CN114389835B - IPv6 option explicit source address encryption security verification gateway and verification method - Google Patents
IPv6 option explicit source address encryption security verification gateway and verification method Download PDFInfo
- Publication number
- CN114389835B CN114389835B CN202111453777.XA CN202111453777A CN114389835B CN 114389835 B CN114389835 B CN 114389835B CN 202111453777 A CN202111453777 A CN 202111453777A CN 114389835 B CN114389835 B CN 114389835B
- Authority
- CN
- China
- Prior art keywords
- verification
- data
- module
- source
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
 
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种IPv6选项显式源地址加密安全验证网关,该安全验证网关设备包括:数据概率采集模块,用于对传输数据进行概率采集数据包,并将其发送至加密功能模块;加密功能模块,用于对数据包内的源IPv6地址进行加密、签名,经过签名得到的密文加载到数据包内的逐跳选项头中并且将携带源地址验证信息的数据包发送到目的端;验证功能模块,用于验证接收数据的源地址信息、动态验证表的初始化创建和动态更新。本发明还提供了一种IPv6选项显式源地址加密安全验证网关的验证方法,既可以对传输的数据进行加密,又可以对所传的数据进行验证,实现了加密验证的一体化。
The present invention discloses an IPv6 option explicit source address encryption security verification gateway, the security verification gateway device comprises: a data probability acquisition module, which is used to perform probability acquisition of data packets for transmission data and send them to an encryption function module; an encryption function module, which is used to encrypt and sign the source IPv6 address in the data packet, load the ciphertext obtained by signing into the hop-by-hop option header in the data packet and send the data packet carrying the source address verification information to the destination; a verification function module, which is used to verify the source address information of the received data, the initialization creation and dynamic update of the dynamic verification table. The present invention also provides a verification method for an IPv6 option explicit source address encryption security verification gateway, which can encrypt the transmitted data and verify the transmitted data, thus realizing the integration of encryption and verification.
Description
技术领域Technical Field
本发明属于网络安全技术领域,具体涉及一种IPv6选项显式源地址加密安全验证网关及验证方法。The present invention belongs to the technical field of network security, and in particular relates to an IPv6 option explicit source address encryption security verification gateway and a verification method.
背景技术Background technique
近些年来由于源地址验证领域研究的不断深入,开始逐渐对不同的网络环境、多元的网络应用和多样的网络威胁进行针对性、细致性的研究,弥补传统源地址验证技术的缺陷,以促使网络防御能力更加突出,更能抵御复杂多变网络环境上的各类网络威胁。基于此,针对传统验证技术的存储开销问题,Vijayalakshmi等人提出了一种新颖的增强分组标记算法,该算法可直接部署在受害端,以提供对单个数据包的回溯,由于不需遍历整个计算机网络或利用带外消息来识别攻击源,使该标记算法易于应用且不具有存储开销的问题;Suresh等人解决了DPM验证机制存在的可伸缩性难题,设计出一种基于确定性多分组标记(DMPM)的回溯方案,利用全局标记分发服务器(MOD按需标记)来标记不信任的数据包,有效防御了DDoS攻击;鲁宁等人提出一种基于出口过滤的层次化反匿名联盟构建方法(EAGLE),克服了出口过滤(Egress filtering)和基于对等过滤的域间源地址验证方法(MEF)的可扩展性差、难以适应增量部署等难题;而吴波针对分组转发中源地址与路径验证所面临的开销花费大、转发效率低等问题,提出了基于数据包随机标记的源地址与路径高效验证机制PPV,依据数据流验证的角度设计了PPV验证机制,通过利用数据包随机标识的安全验证,避免了传统方案的逐跳逐包验证,降低了分组转发验证的额外通信和验证时延的开销,提高了分组转发安全验证的效率。In recent years, due to the continuous deepening of research in the field of source address verification, targeted and detailed research has been gradually carried out on different network environments, diverse network applications and various network threats to make up for the defects of traditional source address verification technology, so as to make network defense capabilities more prominent and better able to resist various network threats in complex and changeable network environments. Based on this, in response to the storage overhead problem of traditional verification technology, Vijayalakshmi et al. proposed a novel enhanced packet marking algorithm, which can be directly deployed on the victim end to provide backtracking for a single data packet. Since it does not need to traverse the entire computer network or use out-of-band messages to identify the attack source, the marking algorithm is easy to apply and does not have the problem of storage overhead; Suresh et al. solved the scalability problem of the DPM verification mechanism and designed a backtracking scheme based on deterministic multi-packet marking (DMPM), using a global marking distribution server (MOD on-demand marking) to mark untrusted data packets, effectively defending against DDoS attacks; Lu Ning et al. proposed a hierarchical anti-anonymous alliance construction method (EAGLE) based on egress filtering, which overcomes the egress filtering (Egress In order to solve the problems of high cost and low forwarding efficiency faced by source address and path verification in packet forwarding, Wu Bo proposed an efficient source address and path verification mechanism PPV based on random marking of data packets. He designed the PPV verification mechanism from the perspective of data flow verification. By utilizing the security verification of random marking of data packets, he avoided the hop-by-hop and packet-by-packet verification of traditional solutions, reduced the overhead of additional communication and verification delay of packet forwarding verification, and improved the efficiency of packet forwarding security verification.
据此分析,大多数源地址验证技术多采用加密验证方案的技术原理,但现有基于加密验证方案的技术多采取端验证方式,少数采取端/路径验证的混合模式。由于端验证模式缺少路径传输上的验证导致其网络防御能力呈假阳性低、假阴性高的特点;而采用全路径传输验证的模式会造成计算开销增大、通信开销增高、占用带宽及网络资源消耗增多、部署兼容性降低等问题。Based on this analysis, most source address verification technologies use the technical principles of encryption verification schemes, but existing technologies based on encryption verification schemes mostly adopt end verification, and a few adopt a hybrid mode of end/path verification. Since the end verification mode lacks verification on the path transmission, its network defense capability is characterized by low false positives and high false negatives; and the mode of adopting full path transmission verification will cause problems such as increased computing overhead, increased communication overhead, increased bandwidth and network resource consumption, and reduced deployment compatibility.
发明内容Summary of the invention
针对上述存在的问题,本发明的目的是提供一种IPv6选项显式源地址加密安全验证网关及验证方法。In view of the above-mentioned problems, the purpose of the present invention is to provide an IPv6 option explicit source address encryption security verification gateway and verification method.
本发明采用的技术方案是:The technical solution adopted by the present invention is:
一种IPv6选项显式源地址加密安全验证网关,该安全验证网关设备包括:An IPv6 option explicit source address encryption security verification gateway, the security verification gateway device comprising:
数据概率采集模块,用于对传输数据进行概率采集数据包,并将其发送至加密功能模块;The data probability acquisition module is used to perform probability acquisition of data packets for the transmission data and send them to the encryption function module;
加密功能模块,用于对数据包内的源IPv6地址进行加密、签名,经过签名得到的密文加载到数据包内的逐跳选项头中并且将携带源地址验证信息的数据包发送到目的端;The encryption function module is used to encrypt and sign the source IPv6 address in the data packet, load the signed ciphertext into the hop-by-hop option header in the data packet, and send the data packet carrying the source address verification information to the destination;
验证功能模块,用于验证接收数据的源地址信息、动态验证表的初始化创建和动态更新。The verification function module is used to verify the source address information of the received data, and to initialize the creation and dynamic update of the dynamic verification table.
优选的,所述数据概率采集模块包括Preferably, the data probability acquisition module includes
数据采集模块,用于对数据包进行概率采样,为加密功能模块提供标记信息的数据;The data acquisition module is used to perform probability sampling on the data packets and provide data with marking information for the encryption function module;
关键节点动态识别模块,用于针对传输路径中的各传输节点进行流量状态的监控,并利用复杂网络指标计算并识别关键节点,然后通过加密功能模块进行加密签名,利用验证功能模块进行验证。The key node dynamic identification module is used to monitor the traffic status of each transmission node in the transmission path, calculate and identify key nodes using complex network indicators, and then encrypt and sign them through the encryption function module and verify them using the verification function module.
优选的,所述加密功能模块包括:Preferably, the encryption function module includes:
第一SHA224哈希模块,用于加密源IPv6地址生成28Byte的消息摘要MAC,为下一步数字签名做准备;The first SHA224 hash module is used to encrypt the source IPv6 address to generate a 28-byte message digest MAC in preparation for the next step of digital signature;
ECDSA签名模块,用于将消息摘要MAC经数字签名生成密文C,提供源地址验证信息;The ECDSA signature module is used to generate the ciphertext C by digitally signing the message digest MAC and provide source address verification information;
第一ECC密钥库,使用ECC密钥生成算法生成密钥对(Pk,Sk),将密钥对(Pk,Sk)存于密钥库中,便于ECDSA签名模块提取密钥;The first ECC key library generates a key pair (Pk, Sk) using an ECC key generation algorithm, and stores the key pair (Pk, Sk) in the key library to facilitate the ECDSA signature module to extract the key;
发送模块,用于发送携带源地址验证信息的数据到目的端,完成源地址验证的第一步动作。The sending module is used to send data carrying source address verification information to the destination end, completing the first step of source address verification.
优选的,所述验证功能模块包括:Preferably, the verification function module includes:
接收模块,用于接收携带源地址验证信息的数据包和利用邻居SAG初始化创建本地动态验证表;A receiving module, used to receive a data packet carrying source address verification information and to create a local dynamic verification table using neighbor SAG initialization;
逐跳头校验模块,用于对数据包中逐跳头选项类型字段进行位值判断,选择源地址验证模式;A hop-by-hop header verification module is used to determine the bit value of the hop-by-hop header option type field in the data packet and select the source address verification mode;
读取数据模块,用于对接收的数据包进行读取,获取源IPv6地址和密文C信息;The data reading module is used to read the received data packet and obtain the source IPv6 address and ciphertext C information;
动态验证表:通过将三元组作为规则表项创建一个动态更新的验证表,三元组包括源IPv6、子网前缀以及Pk;Dynamic verification table: Create a dynamically updated verification table by using a triple as a rule table entry. The triple includes the source IPv6, subnet prefix, and Pk.
时钟模块,用于向动态验证表提供时间信号,定期更新动态验证表,默认3h为一个周期;The clock module is used to provide a time signal to the dynamic verification table and update the dynamic verification table regularly. The default cycle is 3 hours.
第二SHA224哈希模块,用于对获取的源IPv6地址进行哈希,计算出一个消息摘要MAC’,以备验证使用,是验证模块的一个输入;The second SHA224 hash module is used to hash the obtained source IPv6 address and calculate a message digest MAC' for verification, which is an input of the verification module;
ECDSA验签模块,对密文C进行验签,恢复出原始消息摘要MAC,以备验证使用,是验证模块的另一个输入;The ECDSA signature verification module verifies the ciphertext C and recovers the original message digest MAC for verification. It is another input of the verification module.
第二ECC密钥库,使用ECC密钥生成算法生成密钥对(Pk,Sk),根据密钥库找出对应的公钥Pk,为ECDSA验签模块提供公钥,并为动态验证表提供相应密钥信息;The second ECC key library uses the ECC key generation algorithm to generate a key pair (Pk, Sk), finds the corresponding public key Pk according to the key library, provides the public key for the ECDSA signature verification module, and provides the corresponding key information for the dynamic verification table;
验证模块,用于验证数据来源的真实性。Verification module, used to verify the authenticity of the data source.
优选的,所述验证模块的验证过程包括:Preferably, the verification process of the verification module includes:
在单数据验证时,通过第二SHA224哈希模块得到MAC’和ECDSA验签模块的MAC进行比对,若相等,则数据来源真实;否则为伪造数据;在流数据验证时,通过接收的数据读取,包括源IPv6、MAC、Pk或子网前缀、Pk与动态验证表中的源IPv6、子网前缀、Pk的元组信息进行匹配,若元组匹配,则数据来源真实;否则为伪造数据。During single data verification, the MAC’ obtained by the second SHA224 hash module is compared with the MAC of the ECDSA signature verification module. If they are equal, the data source is authentic; otherwise, it is forged data. During stream data verification, the received data is read, including the source IPv6, MAC, Pk or subnet prefix, Pk, and the tuple information of the source IPv6, subnet prefix, Pk in the dynamic verification table is matched. If the tuple matches, the data source is authentic; otherwise, it is forged data.
一种IPv6选项显式源地址加密安全验证网关的验证方法,包括以下步骤:A method for verifying an IPv6 option explicit source address encryption security verification gateway comprises the following steps:
步骤1:加密阶段Step 1: Encryption Phase
101:初始化,利用ECC密钥生成算法产生密钥对(Pk,Sk),以备数字签名调用;101: Initialization, using the ECC key generation algorithm to generate a key pair (Pk, Sk) for digital signature calls;
102:用第一SHA224哈希模块对数据包的源IPv6地址进行哈希,计算消息摘要MAC,作为ECDSA签名模块的输入;102: Use the first SHA224 hash module to hash the source IPv6 address of the data packet, calculate the message digest MAC, and use it as the input of the ECDSA signature module;
103:ECDSA签名模块调用第一ECC密钥库的密钥对,使用私钥Sk对消息摘要MAC进行数字签名,得到密文C;103: The ECDSA signature module calls the key pair of the first ECC key library, uses the private key Sk to digitally sign the message digest MAC, and obtains the ciphertext C;
104:将密文C加载到数据包中的逐跳选项头中,得到一个携带源地址验证信息的数据包,再进行发送;104: Load the ciphertext C into the hop-by-hop option header in the data packet to obtain a data packet carrying source address verification information, and then send it;
步骤2:验证阶段Step 2: Verification Phase
201:初始化,动态验证表通过共享相邻SAG的验证表来初始化创建本地动态验证表;201: Initialization: The dynamic verification table is initialized to create a local dynamic verification table by sharing the verification table of the adjacent SAG;
202:通过判断逐跳选项头中选项类型字段的位值,采取适合的源地址验证模式,进行验证操作。202: By determining the bit value of the option type field in the hop-by-hop option header, a suitable source address verification mode is adopted to perform a verification operation.
优选的,在步骤202中其判断及验证过程如下:Preferably, in step 202, the judgment and verification process is as follows:
若判定采用单数据验证时,通过目的端接收的数据获取源IPv6地址和密文C,因加密阶段和验证阶段使用统一的密钥库可提取公钥Pk,用公钥Pk对密文C进行验签得到原消息摘要MAC,并用源IPv6地址进行SHA224哈希得到一个新的消息摘要MAC’,将MAC和MAC’进行比对,若数值相同则数据来源真实,接收或转发,并将该数据作为元组添入动态验证表中;否则为伪造数据,应丢弃数据;If it is determined that single data verification is used, the source IPv6 address and ciphertext C are obtained through the data received by the destination. Since the encryption stage and the verification stage use a unified key library, the public key Pk can be extracted. The ciphertext C is signed with the public key Pk to obtain the original message digest MAC, and the source IPv6 address is hashed with SHA224 to obtain a new message digest MAC'. The MAC and MAC' are compared. If the values are the same, the data source is authentic, received or forwarded, and the data is added to the dynamic verification table as a tuple; otherwise, it is forged data and should be discarded;
若判定采用流数据验证时,通过目的端接收的数据获取源IPv6地址和密文C,并通过密钥库可知对应的公钥Pk,组成相应的元组源IPv6、Pk或子网前缀、Pk,对照动态验证表中的元组信息进行查找匹配,若元组匹配则数据来源真实,接收或转发数据;若元组未找到或不匹配时,进入单数据验证机制进行再验证,若判为真实数据则应接收或转发数据,否则为伪造数据,应丢弃数据,并恢复原验证模式。If it is decided to use stream data verification, the source IPv6 address and ciphertext C are obtained through the data received by the destination, and the corresponding public key Pk can be known through the key library, forming the corresponding tuple source IPv6, Pk or subnet prefix, Pk, and searching and matching against the tuple information in the dynamic verification table. If the tuple matches, the data source is authentic and the data is received or forwarded. If the tuple is not found or does not match, the single data verification mechanism is entered for re-verification. If it is judged to be real data, the data should be received or forwarded, otherwise it is forged data and the data should be discarded and the original verification mode is restored.
本发明的有益效果:Beneficial effects of the present invention:
1.本系统既可以对传输的数据进行加密,又可以对所传的数据进行验证,实现了加密验证的一体化。集成化的安全验证网关具有普遍适用性,可以插入传输设备中,实现源到目的端和路径上的安全传输。既验证了数据包来源真实性,又降低了部署开销,弥补了广泛部署上的缺失、一体化的验证,有效的防御了源地址欺骗伪造类型的网络攻击行为。1. This system can both encrypt and verify the transmitted data, realizing the integration of encryption and verification. The integrated security verification gateway has universal applicability and can be inserted into the transmission equipment to realize the secure transmission from source to destination and on the path. It not only verifies the authenticity of the source of the data packet, but also reduces the deployment overhead, making up for the lack of widespread deployment, integrated verification, and effectively defending against network attacks such as source address spoofing and forgery.
2、本发明设计是一个即插即用的模块,他可以插入到路由器、交换机和PC终端上,因此具有增量部署的特性和更好的适应性。2. The present invention is designed as a plug-and-play module, which can be inserted into routers, switches and PC terminals, so it has the characteristics of incremental deployment and better adaptability.
3、与传统的SAVA设备相比,本发明设计仅对部分数据进行标记,并且在传输路径上的关键节点处进行签名验证,提高了数据的传输效率,减少了计算开销和降低了网络带宽的占有率。3. Compared with the traditional SAVA device, the design of the present invention only marks part of the data and performs signature verification at key nodes on the transmission path, which improves the data transmission efficiency, reduces the computing overhead and reduces the occupancy of the network bandwidth.
4、在防御效能上,与传统的SAVA设备相比,本验证网关可以防御大部分数据欺骗伪造类型的攻击行为,有着较强的防御效能,也可以弥补其他安全设备的防御缺陷。4. In terms of defense effectiveness, compared with traditional SAVA devices, this verification gateway can defend against most data deception and forgery attacks, has strong defense effectiveness, and can also make up for the defense defects of other security devices.
5、在数据传输效率上,与SAVA设备或其他类型的源地址验证技术相比,本验证网关有着更好的数据传输性。因本方案是基于数据包的概率标记签名验证原理,并通过传输路径上的关键节点进行验证,减少了验证开销,进而提高了数据的传输效率。6.避免了引入第三方进行数据验证的安全隐患,即攻破第三方就可破解加密信息进而伪造源端地址获取终端信任,达到攻击渗透的非法目的。5. In terms of data transmission efficiency, compared with SAVA devices or other types of source address verification technologies, this verification gateway has better data transmission performance. Because this solution is based on the principle of probabilistic tag signature verification of data packets, and verifies through key nodes on the transmission path, it reduces verification overhead and improves data transmission efficiency. 6. It avoids the security risks of introducing a third party for data verification, that is, if the third party is breached, the encrypted information can be cracked and the source address can be forged to obtain the trust of the terminal, achieving the illegal purpose of attack penetration.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.
图1所示为SAEAv6验证方案的基本设计框架;Figure 1 shows the basic design framework of the SAEAv6 verification solution;
图2所示为网络传输拓扑的关键节点识别;Figure 2 shows the key node identification of the network transmission topology;
图3所示为逐跳选项数据结构定义;Figure 3 shows the hop-by-hop option data structure definition;
图4所示为SAG插入网络设备内的单数据验证流程(路由器为例);FIG4 shows a single data verification process of inserting a SAG into a network device (taking a router as an example);
图5所示为安全验证网关(SAG)模块化结构;Figure 5 shows the modular structure of the Security Authentication Gateway (SAG);
图6所示为安全验证工作流程;Figure 6 shows the safety verification workflow;
图7所示为实验网络联通结果;Figure 7 shows the experimental network connectivity results;
图8所示为基于SAEAv6方案的安全验证网关部署的防御效能。Figure 8 shows the defense effectiveness of the security authentication gateway deployment based on the SAEAv6 solution.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below. Obviously, the described embodiments are only part of the embodiments of the present invention, rather than all the embodiments.
因此,以下对本发明的实施例的详细描述并非旨在限制要求保护的本发明的范围,而是仅仅表示本发明的选定实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。Therefore, the following detailed description of the embodiments of the present invention is not intended to limit the scope of the invention claimed for protection, but merely represents selected embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.
本发明提供了一种IPv6网络的ECDSA逐跳选项显式源地址加密验证(SourceAddress Encryption Authentication scheme,SAEAv6)方法,并提出了相应的安全验证网关设备。The invention provides an ECDSA hop-by-hop option explicit source address encryption authentication scheme (SAEAv6) method for an IPv6 network, and proposes a corresponding security authentication gateway device.
1.SAEAv6验证方案概述1. Overview of SAEAv6 Verification Scheme
根据基于加密验证的源地址验证方法给出了所要解决的问题描述、敌手模型和SAEAv6验证方法的概述。本发明提出的源验证方案是基于端到端和路径验证实现的,即数据包通过发送端(即数据源端,S),沿路由器中的预期路径L=<S,R1,R2,…,Ri,…,Rn,D>,到达目的端即(数据接收端,D),其中i,n代表路径长度(不含数据发送端),并且S、D、Ri和Rn是网络传输拓扑中的网络实体。在不可靠的通信通道下,由于被攻击或出现故障,中间路由器可能丢弃、修改数据包或改变其转发路径。According to the source address verification method based on encryption verification, a description of the problem to be solved, an adversary model and an overview of the SAEAv6 verification method are given. The source verification scheme proposed in the present invention is implemented based on end-to-end and path verification, that is, the data packet passes through the sending end (i.e., the data source end, S), along the expected path L=<S, R1, R2,…, Ri,…, Rn, D> in the router, and reaches the destination end (data receiving end, D), where i, n represent the path length (excluding the data sending end), and S, D, Ri and Rn are network entities in the network transmission topology. Under an unreliable communication channel, due to attacks or failures, intermediate routers may discard, modify data packets or change their forwarding paths.
1.1问题描述及假设1.1 Problem Description and Assumptions
源地址验证问题:由于互联网网络中各网络传输节点(如路由器、交换机等)在传输数据包时仅以数据包内的目的IP地址进行存储转发,在传输过程中没有检验数据报文内源IP地址和包内有效载荷的真实性而继续转发,由此可能导致攻击者篡改伪造数据包内源IP地址而欺骗目的终端进而实施非法攻击行为,如入侵、盗取或破坏目的终端等。Source address verification problem: Since each network transmission node in the Internet network (such as routers, switches, etc.) only stores and forwards the destination IP address in the data packet when transmitting the data packet, it does not verify the authenticity of the source IP address in the data packet and the payload in the packet and continues to forward it. This may cause attackers to tamper with the source IP address in the forged data packet to deceive the destination terminal and then carry out illegal attacks, such as intrusion, theft or destruction of the destination terminal.
我们假设S和D是终端设备,定义合法传输路径是L=<S,R1,R2,…,Rn,D>,R代表路由器,理想状态下应沿此路径传输数据包.根据边界网关协议(BGP)或路段路由协议(Pathletrouting)等路由交换协议,可以假设源端S可以获知数据包传输的预期遍历路径,并且可以在该路径中的关键节点部署执行路径验证。We assume that S and D are terminal devices, and define the legal transmission path as L = <S, R1, R2, ..., Rn, D>, where R represents the router. Ideally, data packets should be transmitted along this path. According to routing exchange protocols such as the Border Gateway Protocol (BGP) or the Pathlet routing protocol, it can be assumed that the source end S can know the expected traversal path of the data packet transmission, and can deploy execution path verification at key nodes in the path.
1.2敌手模型建立1.2 Adversary Model Establishment
数据包篡改、欺骗:伪造数据包的信息并欺骗目的端D,如源IP地址,报头或有效载荷数据等。Packet tampering and spoofing: forging the information of the packet and deceiving the destination D, such as the source IP address, header or payload data.
数据包注入:恶意路由器伪造数据包并将其发送到目的端D,注意数据包重放攻击是一种攻击包注入的特殊情况。Packet injection: The malicious router forges a packet and sends it to the destination D. Note that a packet replay attack is a special case of attack packet injection.
DDoS和DoS攻击:作为两种攻击的一部分,考虑对终端、路由器等进行内存和计算耗尽的攻击。DDoS and DoS attacks: As part of both attacks, consider memory and computation exhaustion attacks on endpoints, routers, etc.
1.3SAEAv6验证方案1.3 SAEAv6 Verification Scheme
SAEAv6验证方案主要是:首先,在发送端S以概率标记的方式对发送的数据包添加验证信息,而不是将发送端S的所有数据包进行标记,这样减少了网络资源的消耗和降低了验证方案的计算开销;其次,通过引入复杂网络的指标概念(如度、中心性、中介性等)对数据包传输的拓扑路径中的传输节点进行动态识别,辨识出数据包在传输路径上的关键节点,并将关键节点作为数据包源地址真实性校验的检查节点;最后,通过检查节点和目的端D对所传的数据包进行源地址路径验证和端验证,判断数据包来源的真实可靠性,进而降低网络欺骗攻击的威胁行为。The SAEAv6 verification scheme is mainly as follows: first, verification information is added to the sent data packets in a probabilistic marking manner at the sending end S, instead of marking all the data packets at the sending end S, which reduces the consumption of network resources and reduces the computational overhead of the verification scheme; second, by introducing the indicator concepts of complex networks (such as degree, centrality, betweenness, etc.), the transmission nodes in the topological path of the data packet transmission are dynamically identified, the key nodes of the data packet on the transmission path are identified, and the key nodes are used as the inspection nodes for verifying the authenticity of the source address of the data packet; finally, the source address path and end verification of the transmitted data packet are performed by checking the nodes and the destination end D to determine the authenticity of the source of the data packet, thereby reducing the threat of network deception attacks.
因此,根据上面所述,SAEAv6验证方案的设计原理很简洁、易理解,其详细设计思想是启用IPv6报文字段中的逐跳选项(Hop-by-hop Option)为验证信息的传输载体,采用SHA224withECDSA数字签名算法作为安全验证机制,依据数据包身份验证的思想来进行设计。SAEAv6验证方案既可以采用端验证模式,又可以在数据的传输路径上完成验证操作。与基于加密验证的传统源地址验证方案不同的是,本验证方案不在以网络传输全路径模式进行逐跳逐包的源地址验证机制,仅在传输路径中的关键网络节点处进行动态验证,减少了验证开销和网络资源的占有,提高了网络数据的转发效率。它的基本设计框架如图1所示,图中对应的(Pk,Sk)在密钥库中进行查找获取。Therefore, according to the above, the design principle of the SAEAv6 verification scheme is very simple and easy to understand. Its detailed design idea is to enable the Hop-by-hop Option in the IPv6 message field as the transmission carrier of the verification information, use the SHA224withECDSA digital signature algorithm as the security verification mechanism, and design it based on the idea of data packet identity authentication. The SAEAv6 verification scheme can adopt both the end verification mode and the verification operation on the data transmission path. Unlike the traditional source address verification scheme based on encryption verification, this verification scheme does not perform a hop-by-hop and packet-by-packet source address verification mechanism in the full path mode of network transmission, but only performs dynamic verification at key network nodes in the transmission path, which reduces the verification overhead and the occupation of network resources, and improves the forwarding efficiency of network data. Its basic design framework is shown in Figure 1, and the corresponding (Pk, Sk) in the figure is searched and obtained in the key library.
依据SAEAv6验证方案进行模块化设计实现安全验证网关。通过安全验证网关实现数据包地址信息的签名和验证,完成源地址验证的操作,其中SHA224哈希作为源IPv6地址的消息摘要算法,ECDSA作为源地址验证的数字签名机制。According to the SAEAv6 verification scheme, a modular design is implemented to realize the security verification gateway. The signature and verification of the packet address information are realized through the security verification gateway, and the source address verification operation is completed, in which SHA224 hash is used as the message digest algorithm of the source IPv6 address and ECDSA is used as the digital signature mechanism for source address verification.
2.SAEAv6验证方案设计2. SAEAv6 Verification Scheme Design
2.1关键节点的动态识别2.1 Dynamic Identification of Key Nodes
网络数据的传输路径信息可以通过路由协议来获取,如BGP、Pathlet routing等,并根据路由信息来建立网络传输拓扑,如图2假设是一个IPv6的网络传输拓扑,通过路由信息得到确切的传输路径,在传输路径中的各传输节点进行流量状态的监测,并采用复杂网络的计量指标对传输路径中的节点识别网络拓扑的关键节点信息。下面通过图2中的实例进行描述:图中自上而下依次为实体网络拓扑、抽象节点拓扑、关键路径拓扑,通过上层实体网络的传输拓扑可以抽象为节点拓扑图,根据中间层的节点拓扑利用复杂网络指标(如度、权威性、中介性和中心性)计算并识别关键节点,得到最下层的关键节点路径图,数据包可以依据关键节点路径进行传输也可以根据其他路径进行传输,但重点是数据包无论是依据关键路径还是其他传输路径传输时必须在路径中的关键节点(即图2中标记橙色节点)进行数据的源地址验证以判断其数据来源的真实性。The transmission path information of network data can be obtained through routing protocols, such as BGP, Pathlet routing, etc., and the network transmission topology is established based on the routing information. As shown in Figure 2, it is assumed that it is an IPv6 network transmission topology. The exact transmission path is obtained through routing information, and the traffic status is monitored at each transmission node in the transmission path. The key node information of the network topology is identified for the nodes in the transmission path using the measurement indicators of the complex network. The following is a description through the example in Figure 2: From top to bottom in the figure, there are the physical network topology, abstract node topology, and key path topology. The transmission topology of the upper physical network can be abstracted into a node topology graph. According to the node topology of the middle layer, the key nodes are calculated and identified using complex network indicators (such as degree, authority, intermediary and centrality), and the key node path graph of the lowest layer is obtained. The data packet can be transmitted according to the key node path or other paths. However, the key point is that whether the data packet is transmitted according to the key path or other transmission paths, the source address of the data must be verified at the key node in the path (i.e., the orange node marked in Figure 2) to determine the authenticity of its data source.
根据上述描述数据传输有两种可能:一种是数据包根据关键路径进行传输,并在各关键节点处进行校验,因此其数据传输相当于逐跳逐包验证,传输的安全性极高;另一种是数据不依据关键路径传递,而是根据路由信息发生路由偏移进行其他路径的传输,但所在的传输路径必然有多数节点是关键节点,因为关键节点在网络拓扑中占据重要地位,因此无论通过哪种路径都绕不开关键节点,如源端S通过路径<R1,R3,R4,R6,R8,R10>到达目的端D,所以在关键节点处校验数据报的真实性是可行的。According to the above description, there are two possibilities for data transmission: one is that the data packet is transmitted according to the critical path and verified at each critical node, so its data transmission is equivalent to hop-by-hop and packet-by-packet verification, and the transmission security is extremely high; the other is that the data is not transmitted according to the critical path, but is transmitted along other paths according to the routing information. However, most of the nodes on the transmission path must be critical nodes, because critical nodes occupy an important position in the network topology. Therefore, no matter which path is taken, the critical nodes cannot be bypassed. For example, the source end S reaches the destination end D through the path <R1, R3, R4, R6, R8, R10>, so it is feasible to verify the authenticity of the datagram at the critical node.
2.2验证载体设计2.2 Verification of vector design
SAEAv6方案的验证载体选取至关重要,关系到整个源地址验证方案的可行性、适用性和兼容性。通过研究各类源地址验证技术发现,使用逐跳选项头比新设计协议或新数据选项头在网络协议运行时有更好的兼容性和通用性。因此,根据加密验证的原理,决定启用IPv6报文中的逐跳选项头。之所以选用逐跳选项头原因有三:(1)逐跳选项头不会在数据包传输过程中随意插入或删除,且能沿数据包传输路径的任意节点处检查或处理逐跳选项头;(2)由于数据包在传输查验阶段是从IPv6报头、逐跳选项头、目标选项头、路由头等依次进行检查,因此具有快速校验的特性;(3)由于数据包在网络传输的每一跳路由中查验逐跳选项头,为定位伪造数据包的攻击源位置带来了可能。因为若传输一个数据包在经过若干个传输节点时,查验出数据包是欺骗的,则必然是传输节点的上一跳路由对数据包进行了伪造,所以为攻击端溯源带来了可能。综上所述,选用逐跳选项头既能发挥其优势特性又能使其在网络协议上具有更好的兼容性,不会对其他类型网络协议产生不必要的冲突。所以也使本验证方案比其他验证协议具有更广阔的适用性、通用性和兼容性。The selection of the verification carrier of the SAEAv6 scheme is crucial, and it is related to the feasibility, applicability and compatibility of the entire source address verification scheme. Through the study of various source address verification technologies, it is found that the use of hop-by-hop option headers has better compatibility and universality than the newly designed protocol or the new data option header when the network protocol is running. Therefore, according to the principle of encryption verification, it is decided to enable the hop-by-hop option header in the IPv6 message. There are three reasons for selecting the hop-by-hop option header: (1) The hop-by-hop option header will not be inserted or deleted at will during the data packet transmission process, and the hop-by-hop option header can be checked or processed at any node along the data packet transmission path; (2) Since the data packet is checked from the IPv6 header, hop-by-hop option header, target option header, routing header, etc. in sequence during the transmission inspection stage, it has the characteristic of fast verification; (3) Since the hop-by-hop option header is checked in each hop route of the data packet transmission in the network, it is possible to locate the attack source of the forged data packet. Because if a data packet is transmitted and it is found to be spoofed when passing through several transmission nodes, it must be that the previous hop route of the transmission node forged the data packet, so it is possible to trace the source of the attack end. In summary, the use of the hop-by-hop option header can not only give full play to its advantages but also make it more compatible with network protocols and will not cause unnecessary conflicts with other types of network protocols. Therefore, this authentication scheme has wider applicability, versatility and compatibility than other authentication protocols.
逐跳选项头由下一首部、首部扩展长度、选项类型、选项数据长度和选项数据五部分字段组成,可以根据用户需求定义选项类型和选项数据两个字段的功能。为了更好的配合SAEAv6验证方案,根据IPv6地址协议标准,逐跳选项头中的下一首部、首部扩展长度的字段功能为IPv6协议标准定义,选项类型字段、选项数据长度和选项数据的字段功能为本验证方案自行定义。其中定义逐跳选项头的总长度为32Byte,逐跳选项头字段长度为4Byte,剩余字段功能定义如下所述。图3显示逐跳选项头的字段结构。The hop-by-hop option header consists of five fields: next header, header extension length, option type, option data length, and option data. The functions of the option type and option data fields can be defined according to user needs. In order to better cooperate with the SAEAv6 verification scheme, according to the IPv6 address protocol standard, the field functions of the next header and header extension length in the hop-by-hop option header are defined by the IPv6 protocol standard, and the field functions of the option type field, option data length, and option data are defined by this verification scheme. The total length of the hop-by-hop option header is defined as 32 bytes, the length of the hop-by-hop option header field is 4 bytes, and the functions of the remaining fields are defined as follows. Figure 3 shows the field structure of the hop-by-hop option header.
(1)下一首部(1Byte),IPv6报文的选项扩展首部均含此字段,用来标识下一首部类型,如0-逐跳选项头、43-路由头、44-片段头、60-目的选项头等。(1) Next Header (1 Byte). The options extension header of IPv6 packets contains this field, which is used to identify the type of the next header, such as 0-hop-by-hop options header, 43-routing header, 44-fragment header, 60-destination options header, etc.
(2)首部扩展长度(1Byte),标识包含选项类型、选项数据长度和选项数据的字段长度,不含下一首部字段。8Byte为单位长度且必须为8Byte的整数倍。该字段值默认为0。(2) Header extension length (1 Byte), which identifies the length of the fields including option type, option data length, and option data, excluding the next header field. The unit length is 8 Byte and must be an integer multiple of 8 Byte. The default value of this field is 0.
(3)选项类型字段(1Byte),主要进行验证判断,选项类型各位值的具体定义如下所述:(3) Option type field (1 Byte), mainly used for verification and judgment. The specific definitions of each bit value of the option type are as follows:
①第一、二、三位由RFC8200标准定义,不做详述。其中第一、二位用来不能识别选项类型时定义的动作,默认为00;第三位用来标识数据包在传输过程中数据包是否可以更改,默认为0。① The first, second and third bits are defined by the RFC8200 standard and will not be described in detail. The first and second bits are used to define the action when the option type cannot be identified, and the default value is 00; the third bit is used to identify whether the data packet can be modified during transmission, and the default value is 0.
②第四位单独使用,用来判断数据包所在节点是否为关键节点。其中:0—普通节点;1—关键节点。②The fourth bit is used alone to determine whether the node where the data packet is located is a key node, where: 0—ordinary node; 1—key node.
③第五位单独使用,用来建立、更新安全验证网关内的动态验证表。其中:③The fifth bit is used alone to establish and update the dynamic verification table in the security verification gateway.
0-定期更新验证表,添加新规则表项,删除无效规则表项,更新自身验证表;0-Update the verification table regularly, add new rule table items, delete invalid rule table items, and update the verification table itself;
1-初始化创建验证表。通过邻居安全验证网关初始化创建验证表,若邻居安全验证网关无验证表则根据单数据验证机制创建动态验证表。注:设备开启或重新接入时应用此位,一般情况下不用,常默认为0。1- Initialize and create a verification table. Initialize and create a verification table through the neighbor security verification gateway. If the neighbor security verification gateway does not have a verification table, a dynamic verification table is created according to the single data verification mechanism. Note: This bit is applied when the device is turned on or reconnected. It is generally not used and is usually defaulted to 0.
④第六、七位组合使用,用以判断使用哪种的源地址验证模式:④The sixth and seventh digits are used in combination to determine which source address verification mode to use:
00-默认验证为单数据验证(细粒度),对数据进行逐一验证并将验证成功的数据作为元组添入动态验证表中;00-The default verification is single data verification (fine-grained), which verifies the data one by one and adds the successfully verified data as a tuple into the dynamic verification table;
01-流数据验证(粗粒度),查询动态验证表,提供(源IPv6,MAC,Pk)或(子网前缀,Pk)任意元组验证方式。若元组匹配则验证成功,接收或转发数据;否则进入单数据验证机制,完成验证且验证成功的数据作为元组添入动态验证表后,恢复此验证模式;01-Flow data verification (coarse-grained), query the dynamic verification table, and provide any tuple verification method (source IPv6, MAC, Pk) or (subnet prefix, Pk). If the tuple matches, the verification is successful and the data is received or forwarded; otherwise, the single data verification mechanism is entered, and after the verification is completed and the successfully verified data is added to the dynamic verification table as a tuple, this verification mode is restored;
10-仅以验证表中<源IPv6,MAC,Pk>查询验证,若元组匹配则直接通过验证,若无则进入单数据验证,验证成功的数据作为元组添入验证表中,再恢复原验证模式。通常适用于单数据或小规模流数据;10- Only query and verify with <source IPv6, MAC, Pk> in the verification table. If the tuple matches, the verification is passed directly. If not, it enters single data verification. The successfully verified data is added to the verification table as a tuple, and then the original verification mode is restored. Usually suitable for single data or small-scale flow data;
11—仅以验证表中<子网前缀,Pk>查询验证,若元组匹配则通过验证,接收或转发数据;否则进入单数据验证,将验证成功的数据作为元组添入验证表中,再恢复原验证模式。常适用于大规模流数据,提供概率性验证机制。11—Only query and verify with <subnet prefix, Pk> in the verification table. If the tuple matches, the verification is passed and the data is received or forwarded; otherwise, it enters single data verification, adds the successfully verified data as a tuple to the verification table, and then restores the original verification mode. It is often applicable to large-scale streaming data and provides a probabilistic verification mechanism.
⑤第八位,保留使用,留做他用。⑤The eighth position is reserved for other purposes.
(4)选项长度(1Byte),标识选项数据的长度,定义28字节,字段值为28(00011100)。(4) Option length (1 Byte), identifies the length of the option data, is defined as 28 bytes, and the field value is 28 (00011100).
(5)选项数据是用来承载SAEAv6验证方案的源地址信息,即有效载荷。为目的端提供验证信息,其中包含密文(28Byte)。(5) The option data is used to carry the source address information of the SAEAv6 authentication scheme, i.e., the payload. It provides authentication information to the destination, including ciphertext (28 bytes).
3.安全验证机制3. Security verification mechanism
互联网网络数据安全性验证一般采用哈希算法、对称加密算法和非对称加密算法作为安全验证的加密机制。哈希函数包含MD5、SHA、CRC等,一般常用MD5和SHA系列函数作为网络信息安全领域中的消息摘要算法,可以将任意长度的数值或字符串进行哈希生成固定长度的消息摘要,具有高散列性和单向性的特点。但MD5和SHA-1已被密码学家发现弱点并被攻破,使其不再具有强碰撞性优势,安全强度大打折扣。因此世界网络安全领域中常使用SHA-2作为数据加密和身份认证中的消息摘要算法。广泛应用于数据加密和身份认证中,如SSL、PGP、IPsec等安全协议中。其中SHA-256和SHA-512是比较常用的杂凑函数,其函数结构相同但定义单位元不同且使用不同的偏移量和执行不同的循环次数,成为现今安全性高的哈希函数;并且SHA-224和SHA-384分别是上述两种函数的截短版分别继承了其强安全性等优势。所以,由于SHA-224具有SHA-256的一般安全性且生成的摘要长度适中,选用SHA-224作为本源地址验证方案的辅助摘要算法尤为合适。Internet network data security verification generally uses hash algorithms, symmetric encryption algorithms and asymmetric encryption algorithms as encryption mechanisms for security verification. Hash functions include MD5, SHA, CRC, etc. MD5 and SHA series functions are generally used as message digest algorithms in the field of network information security. They can generate fixed-length message digests by hashing values or strings of any length, and have the characteristics of high hashing and one-way. However, MD5 and SHA-1 have been found to have weaknesses and have been broken by cryptographers, so that they no longer have the advantage of strong collision, and their security strength is greatly reduced. Therefore, SHA-2 is often used as a message digest algorithm in data encryption and identity authentication in the world's network security field. It is widely used in data encryption and identity authentication, such as SSL, PGP, IPsec and other security protocols. Among them, SHA-256 and SHA-512 are more commonly used hash functions. Their function structures are the same, but the definition units are different, and different offsets are used and different numbers of cycles are executed, making them the most secure hash functions today; and SHA-224 and SHA-384 are truncated versions of the above two functions, respectively inheriting their advantages such as strong security. Therefore, since SHA-224 has the general security of SHA-256 and the generated digest length is moderate, it is particularly appropriate to use SHA-224 as the auxiliary digest algorithm of this source address verification scheme.
对称和非对称加密算法作为传统源地址验证技术使用加密机制,如DES、AES、RC4、RSA、DSA、ECC等。传统安全验证方案选用对称加密算法时具有缺陷,如每对收发方每次使用对称加密算法时,均使用唯一的密钥,这导致收发双方拥有的密钥数量将呈几何级数增长,密钥管理困难,成本高昂。而与公钥加密算法相比,对称加密算法仅能提供加密和认证却缺乏了签名功能,使其应用范围减小。又由于公钥加密算法对数据的数字签名完整性容易验证,而且数字签名具有不可抵赖性。这一特性对于网络数据源地址验证具有一定优势,且安全性比对称加密算法高。因此选择公钥加密算法作为本研究的主体加密机制,又根据表1各类公钥加密算法的优劣对比,决定选用ECC椭圆曲线加密算法。Symmetric and asymmetric encryption algorithms are encryption mechanisms used as traditional source address verification technologies, such as DES, AES, RC4, RSA, DSA, ECC, etc. Traditional security verification schemes have defects when using symmetric encryption algorithms. For example, each pair of senders and receivers use a unique key each time they use a symmetric encryption algorithm, which causes the number of keys owned by both senders and receivers to grow exponentially, making key management difficult and costly. Compared with public key encryption algorithms, symmetric encryption algorithms can only provide encryption and authentication but lack signature functions, which reduces their application scope. In addition, public key encryption algorithms are easy to verify the integrity of digital signatures of data, and digital signatures are non-repudiation. This feature has certain advantages for network data source address verification, and its security is higher than that of symmetric encryption algorithms. Therefore, public key encryption algorithms are selected as the main encryption mechanism of this study, and according to the comparison of the advantages and disadvantages of various public key encryption algorithms in Table 1, it is decided to use ECC elliptic curve encryption algorithms.
表1公钥加密算法优势对比Table 1 Comparison of advantages of public key encryption algorithms
由于ECDSA是一种基于ECC椭圆加密算法的非对称私钥加密的数字签名机制,其安全性建立在求解椭圆曲线离散对数解的困难性上,因此研究ECDSA应从ECC椭圆加密算法入手,它具有两种应用模式:(1)用于加密算法时,公钥加密私钥解密;(2)用于签名算法时,私钥签名公钥验证,因此ECDSA是基于ECC签名算法实现的。ECC加密体制与使用最普遍的RSA公钥密码体制相比,RSA密钥密文长、运行慢、效率低、1024位以下的密文安全强度低;而ECC的密钥密文短,运行快、效率高、占用内存少、能使用更小的密钥提供更高的安全强度。鉴于上述ECDSA的优势,决定采用BRAINPOOLP224r1曲线来执行ECDSA签名机制,可提供224位的密钥安全强度匹配于RSA的2048位的密钥安全强度。Since ECDSA is a digital signature mechanism based on asymmetric private key encryption of the ECC elliptic encryption algorithm, its security is based on the difficulty of solving the discrete logarithm solution of the elliptic curve. Therefore, the study of ECDSA should start with the ECC elliptic encryption algorithm, which has two application modes: (1) when used in the encryption algorithm, the public key encrypts and the private key decrypts; (2) when used in the signature algorithm, the private key signs and the public key verifies. Therefore, ECDSA is implemented based on the ECC signature algorithm. Compared with the most commonly used RSA public key cryptography system, the ECC encryption system has a long key ciphertext, slow operation, low efficiency, and low security strength of ciphertexts below 1024 bits; while the ECC key ciphertext is short, fast operation, high efficiency, less memory usage, and can use smaller keys to provide higher security strength. In view of the above advantages of ECDSA, it is decided to use the BRAINPOOLP224r1 curve to implement the ECDSA signature mechanism, which can provide a 224-bit key security strength that matches the 2048-bit key security strength of RSA.
据此所述,SAEAv6验证方案选用高安全性的SHA224withECDSA数字签名算法。为了使该签名机制更适应本方案,采用了SHA-224辅助哈希和基于BRAINPOOLP224r1曲线的ECDSA签名机制配合使用可生成28byte长度的签名密文,避免了因密文过大而填入报文首部中导致MTU通信问题的产生,有利于数据完整性的校验。使之既支撑了SAEAv6验证方案的可行性,又保障了其安全性。According to the above, the SAEAv6 verification scheme uses the highly secure SHA224withECDSA digital signature algorithm. In order to make the signature mechanism more suitable for this scheme, the SHA-224 auxiliary hash and the ECDSA signature mechanism based on the BRAINPOOLP224r1 curve are used together to generate a 28-byte signature ciphertext, which avoids the MTU communication problem caused by the ciphertext being too large and filled into the message header, and is conducive to the verification of data integrity. This not only supports the feasibility of the SAEAv6 verification scheme, but also ensures its security.
基于上述研究,本发明提出了一种IPv6选项显式源地址加密安全验证网关,该安全验证网关设备作为安全验证网关是基于SAEAv6验证方案设计的逻辑功能模块,它首先辨识本地网络部署的节点情况,再通过判断逐跳选项头中选项类型字段的位值,决定采取相应的源地址验证模式之后,应用SHA224withECDSA数字签名进行签名验证,以完成数据包的源地址验证操作。SAG可以插入网络传输设备中,作为其内的一个源地址验证功能模块来鉴别数据源地址的真实性,具有可集成、易操作、强兼容、成本低等优势,能广泛部署于各种网络环境中,具有很好的普适性、实用性。图4显示SAG插入网络关键节点处的路由器进行源地址验证的实例。Based on the above research, the present invention proposes an IPv6 option explicit source address encryption security verification gateway. The security verification gateway device is a logical function module designed based on the SAEAv6 verification scheme as a security verification gateway. It first identifies the node status of the local network deployment, and then determines the corresponding source address verification mode by judging the bit value of the option type field in the hop-by-hop option header. Then, the SHA224withECDSA digital signature is used for signature verification to complete the source address verification operation of the data packet. SAG can be inserted into the network transmission equipment as a source address verification function module therein to identify the authenticity of the data source address. It has the advantages of being integrable, easy to operate, highly compatible, and low cost. It can be widely deployed in various network environments and has good universality and practicality. Figure 4 shows an example of SAG being inserted into a router at a key node of the network for source address verification.
该安全验证网关设备包括:The security verification gateway device includes:
数据概率采集模块,用于对传输数据进行概率采集数据包,并将其发送至加密功能模块;The data probability acquisition module is used to perform probability acquisition of data packets for the transmission data and send them to the encryption function module;
加密功能模块,用于对数据包内的源IPv6地址(指数据包头部中的源IPv6地址(即源地址))进行加密、签名,经过签名得到的密文加载到数据包内的逐跳选项头中并且将携带源地址验证信息的数据包发送到目的端;The encryption function module is used to encrypt and sign the source IPv6 address in the data packet (referring to the source IPv6 address (i.e., source address) in the data packet header), load the signed ciphertext into the hop-by-hop option header in the data packet, and send the data packet carrying the source address verification information to the destination;
验证功能模块,用于验证接收数据的源地址信息、动态验证表的初始化创建和动态更新。The verification function module is used to verify the source address information of the received data, and to initialize the creation and dynamic update of the dynamic verification table.
数据概率采集模块Data Probability Collection Module
数据概率采集模块是对数据包进行概率采样,并将其送入加密功能模块对数据包进行验证信息的标记。它包含数据采集模块和关键节点动态识别模块,通过两种模块的组合进行数据触发式的概率采集,为加密功能模块提供标记信息的数据。数据采集模块:可通过软件设计或硬件集成等方式进行采集数据。现在市面上广泛使用;关键节点动态识别模块,针对传输路径中的各传输节点进行流量状态的监控,并利用复杂网络指标计算并识别关键节点,然后通过加密功能模块进行加密签名,利用验证功能模块进行验证。(复杂网络是一个计算机网络上的专业术语,也是一门计算机网络研究的领域,引入复杂网络是为了采用复杂网络上的一些指标(如度、中心性、中介性等)来确认传输节点的关键性和重要性。)The data probability acquisition module performs probability sampling on the data packets and sends them to the encryption function module to mark the data packets for verification information. It includes a data acquisition module and a key node dynamic identification module. The combination of the two modules performs data-triggered probability acquisition and provides data for the encryption function module to mark information. Data acquisition module: Data can be collected through software design or hardware integration. It is now widely used in the market; the key node dynamic identification module monitors the traffic status of each transmission node in the transmission path, and uses complex network indicators to calculate and identify key nodes, and then uses the encryption function module to perform encryption signatures and verification using the verification function module. (Complex network is a professional term in computer networks and a field of computer network research. The introduction of complex networks is to use some indicators on complex networks (such as degree, centrality, betweenness, etc.) to confirm the criticality and importance of transmission nodes.)
加密功能模块Encryption function module
加密功能模块是对数据包内的源IPv6地址进行加密、签名,经过签名得到的密文加载到数据包内的逐跳选项头中并且将携带源地址验证信息的数据包发送到目的端。相比复杂的验证功能模块,它的结构比较简单,功能比较单一,仅包含SHA224哈希模块、ECDSA签名模块、ECC密钥库、发送模块四部分。各模块设计如下:The encryption function module encrypts and signs the source IPv6 address in the data packet, loads the signed ciphertext into the hop-by-hop option header in the data packet, and sends the data packet carrying the source address verification information to the destination. Compared with the complex verification function module, its structure is relatively simple and its function is relatively single. It only includes four parts: SHA224 hash module, ECDSA signature module, ECC key library, and sending module. The design of each module is as follows:
(1)第一SHA224哈希模块:用于加密源IPv6地址生成28Byte的消息摘要MAC,为下一步数字签名做准备。(1) The first SHA224 hash module: used to encrypt the source IPv6 address to generate a 28-byte message digest MAC, in preparation for the next step of digital signature.
(2)ECDSA签名模块:ECDSA是基于ECC的签名算法实现的,表1所示ECDSA签名原理。它将消息摘要MAC经数字签名生成密文C,提供源地址验证信息。(2) ECDSA signature module: ECDSA is implemented based on the ECC signature algorithm. The ECDSA signature principle is shown in Table 1. It generates the ciphertext C by digitally signing the message digest MAC and provides source address verification information.
表1 ECDSA的数字签名算法Table 1 ECDSA digital signature algorithm
(3)第一ECC密钥库:使用ECC密钥生成算法生成密钥对,将密钥对(Pk,Sk)存于密钥库中,便于ECDSA签名模块提取密钥,不必浪费时间临时生成密钥。(3) First ECC key library: Use the ECC key generation algorithm to generate a key pair and store the key pair (Pk, Sk) in the key library to facilitate the ECDSA signature module to extract the key without wasting time on temporary key generation.
(4)发送模块:发送携带源地址验证信息的数据到目的端,完成源地址验证的第一步动作。(4) Sending module: Sends data carrying source address verification information to the destination, completing the first step of source address verification.
验证功能模块Verification function module
验证功能模块是SAG的重要功能模块。通过判断接收数据的逐跳选项头中选项类型字段位的值,决定采取适合的源地址验证模式之后,应用ECDSA进行签名验证或查找动态验证表,完成沿传输路径和源/目的端的源地址验证,保障了数据流的可靠性传输。它提供流数据(粗粒度)和单数据(细粒度)两种验证机制,其中粗粒度验证能进行概率性验证,运行速度快,安全性高,适用于验证大规模流数据;而细粒度验证能进行更细化的验证,运行速度较粗粒度验证有所降低,但安全性极高,不会降低用户的服务体验,适用于验证单数据和小规模流数据。SAG的验证功能模块由接收模块、逐跳头校验模块、读取数据模块、动态验证表、第二SHA224哈希模块、时钟模块、ECDSA验签模块、第二ECC密钥库和验证模块共九个模块组成,这九个单一功能的模块相互配合提供了一种复杂的源地址验证功能。各模块功能设计如下:The verification function module is an important function module of SAG. By judging the value of the option type field bit in the hop-by-hop option header of the received data and deciding to adopt the appropriate source address verification mode, ECDSA is applied for signature verification or dynamic verification table search to complete the source address verification along the transmission path and the source/destination end, ensuring the reliable transmission of the data stream. It provides two verification mechanisms: stream data (coarse-grained) and single data (fine-grained). Coarse-grained verification can perform probabilistic verification, with fast running speed and high security, and is suitable for verifying large-scale stream data; while fine-grained verification can perform more detailed verification, with a lower running speed than coarse-grained verification, but extremely high security, and will not reduce the user's service experience. It is suitable for verifying single data and small-scale stream data. The verification function module of SAG consists of nine modules: receiving module, hop-by-hop header verification module, data reading module, dynamic verification table, second SHA224 hash module, clock module, ECDSA signature verification module, second ECC key library and verification module. These nine single-function modules cooperate with each other to provide a complex source address verification function. The functional design of each module is as follows:
(1)接收模块:用来接收携带源地址验证信息的数据包和利用邻居SAG初始化创建本地动态验证表。(1) Receiving module: used to receive data packets carrying source address verification information and use neighbor SAG initialization to create a local dynamic verification table.
(2)逐跳头校验模块:是对数据包中逐跳头选项类型字段进行位值判断的一个模块,以便选用合适的源地址验证模式。(2) Hop-by-hop header verification module: This module is a module that performs bit value judgment on the hop-by-hop header option type field in the data packet in order to select the appropriate source address verification mode.
(3)读取数据模块:对接收的数据包进行读取,获取源IPv6地址和密文C信息。(3) Data reading module: reads the received data packet to obtain the source IPv6 address and ciphertext C information.
(4)动态验证表:通过将三元组(源IPv6,子网前缀,Pk)作为规则表项创建一个动态更新的验证表,是流数据验证的关键模块。更新验证表有两种情况:一是在设备开启或重新接入时会自动共享邻居SAG的验证表来初始化创建本地验证表;二是将完成单数据验证且成功的数据作为一个元组添入动态验证表进行创建,以备流数据验证的比对使用。再通过时钟模块定期更新验证表,以高效的完成流数据验证。(4) Dynamic verification table: This is a key module for flow data verification. It creates a dynamically updated verification table using a triplet (source IPv6, subnet prefix, Pk) as a rule table item. There are two situations for updating the verification table: one is that when the device is turned on or reconnected, it will automatically share the neighbor SAG's verification table to initialize the creation of a local verification table; the other is that the data that has completed single data verification and succeeded is added as a tuple to the dynamic verification table for comparison and use in flow data verification. The verification table is then updated regularly through the clock module to efficiently complete flow data verification.
(5)时钟模块:为动态验证表提供时间信号,定期更新动态验证表,默认3h为一个周期。可以根据实际应用场景进行人为设定。(5) Clock module: provides time signals for the dynamic verification table and updates the dynamic verification table regularly. The default cycle is 3 hours. It can be manually set according to the actual application scenario.
(6)第二SHA224哈希模块:对获取的源IPv6地址进行哈希,计算出一个消息摘要MAC’,以备验证使用,是验证模块的一个输入。(6) Second SHA224 hash module: Hash the acquired source IPv6 address and calculate a message digest MAC’ for verification, which is an input of the verification module.
(7)ECDSA验签模块:对密文C进行验签,恢复出原始消息摘要MAC,以备验证使用,是验证模块的另一个输入。表2可知ECDSA的公钥验签原理机制。(7) ECDSA signature verification module: Verify the signature of the ciphertext C and restore the original message digest MAC for verification. It is another input of the verification module. Table 2 shows the principle mechanism of ECDSA public key signature verification.
表2 ECDSA的签名验证算法Table 2 ECDSA signature verification algorithm
(8)第二ECC密钥库:使用与加密模块相同的ECC密钥生成算法生成密钥对,形成统一的密钥库。根据密钥库找出对应的公钥Pk,为ECDSA验签模块提供公钥,并为动态验证表提供相应密钥信息。(8) Second ECC key library: Use the same ECC key generation algorithm as the encryption module to generate a key pair to form a unified key library. Find the corresponding public key Pk according to the key library, provide the public key for the ECDSA signature verification module, and provide the corresponding key information for the dynamic verification table.
(9)验证模块:是一个数值比对的模块。在单数据验证时,通过SHA224哈希模块得到MAC’和ECDSA验签模块的MAC进行比对,若相等,则数据来源真实;否则为伪造数据。在流数据验证时,通过接收的数据读取(源IPv6,MAC,Pk)或(子网前缀,Pk)与动态验证表中的(源IPv6,子网前缀,Pk)的元组信息进行匹配,若元组匹配,则数据来源真实;否则为伪造数据。(9) Verification module: It is a numerical comparison module. When verifying single data, the MAC’ obtained by the SHA224 hash module is compared with the MAC of the ECDSA signature verification module. If they are equal, the data source is authentic; otherwise, it is forged data. When verifying stream data, the received data reads (source IPv6, MAC, Pk) or (subnet prefix, Pk) and matches the tuple information of (source IPv6, subnet prefix, Pk) in the dynamic verification table. If the tuple matches, the data source is authentic; otherwise, it is forged data.
此外,本发明还提供了一种IPv6网络的ECDSA逐跳选项显式源地址加密验证方法,如图6所示,包括以下步骤:In addition, the present invention also provides an ECDSA hop-by-hop option explicit source address encryption verification method for an IPv6 network, as shown in FIG6 , comprising the following steps:
步骤1:加密阶段Step 1: Encryption Phase
101:初始化,利用ECC密钥生成算法产生密钥对(Pk,Sk),以备数字签名调用;101: Initialization, using the ECC key generation algorithm to generate a key pair (Pk, Sk) for digital signature calls;
102:用第一SHA224哈希模块对数据包的源IPv6地址进行哈希,计算消息摘要MAC,作为ECDSA签名模块的输入;102: Use the first SHA224 hash module to hash the source IPv6 address of the data packet, calculate the message digest MAC, and use it as the input of the ECDSA signature module;
103:ECDSA签名模块调用第一ECC密钥库的密钥对,使用私钥Sk对消息摘要MAC进行数字签名,得到密文C;103: The ECDSA signature module calls the key pair of the first ECC key library, uses the private key Sk to digitally sign the message digest MAC, and obtains the ciphertext C;
104:将密文C加载到数据包中的逐跳选项头中,得到一个携带源地址验证信息的数据包,再进行发送;104: Load the ciphertext C into the hop-by-hop option header in the data packet to obtain a data packet carrying the source address verification information, and then send it;
步骤2:验证阶段Step 2: Verification Phase
201:初始化,动态验证表通过共享相邻SAG的验证表来初始化创建本地动态验证;201: Initialization: The dynamic authentication table initializes and creates local dynamic authentication by sharing the authentication table of the adjacent SAG;
202:通过判断逐跳选项头中选项类型字段的位值,采取适合的源地址验证模式,进行验证操作;202: Perform verification by judging the bit value of the option type field in the hop-by-hop option header and adopting an appropriate source address verification mode;
若判定采用单数据验证时,通过目的端接收的数据获取源IPv6地址和密文C,因加密阶段和验证阶段使用统一的密钥库可提取公钥Pk,用公钥Pk对密文C进行验签得到原消息摘要MAC,并用源IPv6地址进行SHA224哈希得到一个新的消息摘要MAC’,将MAC和MAC’进行比对,若数值相同则数据来源正确,接收或转发,并将该数据作为元组添入动态验证表中;否则为伪造数据,应丢弃数据;If it is determined that single data verification is used, the source IPv6 address and ciphertext C are obtained through the data received by the destination. Since the encryption stage and the verification stage use a unified key library, the public key Pk can be extracted. The ciphertext C is signed with the public key Pk to obtain the original message digest MAC, and the source IPv6 address is used to perform SHA224 hashing to obtain a new message digest MAC'. The MAC and MAC' are compared. If the values are the same, the data source is correct, and it is received or forwarded, and the data is added to the dynamic verification table as a tuple; otherwise, it is forged data and should be discarded;
若判定采用流数据验证时,通过目的端接收的数据获取源IPv6和密文C,并通过密钥库可知对应的公钥Pk,组成相应的元组(源IPv6,Pk)或(子网前缀,Pk),对照动态验证表中的元组信息进行查找匹配,若元组匹配则数据来源真实,接收或转发数据;若元组未找到或不匹配时,进入单数据验证机制进行再验证,若判为真实数据则应接收或转发数据,否则为伪造数据,应丢弃数据,并恢复原验证模式。这样做的好处是可以减少误判、漏判现象,提高对数据源地址验证的准确性。If it is determined that the flow data verification is used, the source IPv6 and ciphertext C are obtained through the data received by the destination, and the corresponding public key Pk can be known through the key library, forming the corresponding tuple (source IPv6, Pk) or (subnet prefix, Pk), and searching and matching against the tuple information in the dynamic verification table. If the tuple matches, the data source is authentic, and the data is received or forwarded; if the tuple is not found or does not match, the single data verification mechanism is entered for re-verification. If it is judged to be authentic data, the data should be received or forwarded, otherwise it is forged data, the data should be discarded, and the original verification mode is restored. The advantage of doing this is that it can reduce misjudgment and missed judgment, and improve the accuracy of data source address verification.
4.SAEAv6方案评估4. SAEAv6 Solution Evaluation
4.1实验分析4.1 Experimental Analysis
应用Cisco Packet Tracer模拟器以IPv6地址运用RIP静态路由协议搭建的纯IPv6网络,联通情况如图7所示。根据网络拓扑图,假设网络为千兆带宽,使用光纤连接,平均传输距离为5km,SAG通过Java对ECDSA的签名验证利用OpenSSL模型模拟测得ECDSA的交互签名、验签的平均处理时延为11.3ms、14.7ms,所得平均处理时延随计算机性能的提高而降低,并且在使用Java和Python进行模拟时测得的时延差距较大,可能根据算法程序的不同和计算机性能等产生了较大的误差,为了考虑网络负载均衡采用了Java的模拟时延,并测算出相关性能指标,对指标数据进行了分析。A pure IPv6 network was built using the RIP static routing protocol with the Cisco Packet Tracer simulator using IPv6 addresses. The connectivity is shown in Figure 7. According to the network topology, assuming that the network has a Gigabit bandwidth, uses optical fiber connections, and has an average transmission distance of 5 km, SAG simulates the ECDSA signature verification using Java using the OpenSSL model and measures the average processing delays of ECDSA interactive signature and verification to be 11.3ms and 14.7ms, respectively. The average processing delay decreases with the improvement of computer performance, and the delays measured when using Java and Python for simulation are quite different, which may be caused by different algorithm programs and computer performance. In order to consider network load balancing, Java simulation delays are used, and relevant performance indicators are calculated, and the indicator data are analyzed.
表3是SAG在接入域场景中模拟应用在不同带宽网络下的实验数据,可以看出在不同带宽下使用SAG比未用SAG的数据传输时延和传输速率略有差值,但差值很小,意味着在网络中使用SAG时网速不会产生较大的波动,因此不会降低用户使用网络的服务体验,所以单从上述两项实验数据来看使用SAG是不会对网速有明显的影响,在数据传输上不会占用太多带宽。Table 3 shows the experimental data of SAG in the access domain scenario under different bandwidth networks. It can be seen that the data transmission delay and transmission rate when SAG is used are slightly different from those when SAG is not used under different bandwidths, but the difference is very small, which means that the network speed will not fluctuate greatly when SAG is used in the network, and therefore will not reduce the user's service experience when using the network. Therefore, judging from the above two experimental data alone, the use of SAG will not have a significant impact on the network speed, and will not occupy too much bandwidth for data transmission.
表3在接入域中使用SAG的实验数据Table 3 Experimental data using SAG in access domain
表4在SAVA的三种场景中使用SAG的实验数据Table 4 Experimental data using SAG in three scenarios of SAVA
根据表4中的最大传输时间看出模拟的IPv6网络稳定,可以忽略其他网络因素给性能指标带来的影响,并且对于网络的不同场景下使用SAG的网络延迟至少约47.88ms。网络工程师一般依据网络延迟可以评估现有网络环境的优劣程度,常认为IPv4网络延迟范围为:1-30ms表明网速极快,几乎察觉不出延迟;31-50ms表明网速快,没有明显延迟;51-100ms表明网速略慢,略有延迟;>100ms表明网速差,有卡顿和丢包并掉线的现象。虽然上述延迟范围常评估IPv4网络,但可以据此来抽象预测IPv6网络环境中使用SAG的网速状况,根据延迟结果预测可知在IPv6网络中使用SAG不会影响网速,且不会降低网络用户的服务体验,因此可以推定SAG具有IPv6网络的适用性,可以在任意SAVA的网络场景下使用。所以证明了SAEAv6验证方案是适用于IPv6网络的,是一种可行的方案。According to the maximum transmission time in Table 4, the simulated IPv6 network is stable, and the impact of other network factors on performance indicators can be ignored. In addition, the network delay of SAG in different network scenarios is at least about 47.88ms. Network engineers can generally evaluate the quality of the existing network environment based on network delay. It is often believed that the delay range of IPv4 network is: 1-30ms indicates that the network speed is extremely fast and the delay is almost imperceptible; 31-50ms indicates that the network speed is fast and there is no obvious delay; 51-100ms indicates that the network speed is slightly slow and there is a slight delay; >100ms indicates that the network speed is poor, there are freezes and packet loss and disconnection. Although the above delay range is often used to evaluate IPv4 networks, it can be used to abstractly predict the network speed of SAG in the IPv6 network environment. According to the delay result prediction, it can be seen that using SAG in the IPv6 network will not affect the network speed and will not reduce the service experience of network users. Therefore, it can be inferred that SAG has the applicability of IPv6 networks and can be used in any SAVA network scenario. Therefore, it is proved that the SAEAv6 verification scheme is applicable to IPv6 networks and is a feasible scheme.
4.2有效性分析4.2 Effectiveness Analysis
根据接入域、AS域内和AS域间三种网络场景下进行部署SAG,可以获得单独部署和联合部署的网络防御能力,并随着部署数量的增多所获收益也将进一步得到提升,做到了“谁部署,谁受益”的部署激励。根据图7的网络拓扑,假设在这三种网络场景下进行部署,获得的网络防御力度各有不同,具体分析如下所述:Deploying SAG in three network scenarios, namely, access domain, AS domain, and inter-AS domain, can obtain network defense capabilities for single deployment and joint deployment, and the benefits gained will be further improved as the number of deployments increases, achieving the deployment incentive of "whoever deploys, whoever benefits". According to the network topology in Figure 7, assuming that deployment is carried out in these three network scenarios, the network defense strength obtained is different, and the specific analysis is as follows:
场景一接入域部署:在接入域部署SAG可以采用终端部署和关键节点部署的两种方式来提高数据传输的安全性,终端部署提供了主机粒度的防御能力,而另一类部署方式则提供了接入层防护。根据SAEAv6方案的数据包安全验证机制,可以对单数据和流数据进行动态安全防护,两类防护效能各有不同。比如使用单数据验证机制时能增强终端数据传输的安全防护能力,攻击者无法攻破SHA224withECDSA的签名验证机制,是因为其中的ECDSA签名算法使用了224位密钥其安全强度远高于RSA1024位密钥的安全强度,即使攻破至少需1020MIPS年;而流数据验证机制采用的是概率性过滤机制,其安全防御效能较前一种验证方式有所降低但对网络数据的传输速率没有太大影响,因此在保证网速不减的情况下过滤了伪造数据包,验证了数据的来源安全。Scenario 1: Access domain deployment: SAG can be deployed in the access domain in two ways: terminal deployment and key node deployment to improve the security of data transmission. Terminal deployment provides host-level defense capabilities, while the other deployment method provides access layer protection. According to the packet security verification mechanism of the SAEAv6 solution, dynamic security protection can be performed on single data and stream data, and the two types of protection have different effectiveness. For example, when using the single data verification mechanism, the security protection capability of terminal data transmission can be enhanced. Attackers cannot break the SHA224withECDSA signature verification mechanism because the ECDSA signature algorithm uses a 224-bit key, which has a much higher security strength than the RSA1024-bit key. Even if it is broken, it will take at least 10 20 MIPS years; the stream data verification mechanism uses a probabilistic filtering mechanism, which has a lower security defense effectiveness than the previous verification method, but has little impact on the transmission rate of network data. Therefore, forged data packets are filtered out while ensuring that the network speed is not reduced, and the source security of the data is verified.
场景二AS域内部署:在AS域内可以针对出/入口路由节点或各关键节点进行SAG部署,能保证域内各级网络通信的安全,防止域内任意节点伪造数据进而欺骗域内各节点导致攻击行为的产生。通过出/入口路由节点的部署提供了AS域外向内流量的欺骗预防,保障了AS域内外向通信的安全;至于在各关键节点处部署提供了AS域内节点间的数据验证,提供了域内安全通信。使AS域内各级网络的数据访问在一定程度上提升了安全防护效能,从而由内向外或由外向内的保障AS域内数据的安全交互。Scenario 2: Deployment within the AS domain: SAG can be deployed on the ingress/egress routing nodes or key nodes within the AS domain to ensure the security of network communications at all levels within the domain, and prevent any node within the domain from forging data and deceiving nodes within the domain to cause attacks. The deployment of ingress/egress routing nodes provides prevention of spoofing of traffic from outside the AS domain to within the domain, ensuring the security of inbound and outbound communications within the AS domain; deployment at key nodes provides data verification between nodes within the AS domain, providing secure communications within the domain. Data access to networks at all levels within the AS domain improves security protection to a certain extent, thereby ensuring secure data interaction within the AS domain from the inside out or from the outside in.
场景三AS域间部署:AS域间的安全防护依赖于在AS域上的边界路由器部署的SAG,在边界路由器中利用边界网关协议(BGP)来判断数据流量的AS域来源,判断是否是基于AS域间传输的数据,进而在应用AS域间的网络数据验证机制,以保障AS域间通信的数据完整性、不可伪造性,避免欺骗伪造类型的网络攻击行为。要注意的是在AS域间提供的数据安全验证机制主要基于流数据安全,根据网络地址前缀概率性的提供安全数据防护,防御效能较接入域、AS域内的防御能力略有降低,但保障了域间数据传输速率在标准范围内。Scenario 3: Deployment between AS domains: The security protection between AS domains depends on the SAG deployed on the border routers in the AS domain. The Border Gateway Protocol (BGP) is used in the border routers to determine the AS domain source of the data traffic and whether it is based on data transmitted between AS domains. Then, the network data verification mechanism between AS domains is applied to ensure the data integrity and unforgeability of communication between AS domains and avoid deception and forgery-type network attacks. It should be noted that the data security verification mechanism provided between AS domains is mainly based on flow data security, and provides security data protection based on the probability of network address prefixes. The defense effectiveness is slightly lower than the defense capabilities within the access domain and AS domain, but it ensures that the data transmission rate between domains is within the standard range.
