Unlock instant, AI-driven research and patent intelligence for your innovation.

Safety access system and method for guaranteeing source address authenticity by using token mechanism

A technology of secure access and source address, which is applied in the field of network security and can solve problems such as source address forgery

Inactive Publication Date: 2012-08-08
BEIJING JIAOTONG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] The above authentication process has the following flaws: the access router stores the access addresses of terminals that have been successfully authenticated in the local user mapping table, and attackers can use the access addresses in the table to pretend to be their own source addresses for communication. The incoming address already exists in the local user mapping table, so it will be forwarded after direct address mapping without triggering authentication, which will cause the problem of source address forgery

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety access system and method for guaranteeing source address authenticity by using token mechanism
  • Safety access system and method for guaranteeing source address authenticity by using token mechanism
  • Safety access system and method for guaranteeing source address authenticity by using token mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] Embodiment 1: use the identity information hash value to construct a 128-bit access address, use a 128-bit IPv6 address as a routing address, and realize the separation of user identity and location. in:

[0054] (1) The access address structure is:

[0055] The access address is 128 bits, and the attribution prefix is ​​issued by the local network admission server, and the hash value of the identity information is selected by the user. The definition of each field of the access address:

[0056] Home prefix: 24 bits, the home domain prefix of the terminal. According to the geographical location of the management domain, the access address attribution prefix of each domain is allocated to improve the efficiency of access address search. The home prefix is ​​convenient for the terminal to move to a new access network, and the access router notifies the mapping server in the home domain of the terminal in time to update the mapping relationship between the terminal's ...

Embodiment 2

[0060] Embodiment 2: To realize the secure access system of the present invention, it is necessary to deploy an admission server in the access network of the "Address Separation Mapping" network, install the software of the access negotiation module and the data packet verification module on the access router, and Install the access client software on the terminal:

[0061] (1) Admission server: save the table for the terminal when the terminal accesses for the first time; publish its own public key for the terminal to query; assign a token that marks the identity of the terminal; the admission server They can query each other; the admission negotiation control module and the token distribution module are installed in the admission server;

[0062] The admission negotiation control module installed in the admission server is responsible for receiving and processing the terminal's access request. When verifying that the terminal's access address requests access for the first t...

Embodiment 3

[0066] Embodiment 3: realize the secure access method of the invention by defining a specific message format, that is, define the load in the secure access method of the invention into a specific message, and use the secure access of the message in embodiment 2 The interaction in the system specifically implements the secure access method.

[0067] The present invention deploys the admission server in the access network, installs the software of the access negotiation module and the data packet verification module on the access router, installs the access client software on the terminal, and designs security for access Access method to guarantee the authenticity of the source address in the address separation mapping network. Such as image 3 as shown, image 3 Terminal A in access network 1 communicates with terminal C in access network 2, combining figure 2 , the secure access method is as follows:

[0068] Step 1: Terminal A in access network 1 selects a public key-pri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides safety access system and method for guaranteeing the source address authenticity by using a token mechanism. An admission server is arranged in an access network of an address separation mapping network, an access consultation module and a data packet verification module are arranged on an access router, an address client software module is arranged on a terminal, and the safety access method used for accessing is designed so as to achieve the aim of guaranteeing the source address authenticity in the address separation mapping network. According to the method, the terminal safely acquires a unique token which is bound to an access address so that the access address is in one-to-one correspondence with the token; the access router creates a (terminal access address,token) table which is used for verifying the binding relation between the terminal access address and the token; the admission server creates a (a terminal access address, a terminal public key) table, the admission server sends a challenge demand when the terminal requests to be accessed, and which both resist the DoS attack to the admission server to a very great extent.

Description

technical field [0001] The invention relates to a source address authenticity guarantee method in an address separation mapping network, and belongs to the technical field of network security. Background technique [0002] In the current Internet architecture, the double identity problem of IP addresses has always restricted the improvement of network performance, so the idea of ​​separating identity and location has appeared, such as the LISP protocol of Farinacci et al. (see D.Farinacci, V.Fuller, D.Meyer and D. Lewis. Locator / ID Separation Protocol (LISP), draft-farinacci-lisp-12, March 2, 2009). [0003] The address separation mapping mechanism is based on the idea of ​​separation of identity and location. It introduces two types of addresses: access address and routing address. Among them, the access address represents the public identity information of the terminal, and the routing address represents the location information of the terminal. In the address separation ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 张宏科王凯周华春刘颖秦雅娟
Owner BEIJING JIAOTONG UNIV