CN105933245A - Secure and credible access method in software defined network - Google Patents
Secure and credible access method in software defined network Download PDFInfo
- Publication number
- CN105933245A CN105933245A CN201610465444.1A CN201610465444A CN105933245A CN 105933245 A CN105933245 A CN 105933245A CN 201610465444 A CN201610465444 A CN 201610465444A CN 105933245 A CN105933245 A CN 105933245A
- Authority
- CN
- China
- Prior art keywords
- access
- credible
- service end
- network
- access device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a secure and credible access method in a software defined network. A credible access technique is imported into an access process in the SDN (Software-Defined Network). Through combination of a credible computing technique, the access behavior of an unsecure device carried out on the network can be effectively prevented. Moreover, a rapid access authentication mode and an access mode of grading users according to credible values are provided specific to the flexibility and originality of the SDN. Through adoption of the technical scheme provided by the invention, shortages existing in access authentication of the SDN can be effectively covered, and the security of the SDN can be improved.
Description
Technical field
The invention belongs to the technical field of software defined network, particularly relate to safety in a kind of software defined network
Trusted access method.
Background technology
The concept of OpenFlow is produced by the research project of the research worker of Stanford Univ USA 2006, carries
Advocate and data Layer and the key-course of legacy network devices are decoupled, by centralized controller (controller)
With standardized interface the various network equipments it is managed and configures.Subsequently, researcher thus starts to promote
Software defined network (Software-Defined Networking, SDN) concept, and cause academia and
The extensive concern of industrial circle.
Floodlight Open SDN controller is the OpenFlow controller based on Java of an enterprise-level.
It easily builds and uses, and supports numerous virtual and physics OpenFlow switches.As OpenFlow
Network-based control device, Floodlight provides the ability to network management by the function combining disparate modules.
It provides a user with API and is managed or network to controller merit to the intelligent Application allowing user to create
Can strengthen.
Network insertion problem is one of network security problem.Whole network is permeated in the access of disabled user often
Beginning.Then people come up with various method and are authenticated user.From the phase at the beginning of the nineties in last century to existing
, the most well-known Internet security expert solves network terminal safety sequentially with new technology and method
The problem accessed.The concepts such as Initiative Defense are suggested the most accordingly.
In May, 2004, trustable network connected packet (TNC-SG) establishment, and it was issued in March, 2005 can
Communication network connects TNC specification and corresponding interface specification, and the TNCV1.0 version this time issued determines TNC
Core.TNC framework essentially describes three entities in network insertion, and they are access requestor (Access
Requestor, AR), policy decision point (Policy Decision Point, PDP), Policy Enforcement Point (Policy
Enforcement Point,PEP).Meanwhile, TNC framework includes again three levels, and they are that network accesses
Layer, integrity assessment layer and integrity measurement layer.At present, part is also had to access enhancing side for legacy network
Case is with reference to TNC framework and introduces the concept of trust computing.
One of emphasis of network insertion problem, always network security problem.And software defined network (SDN)
Still fall within the early stage of development, also lack applicable cut-in method.
The method that user is authenticated by the most commonly used IP, MAC and subscriber identity information combination is
Safe network insertion service cannot be provided in day by day complicated network access environment.And common access protocol
All design with reference to current network, with SDN realization approach not corresponding, should directly not overlap in SDN.
Summary of the invention
The technical problem to be solved in the present invention is to provide in a kind of software defined network the cut-in method of safety,
Realize credible access architecture TNC to be combined with each other with SDN framework, can effectively carry for SDN
For safety, believable access service.
For solving the problems referred to above, the present invention adopts the following technical scheme that:
In a kind of software defined network, the trusted access method of safety comprises the following steps:
Step S1, according to SDN secure accessing demand, obtain access device and be stored in trusted platform configuration
Credible metric PCR value in depositor;
Step S2, access device send access request to access service end, and described request comprises described credibility
Amount information PCR value;
Step S3, access service end-apparatus enter according to the user profile of described credible metric PCR value and acquisition
The amount assessment of the integrity of row equipment judges with accessing, if judged result is for allowing to access, and access service end-apparatus
Send to OpenFlow controller and access decision-making;
Step S4, OpenFlow controller flow list item accordingly according to accessing decision making, and by described stream
List item sends to SDN switch, described SDN switch indicating the equipment accessed according to described stream list item
Network insertion let pass.
As preferably, in step 2, during initiating request, send this request to access service end
Client-side random number verification code and the facility information of self.
As preferably, step 3 specifically includes following steps:
Step 3.1, access service end obtain the request of access device, and checking access state also judges whether to permit
Permitted equipment to access, if the equipment of permission accesses, then replied and attach the service of this access request to access device
Side random number verification code;
Step 3.2, access device obtain the reply of access service end, and the random number that certificate server sends is
Random number that is no and that specify before is identical, if identical, then the PCR value of the machine, service side random number is sent out
Deliver to access service end;
Step 3.3, access service end obtain PCR value, the service side random number that access device sends, and test
The service end random number that card access device sends is the most identical with send before.If identical, then start a query at
Whether described access device meets the condition quickly accessed;
If step 3.4 meets the condition quickly accessed, judged result and client-side random number verification will be accessed
Code is sent to access device, if being unsatisfactory for quickly accessing condition, carrying out continuing flow process, and sending out to access device
It is fed into the request of user authentication phase and comprises client-side random number verification code;
Step 3.5, access device according to the reply of access service end, verify described client random number whether with
Send is identical before, if identical, then starts the judged result of processing server, when judged result is credible
Time, send user authentication identity information to access service end;
Described user profile is verified by step 3.6, access service end, if the result is for allowing to access,
Then the access state of client, IP address, MAC Address, PCR value and the user name logged in be recorded
In the nearly list of devices connected, it is concurrently accessed service end and sends access decision-making to OpenFlow controller, put
Open this access device for the access rights of network.
As preferably, described in quickly access condition and be: IP and MAC Address are positioned at nearest access device list,
And the credible PCR value of equipment offer is identical with last time during this access.
As preferably, if not meeting the condition of quickly accessing, then the credible situation of user is judged, described
Credible judged result is divided into: the most credible, part is credible and insincere.
As preferably, in step 3.5, when judged result is insincere, interrupt login process, client
Machine cannot access network;When judged result is credible, it is desirable to access device provides user authentication information.
As preferably, also including: network enables the initial stage, access service end sends to OpenFlow controller
Instruction, described instruction is for stoping unverified equipment to carry out network service;OpenFlow controller simultaneously
After receiving described instruction, the network traffic information submitted to according to switch is assigned and is flowed list item accordingly, to complete
Restriction for non-authentication equipment.
As preferably, described access device is entity device or cloud virtual machine.
Credible access technology is introduced in the safety access method in SDN by technical solution of the present invention, passes through
In conjunction with the relevant technology of trust computing, can effectively stop the equipment access behavior to network insecurely;With
Time the present invention also comprise the flexible originality for SDN and propose and quickly access authentication mode and by can
Letter value, to same user's graded access mode, can effectively fill up deficiency present in SDN access authentication,
To strengthen the safety of SDN.
Accompanying drawing explanation
Fig. 1 is the cut-in method of the present invention structural representation with TNC framework as visual angle;
Fig. 2 is the cut-in method of the present invention structural representation with software defined network framework as visual angle;
Fig. 3 is the data conveying flow schematic diagram of cut-in method of the present invention;
Fig. 4 judges and schematic flow sheet for quickly accessing flow process;
Fig. 5 is that user right judges schematic flow sheet.
Detailed description of the invention
Below in conjunction with specific embodiment, and referring to the drawings, the present invention is described in more detail.
The embodiment of the present invention provides the trusted access method of safety in a kind of software defined network, according to credible access
The credible access architecture of standard TNC, concentrates on controller in conjunction with upper OpenFlow framework by key-course, exchange
The feature of forwarding is absorbed in by machine, it is proposed that framework needed for safety access method, for TNC framework visual angle, and peace
Full access architecture is as it is shown in figure 1, for SDN scope of structure, secure accessing framework is as shown in Figure 2.
Described framework is with reference to the structure of the credible access model of TNC, by all devices involved during network insertion
Classifying as access requestor, Policy Enforcement Point and tactical management & access control and issue a little.
Access device: access requestor
The client run on it will be mainly responsible for providing network access authentication service.Meanwhile, in order to realize can
Letter access function, it can obtain the integrity measurement value of the access device that other tolerance application are collected, also may be used
Idle PCR is used to measure for the program that network insertion is relevant.After obtaining relevant result, will tolerance
Value passes to server and carries out the checking of credible situation.
Wherein, access device has data Layer to be connected with switch.
OpenFlow (SDN) switch: Policy Enforcement Point
It is absorbed in feature data forwarded according to stream table in conjunction with OpenFlow switch, switch is set as
Policy Enforcement Point, performs from key-course, the decision-making of application layer.At the beginning of user accesses, OpenFlow
Exchange opportunity helps user that its credible evaluation data and identification authentication data are conveyed to controller.When
After decision-making assigned by OpenFlow controller, it can forward the proper communication data of access device also according to stream list item
Communication behavior is made restriction.
Wherein, OpenFlow switch and OpenFlow controller have management level data cube computation, with access
Service end has data Layer to connect.
OpenFlow controller: the control centre that management network connects and processes user's access request
Network management part is carried out by OpenFlow controller.Judgement and access authentication to client's trusted status
The API realization of OpenFlow controller is then called by the application (access service end) of SDN application layer.When
After access service end completes the judgement to user's request, by API, result can be informed that OpenFlow is controlled by it
Device processed, correspondence can be flowed list item by its distinctive safe lane and be issued to OpenFlow by OpenFlow controller
Switch, completes the management and control to user.
Wherein, access service end has data Layer to be connected with switch.
As it is shown on figure 3, the embodiment of the present invention provides the trusted access method of safety in a kind of software defined network,
Specifically include following steps:
Network enables the initial stage, and access service end is to OpenFlow controller (hereafter referred to collectively as " controller ")
Send instruction: in addition to white list equipment, stop the network service in addition to certification.After controller receives instruction,
Phase can be assigned in conjunction with the network traffic information that OpenFlow switch (hereafter referred to collectively as " switch ") is submitted to
The stream list item answered, to complete the restriction for non-authentication equipment.
Step 1, according to obtain access device (entity device or cloud virtual machine) access SDN demand,
Enabling client, the most described client obtains the credible tolerance letter being stored in trusted platform configuration depositor
Breath PCR value.
Step 2, access device (request initiator) initiate access request to access service end.Initiating request
During indicate this requesting client side random number verification code to access service end.Meanwhile, self is carried
Facility information (IP address and MAC Address) so that equipment is carried out corresponding by access service end.In order to ensure
Data are not ravesdropping, the encryption key of required use when information comprises the reply of access service end simultaneously, and on
State all information and use access service end disclosed public key encryption in advance.The data transmission comprised during Gai can
It is described as formula
After step 3, access service end (request recipient) receive the request of access device, checking user connects
Enter state (for example whether access) and determine whether that equipment accesses.If the equipment of permission accesses,
Then reply this access request service side random number verification code to access device.Consider for safety factors,
Access service end need to carry client-side random number verification code when replying.Information above will be recognized in employing step 1
The key that card client is specified is encrypted.The data transmission comprised during Gai can be described as formula
Step 4, after access device receives the reply of access service end, first can authenticate access service end and return
The random number returned is the most identical with the random number specified before.If it is different, terminate logging in;If identical, enter
The transmission of reliable information and Qualify Phase.Access device can call and be stored in trusted platform configuration depositor
Credible tolerance PCR value, and transmit to access service end.While sending data, can carry and connect
Enter the access service side random number of service end to verify connection status.Above-mentioned information is disclosed by access service end
Encryption key be encrypted.The data transmission comprised during Gai can be described as formula
After step 5, access service termination receive the data that access device sends.First verify that and information comprises
Server end random number is the most identical with send before, if difference, middle connection breaking.If it is identical, then
Starting a query at whether this access device meets the condition quickly accessed, obtain judged result, described judgement is tied
Fruit is divided into: the most credible, part is credible (being referred to as credible), insincere and meet and quickly access condition shape
State.
Wherein, use feature and the support of reliable computing technology in conjunction with SDN, propose " to quickly access stream
Journey " concept.Quickly access the equipment that flow process is nearest off-line and easy access scheme is provided, reduce and access institute
Taking time, the Web vector graphic strengthening user is experienced.
Quickly access flow process to refer to directly connect after the satisfied equipment quickly accessing condition completes platform credible certification
Enter network, it is no longer necessary to carry out user authentication phase;The condition of quickly accessing refers to: IP and MAC Address are positioned at
Proximity enters in list of devices, and the credible PCR value that when this accesses, equipment provides is identical with last time;Quickly connect
Enter the judgement of flow process as shown in Figure 4.
If meeting the condition of quickly accessing, access service end is then replied client and is accessed result, and under controller
Send out the rule of correspondence to release the network insertion restriction for this access device.
If user does not meets the condition of quickly accessing, then the credible situation of user is judged.
Credible judged result is divided into: the most credible, and part is credible and insincere, totally 3 kinds.The most completely may be used
Letter is referred to as " credible " with part is credible.
Insincere: to be that key parameter does not meets record.
Part is credible: key parameter meets record, and non-key parameter does not meets record.
The most credible: key parameter and non-key parameter all meet record.
Step 6, after access service end has judged, the result that can will determine that feeds back to access device.With this
Meanwhile, the random number of meeting affix client initial specification is to verify that this accesses.Above content will use visitor
End gauage fixed key in family is encrypted.The data transmission comprised during Gai can be described as formula
After step 7, access device receive the reply of access service end, first to access service end send with
Machine number situation judges.If random number is different, then interrupt accessing.When random number is identical, then start
The judged result of processing server.
When finding that judged result is credible (comprise the most credible and part is credible), by authentic authentication result
Prompting user, and require that user enters user authentication phase.When finding that judged result is insincere, interrupt
Login process, client computer cannot access network.When finding that judged result quickly accesses condition for meeting, to
User reminding for information about and points out network to have turned on.
After step 8, entrance user authentication phase, the use that it is had by the user of Client-Prompt access device
Family information (i.e. username and password) carries out authentication.When after the input that user completes authentication information,
Send it to access service end.In order to verify, send the random of its regulation to access service end simultaneously
Number.The PKI that above content all uses access service end to announce in advance is encrypted.The number comprised during Gai
Formula is can be described as according to transmission
The user name password that access device is proposed by step 9, access service end is verified, and is given final
Judged result.If result is for allowing to access, then by the access state of client, IP address, MAC Address,
PCR value and the user name logged in recorded in the list of devices being most recently connected, meanwhile, it is stipulated that this table
The expired time of item.Meanwhile, access service end sends instruction to controller, decontrols this according to user right
Access device is for the access rights of network.
The platform credible value of access device influences whether the access rights after user access network, leads to the most merely
Cross authenticating user identification and provide the user whole network legal powers, but combine trusted status and give different nets
Network access rights.As such, it is possible to prevent validated user do not conform to network is produced shadow after rule equipment access network
Ring.
Judgement to user right is based primarily upon trusted status.Trusted status is divided into the most credible and part is credible.
The complete all parameters of credible finger meet credible situation, and the existence of the credible finger of part non-key parameter is unsatisfactory for credible
The situation required.This state is judged by access server.The net that can access for different trusted status
Network content is set by manager, it is generally recognized that complete believable equipment authority is big, part believable equipment authority
Little.User right judges that flow process is as shown in Figure 5.
The information replied comprises the access result after judgement, with the random number of client initial specification.Above
The key that content uses client to specify is encrypted.The data transmission comprised during Gai can be described as formula
After step 10, controller receive access decision-making, list item is flowed in the generation of bonding apparatus connection accordingly, and
Decision-making is sent to forwarding unit (SDN switch) by OpenFlow passage.SDN switch then can root
According to the instruction of stream list item, the network insertion of the equipment of access is let pass.
So far, network insertion process prescription is complete.
The present invention is by combining reliable computing technology and traditional authenticating user identification technology, and by correlation technique
After be combineding with each other with SDN feature, it is achieved that the safety access method of the present invention.And the present invention is entered
BAN predicate logic of having gone checking and the attack test of AVISPA protocal analysis software, it is ensured that the peace of scheme
Complete and effective, carried out real machine test, with feasibility and the effectiveness of testing scheme simultaneously.Send out after a test
Existing, the present invention effectively can provide secure accessing service for SDN, though unwarranted connector
The legal connector gone wrong with equipment can not or with low rights access network, protect network security.
Above example is only the exemplary embodiment of the present invention, is not used in the restriction present invention, the guarantor of the present invention
The scope of protecting is defined by the claims.Those skilled in the art can in the essence of the present invention and protection domain,
The present invention makes various amendment or equivalent, and this amendment or equivalent also should be regarded as in the present invention
Protection domain in.
Claims (8)
1. the trusted access method of safety in a software defined network, it is characterised in that comprise the following steps:
Step S1, according to SDN secure accessing demand, obtain access device and be stored in trusted platform configuration
Credible metric PCR value in depositor;
Step S2, access device send access request to access service end, and described request comprises described credibility
Amount information PCR value;
Step S3, access service end-apparatus enter according to the user profile of described credible metric PCR value and acquisition
The amount assessment of the integrity of row equipment judges with accessing, if judged result is for allowing to access, and access service end-apparatus
Send to OpenFlow controller and access decision-making;
Step S4, OpenFlow controller flow list item accordingly according to accessing decision making, and by described stream
List item sends to SDN switch, described SDN switch indicating the equipment accessed according to described stream list item
Network insertion let pass.
2. the trusted access method of safety in software defined network as claimed in claim 1, it is characterised in that
In step 2, during initiating request, this requesting client side random number is sent to access service end
Identifying code and the facility information of self.
3. the trusted access method of safety in software defined network as claimed in claim 1, it is characterised in that
Step 3 specifically includes following steps:
Step 3.1, access service end obtain the request of access device, and checking access state also judges whether to permit
Permitted equipment to access, if the equipment of permission accesses, then replied and attach the service of this access request to access device
Side random number verification code;
Step 3.2, access device obtain the reply of access service end, and the random number that certificate server sends is
Random number that is no and that specify before is identical, if identical, then the PCR value of the machine, service side random number is sent out
Deliver to access service end;
Step 3.3, access service end obtain PCR value, the service side random number that access device sends, and test
The service end random number that card access device sends is the most identical with send before.If identical, then start a query at
Whether described access device meets the condition quickly accessed;
If step 3.4 meets the condition quickly accessed, judged result and client-side random number verification will be accessed
Code is sent to access device, if being unsatisfactory for quickly accessing condition, carrying out continuing flow process, and sending out to access device
It is fed into the request of user authentication phase and comprises client-side random number verification code;
Step 3.5, access device according to the reply of access service end, verify described client random number whether with
Send is identical before, if identical, then starts the judged result of processing server, when judged result is credible
Time, send user authentication identity information to access service end;
Described user profile is verified by step 3.6, access service end, if the result is for allowing to access,
Then the access state of client, IP address, MAC Address, PCR value and the user name logged in be recorded
In the nearly list of devices connected, it is concurrently accessed service end and sends access decision-making to OpenFlow controller, put
Open this access device for the access rights of network.
4. the trusted access method of safety in software defined network as claimed in claim 3, it is characterised in that
The described condition that quickly accesses is: IP and MAC Address are positioned at nearest access device list, and when this accesses
The credible PCR value that equipment provides is identical with last time.
5. the trusted access method of safety in software defined network as claimed in claim 3, it is characterised in that
If not meeting the condition of quickly accessing, then judging the credible situation of user, described credible judged result is divided
For: the most credible, part is credible and insincere.
6. the trusted access method of safety in software defined network as claimed in claim 3, it is characterised in that
In step 3.5, when judged result is insincere, interrupting login process, client computer cannot access network;
When judged result is credible, it is desirable to access device provides user authentication information.
7. the trusted access method of safety in software defined network as claimed in claim 1, its feature exists
In, also include: network enables the initial stage, and access service end sends instruction to OpenFlow controller, described
Instruction is for stoping unverified equipment to carry out network service;OpenFlow controller receives described finger simultaneously
After order, the network traffic information submitted to according to switch is assigned and is flowed list item accordingly, to complete for non-authentication
The restriction of equipment.
8. the trusted access method of safety in software defined network as claimed in claim 1, its feature exists
In, described access device is entity device or cloud virtual machine.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610465444.1A CN105933245B (en) | 2016-06-23 | 2016-06-23 | Safe and trusted access method in software defined network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610465444.1A CN105933245B (en) | 2016-06-23 | 2016-06-23 | Safe and trusted access method in software defined network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105933245A true CN105933245A (en) | 2016-09-07 |
CN105933245B CN105933245B (en) | 2020-04-28 |
Family
ID=56830803
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610465444.1A Active CN105933245B (en) | 2016-06-23 | 2016-06-23 | Safe and trusted access method in software defined network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105933245B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106686013A (en) * | 2017-03-10 | 2017-05-17 | 湖北天专科技有限公司 | Identity recognition device for unmanned aerial vehicle, recognition system and recognition method thereof |
CN106789351A (en) * | 2017-01-24 | 2017-05-31 | 华南理工大学 | A kind of online intrusion prevention method and system based on SDN |
CN106850443A (en) * | 2017-02-10 | 2017-06-13 | 济南浪潮高新科技投资发展有限公司 | A kind of SDN flow table issuance methods based on TPM |
CN107612731A (en) * | 2017-09-19 | 2018-01-19 | 北京工业大学 | One kind is based on the believable network section generation of software definition and credible recovery system |
CN108833381A (en) * | 2018-05-31 | 2018-11-16 | 中共中央办公厅电子科技学院 | The credible connection method of software defined network and system |
CN110602150A (en) * | 2019-10-16 | 2019-12-20 | 山东超越数控电子股份有限公司 | Trusted authentication method between SDN nodes |
CN112491896A (en) * | 2020-11-30 | 2021-03-12 | 超越科技股份有限公司 | Trusted access authentication system based on virtualization network |
CN113438119A (en) * | 2021-08-25 | 2021-09-24 | 北京信达环宇安全网络技术有限公司 | Reinforced software deployment method and device, electronic equipment and storage medium |
CN116389032A (en) * | 2022-12-29 | 2023-07-04 | 国网甘肃省电力公司庆阳供电公司 | SDN architecture-based power information transmission link identity verification method |
CN116545775A (en) * | 2023-07-06 | 2023-08-04 | 北京长扬软件有限公司 | NFV-based remote trusted network connection method, device and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101483522A (en) * | 2008-01-09 | 2009-07-15 | 华为技术有限公司 | Method, system and device for controlling trustable network access |
CN103023911A (en) * | 2012-12-25 | 2013-04-03 | 北京工业大学 | Authentication method for access of trusted network devices to trusted network |
CN103929422A (en) * | 2014-04-08 | 2014-07-16 | 北京工业大学 | Trusted inter-domain safety certificate protocol based on SDN |
CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
US20150281276A1 (en) * | 2014-03-26 | 2015-10-01 | Juniper Networks, Inc. | Monitoring compliance with security policies for computer networks |
WO2016085516A1 (en) * | 2014-11-28 | 2016-06-02 | Hewlett Packard Enterprise Development Lp | Verifying a network configuration |
-
2016
- 2016-06-23 CN CN201610465444.1A patent/CN105933245B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101483522A (en) * | 2008-01-09 | 2009-07-15 | 华为技术有限公司 | Method, system and device for controlling trustable network access |
CN101483522B (en) * | 2008-01-09 | 2012-04-04 | 华为技术有限公司 | Method, system and device for controlling trustable network access |
CN103023911A (en) * | 2012-12-25 | 2013-04-03 | 北京工业大学 | Authentication method for access of trusted network devices to trusted network |
US20150281276A1 (en) * | 2014-03-26 | 2015-10-01 | Juniper Networks, Inc. | Monitoring compliance with security policies for computer networks |
CN103929422A (en) * | 2014-04-08 | 2014-07-16 | 北京工业大学 | Trusted inter-domain safety certificate protocol based on SDN |
CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
WO2016085516A1 (en) * | 2014-11-28 | 2016-06-02 | Hewlett Packard Enterprise Development Lp | Verifying a network configuration |
Non-Patent Citations (2)
Title |
---|
SANDRA SCOTT-HAYWARD ; SRIRAM NATARAJAN ; SAKIR SEZER: "A Survey of Security in Software Defined Networks", 《IEEE COMMUNICATIONS SURVEYS & TUTORIALS 》 * |
张朝昆; 崔勇; 唐翯翯; 吴建平: "软件定义网络(SDN)研究进展", 《软件学报》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789351A (en) * | 2017-01-24 | 2017-05-31 | 华南理工大学 | A kind of online intrusion prevention method and system based on SDN |
CN106850443A (en) * | 2017-02-10 | 2017-06-13 | 济南浪潮高新科技投资发展有限公司 | A kind of SDN flow table issuance methods based on TPM |
CN106686013A (en) * | 2017-03-10 | 2017-05-17 | 湖北天专科技有限公司 | Identity recognition device for unmanned aerial vehicle, recognition system and recognition method thereof |
CN107612731A (en) * | 2017-09-19 | 2018-01-19 | 北京工业大学 | One kind is based on the believable network section generation of software definition and credible recovery system |
CN108833381A (en) * | 2018-05-31 | 2018-11-16 | 中共中央办公厅电子科技学院 | The credible connection method of software defined network and system |
CN110602150A (en) * | 2019-10-16 | 2019-12-20 | 山东超越数控电子股份有限公司 | Trusted authentication method between SDN nodes |
CN112491896A (en) * | 2020-11-30 | 2021-03-12 | 超越科技股份有限公司 | Trusted access authentication system based on virtualization network |
CN113438119A (en) * | 2021-08-25 | 2021-09-24 | 北京信达环宇安全网络技术有限公司 | Reinforced software deployment method and device, electronic equipment and storage medium |
CN113438119B (en) * | 2021-08-25 | 2021-11-09 | 北京信达环宇安全网络技术有限公司 | Reinforced software deployment method and device, electronic equipment and storage medium |
CN116389032A (en) * | 2022-12-29 | 2023-07-04 | 国网甘肃省电力公司庆阳供电公司 | SDN architecture-based power information transmission link identity verification method |
CN116389032B (en) * | 2022-12-29 | 2023-12-08 | 国网甘肃省电力公司庆阳供电公司 | SDN architecture-based power information transmission link identity verification method |
CN116545775A (en) * | 2023-07-06 | 2023-08-04 | 北京长扬软件有限公司 | NFV-based remote trusted network connection method, device and system |
CN116545775B (en) * | 2023-07-06 | 2023-09-15 | 北京长扬软件有限公司 | NFV-based remote trusted network connection method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN105933245B (en) | 2020-04-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105933245A (en) | Secure and credible access method in software defined network | |
US11122047B2 (en) | Invitation links with enhanced protection | |
CN111209334B (en) | Power terminal data security management method based on block chain | |
EP3563547B1 (en) | Fabric assisted identity and authentication making use of context | |
US8255977B2 (en) | Trusted network connect method based on tri-element peer authentication | |
KR101114728B1 (en) | A trusted network access control system based ternery equal identification | |
CN106559408B (en) | SDN authentication method based on trust management | |
US8533806B2 (en) | Method for authenticating a trusted platform based on the tri-element peer authentication(TEPA) | |
CN103929422B (en) | Trusted inter-domain safety certificate protocol based on SDN | |
CN107231346A (en) | A kind of method of cloud platform identification | |
CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
CN106789059B (en) | A kind of long-range two-way access control system and method based on trust computing | |
CN107113319A (en) | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification | |
CN105516980A (en) | Token authentication method for wireless sensor network based on Restful architecture | |
US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
Dua et al. | Replay attack prevention in Kerberos authentication protocol using triple password | |
CN111917714A (en) | Zero trust architecture system and use method thereof | |
WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
WO2016109609A1 (en) | System and method for providing authenticated communications from a remote device to a local device | |
CN111130769A (en) | Internet of things terminal encryption method and device | |
CN108990062A (en) | Intelligent and safe Wi-Fi management method and system | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
Kim et al. | Puf-based iot device authentication scheme on iot open platform | |
CN109600357A (en) | A kind of distributed identity authentication system, method and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |