Method, device and system for generating forwarding address and improving route optimization security

A care-of address and security technology, which is applied in the field of generating care-of addresses and improving the security of routing optimization, can solve problems such as increased communication delay, reduced data transmission security, forged BU messages, etc., and achieves the effect of improving security

Inactive Publication Date: 2010-06-02
HUAWEI TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The triangular routing mode will increase the communication delay, and there will be problems such as the overhead of the packet header communicating with the mobile node, which will increase the burden on the home link of the mobile node, and the routing may not be optimized enough.
In the process of realizing the present invention, the inventors have found that at least the following problems exist in the prior art for generating the care-of address: for the method of randomly selecting a piece of data as the interface identifier, the communication node cannot obtain the verification information of the care-of address; The method of generating the interface identifier and the care-of address, when the correspondent node and the mobile node are not in the same subnet, the header of the message sent by the mobile node to the correspondent node does not carry the MAC address of the mobile node, so the correspondent node cannot Verify the care-of address; since the care-of address cannot be verified, the communication between the mobile node and the correspondent node will be very insecure, such as the correspondent node sending data to the wrong care-of address, etc.
[0019] After the end of the return route reachable process, before the MN sends a BU message to bind HoA and CoA, the attacker can illegally obtain the HoT message and CoT message, and use the same method to calculate and generate Kbm, thereby forging the BU message. Cause CN to send data to the wrong address
For example, the attacker eavesdrops on the CoT message sent by CN to MNa, and extracts the hand-off secret generation token, eavesdrops on the HoT message sent by CN to MNb, and extracts the home secret generation token, then calculates Kbm, and converts CoAa Binding with HoTb to send BU message to CN, the BU can be verified and accepted by CN, so the traffic sent by CN to MNb through route optimization is redirected to MNa, resulting in reduced security of data transmission

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for generating forwarding address and improving route optimization security
  • Method, device and system for generating forwarding address and improving route optimization security
  • Method, device and system for generating forwarding address and improving route optimization security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0077] see figure 2 , the embodiment of the present invention provides a method for generating a care-of address, which specifically includes:

[0078] Step 101: taking the HoA of the MN as an input to generate an OID through a one-way function operation.

[0079] Among them, the formula for performing calculations using the one-way function PRF (Pseudo Random Function) is as follows:

[0080] OID = PRF(Expression);

[0081] Wherein Expression can be HoA of MN, also can be the combination of network prefix (SubnetPrefix) and HoA of the external network visited by MN; PRF is a one-way cryptographic function, it can be MD5, SHA-1, SHA256 or AES-XCBC - One-way functions such as PRF. So the above formula can have various forms, for example:

[0082] OID = SHA-1(HoA);

[0083] Or OID=MD5(HoA|Subnet Prefix) and so on.

[0084] Step 102: After generating the OID, the MN processes the OID to obtain an interface ID (Interface ID) with a length of 64 bits.

[0085] If the length...

Embodiment 2

[0100] see image 3 , an embodiment of the present invention provides a device for generating a care-of address, which specifically includes:

[0101] (1) an interface identification generation module, used to generate an interface identification through a one-way function operation with the home address of the mobile node as input;

[0102] (2) A care-of address generating module, used to combine the interface identifier generated by the interface identifier generating module with the prefix of the external network accessed by the mobile node to generate a care-of address.

[0103] The interface identification generation module may specifically include:

[0104] 1) a combination unit, for combining the prefix of the external network visited by the mobile node with the home address of the mobile node;

[0105] 2) The generation unit is used to use the data obtained after the combination unit is combined as an input, and generate an interface identifier through a one-way func...

Embodiment 3

[0117] see Figure 4 , the embodiment of the present invention provides a method for improving the security of route optimization, which specifically includes the following steps:

[0118] Step 201: The MN uses the HoA as an input to generate an interface identifier through a one-way function operation.

[0119] Step 202: The MN combines the interface identifier with the prefix of the external network accessed by the MN to generate a CoA.

[0120] Further, duplicate address detection can also be performed on the generated CoA, that is, it is judged whether the generated CoA is the same as the IP address already used in the network, if they are the same, that is, an address conflict is found, and the interface identification Interface ID is regenerated according to the following steps, And then regenerate a usable CoA:

[0121] Modify the value of the start bit n used for the first time, and increase the increment on the original basis, that is, n=n+increment, where the incre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device generating care-of address, as well as a method and a system improving route optimization safety and pertains to communication field. The care-of addressgeneration method includes: generate interface mark by one-way function with HoA as input; integrate the prefixes of external network accessed by HoA and MN and generate CoA. The method improving route optimization safety includes: utilize the method to generate CoA; MN and CN execute RRP; MN signs BU information with private key and obtains binding authoritative data; MN sends the BU informationwith HoA, CoA and binding authoritative data to CN, which uses MN public key for verification. MN and CN are permitted to communicate by the mode of route optimization if pass the verification. The device includes an interface mark generation module and a care-of address generation module. The system includes MN and CN. CoA generated by the invention limits the attack caused by misusage of travelmechanism and improves the communication safety by the mode of mobile IPv6 route optimization.

Description

technical field [0001] The invention relates to the field of mobile communication, in particular to a method and device for generating a care-of address and a method and system for improving the security of route optimization. Background technique [0002] With the rapid development of computer network technology and mobile communication technology, there is a demand for mobility provided by the network. Mobile IPV6 is a solution to mobility at the network layer. There are three basic network entities in Mobile IPv6: MN (MobileNode, mobile node), CN (CorrespondentNode, correspondent node or correspondent peer) and HA (HomeAgent, home agent). A mobile node can be uniquely identified through a HoA (Home Address, home address). The HoA is a global unicast routable address assigned to the mobile node. The Mobile IPv6 specification requires that when a mobile node moves from one link to another, the ongoing communication using the home address is not interrupted, and the mobilit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
CPCH04W80/04H04W88/14H04W12/10H04W12/106
Inventor 李春强
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products