| Summary: | 碩士 === 國立臺灣大學 === 電機工程學研究所 === 105 === With the improvement of the security awareness, more and more operators focus on their security services. In addition, how to fix the link failure and deal with the inadequate bandwidth are still the crucial issues for both content providers and Internet service providers. However, the network bandwidth utilization has profited from Software-Defined Network (SDN). The administrators are easy to manage network flow by customizing flow rules over SDN. Inspired by this, we propose a framework to improve efficiency of Transport Layer Security (TLS) transmission on top of SDN whenever the connection is normal or the link failures occur.
SDN is decoupled into control plane and data plane. A centralized controller performs the control plane functionality, and the switches focus on data plane functions exclusively. The controller orchestrates traffic management to optimize bandwidth utilization under various workloads. Owing to the features of SDN, it is more flexible to deal with link failures and bandwidth utilization.
Our main contribution in this thesis is to propose a UDP-based TLS module on top of SDN. In order to achieve reliability and sequentiality of UDP transmission, we combine switches with customized engines. For users, they are still transmitting data with TLS, but the overhead of TLS traffic is reduced because of the lightweight characteristic of UDP. Our failover and fast retransmission mechanism also decline the recovery time.
We adopt Mininet, Ryu and Scapy to implement our framework at different scenarios. From the experiment results, our proposed framework not only reduces the overhead and time of transmission but also outperforms the classical TLS transmission as well.
|
|---|
