基于密码标识的SDN安全控制转发方法

秦晰; 唐国栋; 常朝稳

doi:10.11959/j.issn.1000-436x.2018022

您当前的位置：

首页 >

文章列表页 >

基于密码标识的SDN安全控制转发方法

学术论文 | 更新时间：2024-06-05

- 基于密码标识的SDN安全控制转发方法
- SDN security control and forwarding method based on cipher identification
- 通信学报 2018年39卷第2期页码：31-42
- 作者机构：
  
  1. 信息工程大学三院，河南郑州 450001
  2. 郑州信大先进技术研究院，河南郑州 450001
- 作者简介：
  
  [ "秦晰（1978-），女，河南焦作人，博士，信息工程大学副教授、硕士生导师，主要研究方向为SDN安全、可信计算。" ]
  [ "唐国栋（1992-），男，湖南永州人，信息工程大学硕士生，主要研究方向为SDN安全。" ]
  [ "常朝稳（1966-），男，河南滑县人，博士，信息工程大学教授、博士生导师，主要研究方向为移动信息安全、物联网安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61572517)
- DOI：10.11959/j.issn.1000-436x.2018022
  中图分类号： TP393
- 网络出版日期：2018-02，
  
  纸质出版日期：2018-02-25
- 稿件说明：
移动端阅览
秦晰, 唐国栋, 常朝稳. 基于密码标识的SDN安全控制转发方法[J]. 通信学报, 2018,39(2):31-42.

Xi QIN, Guodong TANG, Chaowen CHANG. SDN security control and forwarding method based on cipher identification[J]. Journal on communications, 2018, 39(2): 31-42.
秦晰, 唐国栋, 常朝稳. 基于密码标识的SDN安全控制转发方法[J]. 通信学报, 2018,39(2):31-42. DOI： 10.11959/j.issn.1000-436x.2018022.

Xi QIN, Guodong TANG, Chaowen CHANG. SDN security control and forwarding method based on cipher identification[J]. Journal on communications, 2018, 39(2): 31-42. DOI： 10.11959/j.issn.1000-436x.2018022.

摘要

针对软件定义网络（SDN

software defined networking）中匹配域范围有限和缺乏有效的数据来源验证机制问题，提出基于密码标识的 SDN 安全控制转发方法。首先，根据用户身份、文件属性或业务内容等特征信息生成密码标识，为数据流打上密码标识并用基于密码标识的私钥签名。其次，在其进出网络时验证签名，确保数据的真实性，同时将密码标识设计为转发设备能识别的匹配项，基于密码标识定义网络转发行为，形成基于人、物、业务流等细粒度网络控管能力。最后，通过实验分析验证该方法的有效性。

Abstract

Aimed at the limited matching fields and the lack of effective data source authentication mechanism in the software defined networking (SDN)

a SDN security control forwarding method based on cipher identification was proposed.First

the cipher identification was generated according to the user identity

file attributes or business content and other characteristics

and the data stream was marked by the cipher identification and signed with the private key based on the cipher identification.Then

when the data stream entered and left the network

the forwarding device verified its signature to ensure the authenticity of the data.At the same time

the cipher identification was designed as a matching item recognized by the forwarding device

and the network forwarding behavior was defined based on the cipher identification

so a fine-grained network control capability could be formed based on people

things

and business flow.Finally

the validity of the method is verified by experimental analysis.

关键词

Keywords

references

MCKEOWN N , . Software-defined networking [C ] // IEEE International Conference on Computer Communications . 2009 : 30 - 32 .

左青云 , 陈鸣 , 赵广松 , 等 . 基于 OpenFlow 的 SDN 技术研究 [J ] . 软件学报 , 2013 ( 5 ): 1078 - 1097 .

ZUO Q Y , CHEN M , ZHAO G S , et al . Research on OpenFlow-based SDN technologies [J ] . Journal of Software , 2013 ( 5 ): 1078 - 1097 .

王蒙蒙 , 刘建伟 , 陈杰 , 等 . 软件定义网络:安全模型、机制及研究进展 [J ] . 软件学报 , 2016 , 27 ( 4 ): 969 - 992 .

WANG M M , LIU J W , CHEN J , et al . Software defined networking:security model,threats and mechanism [J ] . Journal of Software , 2016 , 27 ( 4 ): 969 - 992 .

LIU H H , WU X , ZHANG M , et al . zUpdate:updating data center networks with zero loss [J ] . Computer Communication Review , 2013 , 43 ( 4 ): 411 - 422 .

LI D , SHANG Y , CHEN C . Software defined green data center network with exclusive routing [C ] // INFOCOM . 2014 : 1743 - 1751 .

DHAWAN M , PODDAR R , MAHAJAN K , et al . SPHINX:detecting security attacks in software-defined networks [C ] // Network and Distributed System Security Symposium . 2015 : 1 - 15 .

王首一 , 李琦 , 张云 . 轻量级的软件定义网络数据分组转发验证 [J ] . 计算机学报 , 2017 , 40 ( 7 ): 9 - 26 .

WANG S Y , LI Q , ZHANG Y . Lightweight packet forwarding verification in SDN [J ] . Journal of Computers . 2017 , 40 ( 7 ): 9 - 26 .

YAO G , BI J , XIAO P . Source address validation solution with OpenFlow/NOX architecture [C ] // IEEE International Conference on Network Protocols . 2011 : 7 - 12 .

CASADO M , FREEDMAN M J , PETTIT J , et al . Ethane:taking control of the enterprise [C ] // ACM SIGCOMM Conference on Applications . 2007 : 1 - 12 .

SHIN S , PORRAS P , YEGNESWARAN V , et al . FRESCO:modular composable security services for software-defined networks [C ] // Network ＆ Distributed Security Symposium , 2013 .

BALLARD J R , RAE I , AKELLA A . Extensible and scalable network monitoring using OpenSAFE [C ] // Internet Network Management Conference on Research on Enterprise Networking . 2010 :8.

WUNDSAM A , LEVIN D , SEETHARAMAN S , et al . OFRewind:enabling record and replay troubleshooting for networks [C ] // Usenix Conference on Usenix Technical Conference . 2011 :29.

SHIN S , GU G . CloudWatcher:network security monitoring using OpenFlow in dynamic cloud networks [C ] // IEEE International Conference on Network Protocols . 2012 : 1 - 6 .

毕军 . SDN 体系结构与未来网络体系结构创新环境 [J ] . 电信科学 , 2013 , 29 ( 8 ): 6 - 15 .

BI J . SDN architecture and future network innovation environment [J ] . Telecommunications Science , 2013 , 29 ( 8 ): 6 - 15 .

南湘浩 . CPK组合公钥体制(v8.0) [J ] . 金融电子化 , 2013 ( 3 ): 39 - 41 .

NAN X H . CPK combined public key cryptosystem(v80) [J ] . Financial Electronics , 2013 ( 3 ): 39 - 41 .

浏览量

1192

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于身份属性的SDN控制转发方法

基于SDN的自组织网络路由框架及构建方法

云环境下SDN网络低速率DDoS攻击的研究

SDN中基于条件熵和GHSOM的DDoS攻击检测方法

基于SDN的网络试验床综述