An isakmp-based extended authentication method and system

An extended authentication and responder technology, applied in the transmission system and key distribution, can solve the problem that the routing device is not pre-configured with the trust relationship, the selection range of the authentication mechanism is limited, and the configuration is complicated.

Active Publication Date: 2017-10-03
射阳县射阳港对虾养殖二公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] First, the choice of authentication mechanisms is limited
Since only simple hash algorithm or signature algorithm can be used to generate HMAC to complete the authentication process, the latest authentication methods such as Transport Layer Security (TLS, TransportLayer Security) authentication methods cannot be used for authentication, thus limiting the freedom of routing devices to choose authentication mechanisms , unable to keep up with the development of modern authentication technology
[0006] Second, the configuration is complex
[0007] Third, the three-party authentication technology cannot be used
However, in practical applications, it is often impossible to configure trust relationships between routing devices in advance, especially when the routing devices belong to different network domains.
In this case, because ISAKMP does not define a three-party authentication mechanism, ISAKMP cannot solve the situation that the trust relationship between routing devices is not configured in advance.
[0008] Fourth, it is not conducive to long-term key updates and increased removal of routing equipment
When a routing device needs to update the shared key, all other related routing devices must also update the key. This process is a huge workload and will affect other routing devices.
When it is necessary to add a routing device to the network, all related routing devices must add security materials related to this routing device. This process is also a huge workload and will affect other routing devices.
When a routing device is removed, the security material related to this routing device must be deleted on all other related routing devices. This process is also a heavy workload and will affect other routing devices.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An isakmp-based extended authentication method and system
  • An isakmp-based extended authentication method and system
  • An isakmp-based extended authentication method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0125] The application scenario of this embodiment is: the shared key k has been configured in advance between the initiator and the responder ab , the initiator and the responder can be in any position on the network, and use the IP protocol to communicate. Wherein, the initiator refers to the router sending the routing message, and the responder refers to the router receiving the routing message. In this embodiment, EAP is extended to ISAKMP, and the identity protection exchange based on ISAKMP uses the EAP method for authentication, such as image 3 shown, including the following steps:

[0126] Step 301: When the first routing message needs to be sent, the initiator sends the SA payload to the responder;

[0127] Step 302: the responder sends the SA payload to the initiator;

[0128] So far, the initiator negotiates with the responder to establish an ISAKMP SA.

[0129] Step 303: The initiator sends the KE payload and the NONCE payload to the responder;

[0130] Step ...

Embodiment 2

[0146] The application scenario of this embodiment is: no trust relationship is configured between the initiator and the responder, and the trust relationship k is configured in advance between the initiator and the Diameter server ac , the trust relationship k has been configured in advance between the responder and the Diameter server bc , the initiator and responder use ISAKMP for interaction, and the responder and Diameter server use Diameter-ISAKMP for interaction. Wherein, the initiator refers to the router sending the routing message, and the responder refers to the router receiving the routing message. This embodiment introduces the Diameter server's extended authentication method based on ISAKMP, such as Figure 4 shown, including the following steps:

[0147] Step 401: When the first routing message needs to be sent, the initiator sends the SA payload to the responder;

[0148] Step 402: the responder sends the SA payload to the initiator;

[0149] So far, the in...

Embodiment 3

[0172] The application scenario of this embodiment is: no trust relationship is configured between the initiator and the responder, and the trust relationship k is configured in advance between the initiator and the Diameter server ac , the trust relationship k has been configured in advance between the responder and the Diameter relay server bd , the trust relationship k has been configured in advance between the Diameter relay server and the Diameter server cd . Because the trust relationship between the Diameter relay server and the initiator is not configured in advance. Wherein, the initiator refers to the router sending the routing message, and the responder refers to the router receiving the routing message. This embodiment introduces the ISAKMP-based extended authentication method of the Diameter relay server, such as Figure 5 shown, including the following steps:

[0173] Step 501: When the first routing message needs to be sent, the initiator sends the SA payloa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an extended authentication method based on the Internet Security Alliance and Key Management Protocol (ISAKMP), which includes: when the first routing message needs to be sent, the initiator and the responder negotiate and use the Extended Authentication Protocol (EAP) for authentication; After the EAP authentication process is successful, the initiator and the responder calculate the keyed message authentication code (HMAC) value in the AUTH load according to the master session key (MSK) or shared key generated by the EAP process, and Send the AUTH payload to the other party and complete the authentication in ISAKMP. The invention also discloses an extended authentication system based on ISAKMP. By adopting the method and the system of the invention, the authentication method can be flexibly selected in the ISAKMP, and the development of modern authentication technology can be followed up.

Description

technical field [0001] The invention relates to key management and authentication technology of routing equipment in a communication network, in particular to an extended authentication method and system based on Internet Security Association and Key Management Protocol (ISAKMP, Internet Security Association and Key Management Protocol). Background technique [0002] The Internet (Internet) has become an indispensable infrastructure in modern society and plays a very important role in politics, economy and people's livelihood. Once the Internet is damaged or attacked, it will bring serious harm and influence, so network security has attracted worldwide attention. The core device in the Internet is the routing device. Ensuring the security of the routing device is an important aspect of network security, and in the security mechanism of the routing device (including the running routing protocol), key management and authentication are very important aspects. Here, the Interne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/08
Inventor 梁小萍韦银星
Owner 射阳县射阳港对虾养殖二公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap