Journal on Communications ›› 2021, Vol. 42 ›› Issue (6): 131-144.doi: 10.11959/j.issn.1000-436x.2021079
• Papers • Previous Articles Next Articles
Chaowen CHANG, Jianshu JIN, Peisheng HAN, Xianwei ZHU
Revised:
2021-03-01
Online:
2021-06-25
Published:
2021-06-01
Supported by:
CLC Number:
Chaowen CHANG, Jianshu JIN, Peisheng HAN, Xianwei ZHU. Software-defined network packet forwarding verification scheme based on attribute-based signatures identification[J]. Journal on Communications, 2021, 42(6): 131-144.
"
方案 | 签名方式及采样粒度 | 验证设备及开销 | 转发时延 | 实现功能 | 局限性分析 |
方案1 (文献[ | 基于身份,OpenFlow匹配字段 | 控制器,0.15 ms | 33.17 ms(3层树形结构,最多经5台交换机) | 定位并检测伪造、篡改数据包 | 控制器单点失效、密钥通信开销大 |
方案2 (文献[ | 基于身份,OpenFlow匹配字段 | 交换机,时延未知 | 33.65 ms(4层树形结构,最多经7台交换机) | 检测伪造、篡改数据包 | 需要改变交换机内部构成,密钥通信开销大 |
方案3 (文献[ | 基于身份,自定义匹配字段 | 控制器,0.19 ms | 0.83 ms(自定义结构,3台OpenFlow交换机和一台P4交换机) | 检测伪造、篡改数据包 | 控制器单点失效、密钥通信开销大 |
本文方案 | 基于属性,自定义匹配字段 | 控制器,约20.2 ms | 30.95 ms(自定义结构,2台OpenFlow 交换机和一台P4交换机) | 检测伪造、篡改数据包,用户身份可追踪 | 计算开销较大 |
[1] | MCKEOWN N , . Software-defined networking[C]// IEEE International Conference on Computer Communications. Piscataway:IEEE Press, 2009: 30-32. |
[2] | NUNES B A A , MENDONCA M , NGUYEN X N ,et al. A survey of software-defined networking:past,present,and future of programmable networks[J]. IEEE Communications Surveys & Tutorials, 2014,16(3): 1617-1634. |
[3] | 王蒙蒙, 刘建伟, 陈杰 ,等. 软件定义网络:安全模型、机制及研究进展[J]. 软件学报, 2016,27(4): 969-992. |
WANG M M , LIU J W , CHEN J ,et al. Software defined networking:security model,threats and mechanism[J]. Journal of Software, 2016,27(4): 969-992. | |
[4] | GAO S , LI Z C , XIAO B ,et al. Security threats in the data plane of software-defined networks[J]. IEEE Network, 2018,32(4): 108-113. |
[5] | DARGAHI T , CAPONI A , AMBROSIN M ,et al. A survey on the security of stateful SDN data planes[J]. IEEE Communications Surveys & Tutorials, 2017,19(3): 1701-1725. |
[6] | RANA D S , DHONDIYAL S A , CHAMOLI S K . Software defined networking (SDN) challenges,issues and solution[J]. International Journal of Computer Sciences and Engineering, 2019,7(1): 884-889. |
[7] | GUPTA B B , PEREZ G M , AGRAWAL D P ,et al. Handbook of computer networks and cyber security[M]. Cham: Springer International Publishing, 2020. |
[8] | 王首一, 李琦, 张云 . 轻量级的软件定义网络数据包转发验证[J]. 计算机学报, 2019,42(1): 176-189. |
WANG S Y , LI Q , ZHANG Y . LPV:lightweight packet forwarding verification in SDN[J]. Chinese Journal of Computers, 2019,42(1): 176-189. | |
[9] | SASAKI T , PAPPAS C , LEE T ,et al. SDNsec:forwarding accountability for the SDN data plane[C]// 2016 25th International Conference on Computer Communication and Networks. Piscataway:IEEE Press, 2016: 1-10. |
[10] | 秦晰, 唐国栋, 常朝稳 ,等. 软件定义网络中基于密码标识的数据包转发验证机制[J]. 电子与信息学报, 2018,40(9): 2042-2049. |
QIN X , TANG G D , CHANG C W ,et al. Packet forwarding authentication mechanism based on cipher identification in software-defined network[J]. Journal of Electronics & Information Technology, 2018,40(9): 2042-2049. | |
[11] | 冯登国, 陈成 . 属性密码学研究[J]. 密码学报, 2014,1(1): 1-12. |
FENG D G , CHEN C . Research on attribute-based cryptography[J]. Journal of Cryptologic Research, 2014,1(1): 1-12. | |
[12] | BOSSHART P , DALY D , GIBB G ,et al. P4[J]. ACM SIGCOMM Computer Communication Review, 2014,44(3): 87-95. |
[13] | BOSSHART P , GIBB G , KIM H S ,et al. Forwarding metamorphosis:fast programmable match-action processing in hardware for SDN[C]// The ACM SIGCOMM 2013 Conference on SIGCOMM. New York:ACM Press, 2013: 99-110. |
[14] | 祝现威, 常朝稳, 朱智强 ,等. 基于身份属性的SDN控制转发方法[J]. 通信学报, 2019,40(11): 1-18. |
ZHU X W , CHANG C W , ZHU Z Q ,et al. SDN control and forwarding method based on identity attribute[J]. Journal on Communications, 2019,40(11): 1-18. | |
[15] | KHADER D . Attribute based group signatures[J]. IACR Cryptology ePrint Archive,2007, 2007:159. |
