针对软件定义网络(SDN, software defined networking)中匹配域范围有限和缺乏有效的数据来源验证机制问题,提出基于密码标识的 SDN 安全控制转发方法.首先,根据用户身份、文件属性或业务内容等特征信息生成密码标识,为数据流打上密码标识并用基于密码标识的私钥签名.其次,在其进出网络时验证签名,确保数据的真实性,同时将密码标识设计为转发设备能识别的匹配项,基于密码标识定义网络转发行为,形成基于人、物、业务流等细粒度网络控管能力.最后,通过实验分析验证该方法的有效性.%Aimed at the limited matching fields and the lack of effective data source authentication mechanism in the software defined networking (SDN), a SDN security control forwarding method based on cipher identification was pro-posed. First, the cipher identification was generated according to the user identity, file attributes or business content and other characteristics, and the data stream was marked by the cipher identification and signed with the private key based on the cipher identification. Then, when the data stream entered and left the network, the forwarding device verified its signature to ensure the authenticity of the data. At the same time, the cipher identification was designed as a matching item recognized by the forwarding device, and the network forwarding behavior was defined based on the cipher identi-fication, so a fine-grained network control capability could be formed based on people, things, and business flow. Finally, the validity of the method is verified by experimental analysis.
展开▼
