Software-defined network packet forwarding verification scheme based on attribute-based signatures identification

被引：0

作者：

Chang C. ^{[1
]}

Jin J. ^{[1
]}

Han P. ^{[1
]}

Zhu X. ^{[1
]}

机构：

[1] Information Engineering University, Zhengzhou

来源：

Tongxin Xuebao/Journal on Communications | 2021年 / 42卷 / 06期

基金：

中国国家自然科学基金;

关键词：

Attribute signature; Forwarding verification; P4 forwarding device; Software-defined network;

D O I：

10.11959/j.issn.1000-436x.2021079

中图分类号：

学科分类号：

摘要：

Aiming at the lack of effective forwarding verification mechanism for packet in software defined network (SDN), a data packet forwarding verification scheme based on attributed-based signatures identification was proposed. First, the attribute signature identification was generated according to the user's identity attribute, and the data packet was marked by the attribute signature identification. Then, the P4 forwarding device was used to control accurately and sample the data packet. The controller verified the attribute signature of the sampled data packet. The OpenFlow forwarding device processes the abnormal data packets according to the flow table issued by the controller. Finally, a multi-controllers architecture was constructed to avoid the single point failure of the controller. The results of the experiment indicate that the scheme can achieve accurate control and sampling of data packet, effectively detect the forwarding abnormal behaviors such as packet tampering and forgery, and the network delay is within the range of feasible communication delay. © 2021, Editorial Board of Journal on Communications. All right reserved.

引用

页码：131 / 144

页数：13

共 24 条

[11] FENG D G, CHEN C., Research on attribute-based cryptography, Journal of Cryptologic Research, 1, 1, pp. 1-12, (2014)
[12] BOSSHART P, DALY D, GIBB G, Et al., P4, ACM SIGCOMM Computer Communication Review, 44, 3, pp. 87-95, (2014)
[13] BOSSHART P, GIBB G, KIM H S, Et al., Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN, The ACM SIGCOMM 2013 Conference on SIGCOMM, pp. 99-110, (2013)
[14] ZHU X W, CHANG C W, ZHU Z Q, Et al., SDN control and forwarding method based on identity attribute, Journal on Communications, 40, 11, pp. 1-18, (2019)
[15] KHADER D., Attribute based group signatures, IACR Cryptology ePrint Archive, 2007, (2007)
[16] CHEN J F., Research on attribute-based signatures, (2010)
[17] GOYAL V, PANDEY O, SAHAI A, Et al., Attribute-based encryption for fine-grained access control of encrypted data, The 13th ACM conference on Computer and Communications Security, pp. 89-98, (2006)
[18] ZUO Z B, CHANG C W, ZHU X W., A software-defined networking packet forwarding verification mechanism based on programmable data plane, Journal of Electronics & Information Technology, 42, 5, pp. 1110-1117, (2020)
[19] LIN Y, BI J, ZHOU Y, Et al., Research and applications of programmable data plane based on P4, Chinese Journal of Computers, 42, 11, pp. 2539-2560, (2019)
[20] YAZICI V, SUNAY M O, ERCAN A O., Controlling a software-defined network via distributed controllers, (2014)

← 1 2 3 →