CN116781339A - Network anonymous communication method and device based on SDN - Google Patents
Network anonymous communication method and device based on SDN Download PDFInfo
- Publication number
- CN116781339A CN116781339A CN202310695569.3A CN202310695569A CN116781339A CN 116781339 A CN116781339 A CN 116781339A CN 202310695569 A CN202310695569 A CN 202310695569A CN 116781339 A CN116781339 A CN 116781339A
- Authority
- CN
- China
- Prior art keywords
- data packet
- anonymous
- network
- anonymity
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 85
- 230000006854 communication Effects 0.000 title claims abstract description 85
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004458 analytical method Methods 0.000 claims abstract description 34
- 238000005516 engineering process Methods 0.000 claims abstract description 12
- 238000012545 processing Methods 0.000 claims description 19
- 238000010586 diagram Methods 0.000 claims description 7
- 239000003795 chemical substances by application Substances 0.000 claims description 4
- 239000004973 liquid crystal related substance Substances 0.000 claims description 4
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000003012 network analysis Methods 0.000 claims description 3
- 238000009472 formulation Methods 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims description 2
- 230000000007 visual effect Effects 0.000 claims description 2
- 238000012544 monitoring process Methods 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
- H04L49/252—Store and forward routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Abstract
The invention discloses a network anonymous communication method and device based on SDN, wherein the method comprises the following steps: 1) Topology analysis is carried out on the network through the SDN controller, and a path required by anonymous communication is determined; 2) Encrypting the data packet and adding an anonymous identifier into the data packet; 3) The controller performs routing and forwarding on the data packet according to a preset anonymity strategy; 4) The node forwards according to the anonymous identifier, so that the anonymity of the data packet is ensured; 5) After the data packet arrives at the destination, the destination node decrypts the data packet according to the anonymous identifier. The invention can carry out topology analysis on the network based on SDN technology, realizes efficient data packet routing and forwarding, provides an efficient, safe and reliable network anonymous communication method and device, and can effectively protect user privacy and prevent network attack and monitoring.
Description
Technical Field
The invention relates to the field of computer network communication by information security technology, in particular to a network anonymous communication method and device based on SDN.
Background
Network communication has become an integral part of modern society, and people perform information transmission, communication and interaction through a network. However, with the continuous development of network technology, network security problems are also becoming increasingly prominent. In network communication, privacy disclosure and information security have been a focus of attention, and anonymous communication techniques have been developed in order to protect privacy and information security of a communication subject.
In conventional network communications, identity and location information of a communicating body is easily acquired by an attacker, thereby causing information disclosure and privacy exposure. The anonymous communication technology protects the privacy and information security of the communication body by hiding the identity and position information of the communication body. Anonymous communication technology has been widely used in medical, financial, government and other fields as an important means for protecting privacy and information security. Currently, anonymous communication techniques face some challenges and problems. The conventional anonymous communication technology has problems of security and efficiency, such as risk of an attacker acquiring information of a communication subject through means of network analysis and the like, and also has problems of low communication efficiency.
The invention provides an innovative data security solution, and the network flow can be controlled in real time through the management of the SDN controller, so that the stability and the security of the network are improved. By the functions of anonymous identifier generation, data packet encryption, routing selection, anonymous data packet forwarding, data packet decryption and the like, control and management of various links of anonymous communication can be realized, so that the safety and reliability of anonymous communication are improved.
Disclosure of Invention
The invention discloses a network anonymous communication method and device based on SDN, wherein the method comprises the following steps: 1) Topology analysis is carried out on the network through the SDN controller, and a path required by anonymous communication is determined; 2) Encrypting the data packet and adding an anonymous identifier into the data packet; 3) The controller performs routing and forwarding on the data packet according to a preset anonymity strategy; 4) The node forwards according to the anonymous identifier, so that the anonymity of the data packet is ensured; 5) After the data packet arrives at the destination, the destination node decrypts the data packet according to the anonymous identifier.
The technical scheme of the invention is as follows: a network anonymous communication method based on SDN comprises the following steps:
1) Topology analysis is carried out on the network through the SDN controller, and a path required by anonymous communication is determined;
2) Encrypting the data packet and adding an anonymous identifier into the data packet;
3) The data packet is sent to an SDN controller, and the controller carries out routing selection and forwarding on the data packet according to a preset anonymity strategy;
4) When the data packet passes through each node in the network, the node forwards according to the anonymous identifier, so that the anonymity of the data packet is ensured;
5) After the data packet arrives at the destination, the destination node decrypts the data packet according to the anonymous identifier and performs corresponding processing.
Furthermore, in the method, in step 1), the topology analysis is performed on the network, so that the SDN controller can know the connection relationship between the network structure and the nodes, thereby making an anonymity policy; the topology analysis refers to analyzing the structure and connection relation of the network so as to know the conditions of nodes and links in the network, including the information of the number, the position, the connection mode, the bandwidth and the like of the nodes; through topology analysis, the SDN controller can know the overall structure and performance characteristics of the network and provide basis for making anonymous strategies; the topology analysis may employ various methods, such as an analysis method based on a network topology map, an analysis method based on link state information, an analysis method based on network traffic, and the like; among them, the analysis method based on the network topology diagram is one of the most commonly used methods; the method carries out visual display on nodes and links in a network by constructing a network topological graph, so that the structure and the connection relation of the network are intuitively known; the topology analysis can be combined with other network analysis technologies, such as network traffic analysis, network performance evaluation and the like, so that the performance characteristics and the problem bottlenecks of the network are further known, and a more accurate basis is provided for making an anonymity strategy.
Further, the method is characterized in that in step 2), the anonymous identifier refers to an identifier for protecting privacy of a communication subject, and the identifier can hide the true identity of the communication subject, thereby protecting privacy of the communication subject; in SDN-based network anonymous communications, anonymous identifiers are one of the important means for protecting the privacy of the communicating parties. It can be generated in a variety of ways: such as hash function-based methods, public key cryptography-based methods, etc.; among them, the hash function-based method is one of the most commonly used methods; the method comprises the steps of generating a unique anonymous identifier by carrying out hash operation on real identity information of a communication main body, and adding the unique anonymous identifier into a data packet; because of the irreversibility and uniqueness of the hash function, each communication main body can generate a unique anonymous identifier, thereby ensuring the anonymity of the communication main body; in SDN-based network anonymous communications, generation and use of anonymous identifiers need to follow certain rules and policies, such as validity period of anonymous identifiers, number of uses of anonymous identifiers, update policies of anonymous identifiers, etc.; these rules and policies need to be formulated and adjusted according to specific application scenarios and security requirements to ensure security and anonymity of communications.
Furthermore, the method is characterized in that in step 3), the anonymity policy is a policy for protecting privacy of the communication body, and a series of rules and measures can be formulated according to specific application scenarios and security requirements, so as to protect privacy and security of the communication body. In SDN based network anonymous communications, the anonymization policy may include a number of aspects, such as generation and usage rules for anonymization identifiers, forwarding policies for anonymized packets, routing policies for anonymized packets, and so forth; the establishment of the anonymity policy needs to consider a plurality of factors, such as privacy requirements of a communication main body, performance characteristics of a network, security requirements and the like; under the general condition, anonymizing strategies need to comprehensively consider the factors, and a set of scientific and reasonable rules and measures are formulated to protect the privacy and safety of a communication main body; the formulation of the anonymization policy needs to follow certain principles and methods, such as considering feasibility of the anonymization policy, efficiency of the anonymization policy, security of the anonymization policy, etc.
Further, the method is characterized in that in step 4), the step of ensuring anonymity of the data packet refers to embedding an anonymous identifier in the data packet to hide the true identity of the communication subject; firstly, generating an anonymous identifier at a sender client and embedding the anonymous identifier into a data packet; since the anonymous identifier generated by each communication agent is unique, different communication agents can be distinguished; secondly, when the receiving party client analyzes the data packet, the source of the data packet can be identified through the anonymous identifier; when the data packet is forwarded through the anonymous identifier, the true identity of the communication main body is not required to be known, and the data packet is only required to be forwarded to the next node; thus, anonymity of the data packet is ensured; in SDN-based network anonymous communications, ensuring anonymity of data packets also requires consideration of a number of factors, such as uniqueness and non-counterfeitability of anonymous identifiers, reuse issues, and so forth.
Still further, the method is characterized in that in step 5), the data packet is decrypted according to the anonymous identifier, that is, the received data packet is decrypted according to the anonymous identifier during anonymous communication; in SDN based network anonymous communications, various methods may be employed to decrypt the data packets according to the anonymous identifier, such as encryption algorithm based methods, decryption key based methods, and so on; among them, the encryption algorithm-based method is one of the most commonly used methods. The method ensures the security of the data packet by encrypting the data packet when transmitting the data packet and then decrypting the data packet according to the anonymous identifier when receiving the data packet.
The invention also discloses a network anonymous communication device based on SDN, which is characterized in that topology analysis is carried out on the network through SDN technology, so that efficient data packet routing and forwarding are realized; wherein the core module comprises: the system comprises an SDN controller module, an anonymous identifier generation module, a data packet encryption module, a routing module, an anonymous data packet forwarding module and a data packet decryption module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the SDN controller module is used for realizing management and control of network traffic, including distribution of traffic, routing, forwarding of data packets and the like, and can preset anonymous strategies, and route selection and forwarding are carried out according to the strategies;
the anonymous identifier generation module is used for generating an anonymous identifier. The real identity of the communication main body can be hidden through the anonymous identifier, so that the privacy of the communication main body is protected, different anonymous identifiers are generated according to different anonymity strategies, and anonymity guarantee is provided for the data packet;
the data packet encryption module is used for encrypting the data packet and preventing the data packet from being intercepted and decrypted by an attacker. The data packet encryption module encrypts the data packet by using a symmetric encryption algorithm;
the routing module is used for selecting the routing of the data packet so as to ensure the smoothness of a communication route and realize the safe and efficient routing of the data packet;
the anonymous data packet forwarding module is used for forwarding anonymous data packets and guaranteeing anonymity and safety of the data packets;
the data packet decryption module is used for decrypting the data packet, decrypting the encrypted data packet into an original data packet and performing corresponding processing.
Advantageous effects
Compared with the prior art, the invention has the beneficial effects that:
(1) The invention is based on SDN technology, and can realize efficient data packet routing and forwarding by carrying out topology analysis and preset anonymity strategy on the network. Meanwhile, by encryption processing and addition of an anonymous identifier, the privacy of a user can be effectively protected, network attack and monitoring are prevented, and the security of anonymous communication is improved.
(2) The invention can carry out topology analysis on the network by utilizing SDN technology, thereby realizing high-efficiency management on network traffic. By presetting an anonymous policy, efficient data packet routing and forwarding can be realized, and the anonymous communication efficiency is improved.
(3) The invention performs topology analysis and preset anonymity strategy to the network, can realize high-efficiency control to network flow, and improves reliability of anonymity communication.
Drawings
Fig. 1 is a schematic diagram of a network anonymous communication method and device based on SDN.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention comprises the following steps: analyzing each path of the network, and selecting an optimal path to transmit the data packet according to an algorithm of the SDN controller; selecting an encryption algorithm, and carrying out encryption processing on the data packet; adding an anonymous identifier to the data packet; sending the encrypted data packet to an SDN controller; the SDN controller receives the encrypted data packet and analyzes the anonymous identifier; selecting an anonymous forwarding path according to a preset anonymity strategy; according to the route selection result, the data packet is sent to the next node; after receiving the data packet, the node analyzes the anonymous identifier and forwards the anonymous identifier according to the identifier; the node forwards the data packet to the next node by using the routing information provided by the SDN controller; after receiving the data packet, the destination node analyzes the anonymous identifier; decrypting the anonymous identifier to obtain an original data packet; and carrying out corresponding processing on the original data packet, and storing, forwarding or discarding the data packet according to the requirement.
Fig. 1 shows a flowchart of an embodiment of an SDN based network anonymous communication method according to the present invention, mainly comprising the following steps:
s101, obtaining a topological structure of a network, wherein the topological structure comprises information such as each node, each link, each switch and the like in the network;
s102, analyzing each path of the network, and selecting an optimal path to transmit the data packet according to an algorithm of the SDN controller;
s201, selecting an encryption algorithm, and carrying out encryption processing on the data packet;
s202, adding an anonymous identifier into a data packet;
s203, the encrypted data packet is sent to an SDN controller;
s301, the SDN controller receives the encrypted data packet and analyzes an anonymous identifier;
s302, selecting an anonymous forwarding path according to a preset anonymity strategy;
s303, according to the route selection result, the data packet is sent to the next node;
s401, after receiving the data packet, the node analyzes the anonymous identifier and forwards the anonymous identifier according to the identifier;
s402, the node forwards the data packet to the next node by using the route information provided by the SDN controller;
s501, after receiving the data packet, the destination node analyzes the anonymous identifier;
s502, performing decryption processing by using the anonymous identifier to obtain an original data packet;
s503, the original data packet is processed correspondingly, and the data packet is stored, forwarded or discarded as required.
Specifically, in step S101, the SDN controller first sends a query request to each switch in the network to obtain topology information of the switch. And then the topology information of each switch is collected and integrated to generate a topology structure diagram of the network. Finally, the topology structure diagram is analyzed to identify information such as each node, link, switch and the like in the network.
In step S102, the SDN controller determines a start point and an end point of a data packet transmission according to the network topology structure diagram. And analyzing all possible transmission paths by using a network topology structure diagram and a preset anonymity strategy. And evaluating all possible transmission paths by using an optimal path selection algorithm, and selecting an optimal path for data packet transmission, wherein evaluation factors comprise reliability, bandwidth utilization, delay and the like of the path.
In step S201, the data packet may be intercepted or intercepted during the process of reaching the destination node from the source node, so that the data packet needs to be encrypted to prevent data leakage. When a data packet in the SDN network needs to be anonymously processed, an encryption algorithm needs to be selected to encrypt the data packet. The encryption algorithm aims at converting the data packet into data which is random and unordered, so that the privacy and the security of the data are ensured.
In step S202, in the process of implementing anonymization of the SDN network, an anonymous identifier needs to be added to the data packet to prevent the data packet from being tracked. An anonymous identifier is a unique identifier for identifying a data packet, and functions to make it impossible for each node in an SDN network to identify and track the true source and destination of the data packet. To reduce the likelihood of identifier duplication, multiple information, such as time stamps, random numbers, encrypted hash values, etc., may be used in combination to generate more complex anonymous identifiers.
In step S203, after the anonymization process is completed, the data packet is sent to the SDN controller, and the controller routes and forwards the data packet. In this process, the encrypted data packets need to be transmitted to the SDN controller for decryption and analysis by the controller. Therefore, sending the encrypted data packets to the controller is an important step in ensuring anonymity of the SDN network. This step may be performed by using a secure transport protocol (such as TLS or IPsec) to ensure transport security.
In step S301, after the SDN network anonymization process is completed, the encrypted data packet is sent to the SDN controller. The controller needs to decrypt the data packet to obtain the information in the data packet and parse the anonymous identifier. After resolving the anonymous identifier, the SDN controller can identify the source and destination of the data packet, and then select an anonymous forwarding path for the data packet.
In step S302, the SDN controller selects an anonymous forwarding path according to a preset anonymity policy to hide the sender and the receiver of the data packet. This anonymization policy may be formulated based on a variety of factors, such as bandwidth, latency, network topology, etc. The anonymization strategy is formulated according to the actual requirements and network characteristics, and the reliability and the efficiency of an anonymization transmission path can be ensured.
In step S303, after determining the anonymous forwarding path, the SDN controller needs to forward the data packet to the next node. To achieve anonymous transmission of data packets, the SDN controller may randomly select an anonymous forwarding path and send the data packets to the next node designated by the path. When a packet is transmitted along an anonymous forwarding path, all nodes on the path cannot identify the sender and receiver of the packet. Before finally reaching a receiver, the data packet may sequentially pass through a plurality of nodes, and through multi-layer anonymous protection, so that the security and privacy of the data packet are ensured.
In step S401, when a node receives a data packet anonymously processed by an SDN network, the node needs to parse out an anonymity identifier to determine a forwarding direction of the data packet. After resolving the anonymous identifier, the node selects an anonymous forwarding path according to the information in the identifier and forwards the data packet to the next node designated by the path.
In step S402, after determining the anonymous forwarding path, the node needs to forward the data packet to the next node using the routing information provided by the SDN controller. The SDN controller may provide the address and forwarding path of the next node to the node according to the network topology and routing policy. The node may forward the data packet to the next node via a routing table or other means and ensure anonymity of the data packet. When a packet is transmitted along an anonymous forwarding path, all nodes on the path cannot identify the sender and receiver of the packet. The forwarding operation of the node may be implemented using an SDN protocol such as the OpenFlow protocol, so as to ensure reliable forwarding of the data packet.
In step S501, when a node receives a data packet anonymously processed by an SDN network, a destination node needs to parse out an anonymous identifier to determine a source of the data packet and an anonymous forwarding path. The destination node can determine the source of the sender and the path of the data packet by analyzing the information in the anonymous identifier, thereby confirming the source and the path of the data packet and decrypting the data packet.
In step S502, after receiving the data packet, the destination node needs to perform decryption processing using the anonymous identifier to obtain the content of the original data packet. Based on the information in the anonymous identifier, the destination node may obtain a decryption key to decrypt the data packet. After the decryption process is completed, the destination node can acquire the content of the original data packet.
In step S503, after the destination node obtains the original data packet, corresponding processing, such as storing, forwarding or discarding the data packet, needs to be performed according to the content and the need of the data packet. If the data packet is data that needs to be stored, the destination node may store the data packet in a local store or a remote store. If the data packet needs to be forwarded to other nodes, the destination node may forward the data packet to the destination node using routing information provided by the SDN controller. The destination node may discard the packet directly if the packet is invalid or does not require processing. When processing the data packet, the destination node needs to perform corresponding processing operation according to the actual demand and the security policy.
For example, it is assumed that one hospital needs to exchange and share patient data with other hospitals, but privacy and security in the data transmission process need to be ensured due to privacy concerns. The hospital may perform topology analysis on the network through the SDN controller to determine which paths to use for anonymous communications. After topology analysis is complete, the network paths required for anonymous communications can be determined. For patient data to be shared, before the data packet is sent, the hospital needs to encrypt the data packet and add an anonymous identifier to the data packet so as to ensure the privacy and the security of the data packet. After encryption processing and addition of the anonymous identifier, the data packet is sent to the SDN controller, and routing and forwarding are performed according to an anonymous policy preset by the controller. The controller performs anonymous processing and routing on the data packet according to the security policy and the anonymity requirement, and forwards the data packet to the next node. When the data packet passes through each node in the network, the node forwards according to the anonymous identifier, so that the anonymity of the data packet is ensured. The actual source and destination addresses of the data packets cannot be seen at any one node in the network. When the packet eventually reaches the destination, the destination node decrypts the packet based on the anonymous identifier and performs corresponding processing, such as storage, analysis, or other operations. When processing the data packet, the destination node needs to perform corresponding processing operation according to the actual demand and the security policy.
The above examples are provided for the purpose of describing the present invention only and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalents and modifications that do not depart from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (7)
1. A network anonymous communication method based on SDN comprises the following steps:
1) Topology analysis is carried out on the network through the SDN controller, and a path required by anonymous communication is determined;
2) Encrypting the data packet and adding an anonymous identifier into the data packet;
3) The data packet is sent to an SDN controller, and the controller carries out routing selection and forwarding on the data packet according to a preset anonymity strategy;
4) When the data packet passes through each node in the network, the node forwards according to the anonymous identifier, so that the anonymity of the data packet is ensured;
5) After the data packet arrives at the destination, the destination node decrypts the data packet according to the anonymous identifier and performs corresponding processing.
2. The method of claim 1, wherein in step 1), the topology analysis is performed on the network, so that the SDN controller can learn a connection relationship between the network structure and the node, thereby making an anonymity policy; the topology analysis refers to analyzing the structure and connection relation of the network so as to know the conditions of nodes and links in the network, including the information of the number, the position, the connection mode, the bandwidth and the like of the nodes; through topology analysis, the SDN controller can know the overall structure and performance characteristics of the network and provide basis for making anonymous strategies; the topology analysis may employ various methods, such as an analysis method based on a network topology map, an analysis method based on link state information, an analysis method based on network traffic, and the like; among them, the analysis method based on the network topology diagram is one of the most commonly used methods; the method carries out visual display on nodes and links in a network by constructing a network topological graph, so that the structure and the connection relation of the network are intuitively known; the topology analysis can be combined with other network analysis technologies, such as network traffic analysis, network performance evaluation and the like, so that the performance characteristics and the problem bottlenecks of the network are further known, and a more accurate basis is provided for making an anonymity strategy.
3. The method according to claim 1, wherein in step 2), the anonymous identifier is an identifier for protecting privacy of the communication body, which can hide the true identity of the communication body, thereby protecting privacy of the communication body; in SDN-based network anonymous communications, anonymous identifiers are one of the important means for protecting the privacy of the communicating parties. It can be generated in a variety of ways: such as hash function-based methods, public key cryptography-based methods, etc.; among them, the hash function-based method is one of the most commonly used methods; the method comprises the steps of generating a unique anonymous identifier by carrying out hash operation on real identity information of a communication main body, and adding the unique anonymous identifier into a data packet; because of the irreversibility and uniqueness of the hash function, each communication main body can generate a unique anonymous identifier, thereby ensuring the anonymity of the communication main body; in SDN-based network anonymous communications, generation and use of anonymous identifiers need to follow certain rules and policies, such as validity period of anonymous identifiers, number of uses of anonymous identifiers, update policies of anonymous identifiers, etc.; these rules and policies need to be formulated and adjusted according to specific application scenarios and security requirements to ensure security and anonymity of communications.
4. The method according to claim 1, wherein in step 3), the anonymity policy is a policy for protecting privacy of the communication body, and a series of rules and measures can be formulated according to specific application scenarios and security requirements, so as to protect privacy and security of the communication body. In SDN based network anonymous communications, the anonymization policy may include a number of aspects, such as generation and usage rules for anonymization identifiers, forwarding policies for anonymized packets, routing policies for anonymized packets, and so forth; the establishment of the anonymity policy needs to consider a plurality of factors, such as privacy requirements of a communication main body, performance characteristics of a network, security requirements and the like; under the general condition, anonymizing strategies need to comprehensively consider the factors, and a set of scientific and reasonable rules and measures are formulated to protect the privacy and safety of a communication main body; the formulation of the anonymization policy needs to follow certain principles and methods, such as considering feasibility of the anonymization policy, efficiency of the anonymization policy, security of the anonymization policy, etc.
5. The method according to claim 1, wherein in step 4), said ensuring the anonymity of the data packet means embedding an anonymous identifier in the data packet to hide the true identity of the communicating entity; firstly, generating an anonymous identifier at a sender client and embedding the anonymous identifier into a data packet; since the anonymous identifier generated by each communication agent is unique, different communication agents can be distinguished; secondly, when the receiving party client analyzes the data packet, the source of the data packet can be identified through the anonymous identifier; when the data packet is forwarded through the anonymous identifier, the true identity of the communication main body is not required to be known, and the data packet is only required to be forwarded to the next node; thus, anonymity of the data packet is ensured; in SDN-based network anonymous communications, ensuring anonymity of data packets also requires consideration of a number of factors, such as uniqueness and non-counterfeitability of anonymous identifiers, reuse issues, and so forth.
6. The method according to claim 1, wherein in step 5), the data packets are decrypted based on the anonymous identifier, i.e. the received data packets are decrypted based on the anonymous identifier during the anonymous communication; in SDN based network anonymous communications, various methods may be employed to decrypt the data packets according to the anonymous identifier, such as encryption algorithm based methods, decryption key based methods, and so on; among them, the encryption algorithm-based method is one of the most commonly used methods. The method ensures the security of the data packet by encrypting the data packet when transmitting the data packet and then decrypting the data packet according to the anonymous identifier when receiving the data packet.
