CN113676476B - Encrypted jump method based on action programmable software defined network - Google Patents
Encrypted jump method based on action programmable software defined network Download PDFInfo
- Publication number
- CN113676476B CN113676476B CN202110957573.3A CN202110957573A CN113676476B CN 113676476 B CN113676476 B CN 113676476B CN 202110957573 A CN202110957573 A CN 202110957573A CN 113676476 B CN113676476 B CN 113676476B
- Authority
- CN
- China
- Prior art keywords
- encryption
- switch
- action
- data
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an encryption hopping method based on an action programmable software defined network, which comprises the following steps: identifying a source switch and a destination switch on a communication path; the controller issues the flow table rule to the data plane, and installs an encryption action program to the source switch and a decryption action program to the target switch; sending a plaintext data packet to a source switch by a data sending host, executing a corresponding encryption action program by the source switch, and encrypting a data packet load to obtain a ciphertext data packet; the ciphertext data packet is transmitted to a target switch through a network; the target switch executes the corresponding decryption action program, completes the decryption operation on the data packet load, obtains the plaintext data packet, and finally forwards the plaintext data packet to the data receiving host. After a jump cycle, the controller updates the flow table rule and the action program of the source-destination switch to realize the jump of the encryption algorithm and the key. The invention completes the data packet encryption and decryption and the encryption jump by the network, is transparent to the terminal and does not interrupt the communication.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an encryption hopping method based on an action programmable software defined network.
Background
With the rapid development of network technology, the internet has become an indispensable tool for people's production and life. However, the current network security threat is becoming serious, and network attack events are increasing year by year, which seriously hinders the further development and application of the internet. Interception attack is a typical network attack means, and an attacker acquires and cracks communication contents by intercepting communication data on a network node or a link. The monitoring attack does not generate active attack behavior and can not cause network behavior abnormity, so that the detection and the defense are difficult.
Aiming at monitoring attack, the existing main defense means is data encryption, however, because the user security consciousness is low, encryption is often abandoned or data is encrypted by adopting weak passwords, which provides convenience for an attacker to crack communication contents and leads to defense failure. So far, constructing a more effective defense method for monitoring attacks is still an urgent problem to be solved.
Disclosure of Invention
According to the technical problem that an effective defense method for monitoring attacks is lacked, the encryption jump method based on the action programmable software defined network is provided. The invention utilizes the idea of dynamic, random and polymorphic Moving Target Defense (MTD) to dynamically transform the encryption algorithm and the secret key in the communication, and increases the difficulty and the cost for an attacker to decode information, thereby protecting the safety of network communication data.
The technical means adopted by the invention are as follows:
a cryptographic hopping method based on an action programmable software defined network, the action programmable software defined network comprising:
a controller application running on the controller for issuing commands related to the action program to the controller according to the user requirements,
the controller as the control center of the network system is used for storing and managing the action programs and the configuration files thereof on one hand, and sending the action programs and the configuration files to the appointed switches according to the application of the controller on the other hand,
the switch is used for executing an action program according to a received configuration file to finish complex processing on a data packet, wherein the southbound interface protocol is used for transmitting a control action program and a configuration file thereof issued by the controller to the switch on one hand, and transmitting a message initiated by the switch to the controller on the other hand;
the method comprises the following steps:
identifying a source switch and a destination switch on a communication path, wherein the source switch is connected with a data sending host, and the destination switch is connected with a data receiving host;
the controller issues a flow table rule to a data plane through a southbound interface, an encryption action program is installed on a source switch from a data sending host to a data receiving host routing path, and a decryption action program is installed on a target switch;
sending a plaintext data packet to a source switch by a data sending host, performing flow table matching after the plaintext data packet is received by the source switch, executing a corresponding encryption action Program by the source switch when a Program action is executed, encrypting a data packet load to obtain a ciphertext data packet, and forwarding the ciphertext data packet to a next hop switch;
the ciphertext data packet is transmitted to a target switch through a network;
and the target switch performs flow table matching after receiving the ciphertext data packet, executes a corresponding decryption action Program when executing the Program action, completes decryption operation on the data packet load to obtain a plaintext data packet, and finally forwards the plaintext data packet to the data receiving host.
Further, the method further comprises:
after a jump period, the controller randomly updates the encryption algorithm and the secret key;
the source switch updates the flow table rule and the encryption action program; accordingly, the destination switch updates the flow table rule and decrypts the action program.
Further, the controller randomly updates the encryption algorithm and the key, and the steps include:
the controller installs flow table rules on the data transmission host to the data receiving host on the routing path, except the source switch and the destination switch, and forwards the data packet with the label;
the controller installs a new flow table item and a decryption action program for the target switch, so that the target switch executes the decryption action program for the data packet with the tag, which is transmitted from the data transmitting host to the data receiving host;
installing a new encryption action program to the source switch;
modifying a flow table of a source switch, executing a new encryption action program on a data packet from a data sending host to a data receiving host, and marking a label on the data packet;
waiting for the longest transmission delay from the data sending host to the data receiving host, then deleting all old flow table entries on the routing path from the data sending host to the data receiving host, and deleting old encryption and decryption action programs on the source switch and the target switch;
and modifying the new flow table entry on the routing path from the data sending host to the data receiving host, and deleting the label.
Further, the controller issues the flow table rule to the data plane through the southbound interface, and installs the encryption action program to the source switch from the data sending host to the routing path of the data receiving host, and installs the decryption action program to the destination switch, including:
when the controller generates an encryption and decryption action program configuration file, randomly selecting an encryption and decryption algorithm in an algorithm space, and randomly selecting an encryption and decryption key in a key space;
then the encryption and decryption action programs determine the encryption and decryption algorithms and the keys according to the parameters of the configuration files.
Further, the source switch executes an encryption action program comprising:
carrying out data blocking on a plaintext data packet, and carrying out block encryption on data blocks, wherein when the last data block with insufficient length is subjected to block encryption, a cipher algorithm without increasing the length of a ciphertext is adopted for encryption;
accordingly, the destination switch executes a decryption action program comprising:
and carrying out data blocking on the ciphertext data packet, and carrying out block decryption on the data block, wherein when the last data block with the length less than the length is subjected to block decryption, a decryption algorithm corresponding to the cryptographic algorithm is adopted for decryption.
Compared with the prior art, the invention has the following advantages:
1. the invention sends the encryption and decryption action program to the switch through the controller, and the switch executes the encryption and decryption operation of the data packet, and the encryption and decryption process is transparent to the terminal, and the ongoing communication can not be interrupted.
2. The invention provides an encryption jump method based on an action programmable Software Defined Network (SDN) by utilizing the idea of dynamic, random and polymorphic Moving Target Defense (MTD), wherein an encryption algorithm and a key are dynamically changed in communication, the difficulty and the cost of information decoding of an attacker are increased, and thus the safety of network communication data is protected.
Based on the reasons, the invention can be widely popularized in the field of network communication.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Figure 1 is a schematic diagram of an SDN architecture with programmable behavior according to an embodiment.
Fig. 2 is a schematic diagram of a data encryption hopping architecture of an SDN based on action programmable in an embodiment.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a data encryption transmission method based on an action programmable software defined network, which is realized based on the action programmable software defined network, and the network architecture is shown as figure 1, and mainly comprises the following steps: a controller, a controller application, a southbound interface, and a switch.
As a preferred embodiment of the present invention, the controller application is software running on the controller, and can issue commands related to the action program to the controller according to the user's requirements. The controller is a control center of the network, can store and manage the action programs and the configuration files thereof, and can issue the action programs and the configuration files to the appointed switch according to the application of the controller. The southbound interface protocol is an interactive interface between the controller and the switch, the controller can issue and control action programs and configuration files thereof to the switch through the southbound interface, and the switch can also initiate messages to the controller through the southbound interface. The exchanger completes the processing and forwarding functions of the data packet, can execute an action program according to the configuration file, and completes the complex processing of the data packet. In the embodiment, a new action type Program is added to the SDN switch, and when the action is executed, the switch sends the data packet into a specified action Program, and the action Program further processes the data packet. The process of the switch processing the packet is as follows.
