Research On Network Information Hiding Technology In SDN

Software-defined networks(SDN),different from traditional network,is a new logically central controlled network architecture with seperated forwarding and control element.The security of data communication in SDN is the research hot-spot in the field of computer network security.As the latest branch of information hiding technology,network information hiding technology is the technique which embeds secret information into packets by modifying packet_header,payload,or timing information to realize secret message transmission or communication authentication.Concentrating on OpenFlow protocol,this paper studies the application of network information hiding technology in SDN network architecture,and the main contributions can be summarized as follows:(1)The packets structure,connection behaviour and time characteristics of the OpenFlow protocol are analyzed,including meanings of each field,the way and the process of establishing the connection,the interaction between the controller and the switch after the connection is established.This paper analyzes the redundancy of OpenFlow protocol in spatial and time domain,which exploits OpenFlow packet padding field distribution,inter-packet delay(IPD)and timing sequence distribution.It can provide a foundation for the design of timing channel and storage watermarking schemes in SDN.(2)With the time redundance in OpenFlow protocol,two multiple-flows timing channel schemes are proposed based on the order of reply packet arriving time(LLDP-order)and IPD between multiple flows(Multi-delay),which can transmit secret information between data plane and control plane by constructing timing channel on control packets.The simulation results show that the LLDP-order can achieve better undetectability while Multi-delay channels have better robustness.(3)A watermarking scheme based on unequal rate check is proposed with the redundance in OpenFlow packet header,which can be used to realize the unequal error protection of some important packets containing control instruction.The watermark information is generated by the hash algorithm and embedded into the redundant field of packets to realize the authenticity of the instruction.The effectiveness of the proposed scheme for data tampering attack detection is verified by collision probability analysis and simulation experiments.(4)A SDN network information hiding simulation platform is designed.The main functional modules include flow generator,channel jammer,packet tamper,timing channel constructor/extractor,watermark embedder/extractor,which can be used to evaluate network information hiding schemes in SDN.Finally,we summarize the disseratation and point out the problems that need to be further studied.