CN110912875B - Network encryption method, system, medium and equipment based on southbound interface - Google Patents
Network encryption method, system, medium and equipment based on southbound interface Download PDFInfo
- Publication number
- CN110912875B CN110912875B CN201911087951.6A CN201911087951A CN110912875B CN 110912875 B CN110912875 B CN 110912875B CN 201911087951 A CN201911087951 A CN 201911087951A CN 110912875 B CN110912875 B CN 110912875B
- Authority
- CN
- China
- Prior art keywords
- encryption
- message
- strategy
- control word
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present application relates to the field of SDN technologies, and in particular, to a network encryption method, system, medium, and device based on a southbound interface. The technical problem that an effective solution for realizing network service encryption aiming at a controller is not available in the prior art is solved. In the application, an SD-WAN controller reports a message according to service quality state information, and inquires an encryption list to obtain an encryption strategy; the SD-WAN controller issues an encryption strategy through a southbound interface; and the SDN switch encrypts and forwards the specified message according to the encryption strategy.
Description
Technical Field
The present application relates to the field of SDN technologies, and in particular, to a network encryption method, system, medium, and device based on a southbound interface.
Background
The SDN technology migrates a control plane of the switching equipment to a centralized controller, replaces the control plane in the switching equipment by a standardized southbound interface, and a network control technology of the controller mainly comprises link discovery, topology management, strategy formulation, table item issuing and the like through a southbound interface protocol. However, the following two problems are not considered:
(1) according to different network operation states and data security levels, the sdn network has no corresponding dynamic encryption mechanism.
(2) When the sdn network needs to be encrypted, the southbound interface of the controller has no relevant issuing mechanism. There is no effective solution in the current market for implementing network traffic encryption for controllers.
Disclosure of Invention
The application provides a network encryption method, a system, a medium and equipment based on a southbound interface, which aim to solve the technical problem that no effective solution for realizing network service encryption aiming at a controller exists in the prior art.
The embodiment of the application is realized by the following steps:
a network encryption method based on a southbound interface is characterized by comprising the following steps: the SD-WAN controller reports a message according to the service quality state information, inquires an encryption list to obtain an encryption strategy and forms an encryption strategy message; the SD-WAN controller transmits an encryption strategy message through a south interface of the SD-WAN controller; and the SDN switch encrypts and forwards the specified message according to the encryption strategy message. The method has the advantages that the encryption strategy can change according to the change of the service quality, and the method has dynamic property. And aiming at different service quality states, the encryption strengths with different strengths can be realized. The method adopts the south interface extension protocol of the controller to realize the issuing of the encryption strategy of the controller, does not modify the existing equipment of a user, does not change the network environment of the user, has operability in technology, and can solve the problems that the south control protocol cannot issue the encryption strategy and the SDWAN has no encryption protection.
Preferably, the SD-WAN controller reports a message according to the service quality status information, and queries an encryption list to obtain an encryption policy specifically including; forming a service quality state information report message according to the Total bandwidth Total-band and the residual bandwidth left-band; inquiring an encryption list according to a Total-band control word and a left-band control word in a report message of the service quality state information to obtain an encryption strategy comprising an Encry _ alga control word, an Encry _ mode control word, a key _ index control word and a flow _ id control word; the reporting message format of the service quality state information is as follows: version + type + length + xid + flags1+ Total-band + left-band; flags1 are flag bits that represent state information sent by the SDN switch to the SDN-WAN controller. The beneficial effects are that: the realization controller can master the service quality state of the network in real time, thereby providing a strategy basis for customizing different encryption strengths for different services.
Preferably, the specific format of the message of the encryption policy is as follows:
version + type + length + xid + flags2+ Encry _ alga + Encry _ mode + key _ index + flow _ id; wherein version represents a version number; the type represents the openflow message type; length represents the message length; xid represents a processing id associated with the message; flags2 indicates the number of the policy, indicating whether the policy adds an encryption policy or deletes an encryption policy; encry _ alga denotes a specific encryption algorithm; key _ index represents a key index value, and flow _ id represents the characteristic information of the message to be encrypted; encry _ mode denotes an encryption mode. The beneficial effects are that: by the aid of the extension message, the problem that openflow does not send the encrypted information to the sdn switch is solved, and safety of the sdn network is improved.
Preferably, the specific process of encrypting the specified packet by the SDN switch according to the encryption policy includes: the SDN switch compares the flow _ id in the encryption strategy message with the characteristics corresponding to the message to be encrypted; if the characteristic comparison result shows that the information is consistent, the SDN switch applies a corresponding encryption key from a password management system according to a key _ index control word in the encryption policy message, and encrypts the message to be encrypted to form an encrypted message; otherwise, the encryption is discarded. The beneficial effects are that: the encryption method and the encryption device can carry out encryption intensity with different strengths on different streams according to the real-time service quality state of the network, and have high flexibility and strong practicability.
Preferably, the encryption method further includes decrypting, by another SDN switch, the encrypted packet according to the encryption policy; the specific process is as follows: the other SDN switch compares the flow _ id in the encryption strategy with the characteristic information corresponding to the encrypted message; and if the comparison result shows that the characteristic information of the encrypted message is the same as the flow _ id in the encryption strategy, the other SDN switch applies a corresponding decryption secret key from the password management system according to the key _ index control word in the encryption strategy message, and decrypts the message to be encrypted. The beneficial effects are that: therefore, the end-to-end encryption and decryption functions of the sdn network are realized, and the network security is further improved.
Preferably, the encryption strategy issues a controller-to-switch type message belonging to an openflow protocol. And reporting the service quality state information of the SDN switch to an asynchronous message belonging to an openflow protocol. The beneficial effects are that: the protocol content is enriched.
A southbound interface based network encryption system comprising: the SD-WAN controller is used for reporting the message according to the service quality state information, inquiring the encryption list to obtain an encryption strategy and forming an encryption strategy message; and sends down the encryption strategy message through its south interface; and the SDN switch is used for encrypting and forwarding the specified message according to the encryption strategy message.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the southbound interface based network encryption method of any one of the above-mentioned 1 to 7.
A southbound interface based network encryption device includes a memory for storing a computer program; a processor for implementing the steps of the southbound interface based network encryption method according to any one of the above 1 to 7 when executing the computer program.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
FIG. 1 is a schematic block diagram provided by an embodiment of the present application;
FIG. 2 is a flow chart provided by an embodiment of the present application;
FIG. 3 is a flowchart illustrating an embodiment of the present disclosure;
fig. 4 is a format diagram of an openflow extended message issued by an encryption policy provided in the embodiment of the present application.
Fig. 5 is a format diagram of an openflow extended packet reported by service quality status information according to an embodiment of the present application.
Detailed Description
The technical solution in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Firstly, the working process:
in the operation process of the SD-WAN network, the SDN switch can actively report the service quality state, and the controller can dynamically generate an encryption strategy according to the service quality state and send the encryption strategy to the SDN switch by using the southbound expansion interface. The SDN switch can encrypt and decrypt the matched message and then forward the message.
The function is realized through the extended openflow protocol. And the encryption strategy issuing and the state reporting are realized by expanding the openflow protocol message field. The encryption strategy issues a controller-to-switch type message belonging to an openflow protocol, and the switch state reports an asynchronous type message belonging to the openflow protocol. The core of forming the encryption strategy and reporting the message is to expand the control words in the openflow protocol by setting the type field as different values except for the fixed control value, namely sequentially expanding a flags1 control word, an Encry _ alga control word, an Encry _ mode control word, a key _ index control word and a flow _ id control word after the fields of the version control word, the type control word, the length control word and the xid control word.
It is prior art to apply a corresponding decryption key from a cryptographic management system.
The first embodiment is as follows: referring to fig. 1 of the drawings,
a network encryption method based on a southbound interface comprises the following steps:
step 1: the SD-WAN controller reports a message according to the service quality state information, inquires an encryption list to obtain an encryption strategy and forms an encryption strategy message;
step 2: the SD-WAN controller transmits an encryption strategy message through a southbound interface;
and step 3: and the SDN switch encrypts and forwards the specified message according to the encryption strategy message.
Example two: as shown in fig. 5, on the basis of the first embodiment, the SD-WAN controller reports a message according to the service quality status information, queries an encryption list (where the encryption list is shown in table 1), obtains an encryption policy, and forms an encryption policy message specifically means:
forming a service quality state information report message according to the Total bandwidth Total-band and the residual bandwidth left-band;
inquiring an encryption list according to a Total-band control word and a left-band control word in a report message of the service quality state information to obtain an encryption strategy comprising an Encry _ alga control word, an Encry _ mode control word, a key _ index control word and a flow _ id control word; the reporting message format of the service quality state information is as follows: version + type + length + xid + flags1+ Total-band + left-band; flags1 are flag bits indicating the state information sent by the SDN switch to the SDN-WAN controller; where the type field indicates that this is status information that the switch sends to the controller, this value may be set to 82 or some other value.
Total-band indicates the Total bandwidth of the field identification interface, the Total-band bandwidth range value: different bandwidth types such as 1000M, 10G, etc. can be represented by bandwidth value 1, bandwidth value 2, … …, and bandwidth value n; the left-band field represents the interface residual bandwidth, and the left-band is the bandwidth value which is 0 to 100% of the Total-band bandwidth value except the bandwidth value of 0; the Total-band bandwidth value and the left-band bandwidth value which meet the above conditions can be combined at will. The key index values are different values, and the SDN switch may apply for different encryption keys or decryption keys from the crypto-management system according to the different key index values.
Different Total-band bandwidth values and left-band bandwidth values correspond to different encryption algorithms, different encryption modes, different key index values and different characteristics of messages to be encrypted, and the encryption algorithm is any one of symmetric encryption algorithms and asymmetric encryption algorithms such as DES, AES, SM4 and the like; the encryption mode is any one of Ecb, Cbc, ctr, cfb, and the like. Wherein the characteristic information of the message to be encrypted is all relevant information representing the characteristics of the message to be encrypted; for example: one or more information combinations in the quintuple information, the triplet information, the quintuple information, the mac address, the triplet information and other information representing one or more information in the message characteristic correlation information to be encrypted of the message information. For example: the characteristic information of the message to be encrypted may be:
1) the source mac address is 11:22: 33: 44:55: 66;
2) the source ip address is 192.168.0.1;
3) the destination ip address is 192.168.0.1;
4) transport layer protocol number 3
5) The source port is 1024;
6) the destination port is 520;
7) vlan tag has a value of 3;
8) the message input interface is a No. 3 interface;
9, the message output interface is a 4 interface;
10) the field value of the message tos is 4;
11) the value of the dscp field of the message is 5;
12) the message is a broadcast message;
table 1 encryption list
For example: the patent marks the state information carried at this time by whether the bits of flags2 are 1. For example, 0x0001 indicates that the status information carried this time is the total bandwidth, and 0x0003 indicates that the status information carried this time is the total bandwidth and the remaining bandwidth.
In a third embodiment, on the basis of the first or second embodiment, as shown in fig. 5, the specific format of the message of the encryption policy is as follows:
version + type + length + xid + flags2+ Encry _ alga + Encry _ mode + key _ index + flow _ id; wherein version represents a version number; the type represents the openflow message type; length represents the message length; xid represents a processing id associated with the message; flags2 indicates the number of the policy, indicating whether the policy adds an encryption policy or deletes an encryption policy; encry _ alga denotes a specific encryption algorithm; key _ index represents a key index, and flow _ id represents the characteristic information of the message to be encrypted; encry _ mode denotes an encryption mode.
For example: the value of the type field is 81, indicating that this is an encryption policy that the controller sends to the switch.
Of course, the message format may be extended continuously on the basis.
Example four: on the basis of one of embodiments 1 to 3, the specific process of encrypting the specified packet by the SDN switch according to the encryption policy means: the SDN switch compares the flow _ id in the encryption strategy message with the characteristics corresponding to the message to be encrypted; if the characteristic comparison result shows that the information is consistent, the SDN switch applies a corresponding encryption key from a password management system according to a key _ index control word in the encryption policy message, and encrypts the message to be encrypted to form an encrypted message; otherwise, the encryption is discarded.
For example, comparing the flow _ id in the encryption policy message with the feature corresponding to the message to be encrypted by the SDN switch means comparing the five-tuple (including the source IP address, the source port, the destination IP address, the destination port, and the transport layer protocol) of the message to be encrypted with the feature information in the flow _ id one by one, and if all the five-tuple correspond to the same feature information, it is considered that the encryption policy is satisfied, and the encryption processing may be performed on the packet.
For another example, the SDN switch comparing the flow _ id in the encryption policy message with the feature information in the flow _ id refers to comparing the source and destination mac addresses of the message to be encrypted with the feature information in the flow _ id one by one, and if all the messages are corresponding to each other, it is determined that the encryption policy is satisfied, and the encryption processing may be performed on the messages.
Example five: on the basis of one to four embodiments, the encryption method further includes decrypting, by another SDN switch, an encrypted packet according to the encryption policy; the specific process is as follows: the other SDN switch compares the flow _ id in the encryption strategy with the characteristic information corresponding to the encrypted message; and if the comparison result shows that the characteristic information of the encrypted message is the same as the flow _ id in the encryption strategy, the other SDN switch applies a corresponding decryption secret key from the password management system according to the key _ index control word in the encryption strategy message, and decrypts the message to be encrypted.
Example six: on the basis of one of the first to fifth embodiments, the encryption policy issues a controller-to-switch type message belonging to an openflow protocol. And reporting the service quality state information of the SDN switch to an asynchronous message belonging to an openflow protocol.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (7)
1. A network encryption method based on a southbound interface is characterized by comprising the following steps:
the SD-WAN controller reports a message according to the service quality state information, inquires an encryption list to obtain an encryption strategy and forms an encryption strategy message;
the SD-WAN controller transmits an encryption strategy message through a southbound interface of the SD-WAN controller;
encrypting and forwarding the specified message by the SDN switch according to the encryption strategy message;
the SD-WAN controller reports a message according to the service quality state information, inquires an encryption list and obtains an encryption strategy specifically;
forming a service quality state information report message according to the Total bandwidth Total-band and the residual bandwidth left-band;
inquiring an encryption list according to a Total-band control word and a left-band control word in a report message of the service quality state information to obtain an encryption strategy comprising an Encry _ alga control word, an Encry _ mode control word, a key _ index control word and a flow _ id control word;
the reporting message format of the service quality state information is as follows:
version + type + length + xid + flags1+ Total-band + left-band; flags1 are flag bits indicating the state information sent by the SDN switch to the SDN-WAN controller; version represents a version number; the type represents the openflow message type; length represents the message length; xid refers to a header field value specified in openflow standard, and means an event id related to a data packet, and the same id needs to be used when a pairing request is replied, and the value is randomly allocated and occupies 4 bytes;
the specific format of the message of the encryption strategy is as follows:
version + type + length + xid + flags2+ Encry _ alga + Encry _ mode + key _ index + flow _ id; flags2 indicates the number of the policy, indicating whether the policy adds an encryption policy or deletes an encryption policy; encry _ alga denotes a specific encryption algorithm; key _ index represents a key index, and flow _ id represents the characteristic information of the message to be encrypted; encry _ mode denotes an encryption mode.
2. The encryption method according to claim 1, wherein the specific process of encrypting the specified packet by the SDN switch according to the encryption policy packet is:
the SDN switch compares the flow _ id in the encryption strategy message with the characteristics corresponding to the message to be encrypted; if the characteristic comparison result shows that the information is consistent, the SDN switch applies a corresponding encryption key from a password management system according to a key _ index control word in the encryption policy message, and encrypts the message to be encrypted to form an encrypted message; otherwise, the encryption is discarded.
3. The encryption method of claim 1 or 2, further comprising decrypting, by another SDN switch, encrypted packets according to the encryption policy; the specific process is as follows: the other SDN switch compares the flow _ id in the encryption strategy with the characteristic information corresponding to the encrypted message; if the comparison result shows that the characteristic information of the encrypted message is the same as the flow _ id in the encryption strategy, the other SDN switch applies a corresponding decryption key from the password management system according to the key _ index control word in the encryption strategy message, and decrypts the message to be encrypted; the negotiation protocol used for the key application can be a custom protocol or a public key negotiation protocol EKE, DH.
4. The encryption method according to claim 3, wherein the encryption policy issues a controller-to-switch type message belonging to openflow protocol; and reporting the service quality state information of the SDN switch to an asynchronous message belonging to an openflow protocol.
5. A network encryption system based on a southbound interface, comprising:
the SD-WAN controller is used for reporting the message according to the service quality state information, inquiring the encryption list to obtain an encryption strategy and forming an encryption strategy message; and the encryption strategy message is issued through a southbound interface of the SD-WAN controller;
the SDN switch is used for encrypting and forwarding the specified message according to the encryption strategy message;
the SD-WAN controller reports a message according to the service quality state information, inquires an encryption list and obtains an encryption strategy specifically;
forming a service quality state information report message according to the Total bandwidth Total-band and the residual bandwidth left-band;
inquiring an encryption list according to a Total-band control word and a left-band control word in a report message of the service quality state information to obtain an encryption strategy comprising an Encry _ alga control word, an Encry _ mode control word, a key _ index control word and a flow _ id control word;
the reporting message format of the service quality state information is as follows:
version + type + length + xid + flags1+ Total-band + left-band; flags1 are flag bits indicating the state information sent by the SDN switch to the SDN-WAN controller; version represents a version number; the type represents the openflow message type; length represents the message length; xid refers to a header field value specified in openflow standard, and means an event id related to a data packet, and the same id needs to be used when a pairing request is replied, and the value is randomly allocated and occupies 4 bytes;
the specific format of the message of the encryption strategy is as follows:
version + type + length + xid + flags2+ Encry _ alga + Encry _ mode + key _ index + flow _ id; flags2 indicates the number of the policy, indicating whether the policy adds an encryption policy or deletes an encryption policy; encry _ alga denotes a specific encryption algorithm; key _ index represents a key index, and flow _ id represents the characteristic information of the message to be encrypted; encry _ mode denotes an encryption mode.
6. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the southbound interface-based network encryption method according to any one of claims 1 to 4.
7. A southbound interface-based network encryption device, comprising: a memory for storing a computer program; a processor for implementing the steps of the southbound interface based network encryption method of any one of claims 1 to 4 when executing said computer program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911087951.6A CN110912875B (en) | 2019-11-08 | 2019-11-08 | Network encryption method, system, medium and equipment based on southbound interface |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911087951.6A CN110912875B (en) | 2019-11-08 | 2019-11-08 | Network encryption method, system, medium and equipment based on southbound interface |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110912875A CN110912875A (en) | 2020-03-24 |
CN110912875B true CN110912875B (en) | 2022-03-22 |
Family
ID=69816898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911087951.6A Active CN110912875B (en) | 2019-11-08 | 2019-11-08 | Network encryption method, system, medium and equipment based on southbound interface |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110912875B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112217681B (en) * | 2020-10-19 | 2022-12-02 | 中国信息通信研究院 | Network service capability benchmark test method and device based on software defined wide area network |
CN113132381B (en) * | 2021-04-19 | 2022-08-02 | 何文刚 | Computer network information safety controller |
CN114338167B (en) * | 2021-12-29 | 2024-04-30 | 无锡沐创集成电路设计有限公司 | Communication encryption system, method, storage medium and electronic device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102100030A (en) * | 2008-05-29 | 2011-06-15 | Lg电子株式会社 | Method of encrypting control signaling |
CN104935593A (en) * | 2015-06-16 | 2015-09-23 | 杭州华三通信技术有限公司 | Data message transmitting method and device |
CN105721317A (en) * | 2016-02-25 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | SDN-based data flow encryption method and system |
CN105933361A (en) * | 2016-07-13 | 2016-09-07 | 何钟柱 | Big data security protection cloud system based on trusted calculation |
CN108337243A (en) * | 2017-11-02 | 2018-07-27 | 北京紫光恒越网络科技有限公司 | Message forwarding method, device and forwarding unit |
CN110365476A (en) * | 2019-07-01 | 2019-10-22 | 北京邮电大学 | The schedule management method of QKD network and its key based on SDN |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9274979B2 (en) * | 2013-11-27 | 2016-03-01 | Nvidia Corporation | System, method, and computer program product for optimizing data encryption and decryption by implementing asymmetric AES-CBC channels |
-
2019
- 2019-11-08 CN CN201911087951.6A patent/CN110912875B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102100030A (en) * | 2008-05-29 | 2011-06-15 | Lg电子株式会社 | Method of encrypting control signaling |
CN104935593A (en) * | 2015-06-16 | 2015-09-23 | 杭州华三通信技术有限公司 | Data message transmitting method and device |
CN105721317A (en) * | 2016-02-25 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | SDN-based data flow encryption method and system |
CN105933361A (en) * | 2016-07-13 | 2016-09-07 | 何钟柱 | Big data security protection cloud system based on trusted calculation |
CN108337243A (en) * | 2017-11-02 | 2018-07-27 | 北京紫光恒越网络科技有限公司 | Message forwarding method, device and forwarding unit |
CN110365476A (en) * | 2019-07-01 | 2019-10-22 | 北京邮电大学 | The schedule management method of QKD network and its key based on SDN |
Also Published As
Publication number | Publication date |
---|---|
CN110912875A (en) | 2020-03-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110912875B (en) | Network encryption method, system, medium and equipment based on southbound interface | |
EP2529516B1 (en) | Packet routing in a network by modifying in-packet bloom filter | |
JP3502200B2 (en) | Cryptographic communication system | |
JP2812312B2 (en) | Encryption system | |
CN111010274B (en) | Safe and low-overhead SRv6 implementation method | |
US7330968B2 (en) | Communication network system having secret concealment function, and communication method | |
US20100290622A1 (en) | Wireless communication system and method for automatic node and key revocation | |
US9369490B2 (en) | Method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and associated node | |
EP3171539B1 (en) | Transparent encryption in a content centric network | |
KR20160018431A (en) | System and method of counter managementand security key update for device-to-device(d2d) group communication | |
JP2005525047A (en) | Secure wireless local area network or wireless metropolitan area network and related methods | |
CN103618596A (en) | Encryption method for inner layer information in VXLAN (Virtual Extensible Local Area Net) tunnel | |
US20160066354A1 (en) | Communication system | |
US8788705B2 (en) | Methods and apparatus for secure routing of data packets | |
JP2016063233A (en) | Communication control device | |
Shi et al. | ARDEN: Anonymous networking in delay tolerant networks | |
Engelmann et al. | A content-delivery protocol, exploiting the privacy benefits of coded caching | |
CN102905199B (en) | A kind of multicast service realizing method and equipment thereof | |
US20180262473A1 (en) | Encrypted data packet | |
Alzahrani et al. | [Retracted] An Identity‐Based Encryption Method for SDN‐Enabled Source Routing Systems | |
CN111917534B (en) | Multicast data transmission method for embedding ciphertext strategies in message | |
Majhi et al. | Lightweight Cryptographic Techniques in 5G Software-Defined Internet of Things Networking | |
JP2018174550A (en) | Communication system | |
Beato et al. | Improving the sphinx mix network | |
Li et al. | An efficient scheme for preserving confidentiality in content-based publish-subscribe systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |