Method for preventing forgery of source address based on signature authentication inside IPv6 sub network

A signature authentication and source address technology, applied in the Internet field, can solve the problems of high implementation cost, coarse filtering granularity, coarse granularity, etc., and achieve the effects of preventing source address forgery, improving security, and high algorithm efficiency

Active Publication Date: 2007-02-28
TSINGHUA UNIV
View PDF0 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The biggest defect of IPSec end-to-end authentication is that the routing system in the middle of the network cannot verify the authenticity of the data source
[0009] The disadvantages of the method of using Trace back are: firstly, the method of trace back is an after-event measure, and cannot effectively prevent the transmission of fake IP address packets in the network in real time; secondly, the backtracking algorithm as an important part of the me

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing forgery of source address based on signature authentication inside IPv6 sub network
  • Method for preventing forgery of source address based on signature authentication inside IPv6 sub network
  • Method for preventing forgery of source address based on signature authentication inside IPv6 sub network

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0066] In Figure 6, A is the victim, B forges the source address of A and sends a message to the external network, and C monitors and replays the message sent by A. When the source address authenticity authentication mechanism and anti-replay attack mechanism on the security authentication gateway are disabled, all forged and replayed packets can be sent to the external network smoothly. Once the function on the security authentication gateway is enabled, all the forged messages sent by B and the replayed messages sent by C are 100% filtered out by the security authentication gateway (10,000,000 messages are sent for testing). C's replay attack process is relatively simple, just monitor A's message and send it to the security authentication gateway. At this time, because the serial number of the replayed message has not been incremented, the security authentication gateway will recognize the message as a replayed message and discard it. The counterfeiting process of B can be ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for avoiding false source address based on sign identification in IPv6 sub network. Wherein, the invention is characterized in that: the user host sends one report to external network, which carries one sign formed by application information summary function MD5 or SHA1 as conversation key, source address, target address, and report serial number; the safety identification gateway at the inlet of edge route of IPv6 sub network checks the report sign, to confirm its source address is true; at the same time, the gateway judges if its serial number is increased in the life of conversation key to judge if it is replay report. The invention can effectively avoid false source address, while it supports increase setting.

Description

technical field [0001] The method for preventing source address forgery based on authentication in an IPv6 subnet belongs to the technical field of the Internet, and in particular relates to the technology of network security. Background technique [0002] The existing Internet does not fully consider security issues in the design stage, lacks a systematic security architecture, and does not have a complete built-in security mechanism in the underlying protocol of TCP / IP. However, with the expansion of the scale of the Internet and the growth of the number of users, the security problems of the Internet are becoming more and more serious. Among the many security threats, an important root cause is the rampant forgery of IP addresses. A large number of network attacks, such as DDoS attacks, TCP SYN flood attacks, smurf attacks, ICMP redirection attacks, etc., all rely on the forgery of IP addresses. However, the existing message forwarding mechanism is based on the destinat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56H04L9/32H04L45/741
Inventor 毕军吴建平解利忠
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap