Source address validation method and system

A verification method and source address technology, applied in the field of source address verification methods and systems, can solve problems such as discarding of normal communication packets, inability of mobile nodes to communicate legally, and lack of binding information

Inactive Publication Date: 2013-09-25
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, MIPv4 does not have such a mechanism, figure 2 is a schematic diagram of the communication between MN and CN in the MIPv4 environment where SAVI is deployed, such as figure 2 As shown, when the MN sends a message to the CN, the source address of the message is the HoA of the MN, and the destination address is the IP address of the CN. When there is a SAVI device, since the HoA of the MN of the MIPv4 is not in the network prefix of the residence, the SAVI module There is no binding information about HoA, SAVI will verify the source address of the message according to FT, and obviously the normal communication packet of MN will be discarded
It can be seen that in the MIPv4 network environment, if SAVI is deployed, the mobile nodes in the MIPv4 network environment will not be able to communicate legally

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Source address validation method and system
  • Source address validation method and system
  • Source address validation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0205] Embodiment 1: The MN uses the SAVI enhancement scheme under the foreign agent CoA mode

[0206] When performing mobile registration through FA, MN uses HoA or 0 address as the source address (the HoA of MN is returned in the registered Reply), MN sends the registration request to FA, and then FA sends the request to HA. The specific process is as follows:

[0207] 1) MN sends Agent Solicitation, the purpose is to trigger FA's Agent Advertisement; this step is not necessary, MN will not send Agent Solicitation after receiving FA periodic Agent Advertisement;

[0208] 2) The FA sends an Agent Advertisement, indicating that the MN must register through the FA, and the CoA address is included in the announcement;

[0209] 3) The MN sends a Registration Request to the FA according to the notified CoA;

[0210] 4) SAVI extracts MN's HoA / NAI, Identification and other information from the Registration Request, creates a new binding item in the BST table, marks the status as P...

Embodiment 2

[0234] Example 2: Mn uses the SAVI enhancement scheme in Co-located CoA mode

[0235] When the MN performs mobile registration directly with the HA, it is required that the MN must have a Co-located CoA address. The Co-located CoA address may be an address in the network where the MN obtains through other address allocation methods (such as DHCP, etc.). At this time, the MN can directly use the HoA to communicate without the help of the FA. In this mode, the MN can directly use the Co-located CoA address to perform mobile registration with the HA.

[0236] The specific process is as follows:

[0237] 1) The purpose is to trigger the Agent Advertisement of the FA; this step is not necessary, and the MN will not send the Agent Solicitation after receiving the periodic Agent Advertisement of the FA;

[0238] 2) FA sends Agent Advertisement, instructing MN to use Co-located to directly perform mobile registration with HA;

[0239] 3) The MN executes the address allocation proce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a source address validation method and system. The method comprises the steps: a mobile node receives a periodic agent advertisement of a foreign agent, and monitoring a mobile registering process of the mobile node according to indication information of the agent advertisement by a corresponding mobile registering SAVI (Source Address Validation Improvement) device, and establishing binding from a dynamic home address to a credible anchor point for the mobile node in the monitored mobile registering process; and validating a source address for communication data packets of the mobile node by the SAVI device according to a filtering table. According to the invention, the credible anchor point can be bound for the home address of the mobile node, and the mobile node in an MIPv4 (Mobile Internet Protocol Version 4) network environment can be subjected to source address validation by the SAVI device in a real source address validation system.

Description

technical field [0001] The invention relates to the field of network security, in particular to a source address verification method and system. Background technique [0002] At present, the Internet with IP as the network layer protocol has achieved great success, but the traditional IP routing is based on the destination address of the data packet, and lacks the source address check of the data packet, resulting in endless security incidents of source address spoofing. The real source address verification system in the prior art is a three-layer source address verification architecture, including from top to bottom: inter-autonomous domain source address verification, intra-autonomous domain source address verification, and intra-subnet source address verification. [0003] The IETF SAVI working group is committed to solving the source address verification problem in the subnet, and realizes source address verification at host granularity under various address allocation m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04W8/04H04L29/12
Inventor 沈凌楠张瀚文王淼许智君张玉军
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap