A method for preventing duplicate address detection attacks based on identity authentication

A duplicate address detection and identity authentication technology, applied in the field of IPv6 security in the Internet, can solve problems such as serious consequences, achieve the effects of maintaining security, preventing attacks from duplicate address detection, and improving verification speed

Active Publication Date: 2016-04-06
NANJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Compared with the duplicate address detection attack, the attack on stateless address automatic configuration is easier and the consequences are more serious.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for preventing duplicate address detection attacks based on identity authentication
  • A method for preventing duplicate address detection attacks based on identity authentication
  • A method for preventing duplicate address detection attacks based on identity authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] Here, we constructed a small wireless local area network in the laboratory to build an example of an overall solution to prevent DAD detection attacks. First, transform the devices in the network and add encryption / decryption modules to all network-connected devices. In addition to hardware encryption and decryption, this module can also generate random numbers to verify other devices. Each of these devices is assigned a serial number. Add the laboratory server as the authentication server (maybe set it to C) to the network.

[0041] Secondly, the small wireless LAN intranet devices in the laboratory are initialized, and all devices are registered on the server first, and a mapping table corresponding to the registration information is generated. Assuming that an unregistered device joins the network, it may be numbered B. Then, the same IPv6 address is manually assigned to the registered device and the unregistered device, so that their addresses are repeated.

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for preventing duplicated address detection attack on the basis of identity authentication is a scheme for preventing the duplicated address detection attack in an Internet Protocol version 6 (IPv6) network and is used for solving the problem of service denial attack against duplicated address detection (DAD) in the IPv6 network. The IPv6 network is not extremely high in service denial attack resistance. A system for the method is composed of a verification server, an encryption / decryption module, an update module and a mapping storage module and the like. The identity authentication on a network access device corresponding to DAD is achieved through the modules by simple calculation, operations regulated in an original IPv6 protocol can be performed only when identity authentication is performed, and no response is made to the device corresponding to DAD once the identity authentication fails. Information in the verification server is updated timely after the authentication is finished once. Attack on the DAD in the IPv6 network through illegal network access devices is effectively eliminated.

Description

technical field [0001] The invention proposes a method for preventing denial of service attack in repeated detection of IPv6 (Internet Protocol version 6, Internet Protocol version 6), which belongs to the technical field of IPv6 security in the Internet. technical background [0002] With the rapid development of current computer technology, the Internet has experienced explosive development. In February 2011, the Global Organization for Assigned Names and Numbers announced that the last group of IP addresses based on IPv4 (Internet Protocol version 4, Internet Protocol Version 4) has been released. was allocated, the pool of the first generation of Internet addresses IPv4 was officially declared exhausted. On the one hand, there is a limit on the number of network address resources. On the other hand, with the continuous development of electronic technology and network technology, more and more people and things need to be connected to the global Internet. In such an envi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/12H04L9/32H04L29/06
Inventor 吴敏杨华王汝传黄海平沙超张琳李鹏王海艳
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap