|
|||||
|
|
| 基于区块链的软件定义网络数据帧安全验证机制 | |
| 引用本文: | 陈何雄,罗宇薇,韦云凯,郭威,杭菲璐,毛正雄,张振红,何映军,罗震宇,谢林江,杨宁.基于区块链的软件定义网络数据帧安全验证机制[J].计算机应用,2022,42(10):3074-3083. |
| 作者姓名: | 陈何雄 罗宇薇 韦云凯 郭威 杭菲璐 毛正雄 张振红 何映军 罗震宇 谢林江 杨宁 |
| 作者单位: | 云南电网有限责任公司 信息中心, 昆明 650011 电子科技大学 长三角研究院(衢州), 浙江 衢州 324003 电子科技大学 信息与通信工程学院, 成都 611731 |
| 基金项目: | 国家自然科学基金资助项目(61620106011);云南电网科技项目(YNKJXM20200168);衢州科技专项(2021D013) |
| 摘 要: | 为构建安全高效的网络环境,必须对伪造、受篡改数据帧进行有效的识别与过滤。然而,在软件定义网络(SDN)中,现有的安全验证机制通常在验证设备受到攻击或恶意控制时无法有效运行。为解决上述问题,提出了基于区块链的SDN数据帧安全验证机制。首先,设计帧转发证明(PoFF)共识算法并以此为基础建立轻量型区块链系统;然后,基于该系统构建针对SDN数据帧的安全验证体系;最后,提出可灵活调节的半随机选择验证模式以兼顾验证效率与资源开销。仿真结果表明,在同等比例的交换机被恶意控制情况下,所提机制的漏检概率较基于哈希链的验证机制有明显降低。其中,当受控交换机占比为40%时,降低效果尤其显著:此时所提机制在基本验证模式下的漏检概率低于32%,在辅助以半随机验证后可进一步降到7%,均远低于基于哈希链的验证机制72%的漏检概率;且所提机制引入的资源开销与通信代价在合理范围内。此外,即使在SDN控制器完全失效情况下,所提机制仍可保持良好的验证性能与效率。 |
| 关 键 词: | 软件定义网络 区块链 安全验证 共识算法 数字签名 |
| 收稿时间: | 2020-08-16 |
| 修稿时间: | 2021-11-20 |
Blockchain-based data frame security verification mechanism in software defined network |
|
| Hexiong CHEN,Yuwei LUO,Yunkai WEI,Wei GUO,Feilu HANG,Zhengxiong MAO,Zhenhong ZHANG,Yingjun HE,Zhenyu LUO,Linjiang XIE,Ning YANG.Blockchain-based data frame security verification mechanism in software defined network[J].journal of Computer Applications,2022,42(10):3074-3083. | |
| Authors: | Hexiong CHEN Yuwei LUO Yunkai WEI Wei GUO Feilu HANG Zhengxiong MAO Zhenhong ZHANG Yingjun HE Zhenyu LUO Linjiang XIE Ning YANG |
| Affiliation: | Information Center,Yunnan Power Grid Company Limited,Kunming Yunnan 650011,China Yangtze Delta Region Institute (Quzhou),University of Electronic Science and Technology of China,Quzhou Zhejiang 324003,China School of Information and Communication Engineering,University of Electronic Science and Technology of China,Chengdu Sichuan 611731,China |
| Abstract: | Forged and tampered data frames should be identified and filtered out to ensure network security and efficiency. However, the existing schemes usually fail to work when verification devices are attacked or maliciously controlled in the Software Defined Network (SDN). To solve the above problem, a blockchain-based data frame security verification mechanism was proposed. Firstly, a Proof of Frame Forwarding (PoFF) consensus algorithm was designed and used to build a lightweight blockchain system. Then, an efficient data frame security verifying scheme for SDN data frame was proposed on the basis of this blockchain system. Finally, a flexible semi-random verifying scheme was presented to balance the verification efficiency and the resource cost. Simulation results show that compared with the hash chain based verifying scheme, the proposed scheme decreases the missed detection rate significantly when an equal proportion of switches are maliciously controlled. Specifically, when the proportion is 40%, the decrease effect is very obvious, the missed detection rate can still be kept no more than 32% in the basic verification mode, and can be further reduced to 7% with the assistance of the semi-random verifying scheme. Both are much lower than the missed detection rate of 72% in the hash chain based verifying scheme, and the resource overhead and communication cost introduced by the proposed mechanism are within a reasonable range. Additionally, the proposed scheme can still maintain good verification performance and efficiency even when the SDN controller is completely unable to work. |
| Keywords: | Software Defined Network (SDN) blockchain security verification consensus algorithm digital signature |
| 点击此处可从《计算机应用》浏览原始摘要信息 | |
| 点击此处可从《计算机应用》下载全文 | |