Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for implementing IPSEC resistance of replay aggression

An anti-replay and attack packet technology, applied in the field of network communication, can solve problems such as performance degradation and discarded packets, and achieve the effect of checking the accuracy of replay attacks and improving the IPSec anti-replay attack function.

Active Publication Date: 2009-07-01
BEIJING TOPSEC NETWORK SECURITY TECH
View PDF0 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because according to the "misplaced" bitmap to "identify" whether the packet is a replay attack, normal packets may be discarded
[0015] Although the use of synchronization primitives can ensure the consistency of the serial number and make the window "slide" correctly, so as to achieve the purpose of "identifying" the replay attack packet, a processing unit is setting the corresponding bitmap of the "sliding" window, When updating the serial number, the stored serial number is guaranteed to be the largest, which is convenient for outbound (OUTBOUNT) use. The other processing unit can only wait for the completion of the previous processing unit operation before continuing to operate. This kind of waiting, this is a high-performance multi-core platform. will cause severe performance degradation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing IPSEC resistance of replay aggression
  • Method for implementing IPSEC resistance of replay aggression
  • Method for implementing IPSEC resistance of replay aggression

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] Below, refer to the attached Figure 1~5 The method for realizing IPSEC anti-replay attack under the multi-core framework of the present invention is described in detail.

[0037] Regardless of whether it is in a multi-core or single-core architecture, each CPU or processing unit checks for replay attacks, relying on a unique, monotonically increasing sequence number.

[0038]The receiving party that provides IPSec service performs replay check immediately after the received message passes the authenticity check, needs to update the serial number, and completes the confidentiality check (decryption). Set the corresponding bitmap in the "sliding" window. If the sequence number of the current message exceeds the size of the "sliding" window, you need to "slide" the window to the right. During this period, there is a "time" window, and other processing units may receive messages within this "time" window. If the lock mechanism is not used, the serial number can also be up...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for realizing IPSec anti-replay attack, wherein, a plurality of sliding-windows are utilized to distinguish whether a received message is new in a system providing the IPSec service. For a multi-core architecture, the IPSec anti-replay attack function is perfected by utilizing the multi-sliding window technique, thereby avoiding the technical problem that system performance decreases badly caused by single sliding windows and lock mechanism. In the method, the message with specific type is dispatched to an appointed IPSec processing unit through a pretreatment module according to a plaintext serial-number on an IPSec message header, thereby leading the anti-replay attack detection to be more accurate.

Description

technical field [0001] The invention relates to network communication technology, in particular to a method for realizing IPSEC anti-replay attack under a multi-core framework. Background technique [0002] IPSec (IP Security) protocol is an industry standard network security protocol, which provides transparent security services for IP network communication, protects Transmission Control Protocol (Transmission Control Protocol, TCP) / IP communication from eavesdropping and tampering, and can effectively resist network attacks , while maintaining ease of use. IPSec plays a role at the network layer, protecting and authenticating IP packets, and an open framework independent of standard algorithms, providing data confidentiality, data integrity, and source authentication functions. As a security protocol implemented at the network layer, IPSec has many advantages such as ensuring the reliability of data sources, protecting data integrity, ensuring data confidentiality, preven...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/36H04L29/06
Inventor 左世涛
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com