Design And Implementation Of Multicast Security Mechanism Based On Software Defined Network

Multicast is a traditional way of computer network communication.Because of its "one to many" communication characteristics,it has the advantages of saving network resources and reducing the load of sender.But at the beginning of IP multicast design,the security has not been paid attention to,which makes IP multicast vulnerable to security attacks,resulting in limited use scenarios.Adding membership authentication and multicast data encryption mechanism is the main research direction to improve the security of IP multicast.To realize the identity authentication mechanism,the commonly method is to establish a dedicated server as the authentication entity to implement access control on the members.However,in IP multicast,the cooperation between the authentication entity and the forwarding entity needs to be negotiated,which makes the implementation more complex.To improve the confidentiality of multicast messages,it is necessary to establish a multicast data encryption mechanism,but the management of keys is more difficult than unicast.The emergence of Software Defined Network has brought a new solution to the security problem of IP multicast.Based on the analysis of the current SDN multicast security research progress,this thesis believes that there are two defects in the following: the imperfect identity authentication scheme and the lack of message encryption mechanism.Therefore,this thesis proposes a SDN-based multicast security mechanism,which deploys a multicast security solution through the SDN controller,and realizes the unification of security policy and network forwarding function.In order to achieve faster identity authentication,this scheme uses a digital certificate mechanism to reduce the number of handshakes between group members and the SDN controller.In this scheme,each group member needs to apply for a digital certificate to the SDN controller in advance,which can distinguish the multicast source /receiver identity of the applicant.After possessing the certificate,members of the group only need to send their digital certificate information to the SDN controller when joining a multicast group.At the same time,this scheme designs an identity authentication and multicast join/exit message suitable for this scheme.The message format can carry identity authentication information while implementing multicast join and exit functions,so that the joining and authentication can be completed by only one message.In order to realize SDN-based encrypted multicast,a key management mechanism is designed to generate,distribute and update multicast session key through SDN controller,so that every authenticated group member can communicate encrypted multicast through the key.The experimental results show that the mechanism can achieve the identity authentication of multicast source and receiver by issuing digital certificates,and realize the encrypted SDN multicast communication,which improves the security of multicast.