| SDN (Software-Defined Networking) technology provides a good platform for network innovation by separating network control from traffic forwarding, which faces various opportunities and challenges in the process of network development. With the development of SDN technology, SDN-based application is increasing, which brings a lot of problems. Among them, SDN southbound security problem has become one of the key issues that restrict the development of SDN industry.On the one hand, there exist security problems in the process of SDN southbound channel establishment. During the establishment of the SDN southbound channel,an attacker can easily make a fake access using the TCP connection and reduce the usability and integrity of the whole network. On the other hand, through the use of OpenFlow protocol, it can effectively detect and deal with network attacks, such as DDoS attacks.But in the current, OpenFlow cannot provide sufficient protocol independence to support the heterogeneous network model. Also it cannot support the security strategy of heterogeneous network in the data plane.In this paper, the main work and conclusions include the following aspects:Firstly, the security access model based on the AES (Advanced Encryption Standard) algorithm is proposed by extending the OpenFlow message body. In this way, it improves the security of SDN southbound interface.Secondly, based on the OpenFlow protocol, it expands the characteristics of protocol independence in the data plane. In order to improve the security of the data plane, the heterogeneous network model is proposed to support content-based routing.Thirdly, through the network model proposed above, a detection and defense mechanism is proposed aiming at interest flooding attacks in the content routing network. Thus it effectively increases the security of the southbound data plane. |
PDF Full Text Request