Message processing method and system

A message processing and message technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as IPSec configuration difficulties, data packet misidentification, and data packet discarding, so as to enhance system security and reliability , good processing effect, and the effect of resisting replay attacks

Inactive Publication Date: 2013-05-08
ZTE CORP
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] IS-IS uses manually configured keys, and it is difficult to update keys during packet transmission.
IS-IS uses manual key configuration, and there are many IPSec configuration parameters. If IPSec is used to enhance the security of IS-IS in a large-scale network such as IS-IS, IPSec configuration is difficult and requires a lot of human resources for management. Manually configured IS-IS is not easy to use the anti-replay window in IPSec to prevent replay attacks
[0008] Moreover, since the existing IPSec

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Message processing method and system
  • Message processing method and system
  • Message processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0106] Taking the implementation of resisting replay attacks in an intermediate system to intermediate system (IS-IS) routing environment as an example, this embodiment can realize the function of resisting replay attacks by extending the TLV segment in the IS-IS message. Specifically, you can Add the identification serial number IdentifyNumber (INum) to the TLV, and set the sliding window window head value LowNumber (LNum) and the sliding window window tail value HighNumber (HNum) to resist replay attacks. The movement of the sliding window is based on the window minimum value moving, and the size of the sliding window is not fixed, the embodiment of the present invention can also implement the anti-replay attack function well in the case of packet delay.

[0107] This embodiment includes the following steps:

[0108] 1. When the specified intermediate system in the broadcast network or the sender in the point-to-point network sends a new message, INum increases by 1. After t...

Embodiment 2

[0131] In this embodiment, in the broadcast network, the router uses CSNP to ensure the integrity of the link state database, and resists the replay attack through the method of the present invention. figure 2 It is a schematic flow diagram of the method of Embodiment 2 of the present invention, such as figure 2 As shown, the process includes the following steps:

[0132] Step 201: In the broadcast network, specify the intermediate system to periodically send the full timing protocol data unit (CSNP), and each time a new message is generated, its IdentifyNumber (INum) is increased by 1; if a new system is established, then generate The INum of the first CSNP message is manually configured, the value of the receiving route LNum is smaller than the value of INum, and a minimum window size is preset, the value of HNum is the sum of LNum and the window size value minus 1, and preset A threshold is T.

[0133] Step 202: In the broadcast network, the CSNP message is flooded to e...

Embodiment 3

[0155] In this embodiment, in the point-to-point network (P2P), the router will not periodically send the CSNP message, the CSNP message will only be sent once when the link is activated, and the routers at both ends of the link will send the CSNP message to Describes the summary information of all LSPs in the local link state database. During CSNP transmission, the method of the invention resists replay attacks. image 3 It is a schematic flow chart of the method of Embodiment 3 of the present invention, such as image 3 As shown, the process includes the following steps:

[0156] Step 301: In the P2P network, the link sending end sends a full sequence protocol data unit (CSNP), and each time the link end sends a new message, its IdentifyNumber (INum) increases by 1; if a new system is established, Then the INum of the first CSNP message generated is manually configured; and the value of the receiving route LNum is smaller than the value of INum, and a minimum window size i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a message processing method. The message processing method includes the following steps. A receiving side receives a message from a sending side. The message at least carries an identifying serial number INum. The INum of the message is compared with a window header value LNum and/or a window end value HNum of a sliding window by the receiving side and whether the message is supposed to be abandoned or not is judged. The invention correspondingly discloses a message processing system. With the message processing method and the message processing system, the sliding window slides based on the window header value (minimum value) and the size of the sliding window is not fixed so that replay attack can be effectively resisted, a good effect of processing a delayed message is achieved and safety and reliability of the system are enhanced.

Description

technical field [0001] The invention relates to communication network routing security technology, in particular to a message processing method and system. Background technique [0002] Replay attack, also known as replay attack, is a common network attack method. The attacker first intercepts the data packet sent by one of the communication parties during a certain interaction process, and sends the data packet to the data packet at an appropriate time in the future. The receiving end resends the intercepted data. If the data packet does not contain enough information to enable the receiving end to determine whether the data packet is the first sent data packet or a retransmitted data packet, the attacker can pretend to be One of the two parties in the communication deceives the other to achieve the purpose of the attack. [0003] A replay attack will repeat a valid data transmission maliciously or fraudulently. The replay attack can be carried out by the initiator or the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/70H04L12/823H04L29/06H04L47/32
Inventor 苗忠明梁小萍韦银星
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap