Advanced Search
Volume 40 Issue 9
Aug.  2018
Turn off MathJax
Article Contents
Xi QIN, Guodong TANG, Chaowen CHANG, Ruiyun WANG. Packet Forwarding Authentication Mechanism Based on Cipher Identification in Software-defined Network[J]. Journal of Electronics & Information Technology, 2018, 40(9): 2042-2049. doi: 10.11999/JEIT171226
Citation: Xi QIN, Guodong TANG, Chaowen CHANG, Ruiyun WANG. Packet Forwarding Authentication Mechanism Based on Cipher Identification in Software-defined Network[J]. Journal of Electronics & Information Technology, 2018, 40(9): 2042-2049. doi: 10.11999/JEIT171226

Packet Forwarding Authentication Mechanism Based on Cipher Identification in Software-defined Network

doi: 10.11999/JEIT171226
Funds:  The National Natural Science Foundation of China (61572517)
  • Received Date: 2017-12-26
  • Rev Recd Date: 2018-06-01
  • Available Online: 2018-07-12
  • Publish Date: 2018-09-01
  • To deal with the lack of a secure and efficient data source authentication mechanism in Software-Defined Network (SDN), a packet forwarding authentication mechanism based on cipher identification is proposed. Firstly, a packet forwarding authentication model based on cipher identification is established, where the cipher identification is identified as a passport of IP packets entering and leaving the network. Secondly, the SDN batch anonymous authentication protocol is designed to decentralize the authentication function of the SDN controller to the SDN switch. The SDN switch performs user authentication and cipher identification verification, and quickly filters forgery, falsification, and other illegal packets to improve the unified authentication and management efficiency of the SDN controller, while providing users with the conditions of privacy protection. Thirdly, a scheme for sampling and verifying packets based on cipher identification in any node is proposed, where any attacker can not bypass the packet detection by inferring the sample, to ensure the authenticity of the packet while reducing its processing delay. Finally, safety analysis and performance evaluation are conducted. The results show that this mechanism can quickly detect packet falsification and tampering and resist ID analysis attacks, but at the same time it introduces about 9.6% forwarding delay and less than 10% communication overhead.
  • loading
  • MCKEOWN N. Software-defined networking[C]. IEEE International Conference on Computer Communications, Rio de Janeiro, Brazil, 2009: 30–32.
    NUNES B, MENDONCA M, NGUYEN X, et al. A survey of software-defined networking: Past, present, and future of programmable networks[J]. IEEE Communications Surveys&Tutorials, 2014, 16(3): 1617–1634 doi: 10.1109/SURV.2014.012214.00180
    王蒙蒙, 刘建伟, 陈杰, 等. 软件定义网络: 安全模型、机制及研究进展[J]. 软件学报, 2016, 27(4): 969–992 doi: 10.13328/j.cnki.jos.005020

    WANG Mengmeng, LIU Jianwei, CHEN Jie, et al. Software defined networking: Security model, threats and mechanism[J]. Journal of Software, 2016, 27(4): 969–992 doi: 10.13328/j.cnki.jos.005020
    LIU Hongqiang, WU Xin, ZHANG Ming, et al. zUpdate: Updating data center networks with zero loss[J]. Computer Communication Review, 2013, 43(4): 411–422 doi: 10.1145/2486001.2486005
    LI Dan, SHANG Yunfei, and CHEN Congjie. Software defined green data center network with exclusive routing[C]. IEEE International Conference on Computer Communications, Toronto, Canada, 2014: 1743–1751.
    DHAWAN M, PODDAR R, MAHAJAN K, et al. SPHINX: Detecting security attacks in software-defined networks[C]. Network and Distributed System Security Symposium, San Diego, USA, 2015: 1–15.
    李杰, 吴建平, 徐恪, 等. Hidasav: 一种层次化的域间真实源地址验证方法[J]. 计算机学报, 2012, 35(1): 85–100 doi: 10.3724/SP.J.1016.2012.00085

    LI Jie, WU Jianping, XU Ke, et al. An hierarchical inter-domain authenticated source address validation solution[J]. Chinese Journal of Computers, 2012, 35(1): 85–100 doi: 10.3724/SP.J.1016.2012.00085
    YAO Guang, BI Jun, and XIAO Peiyao. Source address validation solution with OpenFlow/NOX architecture[C]. IEEE International Conference on Network Protocols, Vancouver, Canada, 2011: 7–12.
    孙鹏. 面向SDN的源地址验证方法研究[J]. 电光与控制, 2016, 23(3): 49–53 doi: 10.3969/j.issn.1671-637X.2016.03.012

    SUN Peng. Source address validation methods based on SDN[J]. Electronics Optics&Control, 2016, 23(3): 49–53 doi: 10.3969/j.issn.1671-637X.2016.03.012
    LIU Bingyang, BI Jun, and ZHOU Yu. Source address validation in software defined networks[C]. ACM Conference on SIGCOMM, Florianópolis, Brazil, 2016: 595–596.
    KIM H, BASESCU C, JIA L, et al. Lightweight source authentication and path validation[C]. ACM Conference on SIGCOMM, Chicago, USA, 2014: 271–282.
    TAKAYUKI S, CHRISTOS P, TAEHO L, et al. SDNsec: Forwarding accountability for the SDN data plane[C]. International Conference on Computer Communication and Networks, Hawaii, USA, 2016: 1–10.
    陈越, 贾洪勇, 谭鹏许, 等. 基于流认证的IPv6接入子网主机源地址验证[J]. 通信学报, 2013, 34(1): 171–178 doi: 10.3969/j.issn.1000-436x.2013.01.019

    CHEN Yue, JIA Hongyong, TAN Pengxu, et al. Host’s source address verification based on stream authentication in the IPv6 access subnet[J]. Journal of Communications, 2013, 34(1): 171–178 doi: 10.3969/j.issn.1000-436x.2013.01.019
    董平, 秦雅娟, 张宏科. 支持普适服务的一体化网络研究[J]. 电子学报, 2007, 35(4): 599–606

    DONG Ping, QIN Yajuan, and ZHANG Hongke. Research on universal network supporting pervasive services[J]. Acta Electronica Sinica, 2007, 35(4): 599–606
    FARINACCI D, MEYER D, ZWIEBEL J, et al. The locator/id separation protocol (LISP) for multicast environments[S]. Internet Draft, draft-farinacci-lisp-15.txt, 2011.
    许芷岩, 吴黎兵, 李莉, 等. 无线漫游认证中可证安全的无证书聚合签名方案[J]. 通信学报, 2017, 38(7): 123–130 doi: 10.11959/j.issn.1000-436x.2017152

    XU Zhiyan, WU Libing, LI Li, et al. Provably secure certificateless aggregate signature scheme in wireless roaming authentication[J]. Journal of Communications, 2017, 38(7): 123–130 doi: 10.11959/j.issn.1000-436x.2017152
    HORNG S, TZENG S, PAN Y, et al. b-SPECS+: batch verification for secure pseudonymous authentication in VANET[J]. IEEE Transactions on Information Forensics&Security, 2013, 8(11): 1860–1875 doi: 10.1109/TIFS.2013.2277471
    谢永, 吴黎兵, 张宇波, 等. 面向车联网的多服务器架构的匿名双向认证与密钥协商协议[J]. 计算机研究与发展, 2016, 53(10): 2323–2333 doi: 10.7544/issn1000-1239.2016.20160428

    XIE Yong, WU Libing, ZHANG Yubo, et al. Anonymous mutual authentication and key agreement protocol in multi-server architecture for VANETs[J]. Journal of Computer Research and Development, 2016, 53(10): 2323–2333 doi: 10.7544/issn1000-1239.2016.20160428
    周彦伟, 杨波, 张文政. 一种改进的无证书两方认证密钥协商协议[J]. 计算机学报, 2017, 40(5): 1181–1191 doi: 10.11897/SP.J.1016.2017.01181

    ZHOU Yanwei, YANG Bo, and ZHANG Wenzheng. An improved two-party authenticated certificateless key agreement protocol[J]. Chinese Journal of Computers, 2017, 40(5): 1181–1191 doi: 10.11897/SP.J.1016.2017.01181
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(6)  / Tables(3)

    Article Metrics

    Article views (2059) PDF downloads(69) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return