%0 Journal Article %A HAN Yu %A LI Zhaobin %A LIU Zeyi %A WEI Zhanzhen %T Software defined network path security based on Hash chain %D 2019 %R 10.11772/j.issn.1001-9081.2018091857 %J Journal of Computer Applications %P 1368-1373 %V 39 %N 5 %X For the security problem that the SDN (Software Defined Network) controller can not guarantee the network strategy issued by itself to be correctly executed on the forwarding devices, a new forwarding path monitoring security solution was proposed. Firstly, based on the overall view capability of the controller, a path credential interaction processing mechanism based on OpenFlow was designed. Secondly, Hash chain and message authentication code were introduced as the key technologies for generating and processing the forwarding path credential information. Thirdly, on this basis, Ryu controller and Open vSwitch open-source switch were deeply optimized,with credential processing flow added, constructing a lightweight path security mechanism. The test results show that the proposed mechanism can effectively guarantee the security of data forwarding path, and its throughput consumption is reduced by more than 20% compared with SDNsec, which means it is more suitable for the network environment with complex routes, but its fluctuates of latency and CPU usage are more than 15%, which needs further optimization. %U http://www.joca.cn/EN/10.11772/j.issn.1001-9081.2018091857