| 周波*,王树磊**.基于改进HABE算法的层次化多中心SDN跨域传输系统研究[J].高技术通讯(中文),2020,30(11):1122~1132 |
| 基于改进HABE算法的层次化多中心SDN跨域传输系统研究 |
|
| |
| DOI:10.3772/j.issn.1002-0470.2020.11.004 |
| 中文关键词: 软件定义网络(SDN); 跨域传输; 属性加密(ABE); 访问控制; 密钥认证 |
| 英文关键词: software defined network(SDN), inter-domain transmission, attribute-based encryption (ABE), access control, key verification |
| 基金项目: |
|
| 摘要点击次数: 1904 |
| 全文下载次数: 1390 |
| 中文摘要: |
| 层次化多中心软件定义网络(HMC-SDN)是一种能够提高大规模网络服务质量和扩展性的有效架构。然而现有的HMC-SDN架构中的跨域通信缺少足够的安全保护,使其中的敏感数据十分容易泄露且不易察觉。本文提出一种基于可认证层次化的密文策略属性加密算法(VH-CP-ABE)。依托HMC-SDN的层次化控制器构建层次化的属性权。交换机利用授权私钥辅以访问策略来加密跨域传输的数据包,在保证密文长度常量化的同时实现跨域安全传输。此外,交换机持有的授权私钥嵌入了交换机本身和相关控制器的身份标识,可以在解密的过程中验证授权私钥的合法性,进一步提升了跨域传输的安全性。经证明,本方案能够在随机预言机模型下达到IND-CCA2安全等级。性能分析及仿真表明,该方案为HMC-SDN跨域通信提供了良好的安全性和高效性。 |
| 英文摘要: |
| Hierarchical multi-center software defined network (HMC-SDN) is an efficient architecture to improve service quality and scalability for large-scale network. However, inter-domain transmission among switches in existing HMC-SDN architecture is short of appropriate secure protection, which makes sensitive data leakage easy and undetectable. A verifiable and hierarchical ciphertext-policy attribute-based encryption (VH-CP-ABE) is proposed. Hierarchical attribute authorities are built based on hierarchical controllers. Switches encrypt data are packaged by the authorized private key and the access policy, which keeps the size of ciphertext constant and inter-domain transmission secure. Moreover, identities of the switch and corresponding controllers are embedded into its authorized private key, so it can verify the legitimacy of the authorized private key during decryption in order to improve security of inter-domain transmission. It can be proved that the proposed scheme achieves IND-CCA2 security in random Oracle model. The performance analysis and simulation show that it provides both good security and efficiency to inter-domain transmission in HMC-SDN. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |
