CN109525397A - A kind of block chain and method towards SDN network stream rule safety guarantee - Google Patents
A kind of block chain and method towards SDN network stream rule safety guarantee Download PDFInfo
- Publication number
- CN109525397A CN109525397A CN201811188730.3A CN201811188730A CN109525397A CN 109525397 A CN109525397 A CN 109525397A CN 201811188730 A CN201811188730 A CN 201811188730A CN 109525397 A CN109525397 A CN 109525397A
- Authority
- CN
- China
- Prior art keywords
- block
- network
- information
- block chain
- sdn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of block chains and method towards SDN network stream rule safety guarantee, the composition of the block chain is as follows: a security gateway is arranged in each SDN subnet, first block is created by security gateway, as original block, other network nodes can be by accessing this original block, new block is generated by Pow common recognition mechanism, the stream Rule Information for being related to SDN network safety saves within a block as affairs;It is used to save node digital signature or timestamp information since a block head is arranged second block in each block, and a cryptographic Hash is set in block head, the affairs and head cryptographic Hash that the new block head cryptographic Hash for generating block is stored based on a upper block, are generated by hash function;The block for saving SDN network stream rule is made to constitute chain in this way, block chain is formed.The present invention, which solves, guarantees that SDN network stream rule integrality and access authentication the problems in excessively collect.
Description
Technical field
The present invention relates to block chain technical fields and software defined network (SDN) technical field, and in particular to one kind is in SDN
In network, enhance the block chain and its method of internet security.
Background technique
In SDN network, by network administrator or it is similar to the thirds equations such as OpenFlow application program formulation stream
Rule is issued to interchanger controller in the form of flow table and the various network equipments goes to execute, due to networks such as interchangers
Equipment issues stream rule to interchanger and absolutely trusts, therefore does not have the ability that selection executes stream rule, once there is attacker's evil
Stream rule is distorted in meaning injection, can cause to seriously threaten safely to SDN network, therefore in the work for guaranteeing network security, must
It must guarantee the integrality of stream rule.
In addition to this, at present in SDN network, equipment access is the authentication mode by controller for the centralization of core,
Under this authentication architecture excessively concentrated, the fragility of network is higher, once controller it is under attack will lead to whole network by
To influence.
Summary of the invention
The object of the present invention is to provide a kind of block chains and method towards SDN network stream rule safety guarantee, to solve
Above-mentioned guarantee SDN network stream rule integrality and access authentication the problems in excessively collect.
In order to solve the above technical problems, the technical solution adopted by the present invention are as follows:
A kind of block chain towards SDN network stream rule safety guarantee, the composition of the block chain are as follows:
One security gateway is set in each SDN subnet, first block is created by security gateway, as original area
Block, other network nodes can generate new block by Pow common recognition mechanism, be related to SDN network by accessing this original block
The stream Rule Information of safety saves within a block as affairs;Since second block in each block be arranged a block
Head is used to save node digital signature or timestamp information, and a cryptographic Hash is arranged in block head, new generation block
The affairs and head cryptographic Hash that block head cryptographic Hash is stored based on a upper block, are generated by hash function;In this way
So that the block for saving SDN network stream rule constitutes chain, block chain is formed.
In terms of a kind of SDN network method for protecting based on block chain, including following two:
(1) controller is stored using the global view of network and flow information as affairs into block, while interchanger
Also flow table controller issued is as in affairs memory block;As network is constantly run, items of equipment is continuous in SDN network
It updates the every terms of information of itself carrying stream rule and is constantly saved on newly generated block, block chain guarantees to save as affairs
The SDN items network information will not by attacker malice distort;
(2) it is distributed authentication that SDN network, which is improved on the basis of based on block chain by original single centralization certification,
It is completed by other adjacent nodes.
The detailed process of (1) is as follows:
Step 1.1, security gateway generates original block, saves the information of SDN network initial stream rule and controller;
Step 1.2, block chain node, which passes through, accesses original block, the raw new block of digging mineral products, in the block head generated afterwards
There is cryptographic Hash, cryptographic Hash is generated based on the cryptographic Hash in previous block affairs and a upper block head by hash function;
Step 1.3, new stream rule generates or has new legitimate device to access, and controller issues corresponding flow table to respective quadrature
It changes planes or router, then updates the network information of itself, be then saved in new production for the updated network information as affairs
On raw block;
Step 1.4, interchanger or router receive the flow table that controller issues, and update flow table information itself and execute,
Then it is saved on newly generated block using updated flow table information as affairs;
Step 1.5, block chain network node digs mine by Pow common recognition mechanism and constantly generates new block, wherein block head
In cryptographic Hash be to be generated based on the cryptographic Hash in upper block affairs and a upper block head by hash function;
Step 1.6, as network is constantly run, the continuous dynamic generation of new stream rule, and after repeating the above steps again
It is stored on new block using updated every network information as affairs.
The detailed process of (2) is as follows:
Step 2.1, the interchanger or router that need to access SDN network are to security gateway transmission access request, wherein wrapping
Containing access information;The equipment identity information for having accessed network can be stored in block chain account book;
Step 2.2, the access request received is encapsulated the respective nodes being mapped in block chain network by security gateway;
Step 2.3, the intelligent contract in block chain network is triggered, by its access of other node verifications in block chain network
Information and identity information, complete distributed authentication work, if authenticate pass through if by information in block chain network permanent backup;
Step 2.4, authentication result is sent to controller by block chain network;
Step 2.5, controller allows equipment to access SDN network and issues corresponding flow table;
Step 2.6, the flow table information of access device stores backup in block chain network;
It is various terminal equipment if necessary to access SDN network, then above-mentioned steps 2.1-2.4 is equally carried out, in block
After authentication result is sent to controller by chain, updated flow table information is issued to the first of accessing terminal to network by controller
Interchanger is jumped, and its flow table information stores in block chain.
In the step 2.1, access information is the identity information such as password or equipment.
The invention has the benefit that when traditional SDN network being avoided to concentrate access authentication, controller or certificate server by
The case where being all obstructed to the authentication function of whole network when attack, and in the distributed authentication procedure based on block chain,
Even if the malicious node for thering is fraction to participate in certification work, due in block chain network node there are relevant common recognition algorithm,
Malicious node also can guarantee the correctness of authentication result in the case where being no more than threshold value, which thereby enhance the robustness of network.
Detailed description of the invention
Fig. 1 is general frame figure of the invention;
Fig. 2 is that the network flow rule in the present invention based on block chain stores schematic diagram;
Fig. 3 is the distributed authentication flow chart based on block chain in the present invention.
Specific embodiment
This distributed data base system of block chain is applied in SDN network by the present invention, by the actual network of SDN
Be incorporated into the form of intelligent contract in equipment, abstract block chain network be erected on SDN network, and two networks it
Between exist mapping, based on block chain technology solve SDN network safety problem.
The corresponding privately owned chain of each SDN subnet, each SDN subnet global mapping is at alliance's chain.In each SDN
In net, the information such as flow table of the network equipments such as interchanger are stored in block chain, due to the property that can not be distorted of block chain itself
Can, so that it is stored in the flow table in block chain, the integrality of these important informations such as overall network topology of controller, to keep away
Exempt from attacker's malice to inject or distort stream rule and network function failure is caused even to paralyse.
One security gateway is set in each SDN network, original block is created by security gateway, other network nodes can be with
This original block is accessed to create new block.
The flow table information of interchanger in SDN network, the authority information of global network view, each equipment in controller and its
In his network within a block about the information storage of stream rule.
When generating new legal stream rule in SDN network, controller is issued as the new flow table for flowing regular carrier,
Controller updates itself stream rule and global view etc. simultaneously, and is saved in newly generated block.
The network equipments such as interchanger receive the flow table information from controller, are equally stored in after update flow table newly generated
In block, and backed up by other blocks.
Block chain network constantly generates new block by digging mine, because the cryptographic Hash in block head is by former block information
Middle generation, such characteristic ensure that the integrality of the flow table information and global information that are stored in block chain, even if a certain friendship
It changes planes under attack, attacker can not carry out the flow table that controller issues in the case where not having enough computing resources
It distorts, and then greatly enhances the safety of network.
SDN network stream rule is stored in block chain, network ensure that by the characteristic that can not be distorted of block chain itself
The integrality of information.Soluble attack type is as follows:
In application layer, the current safety protection mechanism for being directed to application program itself is simultaneously unsound, due to infrastructure
The various interchangers and the network equipment of layer trust the stream rule that controller issues completely, and execute without thinking, and stream is advised
Then being stored in block chain easily can maliciously distort to damage network to avoid the application layer program of malice
In control layer, since controller is the core of the whole network, most important object of attack will necessarily be become, if
It cannot ensure the integrality of stream rule, attacker can make a large amount of interchangers illegally visit by injecting the malicious stream rule formula of putting
It asks, makes controller excess load, or delete by distorting, so that a large amount of interchangers do not have matching stream rule and then will count
It is sent to controller according to packet, controller is caused to overload, so as to cause Denial of Service attack;
Data Layer is made of some infrastructure devices such as interchanger, is mainly responsible for the processing, forwarding and state collection of data,
And the stream rule that controller issues absolutely is trusted.Because once the integrality of the network information cannot ensure, so that false, evil
Meaning stream rule injection, will cause a series of severe reaction, such as attacker's unauthorized access, leaking data, when serious
It equally can produce Denial of Service attack, so that network paralysis.
The present invention compares traditional SDN network by the method for controller or certificate server Collective qualification, the present invention is based on
The certification of the distributed authentication method of block chain, the network equipment is completed by other adjacent network nodes.
The interchanger or router for accessing SDN network first are to security gateway transmission access request, wherein including access
The identity information of information, such as password etc. and equipment.The equipment identity information for having accessed network can be stored in block chain account
In this.
The access request received is encapsulated the respective nodes being mapped in block chain network by security gateway.
The intelligent contract in block chain network is triggered, by its access information of other node verifications and body in block chain network
Part information completes distributed authentication work, if authenticating and passing through by information in block chain network permanent backup.
Authentication result is sent to controller by block chain network.
Controller allows equipment to access SDN network and issues corresponding flow table.
The flow table information of access device stores backup in block chain network.
It is various terminal equipment if necessary to access SDN network, then preceding four step is identical, in block chain by authentication result
It being sent to after controller, updated flow table information is issued to the first of accessing terminal to network and jumps interchanger by controller, and
And its flow table information stores in block chain.
The main workflow of block chain network in this scheme are as follows: read account book information → triggering intelligence contract → storage
Account book information.
Technical solution of the present invention is described in further detail with reference to the accompanying drawing:
Fig. 1 is general frame figure of the invention, and framework is broadly divided into two parts, i.e., the SDN network of physical presence and patrols
Block chain network on volume, there are a mapping relations for the two.In actual SDN network, each subnet disposes a peace
Full gateway, security gateway generate original block, other network nodes or this accessible first test block of block chain miner, generate
New block.Each SDN subnet corresponds to a privately owned chain, and alliance's chain is collectively formed in all-ones subnet.Stream in SDN network
The important network information such as rule is constantly updated and is stored on newly generated block, guarantees the integrality of stored information, i.e.,
Make when SDN network equipment is under attack, attacker is also impossible to distort easily in the case where no enough computing resources
Stream rule in network, greatly improves the safety of SDN network.
