| Network functions virtualization is a new telecommunication technology.It separates software instance from hardware platform by using standard IT virtualization and cloud technology,and decouples function from location to provide network service more quickly.The NFV eventually realizes the replacement of dedicated network element devices in the communications network with general-purpose servers and memories,providing a new way for telecommunications service providers to design,deploy,and manage networks.While NFV provides better scalability and automation capabilities for the next generation of network services,it also brings security problems.Due to the decoupling of hardware and software,each component of the NFV network may be provided by different operators,which makes the NFV network more vulnerable.In NFV,the integrity protection and non-repudiation of data transmission between components can be realized by authentication technology.However,because of the flexibility and virtualization of NFV network,traditional authentication technology can not meet the needs of NFV.Therefore,in order to solve these problems,the main work has been done as follows:Based on the analysis and research of certificate requirements and certificate deployment requirements in NFV environment,a certificate automation security deployment process in NFV is designed on the basis of NFV certificate deployment architecture.The process consists of two stages: the interaction between the infrastructure layer and the execution environment layer,and the interaction between the execution environment layer and the application layer.Through deploying certificates for virtual machines in different administrative domains,the security scheduling of virtual resources can be realized by different layers.Finally,based on the certificate automation security deployment process in the above,it designs a key agreement protocol between VNF instances which is based on certificate,and it realizes secure connection and group secure communication between VNF instances.To better satisfy the characteristics of service chain in NFV,which is independent of hardware devices,and the topology of which is easy to change.So an authenticated key management scheme on the service chain is proposed.This scheme is based on the bilinear mapping cryptosystem and combines the idea of(t,n)threshold.The communication key on the service chain is generated by key agreement.When the service chain changes dynamically,the security of the service chain is guaranteed by updating the group communication key.Finally,by analyzing the correctness and security of the scheme,it shows that the scheme not only realizes the secure communication between VNF instances,but also satisfies the trust reconstruction of each VNF instance under the dynamic change of service chain. |
PDF Full Text Request