Research On SDN Security Mechanism Based On Blockchain

With the deployment of Software-Defined-Networking(SDN),the security issues facing SDN are becoming increasingly prominent.Nowadays,the security issues of SDN have become a key factor restricting its development.At the application layer,the main security problem of SDN is the incomplete application authentication mechanism and permission management;at the control layer,because the controller is the core node controlling the entire network,its main security problem is a single point of failure of the controller;at the data The main problem of the forwarding layer is that the integrity of the flow rule information issued by the controller does not have a good guarantee mechanism,and devices other than the controller in SDN do not have the ability to determine whether the flow rule has been tampered with by an attacker.As a result,the attacker can tamper with the flow table information of the switch,so that SDN traffic flows according to the attacker's intention,thereby causing a network function failure.This thesis aims at the main security problems faced by the above-mentioned SDN.Based on the blockchain technology,it is solved from the following aspects:? Aiming at the problems of SDN network information integrity guarantee,perfect node identity verification and authority management mechanism: Based on the immutable nature of blockchain technology and the characteristics of decentralization,this thesis proposes a blockchain-based SDN security guarantee model.On-chain storage of SDN flow rules,node identity and authority information,and global information of the controller ensures the integrity of network information.A distributed authentication mechanism is established through the blockchain network,which alleviates the problem that traditional centralized authentication is vulnerable to a single point of attack.In addition,based on the data on-chain storage and distributed authentication,role-based permissions are implemented.management.This thesis uses the Markov model to analyze the security performance of the blockchain-based SDN model,and simulates it based on this.The analysis and simulation results show that the model can significantly improve the security performance of SDN.?Aiming at the single point of failure of the controller: This thesis proposes a distributed SDN control model based on the blockchain.In this model,the single point controller is changed to a controller group,which is guaranteed by the consensus mechanism of the blockchain.The information of each controller is synchronized to prevent the controller from being vulnerable to asingle point of attack.In addition,the model has an efficient fault recovery strategy to ensure business continuity.By introducing edge nodes,the delay is greatly reduced.Simulation results show that the distributed SDN control model based on blockchain can significantly improve the security of the SDN control layer.?This thesis builds an SDN network management platform based on the Ryu controller,mininet and python flask framework.Through the development of the Ryu controller,self-learning switches,shortest path and other routing algorithms and other SDN control functions are implemented.The platform can be based on the simulation network created by mininet It can also be based on the physical network realized by the switch supporting the Openflow protocol,and the front-end platform based on the python flask framework can monitor the network information such as SDN topology,traffic status,link bandwidth,etc.in real time.In addition,this thesis builds a private chain system based on Ethereum,users can create accounts and trade,the system continuously generates new blocks through mining,and saves user transaction information.