Research On The Security Application Of The Software Defined Network Slice Based On IKE And IPSec

With the rapid development of Internet technology,the types of services and business complexity have also increased,and the complex and ever-changing network status has become a key factor for the further development of the communication network.With the continuous development of 5G network slicing technology,it has become a new idea to redivide the communication network structure.Many major companies have invested a amount of resources in new areas of research.At the same time,the current SDN architecture is relatively mature,and SDN switches have strong packet processing capabilities,these facts reflect the integration of the technology.Even so,there are still some potential security risks in network slicing security.As the advantages of the separation of the control and forwarding functions of the SDN architecture and the ability to program the network,as well as the ease of partitioning and operability of the slicing network.We design a system architecture for secure communication in software defined network slicing based on IKE and IPSec protocol.The main idea of the architecture is the improvement of the current IPSec protocol mechanism by using hash encryption and IKE mechanism to improve the operability and stability of the system.The main work of this paper is as follows:(1)We introduced the IKE protocol in our system architecture.The encryption of IPSec requires manual selection of resolution protocols or verification fields.Moreover,once the encryption method is selected,it will not make new changes for a period of time.This also brings some security risks,which gives the attacker more time to crack.And the advantage of IKE is that it can dynamically select the resolution protocol or verification field in the database randomly,establish a security alliance,and the configuration all depends on the autonomous operation of the program,which basically completely liberates the developer.(2)We have designed and implemented a route generation algorithm.We apply the bandwidth utilization dynamic routing algorithm to the SDN network and use the SDN controller to grasp the network link conditions in the real-time environment,which can ensure the communication delay and the load balance of the link.(3)We implemented an authentication algorithm by using random numbers for hash encryption.The system built only by the IKE and IPSec protocol may be compromised within a limited time.Therefore,we propose a hash encryption by adding a dynamically changed random number.During the interval time,we put the key into the openflow table sent by the controller after the encryption of the random string,these verifications make it impossible for an attacker to crack encryption;Finally,we test the architecture based on IPSec and IKE protocol.According to the test results and the analysis,it can be proved that the our system architecture has higher security and easier to deploy.