Probing method for secure neighbor discovery operation mode based on certificate request

Abstract

The invention belongs to the technical field of communication, and relates to a certificate request-based secure neighbor discovery operation mode detection method, which comprises the following steps: enabling a detection node to initiate an authorization delegation discovery (ADD) process to request a router certificate chain; waiting for a response message and analyzing the router correspondence, and judging whether the authentication center provides certificate signing and issuing service for a target subnet security neighbor discovery (SEND) mechanism or not; extracting a router certificate chain, aiming at the situation that the authentication center provides signing and issuing service and the situation that the authentication center does not provide certificate signing and issuingservice, proving a target subnet SEND operation mode through a node set contained in the target subnet, and constructing an information table associated with target IPv6 subnet router identity authentication. According to the invention, the difficulty of SEND operation detection due to the fact that the IPv6 router authentication process is independent of the ND mechanism is overcome. According tothe method, the running mode type of the target IPv6 subnet SEND mechanism and the trust model type on which the authentication center depends can be effectively detected, the SEND environment safetyof the IPv6 network is improved, the network communication safety performance is ensured, and the method has a relatively strong application prospect.

Description

technical field [0001] The invention belongs to the technical field of communication, in particular to a method for detecting a safe neighbor discovery operation mode based on a certificate request. Background technique [0002] IPv6 subnet ND (Neighbor Discovery, neighbor discovery) security mechanism SEND (Secure NeighborDiscovery, secure neighbor discovery) enhances the security of IPv6 subnet neighbor discovery, router discovery and redirection process, and more and more IPv6 nodes deploy SEND mechanism. However, the SEND mechanism itself has certain security risks and is subject to some attacks, such as CGA authentication flaws, time-memory trade-off attacks, and router authorization attacks. At present, research on the SEND protocol focuses on protocol analysis and optimization, security improvement, application expansion, address generation speed-up, protocol implementation, and lightweight. Scanning and information collection attacks are security threats that the n...

AI Technical Summary

Problems solved by technology

However, IPv6-related detection technologies are mostly limited to topology discovery, operating system detection, worm propagation model, tunnel discovery, and path maximum transmission unit (PMTU) detection. Research on SEND-related information detection technology has not yet been effectively carried out.

Images