基于Open vSwitch的可信交换机STP协议的可信改进

发布时间：2018-05-19 10:29

本文选题：STP + 网络安全　；参考：《北京工业大学》2014年硕士论文

【摘要】：计算机网络技术飞速发展和规模不断扩大的同时，也引来了无数互联网安全问题，人们对网络安全这一问题也越来越重视。可信网络成为近年来网络安全领域的研究热点。将可信与传统网络结合，势必为网络安全提供更好的安全保障，可信网络必将不断发展并有望在未来取代传统网络。以太网是当今最流行的局域网技术。随着以太网业务的不断发展，人们对以太网安全也越来越重视，对网络自愈功能的要求也越来越高。生成树协议（STP）是以太网交换机运行的主要协议之一，其目的是用来解决交换拓扑中的物理冗余产生的问题。当网络出现环路时，STP会动态的建立一棵生成树，使冗余链路处于阻塞状态，从而抑制广播风暴等问题。而当网络出现故障时，冗余链路又可以马上从阻塞状态转到激活状态，代替失效的主链路正常工作。交换机通过相互交换网桥协议数据单元（BPDU）的方式进行信息交换，从而建立生成树。每台交换机都拥有一个唯一的身份标示：网桥ID（BID），具有最小BID的交换机将被选举为根网桥。由于这个特性，攻击者可以伪装成具有最小BID的交换机，，成为根网桥，从而窥探网络流量，发起网络攻击，这种攻击被称为根接管攻击（root take-over attack）。当网络拓扑发生变化时，生成树需重计算，这容易造成攻击者的一些其他攻击行为，如ID改变攻击、沉默攻击等。国外学者从三个方面阐述了生成树协议的缺陷：1）缺少BPDU认证机制；2）STP慢收敛；3）缺少根监管。针对生成树协议的攻击也暴露了链路层网络协议的不足，并将高层网络至于危险之中。尽管一些问题被研究多年，且不断有学者提出解决方案，但仍旧存在很多问题。为了增强2层网络的安全及可信性，本文将可信网络与传统网络结合，提出一种基于可信平台的生成树协议，旨在通过一个轻量级的认证机制，达到局域网交换机的高可信性。如果正确的实施在每台可信交换机上，可信STP的认证机制可保证局域网中交换机对其他交换机声明的拓扑信息的可信性。为了验证改进后的可信STP，本文还提出了一个可信评估模型，它通过使用基于规范的状态机对STP进行可信评估。本文通过在Open vSwitch上实现一个可信STP原型来对其进行功能测试。实验表明，该可信STP协议能够达到安全目标，并能在较低的计算负载和较好的收敛时间下有效的避免STP攻击。
[Abstract]:With the rapid development and expansion of computer network technology, there are also numerous Internet security problems. People pay more and more attention to the problem of network security. In recent years, trusted network has become a research hotspot in the field of network security. The combination of trusted network and traditional network is bound to provide a better security guarantee for network security. Trusted network will continue to develop and is expected to replace the traditional network in the future. Ethernet is the most popular LAN technology nowadays. With the continuous development of Ethernet service, people pay more and more attention to Ethernet security, and the requirement of network self-healing function is higher and higher. Spanning Tree Protocol (STP) is one of the main protocols for Ethernet switch to solve the problem of physical redundancy in switching topology. When the network appears loop, STP will dynamically set up a spanning tree, make the redundant link in blocking state, so as to suppress the broadcast storm and other problems. When the network fails, the redundant link can be switched from blocking state to active state immediately, instead of the failure of the main link. Switches exchange information by exchanging data units of bridge protocol (BPDU) to establish spanning tree. Each switch has a unique identity: bridge ID ID, and the switch with the smallest BID will be elected as the root bridge. Because of this feature, an attacker can disguise himself as a switch with the smallest BID and become a root bridge to peek into network traffic and launch a network attack, which is called root take-over attack. When the network topology changes, the spanning tree needs to be recomputed, which can easily lead to some other attacks, such as ID change attack, silent attack and so on. Foreign scholars have explained the defects of spanning tree protocol from three aspects: 1) lack of BPDU authentication mechanism and 3) lack of root supervision. The attack against spanning tree protocol also exposes the deficiency of link layer network protocol and puts the high layer network in danger. Although some problems have been studied for many years and many scholars have put forward solutions, there are still many problems. In order to enhance the security and credibility of the two-layer network, this paper combines the trusted network with the traditional network, and proposes a spanning tree protocol based on trusted platform, which aims to achieve the high credibility of LAN switch through a lightweight authentication mechanism. If implemented correctly on each trusted switch, the authentication mechanism of trusted STP can guarantee the credibility of the topology information declared by the switch in LAN. In order to verify the improved trusted STP, this paper also proposes a trusted evaluation model, which uses a canonical state machine for trusted evaluation of STP. This paper implements a trusted STP prototype on Open vSwitch to test its function. Experiments show that the trusted STP protocol can achieve security goals and can effectively avoid STP attacks under lower computational load and better convergence time.
【学位授予单位】：北京工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.04;TP393.08

【参考文献】