软件定义网络可信连接设计与实现

软件定义网络（software defined networking，SDN）将控制层和数据转发层分离，由控制层对数据转发层进行统一管理。目前控制层及数据转发层设备间完整性认证机制尚不完善，若平台完整性损坏的设备接入网络，会给整个SDN网络带来严重的安全问题。为确保双方设备在完整可信的前提下建立连接，进而在源头上保障设备安全、网络可信，提出了一种新的SDN可信连接方案。该方案以可信网络远程设备认证技术为基础，利用可信平台模块作为可信支撑，在SDN数据转发设备与控制器的连接过程中添加完整性认证环节。测试分析表明，该方案有效可行，符合实际应用。

Design and realization of SDN trusted connection

Software-Defined Networking separates the control layer and the data layer. Data forwarding is unified management by the control layer in SDN. However, equipment integrity authentication mechanism is not consummate between the control layer and the data layer. If the falsified equipment tries to connect the network, the whole network will face serious security problems. For ensuring that the connection was established after proving the equipment credible and integrated and that network is available, this paper proposed a project of trusted connection based on SDN. Combing the trusted network remote device authentication technology and using the trusted platform module as trusted support, the project added integrity certification to linking process of data forwarding devices and controllers. According to the?experiment, the project is suitable for actual network environment.