7. The network anonymous communication device based on SDN is characterized in that topology analysis is carried out on a network through SDN technology, so that efficient data packet routing and forwarding are realized; wherein the core module comprises: the system comprises an SDN controller module, an anonymous identifier generation module, a data packet encryption module, a routing module, an anonymous data packet forwarding module and a data packet decryption module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the SDN controller module is used for realizing management and control of network traffic, including distribution of traffic, routing, forwarding of data packets and the like, and can preset anonymous strategies, and route selection and forwarding are carried out according to the strategies;
the anonymous identifier generation module is used for generating an anonymous identifier. The real identity of the communication main body can be hidden through the anonymous identifier, so that the privacy of the communication main body is protected, different anonymous identifiers are generated according to different anonymity strategies, and anonymity guarantee is provided for the data packet;
the data packet encryption module is used for encrypting the data packet and preventing the data packet from being intercepted and decrypted by an attacker. The data packet encryption module encrypts the data packet by using a symmetric encryption algorithm;
the routing module is used for selecting the routing of the data packet so as to ensure the smoothness of a communication route and realize the safe and efficient routing of the data packet;
the anonymous data packet forwarding module is used for forwarding anonymous data packets and guaranteeing anonymity and safety of the data packets;
the data packet decryption module is used for decrypting the data packet, decrypting the encrypted data packet into an original data packet and performing corresponding processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310695569.3A CN116781339A (en) | 2023-06-13 | 2023-06-13 | Network anonymous communication method and device based on SDN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310695569.3A CN116781339A (en) | 2023-06-13 | 2023-06-13 | Network anonymous communication method and device based on SDN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116781339A true CN116781339A (en) | 2023-09-19 |
Family
ID=87992350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310695569.3A Pending CN116781339A (en) | 2023-06-13 | 2023-06-13 | Network anonymous communication method and device based on SDN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116781339A (en) |
-
2023
- 2023-06-13 CN CN202310695569.3A patent/CN116781339A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220006627A1 (en) | Quantum key distribution node apparatus and method for quantum key distribution thereof | |
| US9338150B2 (en) | Content-centric networking | |
| JP3263878B2 (en) | Cryptographic communication system | |
| KR101936758B1 (en) | Encryption apparatus and method for integrity of information inquiry history | |
| US7016499B2 (en) | Secure ephemeral decryptability | |
| WO2019128753A1 (en) | Quantum key mobile service method with low delay | |
| US8824474B2 (en) | Packet routing in a network | |
| Bernardini et al. | PrivICN: Privacy-preserving content retrieval in information-centric networking | |
| JP2002217896A (en) | Method for cipher communication and gateway device | |
| CN111726346B (en) | Data secure transmission method, device and system | |
| CN113726795A (en) | Message forwarding method and device, electronic equipment and readable storage medium | |
| Abdulaziz et al. | A decentralized application for secure messaging in a trustless environment | |
| Boussada et al. | PP-NDNoT: On preserving privacy in IoT-based E-health systems over NDN | |
| CN109905310B (en) | Data transmission method and device and electronic equipment | |
| Boussada et al. | A secure and privacy-preserving solution for iot over ndn applied to e-health | |
| Bakiras et al. | Secure and anonymous communications over delay tolerant networks | |
| CN116405320B (en) | Data transmission method and device | |
| Haase et al. | Secure communication protocol for network-on-chip with authenticated encryption and recovery mechanism | |
| CN115733683A (en) | Method for realizing Ethernet link self-organizing encryption tunnel by adopting quantum key distribution | |
| CN116781339A (en) | Network anonymous communication method and device based on SDN | |
| CN113973007B (en) | Time-controlled encryption anonymous query method and system based on broadcast encryption and onion routing | |
| CN112968902B (en) | Named data network-based hidden IP method | |
| JP3263879B2 (en) | Cryptographic communication system | |
| CN109361684B (en) | Dynamic encryption method and system for VXLAN tunnel | |
| Ramezanian et al. | Lightweight privacy-preserving ride-sharing protocols for autonomous cars |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |