信息网络安全 ›› 2018, Vol. 18 ›› Issue (4): 23-31.doi: 10.3969/j.issn.1671-1122.2018.04.004

• • 上一篇    下一篇

基于OpenFlow的SDN终端接入控制研究

魏占祯, 王守融(), 李兆斌, 李伟隆   

  1. 北京电子科技学院,北京 100070
  • 收稿日期:2018-01-27 出版日期:2018-04-15 发布日期:2020-05-11
  • 作者简介:

    作者简介:魏占祯(1971—),男,青海,教授,硕士,主要研究方向为软件定义网络、网络安全与测评;王守融(1992—),男,山西,硕士研究生,主要研究方向为软件定义网络、网络安全与测评;李兆斌(1977—),男,内蒙古,副研究员,博士,主要研究方向为软件定义网络、网络安全与测评;李伟隆(1992—),男,辽宁,硕士研究生,主要研究方向为软件定义网络、网络安全与测评。

  • 基金资助:
    国家重点研发计划[2017YFGX110123];中央高校基本科研业务费专项资金[2017CL04]

Research on SDN Terminal Access Control Based on OpenFlow

Zhanzhen WEI, Shourong WANG(), Zhaobin LI, Weilong LI   

  1. Beijing Electronic Science Technology Institute, Beijing 100070, China
  • Received:2018-01-27 Online:2018-04-15 Published:2020-05-11

摘要:

为了解决基于OpenFlow的SDN终端安全接入问题,通过对现有SDN中针对终端安全接入解决方案的深入研究,文章提出一种基于OpenFlow的SDN终端接入控制系统。该系统将传统终端接入控制技术与基于OpenFlow的SDN新型网络相结合,主要实现了SDN环境下的用户身份认证、终端安全状态评估、用户服务授权和QoS控制等功能,并且对系统的安全性进行了详细分析。文章在Mininet中结合二次开发的RYU控制器进行网络仿真,完成了接入控制功能和通信时延性能的实验。实验结果表明,基于OpenFlow的SDN终端接入控制系统具有灵活的接入控制安全策略,能够检测SDN中不安全终端接入带来的威胁,不仅实现了用户的身份认证,而且能够保证接入终端的安全,实现不同安全状态终端的访问授权。性能测试结果表明,基于OpenFlow的SDN终端接入控制系统在身份认证时延、平台评估时延和通信时延等方面都能满足实际需要。

关键词: SDN, OpenFlow, 终端接入控制, 身份认证, 服务授权

Abstract:

In order to solve the security access problem of SDN terminal based on OpenFlow, an in-depth study of terminal secure access solutions in existing SDN networks is conducted, this paper proposes an network terminal access control system for SDN based on OpenFlow. The system drew on the traditional access control technology combined with the new SDN network based on OpenFlow. It mainly realized the functions of user identity authentication, terminal security status evaluation, authorized services for the user and different QoS control for authorized users in SDN networked environment and analyzed the security of the design system in detail. The network simulation is carried out in Mininet with the second developed RYU controller, and the experiments of access control function test and communication delay performance are carried out. The results showed that this mechanism had a flexible network access control security policy to detect and solved the security threats posed by unsafe terminal access in SDN, which not only realized the user identity authentication but also ensured the security of access terminal and achieved different security status of the terminal’s access authorization. Moreover, the performance test results shows that the OpenFlow-based SDN network terminal access control system can meet the actual needs in terms of authentication delay, platform evaluation delay and communication delay.

Key words: SDN, OpenFlow, terminal access control, authentication, service authorization

中图分类号: