本文選題：軟件定義網(wǎng)絡　切入點：OpenFlow　出處：《南京理工大學》2017年碩士論文　論文類型：學位論文

【摘要】：軟件定義網(wǎng)絡(software-defined networks,SDN)是轉控分離、邏輯集中控制的新型網(wǎng)絡架構,其數(shù)據(jù)通信安全是當前計算機網(wǎng)絡安全領域的熱點研究內(nèi)容。作為信息隱藏技術的最新分支,網(wǎng)絡信息隱藏技術是通過修改網(wǎng)絡數(shù)據(jù)報文的包頭、負載或時間信息來嵌入秘密信息,從而實現(xiàn)秘密消息傳輸或通信身份認證。本文針對OpenFlow協(xié)議研究網(wǎng)絡信息隱藏技術在SDN這一新型網(wǎng)絡架構中的應用,具體工作如下:(1)分析了 OpenFlow協(xié)議的報文結構、連接行為特性和時間特性,包括報文中各個字段的含義、建立連接的方式、流程以及連接建立后控制器與交換機的互動,從OpenFlow報文填充字段分布、報文的時間間隔和時序分布等角度來分析OpenFlow協(xié)議報文的空間和時間冗余特性,為SDN中時間式隱信道以及存儲式流水印的設計打下基礎。(2)基于OpenFlow報文的時間信息冗余,提出了一種基于響應報文次序組合調制隱信道構建方案(LLDP-order)和一種基于并行延時的多流時間式隱信道(Multi-delay),二者可在控制層和數(shù)據(jù)層之間交互的控制報文上構筑時間信道來實現(xiàn)跨層秘密信息傳輸。仿真實驗結果表明LLDP-order具有更好的隱蔽性而后者魯棒性更優(yōu)。(3)基于OpenFlow報文的包頭冗余字段,提出了基于不等碼率冗余校驗嵌入的流水印方案,其可用于實現(xiàn)重要指令報文的不等強度防篡改保護。通過哈希算法生成待嵌入水印信息,并將其嵌入至報文的冗余字段中來實現(xiàn)指令真實性認證。通過碰撞概率分析和仿真實驗驗證了所提方案對數(shù)據(jù)篡改類攻擊行為檢測的有效性。(4)在本文所提基于OpenFlow的隱信道和流水印方案基礎上,設計并實現(xiàn)了 SDN網(wǎng)絡信息隱藏仿真平臺,其主要功能模塊包括載體流量發(fā)生器、信道干擾器、數(shù)據(jù)包篡改器、隱信道構建/提取器、流水印嵌入/提取器,該平臺可用于SDN中網(wǎng)絡信息隱藏方案的仿真驗證。
[Abstract]:Software-defined Networks (SDN) is a new type of network architecture with separated control and centralized logic control. Its data communication security is a hot topic in the field of computer network security. As the newest branch of information hiding technology, SDN is the latest branch of information hiding technology. The technology of network information hiding is to embed secret information by modifying the packet header, load or time information of network data message. In order to realize secret message transmission or communication identity authentication, this paper studies the application of network information hiding technology in SDN, which is a new network architecture based on OpenFlow protocol. The main work is as follows: (1) the message structure of OpenFlow protocol is analyzed. Connection behavior and time characteristics, including the meaning of each field in the message, the way to establish the connection, the flow and the interaction between the controller and the switch after the connection is established, the distribution of the field is filled from the OpenFlow message. This paper analyzes the spatial and temporal redundancy characteristics of OpenFlow protocol packets from the angle of time interval and time sequence distribution, which lays a foundation for the design of time hidden channel and stored stream watermark in SDN. In this paper, we propose a scheme for constructing LLDP-order-based modulation hidden channel based on the sequence of response packets and a multi-stream time-dependent hidden channel based on parallel delay. The two schemes can construct time signals on the control packets that interact between the control layer and the data layer. The simulation results show that LLDP-order has better concealment and the latter has better robustness. A income printing scheme based on unequal bit rate redundancy check embedding is proposed, which can be used to protect important instruction packets from tampering with unequal intensity. The watermark information to be embedded is generated by hash algorithm. It is embedded in the redundant field of the message to verify the authenticity of the instruction. The effectiveness of the proposed scheme for detecting the tamper class attacks is verified by collision probability analysis and simulation experiments. 4) in this paper, the proposed scheme is based on OpenFlow. Based on the hidden channel and income printing scheme, The simulation platform of SDN network information hiding is designed and implemented. Its main function modules include carrier flow generator, channel jammer, packet tamper, hidden channel builder / extractor, income imprint embed / extractor, etc. The platform can be used to verify the scheme of network information hiding in SDN.
【學位授予單位】：南京理工大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP309.7

【參考文獻】

相關期刊論文 前5條

1 周彥偉;楊波;張文政;;異構無線網(wǎng)絡可控匿名漫游認證協(xié)議[J];電子學報;2016年05期

2 王蒙蒙;劉建偉;陳杰;毛劍;毛可飛;;軟件定義網(wǎng)絡:安全模型、機制及研究進展[J];軟件學報;2016年04期

3 郭曉軍;程光;朱琛剛;TRUONG Dinh-Tu;周愛平;;主動網(wǎng)絡流水印技術研究進展[J];通信學報;2014年07期

4 諸葛建偉;韓心慧;周勇林;葉志遠;鄒維;;僵尸網(wǎng)絡研究[J];軟件學報;2008年03期

5 葉伯承;;分組式奇偶校驗法[J];軍事通信技術;1989年04期

，

本文編號：1571790