Unlock instant, AI-driven research and patent intelligence for your innovation.

Security alliance management method and security alliance management equipment

A kind of alliance and security technology, applied in the field of routing security in the field of communication network, can solve the problem of Kerberos protocol key update timing cannot well solve replay attacks, not defined Kerberos protocol key update, complex configuration and so on

Active Publication Date: 2013-05-29
ZTE CORP
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to improve the performance of the RSVP-TE protocol using the internal authentication object, it is usually necessary to use a short key with low security strength to generate RSVP-TE protocol authentication data. This method makes the RSVP protocol security association have a certain survival time. , the RSVP-TE protocol needs to update the security association
[0011] (2) The Sequence Number defined by the RSVP-TE protocol will appear repeatedly after a long time
[0014] First, the Kerberos protocol is mainly used in the Generic Security Service (GSS) protocol to solve business security problems, and does not define a specific mechanism for how to use the Kerberos protocol to update keys; second, the Kerberos protocol and Key Table is not compatible; third, the Kerberos protocol depends on the Kerberos server, and the configuration is complex; fourth, the key update timing of the Kerberos protocol cannot solve the problem of replay attacks well

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security alliance management method and security alliance management equipment
  • Security alliance management method and security alliance management equipment
  • Security alliance management method and security alliance management equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0128] figure 1 It shows a schematic flow chart of the SA creation method of the present invention, as figure 1 As shown, the specific steps include:

[0129] Step 101: the first router finds the record r corresponding to the second router from its own Key Table, and generates a Nonce value;

[0130] Specifically, the first router first finds the record r corresponding to the second router from its own Key Table, and randomly generates a 64-bit random number Nonce value.

[0131] It should be noted that the two operations of the first router searching for the record r corresponding to the second router and generating the random number Nonce value can be performed simultaneously, and are not limited to a chronological order.

[0132] Step 102: the first router uses the Nonce value and the record r to generate KeyID and Ks through a pseudo-random function prf;

[0133] Specifically, the first router generates the KeyID field and Ks of the RSVP-TE protocol defined in RFC2747 b...

Embodiment 2

[0143] In this embodiment, when the first router sends the first RSVP-TE protocol message to the second router, both parties only configure shared items in the Key Table, but do not establish SA. In addition, the first message exchanged between the two parties is usually Hello. It should be noted that the Hello message is defined by the RSVP-TE protocol, and the traditional RSVP protocol does not define the Hello message; the Hello message is defined by RFC3209. Therefore, this embodiment takes the Hello message interaction of the RSVP-TE protocol as an example, and introduces how to establish an SA based on a single-party Nonce in a Hello message between the first router and the second router; The method is also suitable for other RSVP-TE protocol messages.

[0144] In this embodiment, the content of the message 112 and the message 114 that the first router interacts with the second router is defined as follows:

[0145]

[0146]

[0147] figure 2 It shows a schemat...

Embodiment 3

[0162] Embodiment 2 takes the Hello message interaction of the RSVP-TE protocol as an example, and introduces how to establish an SA based on a unilateral Nonce in the Hello message between the first router and the second router.

[0163] This embodiment still takes the Hello message interaction of the RSVP-TE protocol as an example, and will introduce how the first router and the second router establish an SA based on the Nonce of both parties in the Hello message. The method for establishing an SA based on the Nonce of both parties provided in this embodiment is also applicable to other RSVP-TE protocol messages.

[0164] In this embodiment, the content of the message 116 and message 118 exchanged between the first router and the second router is basically the same as that of the message 112 and message 114 in the second embodiment; the difference is that the C-Type field of the SMO object in the message 116 The value is 3, and the value of the C-Type field of the SMO object...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security alliance (SA) creating method. The SA creating method includes that a first router finds a record r corresponding to a second router from a Key Table of the first router and generates a random number Nonce value; and the first router utilizes the Nonce value and the record r to generate a key identifier Key ID and a sub key Ks. The invention further discloses SA management equipment. By adopting the SA management device and the SA management equipment, the problem of replay attack in resource reservation protocol-traffic engineering (RSVP-TE) internet protocol security can be effectively solved, the SA management equipment is compatible with the Key Table, automatic updating of a RSVP-TE protocol can be realized, and work arrangements can be more quick, convenient and efficient.

Description

technical field [0001] The present invention relates to routing security technology in the field of communication networks, in particular to a security association (Security Association, SA) management method for a resource reservation protocol (Resource ReServation Protocol-Traffic Engineering, RSVP-TE) based on traffic engineering extension and equipment. Background technique [0002] The Resource Reservation Protocol (Resource ReServation Protocol, RSVP) is originally a signaling protocol defined by the Internet Engineering Task Force (Internet Engineering Task Force, IETF) for the comprehensive service model of the Quality of Service (Quality of Service, QoS). (flow) Reserve resources for the flow on the path to meet the QoS requirements of the flow. [0003] The RSVP protocol is a signaling protocol carried on the Internet Protocol (Internet Protocol, IP), which allows end systems or hosts on any end of the router network to establish reserved bandwidth paths between e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/08H04L12/913H04L47/724
Inventor 韦银星梁小萍高峰万长胜
Owner ZTE CORP