Unlock instant, AI-driven research and patent intelligence for your innovation.

Source address verifying device based on cryptographic generated address

A technology for verifying devices and source addresses, applied in the Internet field, can solve problems such as inability to effectively contain forged source address attacks, no fine-grained path filtering scheme for IPv6 source addresses, and network construction restrictions

Active Publication Date: 2012-10-24
TSINGHUA UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there is currently no fine-grained path filtering scheme for IPv6 source addresses
Due to the large number of IPv6 source addresses, prefix-level filtering schemes cannot effectively contain forged source address attacks. Therefore, a host-grained IPv6 source address verification scheme is needed
Although the modification of the switch can achieve the IPv6 source address verification at the host granularity, this type of solution needs to upgrade a large number of layer 2 devices, and has many restrictions on the construction of the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source address verifying device based on cryptographic generated address
  • Source address verifying device based on cryptographic generated address
  • Source address verifying device based on cryptographic generated address

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] Embodiments of the invention are described in detail below, examples of which are illustrated in the accompanying drawings. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

[0015] Such as figure 1 Shown is a schematic diagram of a source address verification device according to an embodiment of the present invention. As an embodiment of the present invention, the source address verification device includes a host module and a gateway module, wherein: the host module is deployed on the host to generate a public-private key pair and generate a CGA (Cryptographically Generated Address) address, Control the acquisition of other source addresses, and control the sending of data packets; the gateway module is deployed on the authentication gateway to complete the use of authorized addresses, distribute key seeds, and verify signatures in packets...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a source address verifying device, comprising a host module and a gateway module, wherein the host module is arranged on a host and used for generating a public and private key pair, generating a cryptographic generated address (CGA) address, controlling to obtain other source addresses and controlling the transmission of a data message; and the gateway module is arranged on a verifying gateway and used for completing authorization address utilization, distributing key seeds and verifying the signature in the message. The source address verifying device in the inventionis independent of a primary network device, has the granularity of the host and supports all source address distribution modes.

Description

technical field [0001] The present invention generally relates to the technical field of the Internet, and more specifically relates to source address verification technology. Background technique [0002] Attacks using forged IP (Internet Protocol, Internet Protocol) source addresses are rampant on the Internet. According to the statistics of the Internet Observation Organization, there are at least 4,000 denial-of-service attacks using forged source addresses every week. This type of attack is easy to initiate but difficult to trace, which is the reason for the proliferation of forged source address attacks. [0003] At present, many technologies have been proposed to control such attacks. They can be divided into the following three categories: [0004] Path filtering (Filtering, filtering), this type of technology mainly uses routing information to filter out some packets with forged source addresses. A typical example is Ingress filtering, which is to check whether t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12H04L9/32H04L9/30H04L12/56
Inventor 毕军吴建平姚广
Owner TSINGHUA UNIV