Research On Anonymous Communication Technology Based On Segment Routing Over SDN

With the widespread deployment and application of Software-defined Networking(SDN),users’ personal privacy problems when communicating over SDN have also received more attention.On the one hand,the existing anonymous communication systems or protocols cannot be directly applied to SDN architecture due to performance or architectural problems.On the other hand,the existing anonymous communication system over SDN has some disadvantages in security.Regarding the problems above,the thesis analyzes and summarizes the advantages and disadvantages of the existing anonymous communication systems in terms of real-time,anonymity and deployment.It summarizes the requirements and threat models of the anonymous communication systems over SDN,and aims to propose an anonymous communication scheme based on segment routing(SR) under SDN,which encrypts the routing information of each node on the path in multiple layers and hides it in the packet header,so that the adversary cannot link the communication parties by compromising intermediate nodes,thus achieve anonymity.And it uses secure multi-party computation(SMPC) technology to ensure the confidentiality of information such as routing strategies in each domain during inter-domain communication.The main contributions of this thesis are summarized as follows:(1)A strong anonymity and easy-to-deploy anonymous communication scheme based on SR is proposed.This solution addresses the problems of insufficient anonymity and difficulty in deployment of the existing anonymous communication systems over SDN.By expanding SR protocol packet format,the required forwarding routing information between the communicating parties is encrypted and hidden in the packet header,making the adversary difficult to link the communicating parties by compromising the intermediate nodes.During data forwarding phase,in order to prevent the adversary from obtaining the payload to link the communicating parties,while ensuring transmission efficiency,this scheme negotiates a symmetric key with the help of a trusted controller to encrypt the payload.The effectiveness of the scheme is verified mainly from the three aspects of anonymity,latency and throughput.(2)A privacy-preserving inter-domain routing method based on SMPC is proposed.Regarding the problem of privacy information leakage in the existing SDN multi-domain network communication environment,such as network topology and routing strategy,the solution uses a secure multi--party summation protocol based on symmetric encryption to determine the global optimal route.In order to reduce the calculation overhead of the controller,the complex computing tasks are outsourced to two computing servers,and SMPC module is deployed on the computing servers to ensure that the route is passed to the receiving domain controller that has the right to view the route.The security of the method is analyzed and its effectiveness is verified through experiments.(3)An SDN-enabled anonymous communication system is built.It is based on Mininet simulator,Ryu controller,etc.The system uses the structured programming concept to design anonymous communication module,secure computation module and system interface.The interface of the system displays the network topology,nodes,links,etc.