Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network layer security protection system and method based on IKE protocol

A network-layer security and protocol technology, applied in the field of network security, can solve problems such as hidden dangers, inability to meet security requirements, insecurity, etc., and achieve the effects of improving security, reducing the risk of successful brute force attacks, and strengthening confidentiality.

Active Publication Date: 2021-09-07
上海辉禹科技有限公司
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The IKE protocol has a set of self-protection mechanisms that can safely authenticate identities, distribute keys and establish IPsec SAs on insecure networks; however, there are still some insecure factors
For example: after the attacker intercepts the initial negotiation strategy of the two parties in the protocol, they exchange their own key messages with the initiator and the responder in a disguised identity to complete the key exchange and obtain the shared key, thereby giving the two parties in the protocol bring security risks
In addition, since the IP address can be configured at the application layer, and the current authentication mechanism is often based on the source IP address authentication, there are problems in the IP layer that network data packets are monitored, stolen, intercepted, IP address spoofed, information leaked, and data items are stolen. Attacks such as tampering, the use of a single IP address authentication mechanism will inevitably fail to meet security requirements, resulting in multiple and complex network security threats

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network layer security protection system and method based on IKE protocol
  • Network layer security protection system and method based on IKE protocol
  • Network layer security protection system and method based on IKE protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0081] Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although certain embodiments of the present disclosure are shown in the drawings, it should be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein; A more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for exemplary purposes only, and are not intended to limit the protection scope of the present disclosure.

[0082] In order to solve the security problems existing in IPv4, IETF has designed a set of end-to-end mechanisms for ensuring IP communication security, namely IPsec (IP Security). IPsec provides three functions: authentication, encryption and key management, and supports IPv4 and IPv6. The basis of IPsec operation is the security policy applied to every ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a network layer security protection method based on an IKE protocol, and the method comprises the steps: generating basic parameters for completing security association negotiation for all edge network endpoints administered by an internal gateway of a router, uploading the basic parameters of each edge network endpoint to a first block chain, and completing the real-time updating of the basic parameters through a new block; and completing IKE SA and IPsec SA negotiation between the initiator and the responder by using the basic parameters stored on the chain, and chaining exchange data in the IKE SA negotiation and IPsec SA negotiation processes to the second block chain through the local router. The security protection system constructed by adopting the method has relatively strong confidentiality, PFS characteristic, disguise attack resistance and replay attack resistance.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network layer security protection system and method based on the IKE protocol. Background technique [0002] Network security is one of the important contents of information security. Since the Internet only paid attention to the realization of its connectivity at the beginning of its design, without considering security factors, it has become an open network system, which seriously lacks the ability to verify the real identities of both parties in communication, and lacks data confidentiality and integrity for network transmission. and reliability protection. [0003] The network security protocol technology is an effective way and means to solve the problem of network space security. Virtual private network (VPN) technology adopts special network encryption and communication protocol, can establish a virtual "encrypted channel" on the public network, build a safe "...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/08H04L29/08
CPCH04L63/0428H04L63/061H04L63/1441H04L63/20H04L9/0841H04L67/10
Inventor 王军力肖晋吴小平
Owner 上海辉禹科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com