软件定义网络中的多流时间式隐信道设计

doi:10.3969/j.issn.1006-2475.2017.04.019

计算机与现代化

软件定义网络中的多流时间式隐信道设计

1.南京理工大学自动化学院,江苏南京210094；2.江苏科技大学电子信息学院,江苏镇江212003

收稿日期:2016-09-09 出版日期:2017-04-20 发布日期:2017-05-08
作者简介:印苏凯(1991-),男,江苏镇江人,南京理工大学自动化学院硕士研究生,研究方向:网络安全; 刘光杰(1980-),男,江苏徐州人,副研究员,博士,研究方向:网络安全,信息隐藏技术; 刘伟伟(1988-),男,江苏淮安人,讲师,博士,研究方向:网络安全,数字水印; 翟江涛(1983-),男,江苏镇江人,江苏科技大学电子信息学院讲师,博士,研究方向：网络安全,信息处理; 戴跃伟(1962-),男,江苏镇江人,教授,博士,研究方向:网络安全。
基金资助:
国家自然科学基金资助项目(61472188,61602247); 江苏省自然科学基金资助项目(BK20150472,BK20160840); 国家科技支撑计划项目(2014BAH41B01); 中央高校基本科研业务费专项资金资助项目(30920140121006,30915012208); CCF-启明星辰“鸿雁”科研基金资助项目

Design of Multiple-flow Timing Channel in Software-defined

1.School of Automation, Nanjing University of Science and Technology, Nanjing 210094, China;
2. School of Electronics and Information, Jiangsu University of Science and Technology, Zhenjiang 212003, China

Received:2016-09-09 Online:2017-04-20 Published:2017-05-08

摘要/Abstract

摘要： 软件定义网络(Software-defined Networking, SDN)是实现传统网络体系中的应用层、控制层和数据层解耦的一种新型网络架构。本文研究该网络环境下的隐蔽通信问题，基于OpenFlow控制器与交换机之间的交互特性，提出一种基于响应报文次序组合调制的多流时间式隐信道设计方案，该方案利用控制器与多交换机之间的链路层发现协议(Link Layer Discovery Protocol, LLDP)响应报文到达的次序分布构建组合累计分布函数并调制秘密信息。仿真实验结果表明所提方案具有较好的隐蔽性和鲁棒性。


关键词: 软件定义网络, 隐蔽通信, 时间式隐信道, 链路层发现协议

Abstract: Software-defined networks (SDN), different from traditional network, is a new network architecture with the separation of application layer, control layer and data layer. In this paper, covert communication in SDN is studied, a multiple-flow timing channel scheme is proposed based on the interaction characteristic between OpenFlow controllers and switches, which utilizes the arriving time of reply packets in link layer discovery protocol to transmit secret messages. Simulation results show that the proposed scheme can achieve well covertness and robustness.


Key words: software-defined networks, covert communication, timing channels, link layer discovery protocol

中图分类号:

TP393

印苏凯1,刘光杰1,刘伟伟1,翟江涛2,戴跃伟1,2. 软件定义网络中的多流时间式隐信道设计[J]. 计算机与现代化, doi: 10.3969/j.issn.1006-2475.2017.04.019.

YIN Su-kai1, LIU Guang-jie1, LIU Wei-wei1, ZHAI Jiang-tao2, DAI Yue-wei1,2. Design of Multiple-flow Timing Channel in Software-defined[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2017.04.019.

参考文献

［1］ Wendzel S, Zander S, Fechner B, et al. Pattern-based survey and categorization of network covert channel techniques［J］. ACM Computing Surveys, 2015,47(3):Article No. 50.
［2］ Maurice C, Neumann C, Heen O, et al. C5: Cross-cores cache covert channel［C］// International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 2015:46-64.
［3］ Wu Zhenyu, Xu Zhang, Wang Haining. Whispers in the hyper-space: High-bandwidth and reliable covert channel attacks inside the cloud［J］. IEEE/ACM Transactions on Networking (TON), 2015,23(2):603-615.
［4］ Wu Jingzheng, Ding Liping, Wu Yanjun, et al. C2Detector: A covert channel detection framework in cloud computing［J］. Security and Communication Networks, 2014,7(3):544-557.
［5］ Wu Zhenyu, Xu Zhang, Wang Haining. Whispers in the hyper-space: High-speed covert channel attacks in the cloud［C］// Proceedings of the 21st USENIX Conference on Security Symposium. 2012:159-173.
［6］ Wu Jing zheng, Wang Yongji, Ding Liping, et al. Improving performance of network covert timing channel through huffman coding［C］// The 2010 FTRA International Symposium on Advances in Cryptography, Security and Applications for Future Computing. 2012:69-79.
［7］ Wu Jingzheng, Ding Liping, Wang Yongji, et al. Identification and evaluation of sharing memory covert timing channel in Xen virtual machines［C］// Proceedings of the 4th IEEE International Conference on Cloud Computing. 2011:283-291.
［8］ Park Younghee, Chang Sang-Yoon, Krishnamurthy L M. Watermarking for detecting freeloader misbehavior in software-defined networks［C］// 2016 International Conference on Computing, Networking and Communications. 2016:1-6.
［9］ Scott-Hayward S, O’Callaghan G, Sezer S. SDN security: A survey［C］// 2013 IEEE SDN For Future Networks and Services. 2013:1-7.
［10］Sezer S, Scott-Hayward S, Chouhan P K, et al. Are we ready for SDN? Implementation challenges for software-defined networks［J］. IEEE Communications Magazine, 2013,51(7):36-43.
［11］Shin Seungwon, Gu Guofei. Attacking software-defined networks: A first feasibility study［C］// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:165-166.
［12］Kreutz D, Ramos F, Verissimo P. Towards secure and dependable software-defined networks［C］// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:55-60.
［13］Kloti R, Kotronis V, Smith P. OpenFlow: A security analysis［C］// Proceedings of the 21st IEEE International Conference on Network Protocols. 2013:1-6.
［14］戴彬,王航远,徐冠,等. SDN安全探讨：机遇与威胁并存［J］. 计算机应用研究, 2014,31(8):2254-2262.
［15］Jose T， Kurian J. Survey on SDN security mechanisms［J］. International Journal of Computer Applications, 2015,132(14):.32-35.
［16］Hussein A, Elhajj I H, Chehab A, et al. SDN security plane: An architecture for resilient security services［C］// IEEE International Conference on Cloud Engineering Workshop. 2016:54-59.
［17］Shah G, Molina A, Blaze M. Keyboards and covert channels［C］// Proceedings of the 15th conference on USENIX Security Symposium. 2006: Article No. 5.

[1]	陈晨, 庄毅, 高增. QoE驱动的SDN网络高可用传输框架[J]. 计算机与现代化, 2023, 0(11): 62-68.
[2]	王重阳, 庄毅. 基于SDN和改进CSA算法的多作业集群的负载均衡算法[J]. 计算机与现代化, 2023, 0(11): 28-35.
[3]	姜厚海, 庄毅, 曹子宁. 一种基于流聚合与拥塞避免的SDN快速故障恢复方案[J]. 计算机与现代化, 2023, 0(10): 77-83.
[4]	姜厚海, 庄毅, 曹子宁. 一种基于改进BDD的SDN可靠性评估算法[J]. 计算机与现代化, 2023, 0(09): 64-69.
[5]	雷依翰, 曹利峰, 韩孟达, 韩雪. 软件定义天地一体化网络安全切换架构与方法[J]. 计算机与现代化, 2023, 0(08): 119-126.
[6]	高枫, 庄毅, 刘骁. 一种基于路径跟踪反馈的SDN网络可信传输方案[J]. 计算机与现代化, 2022, 0(12): 102-110.
[7]	包春晖, 庄毅, 郭黎烨. 面向服务传输的SDN移动网络脆弱性评估模型[J]. 计算机与现代化, 2022, 0(11): 43-51.
[8]	凌致远, 陈晓, 宋磊, . 基于匹配动作表模型的可编程数据平面流表归并[J]. 计算机与现代化, 2022, 0(07): 74-78.
[9]	王文蔚, 肖军弼, 程鹏, 张悦. 基于SDN的DDoS攻击防御系统[J]. 计算机与现代化, 2021, 0(02): 117-121.
[10]	戴松, 孙延涛, 刘强, 贾泽群, . 基于多模电台的SDMANET网络组网方法[J]. 计算机与现代化, 2020, 0(08): 82-88.
[11]	肖军弼, 程鹏, 谭立状, 孟祥泽. 基于SDN的数据中心动态优先级多路径调度算法[J]. 计算机与现代化, 2020, 0(07): 21-26.
[12]	耿岚岚1，孙延涛2，戴松1. 一种面向软件定义移动自组网的拓扑发现方法[J]. 计算机与现代化, 2019, 0(09): 53-.
[13]	詹晗. 基于OpenStack的分布式SDN控制器Dragonflow研究[J]. 计算机与现代化, 2017, 0(7): 91-94.
[14]	庄怀东，杜庆伟. 一种基于SDN的数据中心网络动态流量调度方法[J]. 计算机与现代化, 2016, 251(07): 80-86.
[15]	马超1,2，程力1，孔玲玲3. 云环境下SDN的流量异常检测性能分析[J]. 计算机与现代化, 2015, 0(10): 92-97+102.

软件定义网络中的多流时间式隐信道设计

Design of Multiple-flow Timing Channel in Software-defined

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价