Research On Security Mechanism For Software Defined Network Based On Blockchain

Software defined network(SDN)is a new network innovation architecture proposed by the research group of Stanford University in the United States.It can define and control the network through software programming.Its characteristics of separation of control plane and data plane,and programmable interface provide a new research approach for the current Internet architecture research,and greatly promote the development of the next generation Internet.However,the architecture of SDN centralized management and control will also introduce some serious security problems,such as single point of failure,network view consistency in multi controller environment,and spoofing attacks launched by malicious switches.Blockchain is a new application mode of distributed data storage,point-to-point transmission,consensus mechanism,e ncryption mechanism and other computer technologies.It is decentralized,tamper proof,traceable,common maintenance,open and transparent.These characteristics ensure the "absolute honesty" and "complete transparency" of blockchain,and can solve the pr oblem of information asymmetry,Realize the cooperation and concerted action of trust among multiple subjects.Therefore,the application of blockchain in SDN has become a research hotspot to solve its security problems.Aiming at the above mentioned secur ity problems,based on the idea of blockchain and keyless signature mechanism,this dissertation proposes a security scheme BCSDN(Blockchain-based Software Defined Network security mechanism)for SDN.The main research work is as follows :Aiming at the single point of failure problem in SDN,a multi-controller architecture with centralized logic and physical distribution is adopted.In the control plane,the number of controllers is increased to expand the control plane with single structure and centralized control.Multiple controllers are used to control and manage the network to avoid the possible paralysis of the whole network.Aiming at the problem of vi ew consistency in multi controller network,a consensus scheme based on blockchain is proposed.In the scheme,the controller first stores the collected link information in Merkle tree to form a root hash,and then constructs a block combined with other fi elds.Finally,the master controller is elected by consensus algorithm among nodes.The master controller connects the block to the blockchain,and all link states are recorded on the blockchain to ensure the consistency of global network data.Aiming at the problem of spoofing attack initiated by malicious switch in controller switch secure channel,a security mechanism is proposed by combining keyless signature with blockchain.First of all,when the switch applies for the flow table,the controller will verify the switch's signature.Then,only the successfully verified switch can receive the flow table from the controller and complete the data forwarding,so as to protect the communication channel between the controller and the switch from malicious attacks.This scheme combines the modules provided by the Floodlight controller and the Mininet to create a user-defined network topology,simulates the software defined network security mechanism based on the blockchain,and analyzes its feasibility and performance.Experiments show that BCSDN can solve the problem of single point of failure and maintain the consistency of network view,and form a secure controller switch interaction channel to complete the safe data forwarding.