Fig. 2 is the network flow rule storage schematic diagram in the present invention based on block chain.Specific process is as follows:
1. security gateway generates original block, the related letter of the equipment such as the initial stream rule of SDN network and controller is saved
Breath;
2. block chain node digs the raw new block of mineral products, has Hash in the block head generated afterwards by access original block
Value, cryptographic Hash are generated based on the cryptographic Hash in previous block affairs and a upper block head by hash function;
3. new stream rule generates or has new legitimate device to access, controller issue corresponding flow table to respective switch or
Then router updates the network informations such as the global network view of itself, be then saved in using updated information as affairs
On newly generated block;
4. interchanger or router receive the flow table that controller issues, update flow table information itself and execute, then will
Updated flow table information is saved on newly generated block as affairs;
5. block chain network node constantly generates new block by pow (Proof of work) common recognition mechanism, wherein area
Cryptographic Hash in build is to be generated based on the cryptographic Hash in upper block affairs and a upper block head by hash function;
6. as network is constantly run, the new continuous dynamic generation of stream rule, and will be updated after repeating the above steps again
Every network information afterwards is stored on new block as affairs.
Since the cryptographic Hash on block head is the Hash in the affairs saved based on a upper block and a upper block head
Value, is generated by hash function, if that attacker will distort the rule of a certain stream in network, that is, is distorted and is stored in block chain
A certain affairs, then the cryptographic Hash in the block head of all blocks after that block being changed by affairs requires to change
Become, that is, needs to recalculate the cryptographic Hash of all blocks after this block, what this was substantially difficult to realize.Therefore it is stored in area
The integrality of the important network informations such as the SDN network stream rule in block chain, can substantially guarantee.
Fig. 3 is the distributed authentication flow chart based on block chain in the present invention.Perfect authentication mechanism is SDN network safety
In essential part, the distributed authentication method proposed by the present invention based on block chain, improve traditional network centralization
Authenticate the excessively high defect of network vulnerability, its identity information verified by adjacent multiple nodes, and final node according to
Formula algorithm in block chain is reached common understanding, and the identity information of equipment is saved within a block, both makes network in people in this way
The least a portion of malicious node of tolerable exists in middle work, improves network robustness, in turn ensure equipment identity information not by
It distorts, ensure that information integrity.
In access authentication, identifying procedure also can be according to the difference of access device and slightly different, specific identifying procedure
It is as follows:
1. the interchanger or router that need to access SDN network are to security gateway transmission access request, wherein including access
The identity information of information, such as password etc. and equipment.The equipment identity information for having accessed network can be stored in block chain account
In this.
2. the access request received is encapsulated the respective nodes being mapped in block chain network by security gateway.
3. trigger block chain network in intelligent contract, by block chain network its access information of other node verifications and
Identity information, complete distributed authentication work, if authenticate pass through if by information in block chain network permanent backup.
4. authentication result is sent to controller by block chain network.
5. controller allows equipment to access SDN network and issues corresponding flow table.
6. the flow table information of access device stores backup in block chain network.
It is various terminal equipment if necessary to access SDN network, then preceding four step is identical, in block chain by authentication result
It being sent to after controller, updated flow table information is issued to the first of accessing terminal to network and jumps interchanger by controller, and
And its flow table information stores in block chain.
Those skilled in the art can understand that unless otherwise defined, all terms used herein (including skill
Art term and scientific term) there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Also
It should be understood that those terms such as defined in the general dictionary should be understood that have in the context of the prior art
The consistent meaning of meaning will not be explained in an idealized or overly formal meaning and unless defined as here.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (5)
1. a kind of block chain towards SDN network stream rule safety guarantee, it is characterised in that: the composition of the block chain is as follows:
One security gateway is set in each SDN subnet, first block is created by security gateway, as original block,
He can generate new block by Pow common recognition mechanism, be related to SDN network safety network node by accessing this original block
Stream Rule Information as affairs save within a block;It is used since a block head is arranged second block in each block
Node digital signature or timestamp information are saved, and cryptographic Hash is set in block head, the new block for generating block
The affairs and head cryptographic Hash that head cryptographic Hash is stored based on a upper block, are generated by hash function;Make in this way
The block for saving SDN network stream rule constitutes chain, and block chain is formed.
2. a kind of SDN network method for protecting based on block chain described in claim 1, it is characterised in that: including following two
A aspect:
(1) controller is stored using the global view of network and flow information as affairs into block, while interchanger also will
The flow table that controller issues is as in affairs memory block;As network is constantly run, items of equipment is constantly updated in SDN network
The every terms of information of itself carrying stream rule is simultaneously constantly saved on newly generated block, and the guarantee of block chain is saved as affairs
The SDN items network information will not be distorted by attacker's malice;
(2) it is distributed authentication that SDN network, which is improved on the basis of based on block chain by original single centralization certification, by it
He completes adjacent node.
3. according to the method described in claim 2, it is characterized by: the detailed process of (1) is as follows:
Step 1.1, security gateway generates original block, saves the information of SDN network initial stream rule and controller;
Step 1.2, block chain node digs the raw new block of mineral products, has Kazakhstan in the block head generated afterwards by access original block
Uncommon value, cryptographic Hash are generated based on the cryptographic Hash in previous block affairs and a upper block head by hash function;
Step 1.3, new stream rule generates or has new legitimate device to access, and controller issues corresponding flow table to respective switch
Or router, the network information of itself is then updated, is then saved in using the updated network information as affairs newly generated
On block;
Step 1.4, interchanger or router receive the flow table that controller issues, and update flow table information itself and execute, then
It is saved on newly generated block using updated flow table information as affairs;
Step 1.5, block chain network node digs mine by Pow common recognition mechanism and constantly generates new block, wherein in block head
Cryptographic Hash is to be generated based on the cryptographic Hash in upper block affairs and a upper block head by hash function;
Step 1.6, as network is constantly run, the continuous dynamic generation of new stream rule, and will more after repeating the above steps again
Every network information after new is stored on new block as affairs.
4. according to the method described in claim 2, it is characterized by: the detailed process of (2) is as follows:
Step 2.1, the interchanger or router that need to access SDN network are to security gateway transmission access request, wherein comprising connecing
Enter information;The equipment identity information for having accessed network can be stored in block chain account book;
Step 2.2, the access request received is encapsulated the respective nodes being mapped in block chain network by security gateway;
Step 2.3, the intelligent contract in block chain network is triggered, by other node verifications its access information in block chain network
And identity information, complete distributed authentication work, if authenticate pass through if by information in block chain network permanent backup;
Step 2.4, authentication result is sent to controller by block chain network;
Step 2.5, controller allows equipment to access SDN network and issues corresponding flow table;
Step 2.6, the flow table information of access device stores backup in block chain network;
It is various terminal equipment if necessary to access SDN network, then equally carries out above-mentioned steps 2.1-2.4, is incited somebody to action in block chain
Authentication result is sent to after controller, and controller hands over the first jump that updated flow table information is issued to accessing terminal to network
It changes planes, and its flow table information stores in block chain.
5. according to the method described in claim 4, it is characterized by: access information is such as password or equipment in the step 2.1
Identity information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811188730.3A CN109525397B (en) | 2018-10-12 | 2018-10-12 | Block chain and method for SDN network flow rule security guarantee |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811188730.3A CN109525397B (en) | 2018-10-12 | 2018-10-12 | Block chain and method for SDN network flow rule security guarantee |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109525397A true CN109525397A (en) | 2019-03-26 |
| CN109525397B CN109525397B (en) | 2021-05-28 |
Family
ID=65770232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811188730.3A Active CN109525397B (en) | 2018-10-12 | 2018-10-12 | Block chain and method for SDN network flow rule security guarantee |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109525397B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110099126A (en) * | 2019-05-13 | 2019-08-06 | 广东工业大学 | A kind of multi-controller common recognition method, apparatus and system |
| CN110533789A (en) * | 2019-07-23 | 2019-12-03 | 中国联合网络通信集团有限公司 | A kind of equipment routing inspection management method and device based on block chain |
| CN110602150A (en) * | 2019-10-16 | 2019-12-20 | 山东超越数控电子股份有限公司 | Trusted authentication method between SDN nodes |
| CN110719301A (en) * | 2019-11-19 | 2020-01-21 | 武汉思普崚技术有限公司 | Attack defense method and system for flow adaptive scheduling |
| CN112235252A (en) * | 2020-09-21 | 2021-01-15 | 西安电子科技大学 | Block chain-based security identification method, security identification system and storage medium |
| CN112383393A (en) * | 2020-11-14 | 2021-02-19 | 重庆邮电大学 | Trusted communication system and method of software defined sensor network |
| CN113556327A (en) * | 2021-06-29 | 2021-10-26 | 中国人民解放军战略支援部队信息工程大学 | Block chain-based false flow rule injection attack detection and prevention system and method |
| CN113676331A (en) * | 2021-08-12 | 2021-11-19 | 云南电网有限责任公司信息中心 | SDN framework lightweight consensus method based on block chain and SDN switch |
| CN113904788A (en) * | 2021-08-12 | 2022-01-07 | 云南电网有限责任公司信息中心 | Block chain-based network frame security verification method and SDN switch |
| CN117254975A (en) * | 2023-11-14 | 2023-12-19 | 深圳市嘉合劲威电子科技有限公司 | Block chain-based data anti-counterfeiting method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935657A (en) * | 2015-06-15 | 2015-09-23 | 清华大学深圳研究生院 | Method for actively pushing information and embedded node operating system |
| CN108173827A (en) * | 2017-12-22 | 2018-06-15 | 南京邮电大学 | Distributed SDN control planes safety certifying method based on block chain thinking |
| US20180197156A1 (en) * | 2017-01-12 | 2018-07-12 | William Eugene Beesley | Distributed micro transactions for software defined networking flows |
| CN108494581A (en) * | 2018-02-09 | 2018-09-04 | 孔泽 | The controller distributed information log generation method and device of SDN network |
| CN108492108A (en) * | 2018-03-29 | 2018-09-04 | 深圳前海微众银行股份有限公司 | Across the chain communication means of block chain, system and computer readable storage medium |
| CN108512699A (en) * | 2018-03-15 | 2018-09-07 | 中国联合网络通信集团有限公司 | Block chain service server data exception detection method, equipment and block catenary system |
-
2018
- 2018-10-12 CN CN201811188730.3A patent/CN109525397B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935657A (en) * | 2015-06-15 | 2015-09-23 | 清华大学深圳研究生院 | Method for actively pushing information and embedded node operating system |
| CN105653291A (en) * | 2015-06-15 | 2016-06-08 | 清华大学深圳研究生院 | Distributed network node operation system based on operation control unit |
| US20180197156A1 (en) * | 2017-01-12 | 2018-07-12 | William Eugene Beesley | Distributed micro transactions for software defined networking flows |
| CN108173827A (en) * | 2017-12-22 | 2018-06-15 | 南京邮电大学 | Distributed SDN control planes safety certifying method based on block chain thinking |
| CN108494581A (en) * | 2018-02-09 | 2018-09-04 | 孔泽 | The controller distributed information log generation method and device of SDN network |
| CN108512699A (en) * | 2018-03-15 | 2018-09-07 | 中国联合网络通信集团有限公司 | Block chain service server data exception detection method, equipment and block catenary system |
| CN108492108A (en) * | 2018-03-29 | 2018-09-04 | 深圳前海微众银行股份有限公司 | Across the chain communication means of block chain, system and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| SADHU RAM BASNET等: "BSS: Blockchain Security over Software Defined", 《2017 INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND AUTOMATION (ICCCA),IEEE》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110099126A (en) * | 2019-05-13 | 2019-08-06 | 广东工业大学 | A kind of multi-controller common recognition method, apparatus and system |
| CN110533789A (en) * | 2019-07-23 | 2019-12-03 | 中国联合网络通信集团有限公司 | A kind of equipment routing inspection management method and device based on block chain |
| CN110602150A (en) * | 2019-10-16 | 2019-12-20 | 山东超越数控电子股份有限公司 | Trusted authentication method between SDN nodes |
| CN110719301A (en) * | 2019-11-19 | 2020-01-21 | 武汉思普崚技术有限公司 | Attack defense method and system for flow adaptive scheduling |
| CN112235252A (en) * | 2020-09-21 | 2021-01-15 | 西安电子科技大学 | Block chain-based security identification method, security identification system and storage medium |
| CN112383393A (en) * | 2020-11-14 | 2021-02-19 | 重庆邮电大学 | Trusted communication system and method of software defined sensor network |
| CN113556327A (en) * | 2021-06-29 | 2021-10-26 | 中国人民解放军战略支援部队信息工程大学 | Block chain-based false flow rule injection attack detection and prevention system and method |
| CN113676331A (en) * | 2021-08-12 | 2021-11-19 | 云南电网有限责任公司信息中心 | SDN framework lightweight consensus method based on block chain and SDN switch |
| CN113904788A (en) * | 2021-08-12 | 2022-01-07 | 云南电网有限责任公司信息中心 | Block chain-based network frame security verification method and SDN switch |
| CN113676331B (en) * | 2021-08-12 | 2022-06-21 | 云南电网有限责任公司信息中心 | SDN framework lightweight consensus method based on block chain and SDN switch |
| CN113904788B (en) * | 2021-08-12 | 2024-07-19 | 云南电网有限责任公司信息中心 | Network frame security verification method based on blockchain and SDN switch |
| CN117254975A (en) * | 2023-11-14 | 2023-12-19 | 深圳市嘉合劲威电子科技有限公司 | Block chain-based data anti-counterfeiting method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109525397B (en) | 2021-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525397A (en) | A kind of block chain and method towards SDN network stream rule safety guarantee | |
| Aujla et al. | Blocksdn: Blockchain-as-a-service for software defined networking in smart city applications | |
| CN107222478B (en) | Software defined network control layer security mechanism construction method based on block chain | |
| Puthal et al. | SEEN: A selective encryption method to ensure confidentiality for big sensing data streams | |
| Ferretti et al. | Survivable zero trust for cloud computing environments | |
| CN110941668B (en) | Block chain-based unified identity management and authentication method | |
| Wang et al. | Perm-guard: Authenticating the validity of flow rules in software defined networking | |
| CN111464563B (en) | Protection method of industrial control network and corresponding device | |
| CN112383393B (en) | Trusted communication system and method for software defined sensor network | |
| Huang et al. | Towards trusted and efficient SDN topology discovery: A lightweight topology verification scheme | |
| Bu et al. | Flowcloak: Defeating middlebox-bypass attacks in software-defined networking | |
| Han et al. | Non-technical loss fraud in advanced metering infrastructure in smart grid | |
| CN110602083B (en) | Secure transmission and storage method of digital identity authentication data | |
| CN112015111B (en) | Industrial control equipment safety protection system and method based on active immunity mechanism | |
| Vatambeti et al. | Attack Detection Using a Lightweight Blockchain Based Elliptic Curve Digital Signature Algorithm in Cyber Systems. | |
| Gupta et al. | Fog computing and its security challenges | |
| Emira | Authenticating IoT devices issues based on blockchain | |
| Xu et al. | Attack identification for software-defined networking based on attack trees and extension innovation methods | |
| CN109905408A (en) | Network safety protection method, system, readable storage medium storing program for executing and terminal device | |
| Yuan et al. | Research of security of 5G-enabled industrial Internet and its application | |
| Wang et al. | Blockchain-based sdn security guarantee model | |
| Amoah | Formal security analysis of the DNP3-Secure Authentication Protocol | |
| Shaghaghi et al. | Gwardar: Towards protecting a software-defined network from malicious network operating systems | |
| Kim et al. | Secure IoT Device Authentication Scheme using Key Hiding Technology | |
| CN114679284A (en) | Trusted remote attestation system, storage method, verification method and storage medium thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |