SDN-based trusted inter-domain security authentication protocol

Abstract

The invention belongs to the field of information safety and discloses a trusted inter-domain safety certificate protocol based on an SDN. Trusted network thought is fused into an OpenFlow network architecture under the SDN conception, so that the trusted and controllable safety purpose of the network architecture is achieved in the future. On the basis of establishing a trusted domain, the trusted inter-domain safety certification protocol without a trusted third party is provided, a challenge-response mode is adopted for the protocol, firstly, a certification requester getting access to a trusted network enters in an initial state, identity information is sent to a requested person, the requested person responds, own identity information is returned, and the requester and the requested person perform identity registration with each other; Secondly, certification requester and the requested person continue to adopt the challenge-response mode to negotiate trusted sensitive information, and through comparing Hash results of sensitive information PCR values and Hash results of random numbers, mutual trust certification is performed; finally, if the requester and the requested person respectively compare the Hash results, and the trusted requirement is met, certification is successful, and otherwise mutual trust certification fails.

Description

[0001] Technical field: [0002] The invention is a trusted inter-domain security authentication method based on the OpenFlow network architecture under the concept of SDN. It belongs to the field of information security. [0003] Background technique: [0004] With the rapid development of network technology and the continuous emergence of new applications, the Internet has gradually become an important part of the social economy. Under the traditional Internet network architecture, we assume that users are friendly and trustworthy, so the network system is only responsible for data transmission and does not require other control functions. This assumption is obviously no longer applicable to the current network environment. At present, the credibility problems faced by the network are becoming more and more prominent, such as: it is difficult to identify abnormal network behaviors, it is difficult to contain network sabotage activities, and so on. The most fundamental reaso...

AI Technical Summary

Problems solved by technology

However, in terms of credibility, these network architectures are rarely mentioned, and the fundamental problem of network credibility is still not solved

[0006] Professor Nick McKeown of Stanford University proposed SDN based on the Clean Slate project, that is, the concept of software-defined network. Based on the concept of SDN, the network structure research was carried out, and key technologies such as OpenFlow and NOX were proposed. The network management and security functions based on OpenFlow mainly focus on the connection In terms of access control, traffic forwarding and load balancing, etc., the security issues in the design of OpenFlow are not enough, especially for the security protection of the controller node and the OpenFlow switch structure, and the mutual trust authentication between trusted domains under a single controller. not yet resolved

Images