A novel software-defined network packet security tunnel forwarding mechanism
| Autor: | Chao Wen Chang, Zhi Bin Zuo, Rong Yu He, Xian Wei Zhu |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
OpenFlow
computer.internet_protocol Computer science Network security Multiprotocol Label Switching 02 engineering and technology 0502 economics and business 0202 electrical engineering electronic engineering information engineering Forwarding plane Authentication Network packet business.industry Applied Mathematics ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS 05 social sciences Packet forwarding General Medicine Computational Mathematics Modeling and Simulation 020201 artificial intelligence & image processing General Agricultural and Biological Sciences Software-defined networking business computer 050203 business & management Computer network |
| Zdroj: | Mathematical Biosciences and Engineering. 16:4359-4381 |
| ISSN: | 1551-0018 |
| Popis: | The OpenFlow protocol match field capacity is fixed and limited, and packet forwarding in software-defined network lacks valid authentication of data source, integrity verification, and confidentiality protection mechanism. OpenFlow only supports the MPLS label tunnel establishment, and therefore cannot establish a secure tunnel flexibly. In order to solve these problems, we propose P4Sec, a novel software-defined network packet security tunnel forwarding mechanism. As P4 allows the data plane to be reprogrammed to realize the characteristics of packet forwarding, we build a software-defined network security tunnel to prevent data malicious tampering, stealing, forgery and other malicious network behavior, implementing packet routing and forwarding based on gateway identity. Finally, we construct a P4Sec prototype system based on the software switch BMv2, verify the effectiveness of the mechanism through experimental analysis, and evaluate the overhead of the mechanism. The results demonstrate that P4Sec security mechanism ensure the authenticity, integrity, and confidentiality of forwarded data, and realize the secure forwarding requirements of data packets in software-defined network. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|