《计算机应用研究》|Application Research of Computers

软件定义网络可信连接设计与实现

Design and realization of SDN trusted connection

免费全文下载 (已被下载 次)  
获取PDF全文
作者 李兆斌,刘梦甜,魏占祯,王守融
机构 北京电子科技学院,北京 100070
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)03-054-0911-07
DOI 10.19734/j.issn.1001-3695.2017.10.0939
摘要 软件定义网络(software defined networking,SDN)将控制层和数据转发层分离,由控制层对数据转发层进行统一管理。目前控制层及数据转发层设备间完整性认证机制尚不完善,若平台完整性损坏的设备接入网络,会给整个SDN网络带来严重的安全问题。为确保双方设备在完整可信的前提下建立连接,进而在源头上保障设备安全、网络可信,提出了一种新的SDN可信连接方案。该方案以可信网络远程设备认证技术为基础,利用可信平台模块作为可信支撑,在SDN数据转发设备与控制器的连接过程中添加完整性认证环节。测试分析表明,该方案有效可行,符合实际应用。
关键词 软件定义网络;可信连接;完整性认证;网络安全
基金项目 国家重点研发计划项目(2017YFGX110123)
中央高校基本科研业务专项资金项目(2017CL04)
北京市自然科学基金资助项目(4152048)
本文URL http://www.arocmag.com/article/01-2019-03-054.html
英文标题 Design and realization of SDN trusted connection
作者英文名 Li Zhaobin, Liu Mengtian, Wei Zhanzhen, Wang Shourong
机构英文名 BeijingElectronicScienceTechnologyInstitute,Beijing100070,China
英文摘要 Software-defined networking separates the control layer and the data layer. Data forwarding was unified management by the control layer in SDN. However, equipment integrity authentication mechanism is not consummate between the control layer and the data layer. If the falsifiede quipment tries to connect the network, the whole network will face serious security problems. For ensuring that the connection was established after proving the equipment credible and integrated and that network was available, this paper proposed a project of trusted connection based on SDN. Combing the trusted network remote device authentication technology and using the trusted platform module as trusted support, the project added integrity certification to linking process of data forwarding devices and controllers. According to the experiment, the project is suitable for actual network environment.
英文关键词 software-defined networking; trusted connection; integrated authentication; network security
参考文献 查看稿件参考文献
  [1] Shu Zhaogang, Wan Jiafu, Li Di, et al. Security in software-defined networking:threats and countermeasures[J] . Mobile Networks & Applications, 2016, 21(5):1-13.
[2] Bawany N Z, Shamsi J A, Salah K. DDoS attack detection and mitigation using SDN:methods, practices, and solutions[J] . Arabian Journal for Science & Engineering, 2017, 42(2):425-441.
[3] 左青云, 张海粟. 基于OpenFlow的SDN网络安全分析与研究[J] . 信息网络安全, 2015(2):26-32. (Zuo Qingyun, Zhang Haisu. Analysis and research on network security for OpenFlow-based SDN[J] . Netinfo Security, 2015(2):26-32. )
[4] 张团利, 吕光宏, 杨沛霖. 基于OpenFlow的SDN可靠性综述[J] . 电子科技, 2016, 29(2):177-181. (Zhang Tuanli, Lyu Guanghong, Yang Peilin. Reliability of OpenFlow-based[J] . Electronic Science and Technology, 2016, 29(2):177-181. )
[5] 周睿康. 基于SDN的可信网络系统研究[D] . 北京:北京工业大〓〓〓〓学, 2015. (Zhou Ruikang. Research on trusted network system based on SDN[D] . Beijing:Beijing University of Technology, 2015. )
[6] 潘秋月. 基于Open vSwitch的可信交换机STP协议的可信改进[D] . 北京:北京工业大学, 2014. (Pan Qiuyue. Trusted improvement for trusted switch STP based on Open vSwitch[D] . Beijing:Beijing University of Technology, 2014. )
[7] 张朝昆, 崔勇, 唐翯祎, 等. 软件定义网络(SDN)研究进展[J] . 软件学报, 2015, 26(1):62-81. (Zhang Chaokun, Cui Yong, Tang Heyi, et al. State-of-the-art survey on software-defined networking(SDN)[J] . Journal of Software, 2015, 26(1):62-81. )
[8] 马文婷. 基于OpenFlow的SDN控制器关键技术研究[D] . 北京:北京邮电大学, 2015. (Ma Wenting. The key technology research on OpenFlow-based SDN controller[D] . Beijing:Beijing University of posts and Telecommunications, 2015. )
[9] 池亚平, 王全民. 基于USBkey的可信平台模块的研究与仿真设计[J] . 北京电子科技学院学报, 2007, 15(4):13-15. (Chi Yaping, Wang Quanmin. Research and emulation design of trusted platform module based on USBkey[J] . Journal of Beijing Electronic Science and Technology Institute, 2007, 15(4):13-15. )
[10] 张焕国, 陈璐, 张立强. 可信网络连接研究[J] . 计算机学报, 2010, 33(4):706-717. (Zhang Huanguo, Chen Lu, Zhang Liqiang. Research on trusted network connection[J] . Chinese Journal of Computers, 2010, 33(4):706-717. )
[11] 冯登国, 秦宇, 汪丹, 等. 可信计算技术研究[J] . 计算机研究与发展, 2011, 48(8):1332-1349. (Feng Dengguo, Qin Yu, Wang Dan, et al. Journal of computer research and development[J] . Research on Trusted Computing Technology, 2011, 48(8):1332-1349. )
[12] 温博为. 可信计算平台技术应用研究[D] . 西安:陕西师范大学, 2013. (Wen Bowei. Research and application of trusted computing platform technology[D] . Xi’an:Shaanxi Normal University, 2013. )
[13] 王晓明. 可信网络远程认证的相关研究[D] . 济南:山东大学, 2015. (Wang Xiaoming. Research on the remote attestation for trusted network[D] . Ji’nan:Shandong University, 2015. )
[14] 罗洪达, 董增寿, 杨威. 基于TPM仿真器的可信计算实验平台设计[J] . 太原科技大学学报, 2013, 34(5):337-341. (Luo Hongda, Dong Zengshou, Yang Wei. Design of trusted computing experimental platform based on TPM_emulator[J] . Journal of Taiyuan University of Science and Technology, 2013, 34(5):337-341. )
收稿日期 2017/9/20
修回日期 2017/11/10
页码 911-917
中图分类号 TP309
文献标志码 A