Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method of srv6-based inter-domain source address verification

A source address and verification code technology, applied in the Internet field, can solve the problems of magnifying the scale of attacks, attacks, and the inability to judge whether the message has been tampered with, and achieve the effect of solving the problem of forgery

Active Publication Date: 2021-05-11
TSINGHUA UNIV +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] When using SAVI partial deployment, there will be the following problems: such as figure 1 As shown, in the existing SRv6-based inter-domain source address verification scheme, AS1, AS3, and AS4 are all deployed with SAVI, that is, the source addresses of the traffic sent by AS1, AS3, and AS4 are all real, but if the When the traffic passes through the untrusted area AS2 where SAVI is not deployed, it may cause two attacks against AS3
Similarly, for AS3, the attacker AS2 can hide himself and amplify the attack scale
In addition, AS3 cannot determine whether the message passing through the untrusted AS2 has been tampered with

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method of srv6-based inter-domain source address verification
  • A method of srv6-based inter-domain source address verification
  • A method of srv6-based inter-domain source address verification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066]In the present invention, the source address verification service node needs to distribute the key for each trusted AS, requiring upgrades to support new Function: source address verification End.va. Request Source Address Verification Service AS boundary router and source address verification service node needs to enable SRV6.

[0067]Take the flow from the AS1 to the AS3, the AS1 adds a SRH expanded head in the boundary router A1, and the SRH expansion head contains the position and service function of the service node that needs to be obtained. (Segment) For the source address verification service, you also need to add a verification code to the source address verification in the optional field of the SRH extension. The source site verification node of the main network checks the verification code to determine if the source address is true and whether the content is tampered.

[0068]Such asimage 3 As shown, the SRH is added to the data packet from the A0 to A3 at A1. A2 is the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a method for SRv6-based inter-domain source address verification, which is characterized in that it comprises the following steps: 1) enabling SRv6 in each trusted AS domain in the network and all source address verification nodes preset in the backbone network , and determine the relevant information of the SRH extension header used for source address verification when communicating between each AS domain and the backbone network; 2) The trusted AS domain adds the SRH extension header to the IPv6 header of the data packet to be protected After that, it is forwarded to the backbone network, and the source address verification node in the backbone network performs source address verification services. The invention uses the SRv6 technology to introduce the message that needs to be verified into the node that can provide the verification service, and can solve the problem of inter-domain source address forgery without changing the existing network structure. Therefore, it can be widely used in the field of Internet technology.

Description

Technical field[0001]The present invention belongs to the field of Internet technology, involving SRV6 and inter-domain source address verification techniques, especially for a method based on SRV6-based domain source address authentication.Background technique[0002]Access Subsource Address Verification (SAVI) Gets the host packet source IP and its allocation of the host packet source IP and its allocation of the IP address acquired by developing a switch monitoring policy standard. Source address verification. However, the defense of the forged source address attack is dependent on SAVI global deployment based on SAVI implementation.[0003]When using SAVI partial deployment, there will be the following questions:figure 1 As shown, existing SRV6-based domain source address verification schemes, autonomous domains AS1, AS3, and AS4 deploy SAVI, the source address of traffic issued by AS1, AS3, and AS4, but if they When the traffic is not deployed in unspecified area AS2, it is possibl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1466H04L2101/659
Inventor 刘莹何林操佳敏贾溢豪
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products