Source Address Validation Improvement Implementation For Software Defined Wireless Networking

The forwarding of packets in the Internet is mainly based on the routing query and forwarding of IP destination address,and rarely the source IP address of the packet is checked.In this way,an attacker can attack the network by spoofing the source IP address of the packet or sending a fake data packet by imitating the IP address of the existing host source.To solve this problem,the researchers put forward the Source Address Validation Architecture(SAVA)based on the cable network.In the Wireless Local Area Network(WLAN),due to the openness of the wireless transmission,access point(AP)and WLAN are more susceptible to forge the source address packet types of attacks,for the source address of a packet validation can't like cable network switch port by identifying the source address binding.For the above problems,this paper based on the analysis of the existing source address validation under the present research situation and source address validation of WLAN on the basis of the draft,this paper proposes a Source Address Validation Improvement(SAVI)system of the wireless network,and based on the implementation of Software Defined Wireless Network(SDWN).From system application scenario,system function demand,system performance requirement,the system plan is proposed.In wireless access side packet source address validation method,is proposed in this paper the station(STA)building in the AP authentic source address binding table source address matching filter,and also puts forward the method based on large Composite Numbers prime factors decomposition certification mark certification for packet data to prevent forgery attacks and tamper with the packet data.At the same time,for the disassociation attack,the source address validation of the double-end Deauthentication or Disassociation frame is realized,which guarantees the robustness of the connection between the legal STA and the AP.Finally,based on the existing SDWN network,a wireless access network SAVI experiment platform was built,and the system function and performance were tested.The experimental results show that,compared with the original SDWN network,lowered the associated terminal access delay performance keep within 200ms(about 10%),single AP in 802.11 g mode of uplink throughput performance keep within 20%,uplink packet loss rate control under 0.5%.The AP can effectively to validate the received packets,for legal authentic packets forwarding,to forge packets identification filtering,and identify the success rate of 98.8%.The proposed system scheme provides a useful reference for wireless network to resist the attack of spoofing source address packets and source address validation.