Toggle navigation
Home
About
About Journal
Historical Evolution
Indexed In
Awards
Reference Index
Editorial Board
Journal Online
Archive
Project Articles
Most Download Articles
Most Read Articles
Instruction
Contribution Column
Author Guidelines
Template
FAQ
Copyright Agreement
Expenses
Academic Integrity
Contact
Contact Us
Location Map
Subscription
Advertisement
中文
Journals
Publication Years
Keywords
Search within results
(((WEI Zhanzhen[Author]) AND 1[Journal]) AND year[Order])
AND
OR
NOT
Title
Author
Institution
Keyword
Abstract
PACS
DOI
Please wait a minute...
For Selected:
Download Citations
EndNote
Ris
BibTeX
Toggle Thumbnails
Select
Software defined network path security based on Hash chain
LI Zhaobin, LIU Zeyi, WEI Zhanzhen, HAN Yu
Journal of Computer Applications 2019, 39 (
5
): 1368-1373. DOI:
10.11772/j.issn.1001-9081.2018091857
Abstract
(
363
)
PDF
(1058KB)(
268
)
Knowledge map
Save
For the security problem that the SDN (Software Defined Network) controller can not guarantee the network strategy issued by itself to be correctly executed on the forwarding devices, a new forwarding path monitoring security solution was proposed. Firstly, based on the overall view capability of the controller, a path credential interaction processing mechanism based on OpenFlow was designed. Secondly, Hash chain and message authentication code were introduced as the key technologies for generating and processing the forwarding path credential information. Thirdly, on this basis, Ryu controller and Open vSwitch open-source switch were deeply optimized,with credential processing flow added, constructing a lightweight path security mechanism. The test results show that the proposed mechanism can effectively guarantee the security of data forwarding path, and its throughput consumption is reduced by more than 20% compared with SDNsec, which means it is more suitable for the network environment with complex routes, but its fluctuates of latency and CPU usage are more than 15%, which needs further optimization.
Reference
|
Related Articles
|
Metrics
Select
Research and implementation of key module of data security processing mechanism in software defined network
LI Zhaobin, LI Weilong, WEI Zhanzhen, LIU Mengtian
Journal of Computer Applications 2018, 38 (
7
): 1929-1935. DOI:
10.11772/j.issn.1001-9081.2017123007
Abstract
(
501
)
PDF
(1175KB)(
289
)
Knowledge map
Save
To solve the data leakage problem of data plane in Software Defined Network (SDN), a new data security processing mechanism based on OpenFlow protocol was proposed. Firstly, the flow table structure of OpenFlow protocol was reconstructed, the OpenFlow data security policies including safe matching fields, safe actions were designed and implemented. Secondly, a centralized management controller was designed to sense changes in the network in a timely manner through the development of multiple functional modules, which effectively controlled the global network, maintained and distributed data encryption/decryption keys and data security policies. Thirdly, the open virtual switch OVS (Open vSwitch) architecture was reconstructed deeply, the complete process including data security strategy matching and data security processing was designed, and the extraction interface of data payload information was programmed. Through the development of multiple functional modules, OVS can match the data packets according to the fine-grained granularity of data security policies, and perform complete data security processing operations on matched data packets. Finally, by building the hardware and software platform, the results of the encryption and decryption mechanisms, and the time delay, throughput and CPU utilization rate were tested and compared. The experimental results show that the proposed mechanism can accurately operate data encryption and decryption. The latency and throughput of the proposed mechanism are at normal levels, but its CPU usage rate is between 45% and 60%, which indicates that it needs to be optimized furtherer.
Reference
|
Related Articles
|
Metrics