發(fā)布時間：2018-03-05 20:38

  本文選題：軟件定義網(wǎng)絡(luò)　切入點：OpenFlow　出處：《南京理工大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：軟件定義網(wǎng)絡(luò)(software-defined networks,SDN)是轉(zhuǎn)控分離、邏輯集中控制的新型網(wǎng)絡(luò)架構(gòu),其數(shù)據(jù)通信安全是當(dāng)前計算機(jī)網(wǎng)絡(luò)安全領(lǐng)域的熱點研究內(nèi)容。作為信息隱藏技術(shù)的最新分支,網(wǎng)絡(luò)信息隱藏技術(shù)是通過修改網(wǎng)絡(luò)數(shù)據(jù)報文的包頭、負(fù)載或時間信息來嵌入秘密信息,從而實現(xiàn)秘密消息傳輸或通信身份認(rèn)證。本文針對OpenFlow協(xié)議研究網(wǎng)絡(luò)信息隱藏技術(shù)在SDN這一新型網(wǎng)絡(luò)架構(gòu)中的應(yīng)用,具體工作如下:(1)分析了 OpenFlow協(xié)議的報文結(jié)構(gòu)、連接行為特性和時間特性,包括報文中各個字段的含義、建立連接的方式、流程以及連接建立后控制器與交換機(jī)的互動,從OpenFlow報文填充字段分布、報文的時間間隔和時序分布等角度來分析OpenFlow協(xié)議報文的空間和時間冗余特性,為SDN中時間式隱信道以及存儲式流水印的設(shè)計打下基礎(chǔ)。(2)基于OpenFlow報文的時間信息冗余,提出了一種基于響應(yīng)報文次序組合調(diào)制隱信道構(gòu)建方案(LLDP-order)和一種基于并行延時的多流時間式隱信道(Multi-delay),二者可在控制層和數(shù)據(jù)層之間交互的控制報文上構(gòu)筑時間信道來實現(xiàn)跨層秘密信息傳輸。仿真實驗結(jié)果表明LLDP-order具有更好的隱蔽性而后者魯棒性更優(yōu)。(3)基于OpenFlow報文的包頭冗余字段,提出了基于不等碼率冗余校驗嵌入的流水印方案,其可用于實現(xiàn)重要指令報文的不等強度防篡改保護(hù)。通過哈希算法生成待嵌入水印信息,并將其嵌入至報文的冗余字段中來實現(xiàn)指令真實性認(rèn)證。通過碰撞概率分析和仿真實驗驗證了所提方案對數(shù)據(jù)篡改類攻擊行為檢測的有效性。(4)在本文所提基于OpenFlow的隱信道和流水印方案基礎(chǔ)上,設(shè)計并實現(xiàn)了 SDN網(wǎng)絡(luò)信息隱藏仿真平臺,其主要功能模塊包括載體流量發(fā)生器、信道干擾器、數(shù)據(jù)包篡改器、隱信道構(gòu)建/提取器、流水印嵌入/提取器,該平臺可用于SDN中網(wǎng)絡(luò)信息隱藏方案的仿真驗證。
[Abstract]:Software-defined Networks (SDN) is a new type of network architecture with separated control and centralized logic control. Its data communication security is a hot topic in the field of computer network security. As the newest branch of information hiding technology, SDN is the latest branch of information hiding technology. The technology of network information hiding is to embed secret information by modifying the packet header, load or time information of network data message. In order to realize secret message transmission or communication identity authentication, this paper studies the application of network information hiding technology in SDN, which is a new network architecture based on OpenFlow protocol. The main work is as follows: (1) the message structure of OpenFlow protocol is analyzed. Connection behavior and time characteristics, including the meaning of each field in the message, the way to establish the connection, the flow and the interaction between the controller and the switch after the connection is established, the distribution of the field is filled from the OpenFlow message. This paper analyzes the spatial and temporal redundancy characteristics of OpenFlow protocol packets from the angle of time interval and time sequence distribution, which lays a foundation for the design of time hidden channel and stored stream watermark in SDN. In this paper, we propose a scheme for constructing LLDP-order-based modulation hidden channel based on the sequence of response packets and a multi-stream time-dependent hidden channel based on parallel delay. The two schemes can construct time signals on the control packets that interact between the control layer and the data layer. The simulation results show that LLDP-order has better concealment and the latter has better robustness. A income printing scheme based on unequal bit rate redundancy check embedding is proposed, which can be used to protect important instruction packets from tampering with unequal intensity. The watermark information to be embedded is generated by hash algorithm. It is embedded in the redundant field of the message to verify the authenticity of the instruction. The effectiveness of the proposed scheme for detecting the tamper class attacks is verified by collision probability analysis and simulation experiments. 4) in this paper, the proposed scheme is based on OpenFlow. Based on the hidden channel and income printing scheme, The simulation platform of SDN network information hiding is designed and implemented. Its main function modules include carrier flow generator, channel jammer, packet tamper, hidden channel builder / extractor, income imprint embed / extractor, etc. The platform can be used to verify the scheme of network information hiding in SDN.
【學(xué)位授予單位】：南京理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP309.7

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 周彥偉;楊波;張文政;;異構(gòu)無線網(wǎng)絡(luò)可控匿名漫游認(rèn)證協(xié)議[J];電子學(xué)報;2016年05期

2 王蒙蒙;劉建偉;陳杰;毛劍;毛可飛;;軟件定義網(wǎng)絡(luò):安全模型、機(jī)制及研究進(jìn)展[J];軟件學(xué)報;2016年04期

3 郭曉軍;程光;朱琛剛;TRUONG Dinh-Tu;周愛平;;主動網(wǎng)絡(luò)流水印技術(shù)研究進(jìn)展[J];通信學(xué)報;2014年07期

4 諸葛建偉;韓心慧;周勇林;葉志遠(yuǎn);鄒維;;僵尸網(wǎng)絡(luò)研究[J];軟件學(xué)報;2008年03期

5 葉伯承;;分組式奇偶校驗法[J];軍事通信技術(shù);1989年04期

，

本文編號：1571790