A method and system for improving the security of a content distribution network using SDN technology

Abstract

The invention provides a method and system for improving network security of a content delivery network by employing an SDN (Software Defined Network) technology. The system comprises multiple CDN (Content Delivery Network) servers, multiple cache servers, multiple SDN switches, an SDN controller and multiple SDN switches. The SDN controller receives an access request of a user for accessing an original file, generates a CDN server address message, encrypts the CDN server address message through a private key, sends the encrypted CDN server address message to the user, generates an access request message, and encrypts the access request message through the private key. The CDN server receives the encrypted access request message. The CDN server analyzes the encrypted access request message, obtains analyzed information, and compares the analyzed information with the information in the original access request message before encryption; if the information is the same, the CDN server obtains the original file from the cache server; the user analyzes the CDN server address message and compares the analyzed information with the information in the original CDN server address message before encryption; and if the information is the same, the original file is obtained from the CDN server.

Description

technical field [0001] The invention relates to the field of computers, in particular to a method and system for improving the security of a content distribution network by using SDN technology. Background technique [0002] Content Delivery Network (CDN) is a technology that sends files such as videos and web pages from a remote central server to multiple CDN servers. Users connect to the nearest CDN server through DNS and other methods, thereby reducing the load on the central server and enhancing the service quality perceived by users. However, in the content distribution network, security issues still need to be considered. If a single CDN server and users If the transmission path between them is attacked, it will easily lead to the leakage of the transmitted files. [0003] A commonly used technology to ensure file security is the Shamir threshold technology. Assuming that there are n participants, the participants can be cache servers that store files. The threshold v...

AI Technical Summary

Problems solved by technology

[0005] However, the simple Shamir threshold technology cannot be directly applied to the content distribution network, because the client needs to download all t file fragments to the local to fully recover the original file. Therefore, if the cache server and the client host If the video or webpage files are transmitted between them, the mode of "play while downloading" or "parse while downloading" will not be supported

[0006] After research, we believe that the original Shamir threshold technology only considers the reliable storage and transmission of files, but does not consider the cost of the file requester to restore the original file. In order to solve the above problems, the original file can be split only during storage , before sending, the sender temporarily assembles the original file, so that the file requester can receive the complete file directly, but the following two points must be guaranteed: 1. The file requester and sender must confirm each other’s identity ; 2. It must be ensured that the complete file is difficult to be attacked during transmission

Images