1) And analyzing the data packet header field to obtain the value of each field.
2) And matching the flow table entries with the flow table in the switch according to the analysis result.
3) And when the data packet is successfully matched with a certain flow table entry, the actions in the action set corresponding to the flow table entry are sequentially executed.
4) If the action of the flow table entry is a common action, the switch directly executes the action on the data packet; if the action of the flow table entry is Program action, the switch sends the data packet into a specified action Program, and the action Program processes the data packet.
Preferably, the action programmable software defined network may refer to the system solution described in chinese patent application No. 2021109315346.
The method mainly comprises the following steps:
s1, identifying a source switch and a destination switch on the communication path, wherein the source switch is connected with the data sending host, and the destination switch is connected with the data receiving host. As shown in fig. 2, the host a in the figure is a data sending host, the switch directly connected to the host a is a source switch, the host B is a data receiving host, and the switch directly connected to the host B is a destination switch.
S2, the controller sends the flow table rule to the data plane through the south interface, and installs the encryption action program to the source exchanger from the data sending host to the routing path of the data receiving host, and installs the decryption action program to the target exchanger.
In this embodiment, the controller issues the flow table rule to the data plane through the southbound interface, and installs an encryption action program for the source switch of the routing path from the host a to the host B, and installs a decryption action program for the destination switch, where the encryption algorithm is G and the secret key is K.
And S3, sending a plaintext data packet to a source switch by the data sending host, performing flow table matching after the source switch receives the plaintext data packet, executing a corresponding encryption action Program by the source switch when a Program action is executed, encrypting a data packet load to obtain a ciphertext data packet, and forwarding the ciphertext data packet to a next hop switch.
In this embodiment, the host a sends a plaintext data packet to the host B, the source switch performs flow table matching after receiving the data packet, and when performing a Program action, the source switch performs a corresponding action Program, that is, an encryption Program, completes an encryption operation on a data packet load, repacks the data packet, and forwards the ciphertext data packet to the next-hop switch.
And S4, transmitting the ciphertext data packet to the destination switch through the network.
And S5, the destination switch receives the ciphertext data packet and then performs flow table matching, when the Program action is executed, the destination switch executes a corresponding decryption action Program to finish decryption operation on the data packet load to obtain a plaintext data packet, and finally forwards the plaintext data packet to the data receiving host.
In this embodiment, the destination switch performs flow table matching after receiving the ciphertext data packet, and when executing the Program action, the destination switch executes a corresponding action Program, that is, a decryption Program, to complete a decryption operation on the data packet load, repackages the data packet, and finally forwards the plaintext data packet to the host B.
Further, the method further comprises:
s6, after a jump period, the controller randomly updates the encryption algorithm and the key; the source switch updates the flow table rule and the encryption action program; accordingly, the destination switch updates the flow table rules and decrypts the action procedures.
In this embodiment, after a hop period T, the controller randomly selects an encryption algorithm G ', a key K', and updates the flow table rules and the action procedures of the source switch and the destination switch. In the process, the encryption algorithm and the secret key change along with time, so that the data packet in one-time network communication is encrypted by adopting different encryption algorithms and secret keys, and the data decryption difficulty is greatly improved.
In the embodiment, the encryption and decryption action program determines the encryption and decryption algorithm and the key according to the configuration file parameters. When the controller generates the encryption and decryption action program configuration file, the encryption and decryption algorithm is randomly selected, and the encryption and decryption key is randomly selected in the key space, so that the security of data encryption is ensured.
The amount of encrypted data may increase due to conventional block packet based encryption algorithms. Under the condition that the load length of a plaintext data packet reaches the maximum length, encryption can cause data packet fragmentation, and the data transmission efficiency is seriously influenced. In order to solve the problem, in a further implementation manner of this embodiment, an encryption algorithm based on data block grouping is modified, and a cryptographic algorithm that does not increase the ciphertext length is used for encrypting the last data block grouping with insufficient length. When decrypting, corresponding to the decryption.
In the process of encryption jump, when the encryption and decryption action programs are switched, the encryption and decryption may be inconsistent, that is, the same data packet adopts the unmatched encryption and decryption programs, so that the target host cannot analyze the data. In order to solve this problem, in a further embodiment of this embodiment, a staged flow table-action program updating method is adopted. Specifically, for a data packet from the host a to the host B, encryption jump is performed according to the following steps:
1) except for a source-destination switch, the controller installs a flow table rule for the switches on a route from the host A to the host B, and forwards a data packet with a label f;
2) the controller installs a new flow table item and a decryption action program for a target switch, and the target switch executes the decryption action program for a data packet from the host A to the host B and with a label f;
3) installing a new encryption action program to the source switch;
4) modifying a flow table of a source switch, executing a new encryption action program on a data packet from a host A to a host B, and marking a label f on the data packet;
5) waiting for the longest transmission delay from the host A to the host B, then deleting all old flow table entries on a routing path from the host A to the host B, and deleting old encryption and decryption action programs on a source-destination switch;
6) and modifying the new flow table entry on the route path from the host A to the host B, and deleting the label f.
In the other direction of host a to host B communication, the update process is the same as the above steps. The stage type flow table-action program updating method can ensure that the flow can still be processed by the old encryption and decryption action program during encryption jump, encryption and decryption mismatching cannot occur, and after the flow table-action program is updated, the flow is processed by the new encryption and decryption action program, and the consistency of each packet is ensured. When the controller detects that the Flow table entry is not hit in a certain jump period according to the Flow-removed message initiated by the switch, the controller considers that the communication from the host A to the host B is finished, and does not update the Flow table and the encryption and decryption action program any more.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (4)
1. A method for encrypted hopping based on an action-programmable software-defined network, the action-programmable software-defined network comprising:
a controller application running on the controller for issuing an action program related command to the controller according to a user requirement,
the controller as the control center of the network system is used for storing and managing the action programs and the configuration files thereof on one hand, and sending the action programs and the configuration files to the appointed switches according to the application of the controller on the other hand,
the switch is used for executing an action program according to a received configuration file to finish complex processing on a data packet, wherein the southbound interface protocol is used for transmitting a control action program and a configuration file thereof issued by the controller to the switch on one hand, and transmitting a message initiated by the switch to the controller on the other hand;
the method comprises the following steps:
identifying a source switch and a destination switch on a communication path, wherein the source switch is connected with a data sending host, and the destination switch is connected with a data receiving host;
the controller issues a flow table rule to the data plane through the southbound interface, an encryption action program is installed on a source switch from the data sending host to the routing path of the data receiving host, and a decryption action program is installed on a target switch;
sending a plaintext data packet to a source switch by a data sending host, performing flow table matching after the plaintext data packet is received by the source switch, executing a corresponding encryption action Program by the source switch when a Program action is executed, encrypting a data packet load to obtain a ciphertext data packet, and forwarding the ciphertext data packet to a next hop switch;
the ciphertext data packet is transmitted to a target switch through a network;
the target switch receives the ciphertext data packet and then carries out flow table matching, when the Program action is executed, the target switch executes a corresponding decryption action Program to finish decryption operation on the data packet load to obtain a plaintext data packet, and finally forwards the plaintext data packet to a data receiving host;
after a jump period, the controller randomly updates the encryption algorithm and the key, the source switch then updates the flow table rule and the encryption action program, and the destination switch accordingly updates the flow table rule and the decryption action program.
2. The encrypted hopping method based on the action programmable software defined network as claimed in claim 1, wherein the controller randomly updates the encryption algorithm and the key, and the steps include:
the controller installs flow table rules on the data transmission host to the data receiving host on the routing path, except the source switch and the destination switch, and forwards the data packet with the label;
the controller installs a new flow table item and a decryption action program for the target switch, so that the target switch executes the decryption action program for the data packet with the tag, which is transmitted from the data transmitting host to the data receiving host;
installing a new encryption action program to the source switch;
modifying a flow table of a source switch, executing a new encryption action program on a data packet from a data sending host to a data receiving host, and marking a label on the data packet;
waiting for the longest transmission delay from the data sending host to the data receiving host, then deleting all old flow table entries on the routing path from the data sending host to the data receiving host, and deleting old encryption and decryption action programs on the source switch and the target switch;
and modifying the new flow table entry on the routing path from the data sending host to the data receiving host, and deleting the label.
3. The encryption jump method based on the action programmable software defined network of claim 1, characterized in that the controller issues the flow table rule to the data plane through the southbound interface, and installs the encryption action program to the source switch from the data sending host to the routing path of the data receiving host, and installs the decryption action program to the destination switch, including:
when the controller generates an encryption and decryption action program configuration file, an encryption and decryption algorithm is randomly selected in an algorithm space, and an encryption and decryption key is randomly selected in a key space;
then the encryption and decryption action programs determine the encryption and decryption algorithms and the keys according to the parameters of the configuration files.
4. The encrypted hopping method based on the action programmable software defined network as claimed in claim 1, wherein the source switch executes the encrypted action program including:
carrying out data blocking on a plaintext data packet, and carrying out block encryption on data blocks, wherein when the last data block with insufficient length is subjected to block encryption, a cipher algorithm without increasing the length of a ciphertext is adopted for encryption;
accordingly, the destination switch executes a decryption action program comprising:
and carrying out data blocking on the ciphertext data packet, and carrying out block decryption on the data block, wherein when the last data block with the length less than the length is subjected to block decryption, a decryption algorithm corresponding to the cryptographic algorithm is adopted for decryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110957573.3A CN113676476B (en) | 2021-08-18 | 2021-08-18 | Encrypted jump method based on action programmable software defined network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110957573.3A CN113676476B (en) | 2021-08-18 | 2021-08-18 | Encrypted jump method based on action programmable software defined network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113676476A CN113676476A (en) | 2021-11-19 |
CN113676476B true CN113676476B (en) | 2022-07-08 |
Family
ID=78544394
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110957573.3A Active CN113676476B (en) | 2021-08-18 | 2021-08-18 | Encrypted jump method based on action programmable software defined network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113676476B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115225333B (en) * | 2022-06-23 | 2023-05-12 | 中国电子科技集团公司第三十研究所 | TSN encryption method and system based on software definition |
CN116886364A (en) * | 2023-07-17 | 2023-10-13 | 武汉恒信永合电子技术有限公司 | SDN switch operation method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417739A (en) * | 2019-06-27 | 2019-11-05 | 华东师范大学 | It is a kind of based on block chain technology safety Netowrk tape in measurement method |
CN111464503A (en) * | 2020-03-11 | 2020-07-28 | 中国人民解放军战略支援部队信息工程大学 | Network dynamic defense method, device and system based on random multidimensional transformation |
CN111884941A (en) * | 2020-08-03 | 2020-11-03 | 中国人民解放军92941部队 | Safe SDN multicast system and control method thereof |
CN111886833A (en) * | 2018-01-12 | 2020-11-03 | 瑞典爱立信有限公司 | Control message redirection mechanism for SDN control channel failures |
CN113225255A (en) * | 2021-03-31 | 2021-08-06 | 福建奇点时空数字科技有限公司 | SDN random route hopping method based on trigger generation mechanism |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105429957A (en) * | 2015-11-02 | 2016-03-23 | 芦斌 | IP address jump safety communication method based on SDN framework |
US10084756B2 (en) * | 2015-12-30 | 2018-09-25 | Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. | Anonymous communications in software-defined networks via route hopping and IP address randomization |
US10205706B2 (en) * | 2016-05-11 | 2019-02-12 | Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. | System and method for programmable network based encryption in software defined networks |
US11075949B2 (en) * | 2017-02-02 | 2021-07-27 | Nicira, Inc. | Systems and methods for allocating SPI values |
CN110945837B (en) * | 2017-06-01 | 2022-11-01 | 瑞典爱立信有限公司 | Optimizing service node monitoring in SDN |
US11876833B2 (en) * | 2019-08-15 | 2024-01-16 | Uchicago Argonne, Llc | Software defined networking moving target defense honeypot |
CN113098894A (en) * | 2021-04-22 | 2021-07-09 | 福建奇点时空数字科技有限公司 | SDN IP address hopping method based on randomization algorithm |
-
2021
- 2021-08-18 CN CN202110957573.3A patent/CN113676476B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111886833A (en) * | 2018-01-12 | 2020-11-03 | 瑞典爱立信有限公司 | Control message redirection mechanism for SDN control channel failures |
CN110417739A (en) * | 2019-06-27 | 2019-11-05 | 华东师范大学 | It is a kind of based on block chain technology safety Netowrk tape in measurement method |
CN111464503A (en) * | 2020-03-11 | 2020-07-28 | 中国人民解放军战略支援部队信息工程大学 | Network dynamic defense method, device and system based on random multidimensional transformation |
CN111884941A (en) * | 2020-08-03 | 2020-11-03 | 中国人民解放军92941部队 | Safe SDN multicast system and control method thereof |
CN113225255A (en) * | 2021-03-31 | 2021-08-06 | 福建奇点时空数字科技有限公司 | SDN random route hopping method based on trigger generation mechanism |
Non-Patent Citations (1)
Title |
---|
赵正.基于软件定义网络的移动目标防御关键技术研究.《中国博士学位论文全文数据库 信息科技辑》.2018,正文第. * |
Also Published As
Publication number | Publication date |
---|---|
CN113676476A (en) | 2021-11-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107682284B (en) | Method and network equipment for sending message | |
CN113676476B (en) | Encrypted jump method based on action programmable software defined network | |
CN104023013B (en) | Data transmission method, server side and client | |
US9129121B2 (en) | Locating cryptographic keys stored in a cache | |
US7194619B2 (en) | Remotely booting devices in a dense server environment without manually installing authentication parameters on the devices to be booted | |
CN110048986B (en) | Method and device for ensuring ring network protocol operation safety | |
US10911581B2 (en) | Packet parsing method and device | |
MXPA06009235A (en) | Method and apparatus for cryptographically processing data. | |
CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
CN111404953A (en) | Message encryption method, message decryption method, related devices and related systems | |
CN112637176A (en) | Industrial network data isolation method, device and storage medium | |
EP3022864B1 (en) | Apparatus and method for key update for use in a block cipher algorithm | |
CN113507482B (en) | Data security transmission method, security transaction method, system, medium and equipment | |
CN110839036A (en) | Attack detection method and system for SDN (software defined network) | |
CN108337243B (en) | Message forwarding method, device and forwarding equipment | |
CN113472634A (en) | Instant messaging method, device and system, storage medium and electronic device | |
WO2020248906A1 (en) | Secure data transmission method and apparatus for intelligent fusion identification network | |
CN110943996B (en) | Management method, device and system for business encryption and decryption | |
US9100374B2 (en) | Method for managing remote upgrading keys in an information security apparatus | |
CN110839037A (en) | Attack scene mining method and system for SDN network | |
CN116827651A (en) | Communication security protection method, device, computer equipment and storage medium | |
CN110875902A (en) | Communication method, device and system | |
WO2022174739A1 (en) | Message sending method, signature information generating method, and device | |
CN112910630A (en) | Method and device for replacing expanded key | |
EP3193487B1 (en) | Encryption/decryption device and encryption/decryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |