CN105933245A - Secure and credible access method in software defined network - Google Patents

Secure and credible access method in software defined network Download PDF

Info

Publication number
CN105933245A
CN105933245A CN201610465444.1A CN201610465444A CN105933245A CN 105933245 A CN105933245 A CN 105933245A CN 201610465444 A CN201610465444 A CN 201610465444A CN 105933245 A CN105933245 A CN 105933245A
Authority
CN
China
Prior art keywords
access
credible
service end
network
access device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610465444.1A
Other languages
Chinese (zh)
Other versions
CN105933245B (en
Inventor
刘静
刁子朋
庄俊玺
赖英旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201610465444.1A priority Critical patent/CN105933245B/en
Publication of CN105933245A publication Critical patent/CN105933245A/en
Application granted granted Critical
Publication of CN105933245B publication Critical patent/CN105933245B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a secure and credible access method in a software defined network. A credible access technique is imported into an access process in the SDN (Software-Defined Network). Through combination of a credible computing technique, the access behavior of an unsecure device carried out on the network can be effectively prevented. Moreover, a rapid access authentication mode and an access mode of grading users according to credible values are provided specific to the flexibility and originality of the SDN. Through adoption of the technical scheme provided by the invention, shortages existing in access authentication of the SDN can be effectively covered, and the security of the SDN can be improved.

Description

The trusted access method of safety in a kind of software defined network
Technical field
The invention belongs to the technical field of software defined network, particularly relate to safety in a kind of software defined network Trusted access method.
Background technology
The concept of OpenFlow is produced by the research project of the research worker of Stanford Univ USA 2006, carries Advocate and data Layer and the key-course of legacy network devices are decoupled, by centralized controller (controller) With standardized interface the various network equipments it is managed and configures.Subsequently, researcher thus starts to promote Software defined network (Software-Defined Networking, SDN) concept, and cause academia and The extensive concern of industrial circle.
Floodlight Open SDN controller is the OpenFlow controller based on Java of an enterprise-level. It easily builds and uses, and supports numerous virtual and physics OpenFlow switches.As OpenFlow Network-based control device, Floodlight provides the ability to network management by the function combining disparate modules. It provides a user with API and is managed or network to controller merit to the intelligent Application allowing user to create Can strengthen.
Network insertion problem is one of network security problem.Whole network is permeated in the access of disabled user often Beginning.Then people come up with various method and are authenticated user.From the phase at the beginning of the nineties in last century to existing , the most well-known Internet security expert solves network terminal safety sequentially with new technology and method The problem accessed.The concepts such as Initiative Defense are suggested the most accordingly.
In May, 2004, trustable network connected packet (TNC-SG) establishment, and it was issued in March, 2005 can Communication network connects TNC specification and corresponding interface specification, and the TNCV1.0 version this time issued determines TNC Core.TNC framework essentially describes three entities in network insertion, and they are access requestor (Access Requestor, AR), policy decision point (Policy Decision Point, PDP), Policy Enforcement Point (Policy Enforcement Point,PEP).Meanwhile, TNC framework includes again three levels, and they are that network accesses Layer, integrity assessment layer and integrity measurement layer.At present, part is also had to access enhancing side for legacy network Case is with reference to TNC framework and introduces the concept of trust computing.
One of emphasis of network insertion problem, always network security problem.And software defined network (SDN) Still fall within the early stage of development, also lack applicable cut-in method.
The method that user is authenticated by the most commonly used IP, MAC and subscriber identity information combination is Safe network insertion service cannot be provided in day by day complicated network access environment.And common access protocol All design with reference to current network, with SDN realization approach not corresponding, should directly not overlap in SDN.
Summary of the invention
The technical problem to be solved in the present invention is to provide in a kind of software defined network the cut-in method of safety, Realize credible access architecture TNC to be combined with each other with SDN framework, can effectively carry for SDN For safety, believable access service.
For solving the problems referred to above, the present invention adopts the following technical scheme that:
In a kind of software defined network, the trusted access method of safety comprises the following steps:
Step S1, according to SDN secure accessing demand, obtain access device and be stored in trusted platform configuration Credible metric PCR value in depositor;
Step S2, access device send access request to access service end, and described request comprises described credibility Amount information PCR value;
Step S3, access service end-apparatus enter according to the user profile of described credible metric PCR value and acquisition The amount assessment of the integrity of row equipment judges with accessing, if judged result is for allowing to access, and access service end-apparatus Send to OpenFlow controller and access decision-making;
Step S4, OpenFlow controller flow list item accordingly according to accessing decision making, and by described stream List item sends to SDN switch, described SDN switch indicating the equipment accessed according to described stream list item Network insertion let pass.
As preferably, in step 2, during initiating request, send this request to access service end Client-side random number verification code and the facility information of self.
As preferably, step 3 specifically includes following steps:
Step 3.1, access service end obtain the request of access device, and checking access state also judges whether to permit Permitted equipment to access, if the equipment of permission accesses, then replied and attach the service of this access request to access device Side random number verification code;
Step 3.2, access device obtain the reply of access service end, and the random number that certificate server sends is Random number that is no and that specify before is identical, if identical, then the PCR value of the machine, service side random number is sent out Deliver to access service end;
Step 3.3, access service end obtain PCR value, the service side random number that access device sends, and test The service end random number that card access device sends is the most identical with send before.If identical, then start a query at Whether described access device meets the condition quickly accessed;
If step 3.4 meets the condition quickly accessed, judged result and client-side random number verification will be accessed Code is sent to access device, if being unsatisfactory for quickly accessing condition, carrying out continuing flow process, and sending out to access device It is fed into the request of user authentication phase and comprises client-side random number verification code;
Step 3.5, access device according to the reply of access service end, verify described client random number whether with Send is identical before, if identical, then starts the judged result of processing server, when judged result is credible Time, send user authentication identity information to access service end;
Described user profile is verified by step 3.6, access service end, if the result is for allowing to access, Then the access state of client, IP address, MAC Address, PCR value and the user name logged in be recorded In the nearly list of devices connected, it is concurrently accessed service end and sends access decision-making to OpenFlow controller, put Open this access device for the access rights of network.
As preferably, described in quickly access condition and be: IP and MAC Address are positioned at nearest access device list, And the credible PCR value of equipment offer is identical with last time during this access.
As preferably, if not meeting the condition of quickly accessing, then the credible situation of user is judged, described Credible judged result is divided into: the most credible, part is credible and insincere.
As preferably, in step 3.5, when judged result is insincere, interrupt login process, client Machine cannot access network;When judged result is credible, it is desirable to access device provides user authentication information.
As preferably, also including: network enables the initial stage, access service end sends to OpenFlow controller Instruction, described instruction is for stoping unverified equipment to carry out network service;OpenFlow controller simultaneously After receiving described instruction, the network traffic information submitted to according to switch is assigned and is flowed list item accordingly, to complete Restriction for non-authentication equipment.
As preferably, described access device is entity device or cloud virtual machine.
Credible access technology is introduced in the safety access method in SDN by technical solution of the present invention, passes through In conjunction with the relevant technology of trust computing, can effectively stop the equipment access behavior to network insecurely;With Time the present invention also comprise the flexible originality for SDN and propose and quickly access authentication mode and by can Letter value, to same user's graded access mode, can effectively fill up deficiency present in SDN access authentication, To strengthen the safety of SDN.
Accompanying drawing explanation
Fig. 1 is the cut-in method of the present invention structural representation with TNC framework as visual angle;
Fig. 2 is the cut-in method of the present invention structural representation with software defined network framework as visual angle;
Fig. 3 is the data conveying flow schematic diagram of cut-in method of the present invention;
Fig. 4 judges and schematic flow sheet for quickly accessing flow process;
Fig. 5 is that user right judges schematic flow sheet.
Detailed description of the invention
Below in conjunction with specific embodiment, and referring to the drawings, the present invention is described in more detail.
The embodiment of the present invention provides the trusted access method of safety in a kind of software defined network, according to credible access The credible access architecture of standard TNC, concentrates on controller in conjunction with upper OpenFlow framework by key-course, exchange The feature of forwarding is absorbed in by machine, it is proposed that framework needed for safety access method, for TNC framework visual angle, and peace Full access architecture is as it is shown in figure 1, for SDN scope of structure, secure accessing framework is as shown in Figure 2.
Described framework is with reference to the structure of the credible access model of TNC, by all devices involved during network insertion Classifying as access requestor, Policy Enforcement Point and tactical management & access control and issue a little.
Access device: access requestor
The client run on it will be mainly responsible for providing network access authentication service.Meanwhile, in order to realize can Letter access function, it can obtain the integrity measurement value of the access device that other tolerance application are collected, also may be used Idle PCR is used to measure for the program that network insertion is relevant.After obtaining relevant result, will tolerance Value passes to server and carries out the checking of credible situation.
Wherein, access device has data Layer to be connected with switch.
OpenFlow (SDN) switch: Policy Enforcement Point
It is absorbed in feature data forwarded according to stream table in conjunction with OpenFlow switch, switch is set as Policy Enforcement Point, performs from key-course, the decision-making of application layer.At the beginning of user accesses, OpenFlow Exchange opportunity helps user that its credible evaluation data and identification authentication data are conveyed to controller.When After decision-making assigned by OpenFlow controller, it can forward the proper communication data of access device also according to stream list item Communication behavior is made restriction.
Wherein, OpenFlow switch and OpenFlow controller have management level data cube computation, with access Service end has data Layer to connect.
OpenFlow controller: the control centre that management network connects and processes user's access request
Network management part is carried out by OpenFlow controller.Judgement and access authentication to client's trusted status The API realization of OpenFlow controller is then called by the application (access service end) of SDN application layer.When After access service end completes the judgement to user's request, by API, result can be informed that OpenFlow is controlled by it Device processed, correspondence can be flowed list item by its distinctive safe lane and be issued to OpenFlow by OpenFlow controller Switch, completes the management and control to user.
Wherein, access service end has data Layer to be connected with switch.
As it is shown on figure 3, the embodiment of the present invention provides the trusted access method of safety in a kind of software defined network, Specifically include following steps:
Network enables the initial stage, and access service end is to OpenFlow controller (hereafter referred to collectively as " controller ") Send instruction: in addition to white list equipment, stop the network service in addition to certification.After controller receives instruction, Phase can be assigned in conjunction with the network traffic information that OpenFlow switch (hereafter referred to collectively as " switch ") is submitted to The stream list item answered, to complete the restriction for non-authentication equipment.
Step 1, according to obtain access device (entity device or cloud virtual machine) access SDN demand, Enabling client, the most described client obtains the credible tolerance letter being stored in trusted platform configuration depositor Breath PCR value.
Step 2, access device (request initiator) initiate access request to access service end.Initiating request During indicate this requesting client side random number verification code to access service end.Meanwhile, self is carried Facility information (IP address and MAC Address) so that equipment is carried out corresponding by access service end.In order to ensure Data are not ravesdropping, the encryption key of required use when information comprises the reply of access service end simultaneously, and on State all information and use access service end disclosed public key encryption in advance.The data transmission comprised during Gai can It is described as formula
After step 3, access service end (request recipient) receive the request of access device, checking user connects Enter state (for example whether access) and determine whether that equipment accesses.If the equipment of permission accesses, Then reply this access request service side random number verification code to access device.Consider for safety factors, Access service end need to carry client-side random number verification code when replying.Information above will be recognized in employing step 1 The key that card client is specified is encrypted.The data transmission comprised during Gai can be described as formula
Step 4, after access device receives the reply of access service end, first can authenticate access service end and return The random number returned is the most identical with the random number specified before.If it is different, terminate logging in;If identical, enter The transmission of reliable information and Qualify Phase.Access device can call and be stored in trusted platform configuration depositor Credible tolerance PCR value, and transmit to access service end.While sending data, can carry and connect Enter the access service side random number of service end to verify connection status.Above-mentioned information is disclosed by access service end Encryption key be encrypted.The data transmission comprised during Gai can be described as formula
After step 5, access service termination receive the data that access device sends.First verify that and information comprises Server end random number is the most identical with send before, if difference, middle connection breaking.If it is identical, then Starting a query at whether this access device meets the condition quickly accessed, obtain judged result, described judgement is tied Fruit is divided into: the most credible, part is credible (being referred to as credible), insincere and meet and quickly access condition shape State.
Wherein, use feature and the support of reliable computing technology in conjunction with SDN, propose " to quickly access stream Journey " concept.Quickly access the equipment that flow process is nearest off-line and easy access scheme is provided, reduce and access institute Taking time, the Web vector graphic strengthening user is experienced.
Quickly access flow process to refer to directly connect after the satisfied equipment quickly accessing condition completes platform credible certification Enter network, it is no longer necessary to carry out user authentication phase;The condition of quickly accessing refers to: IP and MAC Address are positioned at Proximity enters in list of devices, and the credible PCR value that when this accesses, equipment provides is identical with last time;Quickly connect Enter the judgement of flow process as shown in Figure 4.
If meeting the condition of quickly accessing, access service end is then replied client and is accessed result, and under controller Send out the rule of correspondence to release the network insertion restriction for this access device.
If user does not meets the condition of quickly accessing, then the credible situation of user is judged.
Credible judged result is divided into: the most credible, and part is credible and insincere, totally 3 kinds.The most completely may be used Letter is referred to as " credible " with part is credible.
Insincere: to be that key parameter does not meets record.
Part is credible: key parameter meets record, and non-key parameter does not meets record.
The most credible: key parameter and non-key parameter all meet record.
Step 6, after access service end has judged, the result that can will determine that feeds back to access device.With this Meanwhile, the random number of meeting affix client initial specification is to verify that this accesses.Above content will use visitor End gauage fixed key in family is encrypted.The data transmission comprised during Gai can be described as formula
After step 7, access device receive the reply of access service end, first to access service end send with Machine number situation judges.If random number is different, then interrupt accessing.When random number is identical, then start The judged result of processing server.
When finding that judged result is credible (comprise the most credible and part is credible), by authentic authentication result Prompting user, and require that user enters user authentication phase.When finding that judged result is insincere, interrupt Login process, client computer cannot access network.When finding that judged result quickly accesses condition for meeting, to User reminding for information about and points out network to have turned on.
After step 8, entrance user authentication phase, the use that it is had by the user of Client-Prompt access device Family information (i.e. username and password) carries out authentication.When after the input that user completes authentication information, Send it to access service end.In order to verify, send the random of its regulation to access service end simultaneously Number.The PKI that above content all uses access service end to announce in advance is encrypted.The number comprised during Gai Formula is can be described as according to transmission
The user name password that access device is proposed by step 9, access service end is verified, and is given final Judged result.If result is for allowing to access, then by the access state of client, IP address, MAC Address, PCR value and the user name logged in recorded in the list of devices being most recently connected, meanwhile, it is stipulated that this table The expired time of item.Meanwhile, access service end sends instruction to controller, decontrols this according to user right Access device is for the access rights of network.
The platform credible value of access device influences whether the access rights after user access network, leads to the most merely Cross authenticating user identification and provide the user whole network legal powers, but combine trusted status and give different nets Network access rights.As such, it is possible to prevent validated user do not conform to network is produced shadow after rule equipment access network Ring.
Judgement to user right is based primarily upon trusted status.Trusted status is divided into the most credible and part is credible. The complete all parameters of credible finger meet credible situation, and the existence of the credible finger of part non-key parameter is unsatisfactory for credible The situation required.This state is judged by access server.The net that can access for different trusted status Network content is set by manager, it is generally recognized that complete believable equipment authority is big, part believable equipment authority Little.User right judges that flow process is as shown in Figure 5.
The information replied comprises the access result after judgement, with the random number of client initial specification.Above The key that content uses client to specify is encrypted.The data transmission comprised during Gai can be described as formula
After step 10, controller receive access decision-making, list item is flowed in the generation of bonding apparatus connection accordingly, and Decision-making is sent to forwarding unit (SDN switch) by OpenFlow passage.SDN switch then can root According to the instruction of stream list item, the network insertion of the equipment of access is let pass.
So far, network insertion process prescription is complete.
The present invention is by combining reliable computing technology and traditional authenticating user identification technology, and by correlation technique After be combineding with each other with SDN feature, it is achieved that the safety access method of the present invention.And the present invention is entered BAN predicate logic of having gone checking and the attack test of AVISPA protocal analysis software, it is ensured that the peace of scheme Complete and effective, carried out real machine test, with feasibility and the effectiveness of testing scheme simultaneously.Send out after a test Existing, the present invention effectively can provide secure accessing service for SDN, though unwarranted connector The legal connector gone wrong with equipment can not or with low rights access network, protect network security.
Above example is only the exemplary embodiment of the present invention, is not used in the restriction present invention, the guarantor of the present invention The scope of protecting is defined by the claims.Those skilled in the art can in the essence of the present invention and protection domain, The present invention makes various amendment or equivalent, and this amendment or equivalent also should be regarded as in the present invention Protection domain in.

