[1]李旭阳,郜 帅,国兴昌,等.基于 SDN 的组播安全机制[J].计算机技术与发展,2020,30(10):111-116.[doi:10. 3969 / j. issn. 1673-629X. 2020. 10. 021]
 LI Xu-yang,GAO Shuai,GUO Xing-chang,et al.SDN-based Multicast Security Mechanism[J].,2020,30(10):111-116.[doi:10. 3969 / j. issn. 1673-629X. 2020. 10. 021]
点击复制

基于 SDN 的组播安全机制()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
30
期数:
2020年10期
页码:
111-116
栏目:
安全与防范
出版日期:
2020-10-10

文章信息/Info

Title:
SDN-based Multicast Security Mechanism
文章编号:
1673-629X(2020)10-0111-06
作者:
李旭阳郜 帅国兴昌刘宁春
北京交通大学 电子信息工程学院 下一代互联网互联设备国家工程实验室,北京 100044
Author(s):
LI Xu-yangGAO ShuaiGUO Xing-changLIU Ning-chun
National Engineering Laboratory for NGI Interconnection Devices,School of Electronic Information and Engineering,Beijing Jiaotong University, Beijing 100044,China
关键词:
组播软件定义网络数字证书身份认证会话密钥
Keywords:
multicastSDNdigital certificateidentity authenticationsession key
分类号:
TP393
DOI:
10. 3969 / j. issn. 1673-629X. 2020. 10. 021
摘要:
传统 IP 组播在安全方面存在身份认证、消息加密困难的问题,SDN(software defined networking,软件定义网络)的出现使得这些安全问题有了新的解决思路。 在深入分析现有 SDN 组播安全研究进展的基础上,提出了一种基于 SDN 的安全组播机制,该机制通过 SDN 控制器进行组播安全方案的部署,主要包括组播源和组播接收者的身份认证,以及组播会话密钥管理两方面内容。 设计了一种可以结合身份认证和组播加入退出的报文,实现了基于数字证书的身份认证方式,以及组播会话密钥的生成、分配和更新功能,弥补了现有方案在组播源认证和 SDN 加密组播方面的缺失。 仿真结果表明,该机制能够通过发放数字证书实现组播源和接收者的身份认证,拒绝非法组播接收者进入组播组,并实现了加密的 SDN组播通信,提高了组播的安全性。 性能测试结果表明,该机制的部署在显著提升了组播安全的基础上未对性能造成较大影响。
Abstract:
Traditional IP multicast has difficulties in identity authentication and message encryption in terms of security. The emergence of SDN (software defined networking) makes these security problems have new solutions. Based on in-depth analysis of the current research development of SDN multicast security,a secure multicast mechanism based on SDN is proposed. This mechanism deploys a multicast security scheme through an SDN controller, which mainly includes the identity authentication of the multicast source and receiver,and the management of the multicast session key. A message that can be combined with identity authentication and multicast joining and exiting is designed to realize the authentication mode based on digital certificate and the function of generation,distribution and update of multicast session key, which makes up for the lack of existing schemes in multicast source authentication and SDN encryption multicast. Simulation shows that the mechanism can realize the identity authentication of the multicast source and receiver by issuing digital certificates,deny illegal multicast receivers from entering the multicast group,and implement encrypted SDN multicast communication,which improves the security of multicast. Performance test shows that the deployment of this mechanism does not significantly affect performance on the basis of significantly improving multicast security.

相似文献/References:

[1]闫文耀 王志晓 白海涛 陈海荣[].IPv6组播的轻量级视频会议系统设计与实现[J].计算机技术与发展,2010,(03):184.
 YAN Wen-yao,WANG Zhi-xiao,BAI Hai-tao,et al.Design and Implementation of Light- Power Video Conference System Based on IPv6 Multicast[J].,2010,(10):184.
[2]康晓辉 马占梅.一种高效的LKH方案研究[J].计算机技术与发展,2009,(02):176.
 KANG Xiao-hui,MA Zhan-mei.One High Efficient Scheme Based LKH[J].,2009,(10):176.
[3]包怀忠.IP组播关键技术研究[J].计算机技术与发展,2009,(04):138.
 BAO Huai-zhong.Research on Key Technologies of IP Multicast[J].,2009,(10):138.
[4]周志芳 孙力娟 张亮.基于监听的组播服务管理分析与研究[J].计算机技术与发展,2007,(10):212.
 ZHOU Zhi-fang,. SUN Li-juan,ZHANG Liang.Analysis and Research of Monitoring- Based Multicast Service Management[J].,2007,(10):212.
[5]漆莲芝 冉蜀阳.基于JMF的远程教育系统中实时音频的实现[J].计算机技术与发展,2006,(02):10.
 QI Lian-zhi,RAN Shu-yang.Implementation of Real - Time Audio in Remote Education System Based on JMF[J].,2006,(10):10.
[6]惠飞 黄士坦.一种基于终端的多源应用层组播系统[J].计算机技术与发展,2006,(05):143.
 HUI Fei,HUANG Shi-tan.An End- Based Multi- Sources Application- Level Multicast System[J].,2006,(10):143.
[7]曾志常 杨文伟 李锦棠.J2EE集群的持久对象缓存同步的研究[J].计算机技术与发展,2006,(11):143.
 ZENG Zhi-chang,YANG Wen-wei,LI Jin-tang.Research on Synchronization of Cache for Persistent Object in J2EE Cluster[J].,2006,(10):143.
[8]韩礼国 才书训.流媒体QoS端到端自适应控制策略综述[J].计算机技术与发展,2006,(11):246.
 HAN Li-guo,CAI Shu-xun.A Survey of Adaptive QoS Control System for Streaming Media[J].,2006,(10):246.
[9]肖鹏 周华春 关建峰.IPTV频道切换性能仿真分析[J].计算机技术与发展,2011,(01):19.
 XIAO Peng,ZHOU Hua-chun,GUAN Jian-feng.Performance Analysis and Simulation of Channel Zapping in IPTV[J].,2011,(10):19.
[10]成卫青 王雪梅 豆仁福[] 周宁宁.三种基本网络传送模式的编程实现与分析[J].计算机技术与发展,2011,(07):132.
 CHENG Wei-qing,WANG Xue-mei,DOU Ren-fu,et al.Three Basic Transfer Mode Network Programming and Analysis[J].,2011,(10):132.

更新日期/Last Update: 2020-10-10