[16] | 陈剑锋 . 基于属性签名方案的研究[D]. 广州:中山大学, 2010. |
CHEN J F . Research on attribute-based signatures[D]. Guangzhou:Sun Yat-Sen University, 2010. | |
[17] | GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// The 13th ACM conference on Computer and Communications Security. New York:ACM Press, 2006: 89-98. |
[18] | 左志斌, 常朝稳, 祝现威 . 一种基于数据平面可编程的软件定义网络数据包转发验证机制[J]. 电子与信息学报, 2020,42(5): 1110-1117. |
ZUO Z B , CHANG C W , ZHU X W . A software-defined networking packet forwarding verification mechanism based on programmable data plane[J]. Journal of Electronics & Information Technology, 2020,42(5): 1110-1117. | |
[19] | 林耘森箫, 毕军, 周禹 ,等. 基于P4的可编程数据平面研究及其应用[J]. 计算机学报, 2019,42(11): 2539-2560. |
LIN Y , BI J , ZHOU Y ,et al. Research and applications of programmable data plane based on P4[J]. Chinese Journal of Computers, 2019,42(11): 2539-2560. | |
[20] | YAZICI V , SUNAY M O , ERCAN A O . Controlling a software-defined network via distributed controllers[J]. arXiv Preprint,arXiv:1401.7651, 2014. |
[21] | 田心宁 . 基于 Zookeeper 的 SDN 多控制器架构的研究与实现[D]. 兰州:兰州大学, 2016. |
TIAN X N . Design and implementation of multiple SDN controllers via zookeeper[D]. Lanzhou:Lanzhou University, 2016. | |
[22] | HUNT P , KONAR M , JUNQUEIRA F P ,et al. Zookeeper:wait-free coordination for internet-scale systems[C]// USENIX Annual Technical Conference. Berkeley:USENIX Association, 2010:9. |
[23] | 陈世强 . 基于多控制器的 SDN 一致性机制研究[D]. 北京:北京理工大学, 2016. |
CHEN S Q . Research of consistency mechanism based on multi controllers in software-defined network[D]. Beijing:Beijing Institute of Technology, 2016. | |
[24] | CASADO M , FREEDMAN M J , PETTIT J ,et al. Ethane:taking control of the enterprise[C]// The 2007 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications. New York:ACM Press, 2007: 27-31. |
[1] | Ping WU, Chaowen CHANG, Zhibin ZUO, Yingying MA. Address overloading-based packet forwarding verification in SDN [J]. Journal on Communications, 2022, 43(3): 88-100. |
[2] | Ping WU, Chaowen CHANG, Yingying MA. Port address overloading based packet forwarding verification in SDN [J]. Journal on Communications, 2021, 42(7): 70-83. |
[3] | Lan YAO,Julong LAN. Adaptive SDN switch migration mechanism based on coalitional game [J]. Journal on Communications, 2020, 41(8): 1-10. |
[4] | Yingxu LAI,Yewei PU,Jing LIU. Research on switch migration method based on minimum cost path [J]. Journal on Communications, 2020, 41(2): 131-142. |
[5] | Yang YANG,Min CAO,Jiahai YANG,Rong CHE,Wei LIU. SSRC:source rate control algorithm for delay-sensitive flow in data center network [J]. Journal on Communications, 2019, 40(7): 14-26. |
[6] | Nan BAO,Jiakuo ZUO,Han HU,Xu BAO. SDN based network resource selection multi-objective optimization algorithm [J]. Journal on Communications, 2019, 40(2): 51-59. |
[7] | Julong LAN,Xueshuai ZHANG,Yuxiang HU,Penghao SUN. Software-defined networking QoS optimization based on deep reinforcement learning [J]. Journal on Communications, 2019, 40(12): 60-67. |
[8] | Xianwei ZHU,Chaowen CHANG,Zhiqiang ZHU,Xi QIN. SDN control and forwarding method based on identity attribute [J]. Journal on Communications, 2019, 40(11): 1-18. |
[9] | Qian DONG,Jun LI,Yuxiang MA,Shujun HAN. Traffic scheduling method based on segment routing in software-defined networking [J]. Journal on Communications, 2018, 39(11): 23-35. |
[10] | Kuang-yu QIN,Chuan-he HUANG,Cai-hua WANG,Jiao-li SHI,Di WU,Xi CHEN. Balanced multiple controllers placement with latency and capacity bound in software-defined network [J]. Journal on Communications, 2016, 37(11): 90-103. |
[11] | UANTong D,ANJu-long L,HENGGuo-zhen C,UYu-xiang H. Functional composition in software-defined network based on atomic capacity [J]. Journal on Communications, 2015, 36(5): 156-166. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|