Claims (8)

1. the trusted access method of safety in a software defined network, it is characterised in that comprise the following steps:
Step S1, according to SDN secure accessing demand, obtain access device and be stored in trusted platform configuration Credible metric PCR value in depositor;
Step S2, access device send access request to access service end, and described request comprises described credibility Amount information PCR value;
Step S3, access service end-apparatus enter according to the user profile of described credible metric PCR value and acquisition The amount assessment of the integrity of row equipment judges with accessing, if judged result is for allowing to access, and access service end-apparatus Send to OpenFlow controller and access decision-making;
Step S4, OpenFlow controller flow list item accordingly according to accessing decision making, and by described stream List item sends to SDN switch, described SDN switch indicating the equipment accessed according to described stream list item Network insertion let pass.
2. the trusted access method of safety in software defined network as claimed in claim 1, it is characterised in that In step 2, during initiating request, this requesting client side random number is sent to access service end Identifying code and the facility information of self.
3. the trusted access method of safety in software defined network as claimed in claim 1, it is characterised in that Step 3 specifically includes following steps:
Step 3.1, access service end obtain the request of access device, and checking access state also judges whether to permit Permitted equipment to access, if the equipment of permission accesses, then replied and attach the service of this access request to access device Side random number verification code;
Step 3.2, access device obtain the reply of access service end, and the random number that certificate server sends is Random number that is no and that specify before is identical, if identical, then the PCR value of the machine, service side random number is sent out Deliver to access service end;
Step 3.3, access service end obtain PCR value, the service side random number that access device sends, and test The service end random number that card access device sends is the most identical with send before.If identical, then start a query at Whether described access device meets the condition quickly accessed;
If step 3.4 meets the condition quickly accessed, judged result and client-side random number verification will be accessed Code is sent to access device, if being unsatisfactory for quickly accessing condition, carrying out continuing flow process, and sending out to access device It is fed into the request of user authentication phase and comprises client-side random number verification code;
Step 3.5, access device according to the reply of access service end, verify described client random number whether with Send is identical before, if identical, then starts the judged result of processing server, when judged result is credible Time, send user authentication identity information to access service end;
Described user profile is verified by step 3.6, access service end, if the result is for allowing to access, Then the access state of client, IP address, MAC Address, PCR value and the user name logged in be recorded In the nearly list of devices connected, it is concurrently accessed service end and sends access decision-making to OpenFlow controller, put Open this access device for the access rights of network.
4. the trusted access method of safety in software defined network as claimed in claim 3, it is characterised in that The described condition that quickly accesses is: IP and MAC Address are positioned at nearest access device list, and when this accesses The credible PCR value that equipment provides is identical with last time.
5. the trusted access method of safety in software defined network as claimed in claim 3, it is characterised in that If not meeting the condition of quickly accessing, then judging the credible situation of user, described credible judged result is divided For: the most credible, part is credible and insincere.
6. the trusted access method of safety in software defined network as claimed in claim 3, it is characterised in that In step 3.5, when judged result is insincere, interrupting login process, client computer cannot access network; When judged result is credible, it is desirable to access device provides user authentication information.
7. the trusted access method of safety in software defined network as claimed in claim 1, its feature exists In, also include: network enables the initial stage, and access service end sends instruction to OpenFlow controller, described Instruction is for stoping unverified equipment to carry out network service;OpenFlow controller receives described finger simultaneously After order, the network traffic information submitted to according to switch is assigned and is flowed list item accordingly, to complete for non-authentication The restriction of equipment.
8. the trusted access method of safety in software defined network as claimed in claim 1, its feature exists In, described access device is entity device or cloud virtual machine.
CN201610465444.1A 2016-06-23 2016-06-23 Safe and trusted access method in software defined network Active CN105933245B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610465444.1A CN105933245B (en) 2016-06-23 2016-06-23 Safe and trusted access method in software defined network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610465444.1A CN105933245B (en) 2016-06-23 2016-06-23 Safe and trusted access method in software defined network

Publications (2)

Publication Number Publication Date
CN105933245A true CN105933245A (en) 2016-09-07
CN105933245B CN105933245B (en) 2020-04-28

Family

ID=56830803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610465444.1A Active CN105933245B (en) 2016-06-23 2016-06-23 Safe and trusted access method in software defined network

Country Status (1)

Country Link
CN (1) CN105933245B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106686013A (en) * 2017-03-10 2017-05-17 湖北天专科技有限公司 Identity recognition device for unmanned aerial vehicle, recognition system and recognition method thereof
CN106789351A (en) * 2017-01-24 2017-05-31 华南理工大学 A kind of online intrusion prevention method and system based on SDN
CN106850443A (en) * 2017-02-10 2017-06-13 济南浪潮高新科技投资发展有限公司 A kind of SDN flow table issuance methods based on TPM
CN107612731A (en) * 2017-09-19 2018-01-19 北京工业大学 One kind is based on the believable network section generation of software definition and credible recovery system
CN108833381A (en) * 2018-05-31 2018-11-16 中共中央办公厅电子科技学院 The credible connection method of software defined network and system
CN110602150A (en) * 2019-10-16 2019-12-20 山东超越数控电子股份有限公司 Trusted authentication method between SDN nodes
CN112491896A (en) * 2020-11-30 2021-03-12 超越科技股份有限公司 Trusted access authentication system based on virtualization network
CN113438119A (en) * 2021-08-25 2021-09-24 北京信达环宇安全网络技术有限公司 Reinforced software deployment method and device, electronic equipment and storage medium
CN116389032A (en) * 2022-12-29 2023-07-04 国网甘肃省电力公司庆阳供电公司 SDN architecture-based power information transmission link identity verification method
CN116545775A (en) * 2023-07-06 2023-08-04 北京长扬软件有限公司 NFV-based remote trusted network connection method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483522A (en) * 2008-01-09 2009-07-15 华为技术有限公司 Method, system and device for controlling trustable network access
CN103023911A (en) * 2012-12-25 2013-04-03 北京工业大学 Authentication method for access of trusted network devices to trusted network
CN103929422A (en) * 2014-04-08 2014-07-16 北京工业大学 Trusted inter-domain safety certificate protocol based on SDN
CN104113839A (en) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 Mobile data safety protection system and method based on SDN
US20150281276A1 (en) * 2014-03-26 2015-10-01 Juniper Networks, Inc. Monitoring compliance with security policies for computer networks
WO2016085516A1 (en) * 2014-11-28 2016-06-02 Hewlett Packard Enterprise Development Lp Verifying a network configuration

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483522A (en) * 2008-01-09 2009-07-15 华为技术有限公司 Method, system and device for controlling trustable network access
CN101483522B (en) * 2008-01-09 2012-04-04 华为技术有限公司 Method, system and device for controlling trustable network access
CN103023911A (en) * 2012-12-25 2013-04-03 北京工业大学 Authentication method for access of trusted network devices to trusted network
US20150281276A1 (en) * 2014-03-26 2015-10-01 Juniper Networks, Inc. Monitoring compliance with security policies for computer networks
CN103929422A (en) * 2014-04-08 2014-07-16 北京工业大学 Trusted inter-domain safety certificate protocol based on SDN
CN104113839A (en) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 Mobile data safety protection system and method based on SDN
WO2016085516A1 (en) * 2014-11-28 2016-06-02 Hewlett Packard Enterprise Development Lp Verifying a network configuration

