization is implemented by the accepting SDP hosts themselves. The blockchain oracles are introduced to support multiple authentication methods defined in SDP.