A system and method for establishing a secure optical tree in a multi-domain optical network based on distributed PCE

A network security, multi-domain optical technology, applied in the field of multi-domain optical network multicast optical tree establishment system, can solve the problem of not considering the security factors of cross-domain road construction, and achieve the effect of resisting identity forgery attacks

Active Publication Date: 2022-03-22
ENG UNIV OF THE CHINESE PEOPLES ARMED POLICE FORCE
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a distributed PCE-based multi-domain optical network security optical tree establishment system and method, to solve the problem in the prior art that most of the security optical tree establishment methods in the prior art are based on a layered PCE architecture The following, which does not consider the security factors of cross-domain road construction and is only applicable to unicast issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A system and method for establishing a secure optical tree in a multi-domain optical network based on distributed PCE
  • A system and method for establishing a secure optical tree in a multi-domain optical network based on distributed PCE
  • A system and method for establishing a secure optical tree in a multi-domain optical network based on distributed PCE

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0100] In this embodiment, a distributed PCE-based multi-domain optical network secure optical tree establishment system is disclosed, which is used to establish a secure optical tree in a distributed PCE multi-domain optical network. The system includes a security service module and a trust management module and a key management module;

[0101] The security service module is used to provide message encryption and decryption, identity authentication, source authentication, privacy protection and digital signature services when the secure light tree is established;

[0102] The trust management module is used to provide trust value calculation services when the secure optical tree is established;

[0103] The key management module is used to complete key generation, distribution and update when the secure optical tree is established;

[0104] The security service module includes a message encryption and decryption unit, an identity authentication unit, a source authentication...

Embodiment 2

[0161] This embodiment provides a distributed PCE-based multi-domain optical network security optical tree establishment method, using the distributed PCE-based multi-domain optical network security optical tree establishment system in the first embodiment, in the distributed PCE Establish a secure optical tree from the source node to the destination node in the multi-domain optical network, wherein the multi-domain optical network includes multiple domains, each domain includes a PCE, and the PCE of the domain where the source node is located is the source domain PCE;

[0162] The method follows the steps below:

[0163] Step 1. The destination node calls the identity authentication unit to authenticate the source node. If the authentication is passed, a multicast tree establishment request is generated; otherwise, the multicast tree establishment fails and the communication is interrupted;

[0164] The source node calls the session key encryption and decryption subunit to en...

Embodiment 3

[0230] In this embodiment, the distributed PCE-based multi-domain optical network security optical tree establishment system and method provided by the present invention are verified, and NS-2 is used for experiments. Based on the optical network simulation system SSANS, the PH-PCE protocol, The HDTD protocol and the related modules of the system and method provided by the present invention simultaneously embed NSBench script generation software and Gnuplot graphics drawing software into NS-2. The network topology designed and generated by NSBench is as follows: Figure 5 As shown, each domain realizes 20 nodes, 29 communication links, wherein the domain number i can be set according to actual needs, HDTD protocol and the network topology of the system and method provided by the present invention need to add pPCE, and pPCE is set to calculate the boundary nodes and The time of the abstract path is 25ms. In the experiment, the average arrival rate of the path request message PC...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a distributed PCE-based multi-domain optical network security optical tree establishment system and method. Under the distributed PCE architecture, the trust model, multicast routing algorithm, GKMS-DA key management scheme and various security mechanism to ensure the stable establishment of secure optical trees. Compared with typical layered PCE-based protocols, this protocol has achieved better results in network connection blocking rate, multicast tree establishment time, and data packet delivery rate in malicious environments. performance.

Description

technical field [0001] The invention relates to a multi-domain optical network multicast optical tree establishment system and method, in particular to a distributed PCE-based multi-domain optical network security optical tree establishment system and method. Background technique [0002] With the rapid development of streaming media services such as optical network technology and video surveillance, it is more and more common for people to perform multicast services at the optical layer. However, the process of establishing an optical layer multicast tree faces security threats such as identity forgery attacks, message tampering, and replay attacks. Therefore, how to establish a multi-domain optical network multicast tree that meets security requirements is very important. [0003] Aiming at the establishment of multi-domain optical network security multicast tree, some research results have been obtained at home and abroad. In RFC5520 and RFC5920, the security requirement...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L45/16H04L45/48H04L9/40H04Q11/00H04L9/08H04L9/32
CPCH04L45/16H04L45/48H04L9/0836H04L63/065H04L63/0428H04L45/62H04Q11/0062H04L9/3252H04L9/3247H04Q2011/0073
Inventor 吴启武周阳姜灵芝甘波
Owner ENG UNIV OF THE CHINESE PEOPLES ARMED POLICE FORCE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap