Tongxin xuebao (Jun 2021)

Software-defined network packet forwarding verification scheme based on attribute-based signatures identification

  • Chaowen CHANG,
  • Jianshu JIN,
  • Peisheng HAN,
  • Xianwei ZHU

Journal volume & issue
Vol. 42
pp. 131 – 144

Abstract

Read online

Aiming at the lack of effective forwarding verification mechanism for packet in software defined network (SDN), a data packet forwarding verification scheme based on attributed-based signatures identification was proposed.First, the attribute signature identification was generated according to the user's identity attribute, and the data packet was marked by the attribute signature identification.Then, the P4 forwarding device was used to control accurately and sample the data packet.The controller verified the attribute signature of the sampled data packet.The OpenFlow forwarding device processes the abnormal data packets according to the flow table issued by the controller.Finally, a multi-controllers architecture was constructed to avoid the single point failure of the controller.The results of the experiment indicate that the scheme can achieve accurate control and sampling of data packet, effectively detect the forwarding abnormal behaviors such as packet tampering and forgery, and the network delay is within the range of feasible communication delay.

Keywords