Software-defined network packet forwarding verification scheme based on attribute-based signatures identification

被引：0

作者：

Chang C. ^{[1
]}

Jin J. ^{[1
]}

Han P. ^{[1
]}

Zhu X. ^{[1
]}

机构：

[1] Information Engineering University, Zhengzhou

来源：

Tongxin Xuebao/Journal on Communications | 2021年 / 42卷 / 06期

基金：

中国国家自然科学基金;

关键词：

Attribute signature; Forwarding verification; P4 forwarding device; Software-defined network;

D O I：

10.11959/j.issn.1000-436x.2021079

中图分类号：

学科分类号：

摘要：

Aiming at the lack of effective forwarding verification mechanism for packet in software defined network (SDN), a data packet forwarding verification scheme based on attributed-based signatures identification was proposed. First, the attribute signature identification was generated according to the user's identity attribute, and the data packet was marked by the attribute signature identification. Then, the P4 forwarding device was used to control accurately and sample the data packet. The controller verified the attribute signature of the sampled data packet. The OpenFlow forwarding device processes the abnormal data packets according to the flow table issued by the controller. Finally, a multi-controllers architecture was constructed to avoid the single point failure of the controller. The results of the experiment indicate that the scheme can achieve accurate control and sampling of data packet, effectively detect the forwarding abnormal behaviors such as packet tampering and forgery, and the network delay is within the range of feasible communication delay. © 2021, Editorial Board of Journal on Communications. All right reserved.

引用

页码：131 / 144

页数：13

共 24 条

[1] MCKEOWN N., Software-defined networking, IEEE International Conference on Computer Communications, pp. 30-32, (2009)
[2] NUNES B A A, MENDONCA M, NGUYEN X N, Et al., A survey of software-defined networking: past, present, and future of programmable networks, IEEE Communications Surveys & Tutorials, 16, 3, pp. 1617-1634, (2014)
[3] WANG M M, LIU J W, CHEN J, Et al., Software defined networking: security model, threats and mechanism, Journal of Software, 27, 4, pp. 969-992, (2016)
[4] GAO S, LI Z C, XIAO B, Et al., Security threats in the data plane of software-defined networks, IEEE Network, 32, 4, pp. 108-113, (2018)
[5] DARGAHI T, CAPONI A, AMBROSIN M, Et al., A survey on the security of stateful SDN data planes, IEEE Communications Surveys & Tutorials, 19, 3, pp. 1701-1725, (2017)
[6] RANA D S, DHONDIYAL S A, CHAMOLI S K., Software defined networking (SDN) challenges, issues and solution, International Journal of Computer Sciences and Engineering, 7, 1, pp. 884-889, (2019)
[7] GUPTA B B, PEREZ G M, AGRAWAL D P, Et al., Handbook of computer networks and cyber security, (2020)
[8] WANG S Y, LI Q, ZHANG Y., LPV: lightweight packet forwarding verification in SDN, Chinese Journal of Computers, 42, 1, pp. 176-189, (2019)
[9] SASAKI T, PAPPAS C, LEE T, Et al., SDNsec: forwarding accountability for the SDN data plane, 2016 25th International Conference on Computer Communication and Networks, pp. 1-10, (2016)
[10] QIN X, TANG G D, CHANG C W, Et al., Packet forwarding authentication mechanism based on cipher identification in software-defined network, Journal of Electronics & Information Technology, 40, 9, pp. 2042-2049, (2018)

← 1 2 3 →