Design And Implementation Of WLAN Source Address Validation Scheme Based On SDN

With the rise and rapid development of mobile Internet,WLAN has become the primary choice for mobile terminals to access the Internet due to its convenience,high speed and low cost.Due to these advantages of WLAN,WLAN is now facing more serious security challenges.The design of IP protocol fails to consider the authentication of the users' source address,which makes the DDOS attack of the source address forgery become one of the biggest security threats to the network.Moreover,At present,wireless network access mobile applications are suspected of invading other owner's WiFi network and stealing personal information,which brings new challenges to network and user information security.With the application and popularization of next generation Internet IPv6 technology,the deployment and application of multiple security schemes through IPv4/v6 technology in WLAN are particularly studied in this thesis.This thesis analyzes the main threats to WLAN,and investigates the solutions of multiple source address authentication.The SAVI scheme proposed in the International Standard RFC 7039 and Innovative network architecture SDN technology is selected to solve source address authentication problem.Finally,The SAVI scheme based on SDN and user identity authentication is realized according to the principles of SDN technology and Web authentication.The innovation of this thesis is as below.This thesis has pioneered the deployment of SAVI scheme to wireless access switches.The function of IPv4/v6 source address authentication is realized on the SDN platform.Moreover,the SAVI scheme and the application layer scheme are combined to form the security defense system of WLAN.A SDN and an identity authentication development environment are established to realize SAVI and identity authentication.The function and performance of SAVI scheme and user identity authentication are tested.Based on the advantages of SDN in network management,a complete management scheme of information such as traffic monitoring,network topology and user identity in WLAN is formed combined with the user management scheme in application layer.Finally,the shortcomings of this paper and the future extensible fields are analyzed.This thesis is a specific application of SDN in WLAN security.This system is currently deployed and used in the laboratory,and it provides technical support for two innovative projects.