基于改进HABE算法的层次化多中心SDN跨域传输系统研究  被引量：6

作　　者：周波[1] 王树磊 Zhou Bo;Wang Shulei(Electronic Information Technology School, Nanjing Vocational College of Information Technology, Nanjing 210023;School of Civil Aviation Flight, Changzhou Institute of Technology, Changzhou 213032)

机构地区：[1]南京信息职业技术学院电子信息学院,南京210023 [2]常州工学院民航飞行学院,常州213032

出　　处：《高技术通讯》2020年第11期1122-1132,共11页Chinese High Technology Letters

基　　金：国家自然科学基金(61571241);江苏高校品牌专业建设工程(PPZY2015C242);江苏省高等学校自然科学研究(18KJB510024)资助项目。

摘　　要：层次化多中心软件定义网络(HMC-SDN)是一种能够提高大规模网络服务质量和扩展性的有效架构。然而现有的HMC-SDN架构中的跨域通信缺少足够的安全保护,使其中的敏感数据十分容易泄露且不易察觉。本文提出一种基于可认证层次化的密文策略属性加密算法(VH-CP-ABE)。依托HMC-SDN的层次化控制器构建层次化的属性权。交换机利用授权私钥辅以访问策略来加密跨域传输的数据包,在保证密文长度常量化的同时实现跨域安全传输。此外,交换机持有的授权私钥嵌入了交换机本身和相关控制器的身份标识,可以在解密的过程中验证授权私钥的合法性,进一步提升了跨域传输的安全性。经证明,本方案能够在随机预言机模型下达到IND-CCA2安全等级。性能分析及仿真表明,该方案为HMC-SDN跨域通信提供了良好的安全性和高效性。Hierarchical multi-center software defined network(HMC-SDN)is an efficient architecture to improve service quality and scalability for large-scale network.However,inter-domain transmission among switches in existing HMC-SDN architecture is short of appropriate secure protection,which makes sensitive data leakage easy and undetectable.A verifiable and hierarchical ciphertext-policy attribute-based encryption(VH-CP-ABE)is proposed.Hierarchical attribute authorities are built based on hierarchical controllers.Switches encrypt data are packaged by the authorized private key and the access policy,which keeps the size of ciphertext constant and inter-domain transmission secure.Moreover,identities of the switch and corresponding controllers are embedded into its authorized private key,so it can verify the legitimacy of the authorized private key during decryption in order to improve security of inter-domain transmission.It can be proved that the proposed scheme achieves IND-CCA2 security in random Oracle model.The performance analysis and simulation show that it provides both good security and efficiency to inter-domain transmission in HMC-SDN.

关 键 词：软件定义网络(SDN) 跨域传输 属性加密(ABE) 访问控制 密钥认证 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]