Design And Implementation Of Source Address Authentication And Anonymous Communication System Based On SDN

With the development of computer technology,the requirements for communication security and anonymity protection are getting higher and higher.As a distributed architecture,the traditional network is difficult to control the global resources of the network,and the forwarding and control functions based on the traditional network devices are tightly coupled.Therefore,thanks to the idea that separation of forwarding and control in Software Defined Network(SDN)and the development convenience provided by its programmable interface,this thesis studies the communication security and anonymity protection issues based on SDN as follows:(1)Aiming at the problem of communication security,this thesis designs two source schemes of address authentication to detect the legitimacy of the initiator host.One is to improve the traditional binding method of MAC and IP.Controller get the source IP,source MAC,switch in-port information connected to the,and to bind triplet information to add flow table to authenticate the source address legitimacy;the other is to improve the traditional Calculating Path Forwarding(CPF)algorithm.SDN controller's topology management module maintains the global network topology,which can determine the forwarding path.The source IP,destination IP,inbound port and outbound port of the switch in the forwarding path are bound a quaternion flow table to authenticate the source address legally.(2)Aiming at the problem of anonymity protection,this thesis uses IP mutation technology,i.e.changing IP addresses in data packets through SDN switch nodes,which makes it difficult for attackers to obtain the information of both sides of communication.For ensure the generated address can uniquely identify the current data stream after used IP mutation technology,which improved an address generation algorithm based on SDN environment(M-Address Generation Algorithms,MAGA).Improved MAGA algorithms can ensure the anonymity completenes,and it proposed a changed IP and MAC algorithm to protect the data stream.Improved-MAGA algorithm can reduces the computational overhead and improves the security of anonymous communication based on MAGA algorithm.(3)In view of the fact that the default shortest path routing algorithm in SDN controller may have hot links.This thesis combines the measurement of link bandwidth utilization as a weight vector of the routing process on the shortest path to solve the problem that the data loss rate and delay are affected by the link overload of the default routing algorithm.Finally,this thesis designs and implements the system of source address authentication and anonymous communication based on SDN.And we test the system.The test results can prove the effectiveness of the research scheme.And then the anonymous communication under the scheme has higher security,which is more efficient and easier to deploy than the solution under the traditional network.