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SANDRA SCOTT-HAYWARD ; SRIRAM NATARAJAN ; SAKIR SEZER: "A Survey of Security in Software Defined Networks", 《IEEE COMMUNICATIONS SURVEYS & TUTORIALS 》 *
张朝昆; 崔勇; 唐翯翯; 吴建平: "软件定义网络(SDN)研究进展", 《软件学报》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789351A (en) * 2017-01-24 2017-05-31 华南理工大学 A kind of online intrusion prevention method and system based on SDN
CN106850443A (en) * 2017-02-10 2017-06-13 济南浪潮高新科技投资发展有限公司 A kind of SDN flow table issuance methods based on TPM
CN106686013A (en) * 2017-03-10 2017-05-17 湖北天专科技有限公司 Identity recognition device for unmanned aerial vehicle, recognition system and recognition method thereof
CN107612731A (en) * 2017-09-19 2018-01-19 北京工业大学 One kind is based on the believable network section generation of software definition and credible recovery system
CN108833381A (en) * 2018-05-31 2018-11-16 中共中央办公厅电子科技学院 The credible connection method of software defined network and system
CN110602150A (en) * 2019-10-16 2019-12-20 山东超越数控电子股份有限公司 Trusted authentication method between SDN nodes
CN112491896A (en) * 2020-11-30 2021-03-12 超越科技股份有限公司 Trusted access authentication system based on virtualization network
CN113438119A (en) * 2021-08-25 2021-09-24 北京信达环宇安全网络技术有限公司 Reinforced software deployment method and device, electronic equipment and storage medium
CN113438119B (en) * 2021-08-25 2021-11-09 北京信达环宇安全网络技术有限公司 Reinforced software deployment method and device, electronic equipment and storage medium
CN116389032A (en) * 2022-12-29 2023-07-04 国网甘肃省电力公司庆阳供电公司 SDN architecture-based power information transmission link identity verification method
CN116389032B (en) * 2022-12-29 2023-12-08 国网甘肃省电力公司庆阳供电公司 SDN architecture-based power information transmission link identity verification method
CN116545775A (en) * 2023-07-06 2023-08-04 北京长扬软件有限公司 NFV-based remote trusted network connection method, device and system
CN116545775B (en) * 2023-07-06 2023-09-15 北京长扬软件有限公司 NFV-based remote trusted network connection method, device and system

Also Published As

Publication number Publication date
CN105933245B (en) 2020-04-28

Similar Documents

Publication Publication Date Title
CN105933245A (en) Secure and credible access method in software defined network
US11122047B2 (en) Invitation links with enhanced protection
CN111209334B (en) Power terminal data security management method based on block chain
EP3563547B1 (en) Fabric assisted identity and authentication making use of context
US8255977B2 (en) Trusted network connect method based on tri-element peer authentication
KR101114728B1 (en) A trusted network access control system based ternery equal identification
CN106559408B (en) SDN authentication method based on trust management
US8533806B2 (en) Method for authenticating a trusted platform based on the tri-element peer authentication(TEPA)
CN103929422B (en) Trusted inter-domain safety certificate protocol based on SDN
CN107231346A (en) A kind of method of cloud platform identification
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN106789059B (en) A kind of long-range two-way access control system and method based on trust computing
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
CN105516980A (en) Token authentication method for wireless sensor network based on Restful architecture
US10601809B2 (en) System and method for providing a certificate by way of a browser extension
Dua et al. Replay attack prevention in Kerberos authentication protocol using triple password
CN111917714A (en) Zero trust architecture system and use method thereof
WO2016188335A1 (en) Access control method, apparatus and system for user data
CN106453321A (en) Authentication server, system and method, and to-be-authenticated terminal
WO2016109609A1 (en) System and method for providing authenticated communications from a remote device to a local device
CN111130769A (en) Internet of things terminal encryption method and device
CN108990062A (en) Intelligent and safe Wi-Fi management method and system
CN108011873A (en) A kind of illegal connection determination methods based on set covering
Kim et al. Puf-based iot device authentication scheme on iot open platform
CN109600357A (en) A kind of distributed identity authentication system, method and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant