基于密码标识的SDN安全控制转发方法

doi:10.11959/j.issn.1000-436x.2018022

Abstract

Abstract:

Aimed at the limited matching fields and the lack of effective data source authentication mechanism in the software defined networking (SDN),a SDN security control forwarding method based on cipher identification was proposed.First,the cipher identification was generated according to the user identity,file attributes or business content and other characteristics,and the data stream was marked by the cipher identification and signed with the private key based on the cipher identification.Then,when the data stream entered and left the network,the forwarding device verified its signature to ensure the authenticity of the data.At the same time,the cipher identification was designed as a matching item recognized by the forwarding device,and the network forwarding behavior was defined based on the cipher identification,so a fine-grained network control capability could be formed based on people,things,and business flow.Finally,the validity of the method is verified by experimental analysis.

Key words: software defined networking, cipher identification, security control and forwarding, flow table matching

CLC Number:

TP393

Xi QIN,Guodong TANG,Chaowen CHANG. SDN security control and forwarding method based on cipher identification[J]. Journal on Communications, 2018, 39(2): 31-42.

Figures/Tables 12

References 15

[1]	MCKEOWN N , . Software-defined networking[C]// IEEE International Conference on Computer Communications. 2009: 30-32.
[2]	左青云, 陈鸣, 赵广松 ,等. 基于 OpenFlow 的 SDN 技术研究[J]. 软件学报, 2013(5): 1078-1097.
	ZUO Q Y , CHEN M , ZHAO G S ,et al. Research on OpenFlow-based SDN technologies[J]. Journal of Software, 2013(5): 1078-1097.
[3]	王蒙蒙, 刘建伟, 陈杰 ,等. 软件定义网络:安全模型、机制及研究进展[J]. 软件学报, 2016,27(4): 969-992.
	WANG M M , LIU J W , CHEN J ,et al. Software defined networking:security model,threats and mechanism[J]. Journal of Software, 2016,27(4): 969-992.
[4]	LIU H H , WU X , ZHANG M ,et al. zUpdate:updating data center networks with zero loss[J]. Computer Communication Review, 2013,43(4): 411-422.
[5]	LI D , SHANG Y , CHEN C . Software defined green data center network with exclusive routing[C]// INFOCOM. 2014: 1743-1751.
[6]	DHAWAN M , PODDAR R , MAHAJAN K ,et al. SPHINX:detecting security attacks in software-defined networks[C]// Network and Distributed System Security Symposium. 2015: 1-15.
[7]	王首一, 李琦, 张云 . 轻量级的软件定义网络数据分组转发验证[J]. 计算机学报, 2017,40(7): 9-26.
	WANG S Y , LI Q , ZHANG Y . Lightweight packet forwarding verification in SDN[J]. Journal of Computers. 2017,40(7): 9-26.
[8]	YAO G , BI J , XIAO P . Source address validation solution with OpenFlow/NOX architecture[C]// IEEE International Conference on Network Protocols. 2011: 7-12.
[9]	CASADO M , FREEDMAN M J , PETTIT J ,et al. Ethane:taking control of the enterprise[C]// ACM SIGCOMM Conference on Applications. 2007: 1-12.
[10]	SHIN S , PORRAS P , YEGNESWARAN V ,et al. FRESCO:modular composable security services for software-defined networks[C]// Network ＆ Distributed Security Symposium, 2013.
[11]	BALLARD J R , RAE I , AKELLA A . Extensible and scalable network monitoring using OpenSAFE[C]// Internet Network Management Conference on Research on Enterprise Networking. 2010:8.
[12]	WUNDSAM A , LEVIN D , SEETHARAMAN S ,et al. OFRewind:enabling record and replay troubleshooting for networks[C]// Usenix Conference on Usenix Technical Conference. 2011:29.
[13]	SHIN S , GU G . CloudWatcher:network security monitoring using OpenFlow in dynamic cloud networks[C]// IEEE International Conference on Network Protocols. 2012: 1-6.
[14]	毕军 . SDN 体系结构与未来网络体系结构创新环境[J]. 电信科学, 2013,29(8): 6-15.
	BI J . SDN architecture and future network innovation environment[J]. Telecommunications Science, 2013,29(8): 6-15.
[15]	南湘浩 . CPK组合公钥体制(v8.0)[J]. 金融电子化, 2013(3): 39-41.
	NAN X H . CPK combined public key cryptosystem(v80)[J]. Financial Electronics, 2013(3): 39-41.

Metrics

Recommended 0

No Suggested Reading articles found!

SDN security control and forwarding method based on cipher identification

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 15

Related Articles 14

Metrics

Recommended 0

[1]	Fang DONG,Yuxiang HU,Ou LI. Routing framework and creation algorithm in Ad Hoc based SDN [J]. Journal on Communications, 2019, 40(9): 33-44.
[2]	CHEN Xingshu,HUA Qiang,WANG Yitong,GE Long,ZHU Yi. Research on low-rate DDoS attack of SDN network in cloud environment [J]. Journal on Communications, 2019, 40(6): 210-222.
[3]	Xianwei ZHU,Chaowen CHANG,Zhiqiang ZHU,Xi QIN. SDN control and forwarding method based on identity attribute [J]. Journal on Communications, 2019, 40(11): 1-18.
[4]	Junfeng TIAN,Liuling QI. DDoS attack detection method based on conditional entropy and GHSOM in SDN [J]. Journal on Communications, 2018, 39(8): 140-149.
[5]	Tao HUANG,Jiang LIU,Chen ZHANG,Liang WEI,Yunjie LIU. Survey on SDN-based network testbeds [J]. Journal on Communications, 2018, 39(6): 155-168.
[6]	Yong-hong FU,Jun BI,Ke-yao ZHANG,Jian-ping WU. Scalability of software defined network [J]. Journal on Communications, 2017, 38(7): 141-154.
[7]	Tao HU,Jian-hui ZHANG,Teng MA,Wei ZHAO. Multi-controller balancing deployment strategy based on reliability evaluation in SDN [J]. Journal on Communications, 2017, 38(11): 188-198.
[8]	Jiang LIU,Tao HUANG,Chen ZHANG,Ge ZHANG. Research on network virtualization slicing mechanism in SDN-based testbeds [J]. Journal on Communications, 2016, 37(4): 159-171.
[9]	Xiu-lei WANG,Guo-min ZHANG,Chao HU,Ming CHEN,Xiang-lin WEI. SDFAC:software defined flow access control mechanism [J]. Journal on Communications, 2015, 36(Z1): 188-196.
[10]	Ming CHEN,Fei DAI,Bo XU,Chang-you XING,Bing LI,Guo-min ZHANG. Active measurement mechanism measuring SDN performances [J]. Journal on Communications, 2015, 36(6): 31-40.
[11]	. IMISA：interconnection mechanism for IP subnet and SDN subnet in autonomous system [J]. Journal on Communications, 2014, 35(Z1): 15-81.
[12]	Yan-wei SHI,Zheng CAO. IMISA：interconnection mechanism for IP subnet and SDN subnet in autonomous system [J]. Journal on Communications, 2014, 35(Z1): 76-81.
[13]	. Survey of research on future network architectures [J]. Journal on Communications, 2014, 35(8): 23-197.
[14]	Tao HUANG,Jiang LIU,Ru HUO,Liang WEI,Yun-jie LIU. Survey of research on future network architectures [J]. Journal on Communications, 2014, 35(8): 184-197.