软件定义天地一体化网络接入认证架构与方法
|
摘要
天地一体化网络因结构复杂存在网络异构动态、间歇连通、节点高度暴露等特性。为了保证安全,需要研究专有的接入认证架构与方法。利用软件定义网络控制面与数据面分离的思想将其与天地一体化信息网络相结合提出一种新的接入认证架构,对认证架构与过程进行详细描述,可以实现对网络的安全防护与资源的优化控制;根据架构特点,提出七个影响接入点决策的属性,给出各个属性的计算公式,将层次分析法与逼近理想解的排序方法相结合提出一种接入点决策算法。实验仿真结果表明,接入点决策准确,可以实现资源的合理利用。
Due to the complex structure of space-ground integration network,it has characteristics of heterogeneous,dynamic,intermittent connectivity and high exposure,it is necessary to study the special access authentication architecture and method in order to ensure security. The software defined network( SDN) adopted the idea of separating control surface from data surface,so this paper proposed a new access authentication architecture which combined SDN and space-ground integration network to realize flexibility. It consisted of detailed description of the authentication architecture and process,and it could realize security protection and resources optimization control. Then according to the characteristics of the architecture,this paper put forward 7 attributes of influencing access point decision,and presented the calculating formula of each attribute. In addition,it proposed an access point decision algorithm based on analytic hierarchy process and technique for order preference by similarity to an ideal solution. Simulation experiments show that the algorithm can select the best access point and it can achieve reasonable utilization of resources.
Due to the complex structure of space-ground integration network,it has characteristics of heterogeneous,dynamic,intermittent connectivity and high exposure,it is necessary to study the special access authentication architecture and method in order to ensure security. The software defined network( SDN) adopted the idea of separating control surface from data surface,so this paper proposed a new access authentication architecture which combined SDN and space-ground integration network to realize flexibility. It consisted of detailed description of the authentication architecture and process,and it could realize security protection and resources optimization control. Then according to the characteristics of the architecture,this paper put forward 7 attributes of influencing access point decision,and presented the calculating formula of each attribute. In addition,it proposed an access point decision algorithm based on analytic hierarchy process and technique for order preference by similarity to an ideal solution. Simulation experiments show that the algorithm can select the best access point and it can achieve reasonable utilization of resources.
引文
[1]李凤华,殷丽华,吴巍,等.天地一体化信息网络安全保障技术研究进展及发展趋势[J].通信学报,2016,37(11):156-168.(LiFenghua,Yin Lihua,Wu Wei,et al. Research status and developmenttrends of security assurance for space-ground integration informationnetwork[J]. Journal on Communications,2016,37(11):156-168.)
[2]王春锋.软件定义可重构卫星网络系统研究[J].中国电子科学研究院学报,2015,10(5):455-459.(Wang Chunfeng. Research ofsoftware-defined reconfigurable satellite network system[J]. Journalof China Academy of Electronics and Information Technology,2015,10(5):455-459.)
[3]陈晨,谢珊珊,张潇潇,等.聚合SDN控制的新一代空天地一体化网络架构[J].中国电子科学研究院学报,2015,10(5):450-454.(Chen Chen,Xie Shanshan,Zhang Xiaoxiao,et al. A new space andterrestrial integrated network architecture aggregated SDN[J]. Jour-nal of China Academy of Electronics and Information Technolo-gy,2015,10(5):450-454.)
[4] Iqbal H,Ma J,Stranc K,et al. A software-defined networking architec-ture for aerial network optimization[C]//Proc of IEEE Net Soft Con-ference and Workshops. Piscataway,NJ:IEEE Press,2016:151-155.
[5]李婷,胡建平,徐会忠.天基信息网络的软件定义网络应用探析[J].电讯技术,2016,56(3):259-266.(Li Ting,Hu Jianping,XuHuizhong. Application discussion of software defined network in space-based information network[J]. Telecommunication Engineering,2016,56(3):259-266.)
[6]吴曼青,吴巍,周彬,等.天地一体化信息网络总体架构设想[J].卫星与网络,2016(3):30-36.(Wu Manqing,Wu Wei,Zhou Bin,etal. Overall framework idea for space-ground integration informationnetwork[J]. Satellite&Network,2016(3):30-36.)
[7] Stanford University. Clean slate program[EB/OL].(2017-05-25)[2017-10-09]. https://en. wikipedia. org/wiki/Clean_Slate_Pro-gram.
[8] Mc Keown N. Software-defined networking[C]//Proc of INFOCOMKeynote Talk. 2009:30-32.
[9]王蒙蒙,刘建伟,陈杰,等.软件定义网络:安全模型、机制及研究进展[J].软件学报,2016,27(4):969-992.(Wang Mengmeng,Liu Jianwei,Chen Jie,et al. Software defined networking:securitymodel,threats and mechanism[J]. Journal of Software,2016,27(4):969-992.)
[10]Wang Kun,Wang Yihui,Zeng Deze,et al. An SDN-based architecturefor next-generation wireless networks[J]. IEEE Wireless Communi-cations,2017,24(1):25-31.
[11]Costa-Perez X,Garcia-Saavedra A,Li Xi,et al. 5G-crosshaul:anSDN/NFV integrated fronthaul/backhaul transport network architec-ture[J]. IEEE Wireless Communications,2017,24(1):38-45.
[12]Rahman M M,Despins C,Affes S. Design optimization of wireless ac-cess virtualization based on cost&Qo S trade-off utility maximization[J]. IEEE Trans on Wireless Communications,2016,15(9):6146-6162.
[13]Callegati F,Cerroni W,Contoli C,et al. SDN for dynamic NFV deploy-ment[J]. IEEE Communications Magazine,2016,54(10):89-95.
[14] Adami D,Martini B,Sgambelliri A,et al. An SDN orchestrator forcloud data center:system design and experimental evaluation[J].Transactions on Emerging Telecommunications Technologies,2017,28(11):e3172.
[15]岳超源.决策理论与方法[M].北京:科学出版社,2003.(YueChaoyuan. Decision theory and method[M]. Beijing:Science Press,2003.)
[16]闫冲冲,郝永生.基于层次分析法(AHP)的空中目标威胁度估计[J].计算技术与自动化,2011,30(2):118-121.(Yan Chong-chong,Hao Yongsheng. Threat assessment of aerial target based onAHP[J]. Computing Technology and Automation,2011,30(2):118-121.)
[2]王春锋.软件定义可重构卫星网络系统研究[J].中国电子科学研究院学报,2015,10(5):455-459.(Wang Chunfeng. Research ofsoftware-defined reconfigurable satellite network system[J]. Journalof China Academy of Electronics and Information Technology,2015,10(5):455-459.)
[3]陈晨,谢珊珊,张潇潇,等.聚合SDN控制的新一代空天地一体化网络架构[J].中国电子科学研究院学报,2015,10(5):450-454.(Chen Chen,Xie Shanshan,Zhang Xiaoxiao,et al. A new space andterrestrial integrated network architecture aggregated SDN[J]. Jour-nal of China Academy of Electronics and Information Technolo-gy,2015,10(5):450-454.)
[4] Iqbal H,Ma J,Stranc K,et al. A software-defined networking architec-ture for aerial network optimization[C]//Proc of IEEE Net Soft Con-ference and Workshops. Piscataway,NJ:IEEE Press,2016:151-155.
[5]李婷,胡建平,徐会忠.天基信息网络的软件定义网络应用探析[J].电讯技术,2016,56(3):259-266.(Li Ting,Hu Jianping,XuHuizhong. Application discussion of software defined network in space-based information network[J]. Telecommunication Engineering,2016,56(3):259-266.)
[6]吴曼青,吴巍,周彬,等.天地一体化信息网络总体架构设想[J].卫星与网络,2016(3):30-36.(Wu Manqing,Wu Wei,Zhou Bin,etal. Overall framework idea for space-ground integration informationnetwork[J]. Satellite&Network,2016(3):30-36.)
[7] Stanford University. Clean slate program[EB/OL].(2017-05-25)[2017-10-09]. https://en. wikipedia. org/wiki/Clean_Slate_Pro-gram.
[8] Mc Keown N. Software-defined networking[C]//Proc of INFOCOMKeynote Talk. 2009:30-32.
[9]王蒙蒙,刘建伟,陈杰,等.软件定义网络:安全模型、机制及研究进展[J].软件学报,2016,27(4):969-992.(Wang Mengmeng,Liu Jianwei,Chen Jie,et al. Software defined networking:securitymodel,threats and mechanism[J]. Journal of Software,2016,27(4):969-992.)
[10]Wang Kun,Wang Yihui,Zeng Deze,et al. An SDN-based architecturefor next-generation wireless networks[J]. IEEE Wireless Communi-cations,2017,24(1):25-31.
[11]Costa-Perez X,Garcia-Saavedra A,Li Xi,et al. 5G-crosshaul:anSDN/NFV integrated fronthaul/backhaul transport network architec-ture[J]. IEEE Wireless Communications,2017,24(1):38-45.
[12]Rahman M M,Despins C,Affes S. Design optimization of wireless ac-cess virtualization based on cost&Qo S trade-off utility maximization[J]. IEEE Trans on Wireless Communications,2016,15(9):6146-6162.
[13]Callegati F,Cerroni W,Contoli C,et al. SDN for dynamic NFV deploy-ment[J]. IEEE Communications Magazine,2016,54(10):89-95.
[14] Adami D,Martini B,Sgambelliri A,et al. An SDN orchestrator forcloud data center:system design and experimental evaluation[J].Transactions on Emerging Telecommunications Technologies,2017,28(11):e3172.
[15]岳超源.决策理论与方法[M].北京:科学出版社,2003.(YueChaoyuan. Decision theory and method[M]. Beijing:Science Press,2003.)
[16]闫冲冲,郝永生.基于层次分析法(AHP)的空中目标威胁度估计[J].计算技术与自动化,2011,30(2):118-121.(Yan Chong-chong,Hao Yongsheng. Threat assessment of aerial target based onAHP[J]. Computing Technology and Automation,2011,30(2):118-121.)