SDN中的网络信息隐藏技术研究

发布时间：2018-03-05 20:38

本文选题：软件定义网络　切入点：OpenFlow　出处：《南京理工大学》2017年硕士论文　论文类型：学位论文

【摘要】：软件定义网络(software-defined networks,SDN)是转控分离、逻辑集中控制的新型网络架构,其数据通信安全是当前计算机网络安全领域的热点研究内容。作为信息隐藏技术的最新分支,网络信息隐藏技术是通过修改网络数据报文的包头、负载或时间信息来嵌入秘密信息,从而实现秘密消息传输或通信身份认证。本文针对OpenFlow协议研究网络信息隐藏技术在SDN这一新型网络架构中的应用,具体工作如下:(1)分析了 OpenFlow协议的报文结构、连接行为特性和时间特性,包括报文中各个字段的含义、建立连接的方式、流程以及连接建立后控制器与交换机的互动,从OpenFlow报文填充字段分布、报文的时间间隔和时序分布等角度来分析OpenFlow协议报文的空间和时间冗余特性,为SDN中时间式隐信道以及存储式流水印的设计打下基础。(2)基于OpenFlow报文的时间信息冗余,提出了一种基于响应报文次序组合调制隐信道构建方案(LLDP-order)和一种基于并行延时的多流时间式隐信道(Multi-delay),二者可在控制层和数据层之间交互的控制报文上构筑时间信道来实现跨层秘密信息传输。仿真实验结果表明LLDP-order具有更好的隐蔽性而后者鲁棒性更优。(3)基于OpenFlow报文的包头冗余字段,提出了基于不等码率冗余校验嵌入的流水印方案,其可用于实现重要指令报文的不等强度防篡改保护。通过哈希算法生成待嵌入水印信息,并将其嵌入至报文的冗余字段中来实现指令真实性认证。通过碰撞概率分析和仿真实验验证了所提方案对数据篡改类攻击行为检测的有效性。(4)在本文所提基于OpenFlow的隐信道和流水印方案基础上,设计并实现了 SDN网络信息隐藏仿真平台,其主要功能模块包括载体流量发生器、信道干扰器、数据包篡改器、隐信道构建/提取器、流水印嵌入/提取器,该平台可用于SDN中网络信息隐藏方案的仿真验证。
[Abstract]:Software-defined Networks (SDN) is a new type of network architecture with separated control and centralized logic control. Its data communication security is a hot topic in the field of computer network security. As the newest branch of information hiding technology, SDN is the latest branch of information hiding technology. The technology of network information hiding is to embed secret information by modifying the packet header, load or time information of network data message. In order to realize secret message transmission or communication identity authentication, this paper studies the application of network information hiding technology in SDN, which is a new network architecture based on OpenFlow protocol. The main work is as follows: (1) the message structure of OpenFlow protocol is analyzed. Connection behavior and time characteristics, including the meaning of each field in the message, the way to establish the connection, the flow and the interaction between the controller and the switch after the connection is established, the distribution of the field is filled from the OpenFlow message. This paper analyzes the spatial and temporal redundancy characteristics of OpenFlow protocol packets from the angle of time interval and time sequence distribution, which lays a foundation for the design of time hidden channel and stored stream watermark in SDN. In this paper, we propose a scheme for constructing LLDP-order-based modulation hidden channel based on the sequence of response packets and a multi-stream time-dependent hidden channel based on parallel delay. The two schemes can construct time signals on the control packets that interact between the control layer and the data layer. The simulation results show that LLDP-order has better concealment and the latter has better robustness. A income printing scheme based on unequal bit rate redundancy check embedding is proposed, which can be used to protect important instruction packets from tampering with unequal intensity. The watermark information to be embedded is generated by hash algorithm. It is embedded in the redundant field of the message to verify the authenticity of the instruction. The effectiveness of the proposed scheme for detecting the tamper class attacks is verified by collision probability analysis and simulation experiments. 4) in this paper, the proposed scheme is based on OpenFlow. Based on the hidden channel and income printing scheme, The simulation platform of SDN network information hiding is designed and implemented. Its main function modules include carrier flow generator, channel jammer, packet tamper, hidden channel builder / extractor, income imprint embed / extractor, etc. The platform can be used to verify the scheme of network information hiding in SDN.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309.7

【参考文献】