综上所述,基于SAEAv6验证方案的安全验证网关(SAG)根据不同网络场景进行相应部署,能在原有网络防护力度上再次提升各网络场景中的安全防御效能。在上述的叙述中,可知提供了自底向上、由内而外的安全防护机制,从接入域终端验证提升到AS域内数据级验证再到AS域间的区域级验证,从微观到宏观,提供了体系性的增量部署网络防御模式,其防御效能见图8所示。通过图8可知在网络上进行大规模部署时,随着部署规模的不断扩大,其网络防御效能将大幅提升,进一步表明了基于SAEAv6验证方案网络防御的有效性。In summary, the security authentication gateway (SAG) based on the SAEAv6 authentication scheme is deployed accordingly according to different network scenarios, which can further improve the security defense effectiveness in various network scenarios based on the original network protection strength. In the above description, it can be seen that a bottom-up and inside-out security protection mechanism is provided, from access domain terminal authentication to AS domain data-level authentication to AS domain regional-level authentication, from micro to macro, providing a systematic incremental deployment network defense model, and its defense effectiveness is shown in Figure 8. It can be seen from Figure 8 that when large-scale deployment is carried out on the network, as the deployment scale continues to expand, its network defense effectiveness will be greatly improved, further demonstrating the effectiveness of network defense based on the SAEAv6 authentication scheme.
4.3安全性分析4.3 Security Analysis
SAG是基于SAEAv6验证方案设计的,根据SAEAv6验证方案的验证规则可以了解其整体安全性建立在验证策略和数字签名算法上,两者结合形成极强的验证规则,验证规则依据数据流量的大小进行动态验证形成了一个综合性的防御体系。在接入域、AS域内它有更强的防御效能,因为在这两者间无论是在每个传输节点上配置还是仅在上游路由器或交换机中安装都能形成相对强的防御规则,而在AS域间内的安全效能比接入域和AS域内的应用场景稍低,但仅安置在AS域间的边缘路由器上能起到防护边界的防御效果,且开销略大但不会降低网络用户的服务体验,与传统安全通信模式相比,具有较强的防御效能,能降低漏判、误判的概率。换言之,SAG的配置可以降低网络数据真实性鉴别的假阳性、假阴性。SAG is designed based on the SAEAv6 verification scheme. According to the verification rules of the SAEAv6 verification scheme, its overall security is based on the verification strategy and digital signature algorithm. The combination of the two forms a very strong verification rule. The verification rule is dynamically verified according to the size of the data flow to form a comprehensive defense system. It has stronger defense effectiveness in the access domain and AS domain, because between the two, whether it is configured on each transmission node or installed only in the upstream router or switch, it can form a relatively strong defense rule. The security effectiveness in the AS domain is slightly lower than the application scenario in the access domain and AS domain, but it can play a defensive effect of protecting the boundary only when it is installed on the edge router between AS domains. The overhead is slightly higher, but it will not reduce the service experience of network users. Compared with the traditional secure communication mode, it has stronger defense effectiveness and can reduce the probability of missed judgment and misjudgment. In other words, the configuration of SAG can reduce the false positive and false negative of network data authenticity identification.
SAEAv6方案的理论框架依赖于验证策略和SHA224withECDSA数字签名算法形成的规则机制。其中验证策略如上图3所示,具有单数据验证和流数据验证两种策略,并根据逐跳选项的位值变化判断使用哪种验证模式,进而形成严格的动态验证策略,对数据源验证起到一定的防御效用;SHA224withECDSA数字签名算法是采用SHA224哈希与基于ECC椭圆加密算法的ECDSA数字签名算法形成更强、更安全的数字签名机制,并且ECDSA的安全性建立在求解ECC椭圆曲线离散对数解的困难性上,具有低运算复杂度和高安全性的特点,使用较小的密钥可提供更高的安全强度,两者再融合使用其安全性将大幅度提高,相比现有的源地址验证算法如HMAC-MD5、HMAC-SHA1、RSA、CGA等加密算法,其运行速度快、占用内存少、时间开销低、安全性更高。因此选用SHA224withECDSA数字签名算法作为SAEAv6验证方案的核心安全算法其能提供更高、更强、更有效的防御能力。表5是SAEAv6验证方案与传统源地址验证技术的对比表,可看出SAEAv6验证方案比传统源地址验证技术具有更好的安全优势。The theoretical framework of the SAEAv6 scheme relies on the rule mechanism formed by the verification strategy and the SHA224withECDSA digital signature algorithm. The verification strategy is shown in Figure 3 above, which has two strategies: single data verification and stream data verification. It determines which verification mode to use based on the bit value change of the hop-by-hop option, thereby forming a strict dynamic verification strategy, which plays a certain defensive role in data source verification. The SHA224withECDSA digital signature algorithm uses SHA224 hash and the ECDSA digital signature algorithm based on the ECC elliptic encryption algorithm to form a stronger and more secure digital signature mechanism. The security of ECDSA is based on the difficulty of solving the discrete logarithm solution of the ECC elliptic curve. It has the characteristics of low computational complexity and high security. Using a smaller key can provide higher security strength. The combination of the two will greatly improve its security. Compared with existing source address verification algorithms such as HMAC-MD5, HMAC-SHA1, RSA, CGA and other encryption algorithms, it has fast running speed, less memory usage, low time overhead and higher security. Therefore, the SHA224withECDSA digital signature algorithm is selected as the core security algorithm of the SAEAv6 verification scheme, which can provide higher, stronger and more effective defense capabilities. Table 5 is a comparison table between the SAEAv6 authentication scheme and the traditional source address authentication technology. It can be seen that the SAEAv6 authentication scheme has better security advantages than the traditional source address authentication technology.
表5 SAEAv6技术与传统技术的对比Table 5 Comparison between SAEAv6 technology and traditional technology
根据表3、表4可知SAG在传输时延、传输速率、延迟等性能指标上具有较小的差值,不影响网络的传输速率和网络用户的服务体验,适用于IPv6网络,进而证明了SAEAv6验证方案的可行性。通过对SAEAv6验证方案的安全性分析可知其安全强度远高于1024位RSA公钥加密体制,又根据表5可知SAEAv6验证方案比传统源地址验证技术在部署、开销和防御上具有更好的优势。综上所述,SAEAv6验证方案是一种可行、有效、安全的源地址验证方案。According to Table 3 and Table 4, SAG has a small difference in performance indicators such as transmission delay, transmission rate, and latency, and does not affect the transmission rate of the network and the service experience of network users. It is suitable for IPv6 networks, which proves the feasibility of the SAEAv6 authentication scheme. Through the security analysis of the SAEAv6 authentication scheme, it can be seen that its security strength is much higher than the 1024-bit RSA public key encryption system. According to Table 5, the SAEAv6 authentication scheme has better advantages in deployment, overhead, and defense than traditional source address authentication technology. In summary, the SAEAv6 authentication scheme is a feasible, effective, and secure source address authentication scheme.
以上所述,仅用以说明本发明的技术方案而非限制,本领域普通技术人员对本发明的技术方案所做的其它修改或者等同替换,只要不脱离本发明技术方案的精神和范围,均应涵盖在本发明的权利要求范围当中。The above description is only used to illustrate the technical solution of the present invention rather than to limit it. Other modifications or equivalent substitutions made to the technical solution of the present invention by ordinary technicians in this field should be included in the scope of the claims of the present invention as long as they do not depart from the spirit and scope of the technical solution of the present invention.
Claims (4)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202111453777.XA CN114389835B (en) | 2021-12-01 | 2021-12-01 | IPv6 option explicit source address encryption security verification gateway and verification method | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202111453777.XA CN114389835B (en) | 2021-12-01 | 2021-12-01 | IPv6 option explicit source address encryption security verification gateway and verification method | 
Publications (2)
| Publication Number | Publication Date | 
|---|---|
| CN114389835A CN114389835A (en) | 2022-04-22 | 
| CN114389835B true CN114389835B (en) | 2024-04-16 | 
Family
ID=81196924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN202111453777.XA Active CN114389835B (en) | 2021-12-01 | 2021-12-01 | IPv6 option explicit source address encryption security verification gateway and verification method | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN114389835B (en) | 
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN115037686B (en) * | 2022-04-30 | 2024-12-03 | 新华三技术有限公司合肥分公司 | Message forwarding method and device | 
| CN115174520B (en) * | 2022-06-09 | 2023-06-23 | 郑州信大捷安信息技术股份有限公司 | Network address information hiding method and system | 
| CN115549983B (en) * | 2022-09-14 | 2023-07-25 | 电子科技大学 | Safety authentication device and method for IPv6 network transmission equipment based on time synchronization | 
| CN116866055B (en) * | 2023-07-26 | 2024-02-27 | 中科驭数(北京)科技有限公司 | Method, device, equipment and medium for defending data flooding attack | 
| CN117040943B (en) * | 2023-10-10 | 2023-12-26 | 华中科技大学 | Cloud network endophytic security defense method and device based on IPv6 address driving | 
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN1921488A (en) * | 2006-09-19 | 2007-02-28 | 清华大学 | Method for preventing forgery of source address based on signature authentication inside IPv6 sub network | 
| CN101304407A (en) * | 2007-05-09 | 2008-11-12 | 华为技术有限公司 | A source address authentication method, system and device | 
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN101404579B (en) * | 2008-10-31 | 2011-02-09 | 成都市华为赛门铁克科技有限公司 | A method and device for preventing network attacks | 
| CN116346492B (en) * | 2023-04-18 | 2024-05-14 | 浙江御安信息技术有限公司 | A data security management method based on APNv6 | 
- 
        2021
        - 2021-12-01 CN CN202111453777.XA patent/CN114389835B/en active Active
 
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN1921488A (en) * | 2006-09-19 | 2007-02-28 | 清华大学 | Method for preventing forgery of source address based on signature authentication inside IPv6 sub network | 
| CN101304407A (en) * | 2007-05-09 | 2008-11-12 | 华为技术有限公司 | A source address authentication method, system and device | 
Non-Patent Citations (1)
| Title | 
|---|
| 基于IPv6的下一代互联网技术与实践;刘莹;任罡;包丛笑;李贺武;;信息通信技术;20171215(第06期);61-68 * | 
Also Published As
| Publication number | Publication date | 
|---|---|
| CN114389835A (en) | 2022-04-22 | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| CN114389835B (en) | IPv6 option explicit source address encryption security verification gateway and verification method | |
| Liu et al. | Passport: Secure and Adoptable Source Authentication. | |
| Mankin et al. | On design and evaluation of" intention-driven" ICMP traceback | |
| Ahmed et al. | IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey | |
| Hu et al. | SPV: Secure path vector routing for securing BGP | |
| Subramanian et al. | Listen and whisper: Security mechanisms for BGP | |
| Chakrabarti et al. | Internet infrastructure security: A taxonomy | |
| CN100364306C (en) | Verification method of IPv6 real source address between autonomous systems based on signature | |
| US20060005014A1 (en) | Using time to determine a hash extension | |
| US20040193875A1 (en) | Methods and systems for authenticating messages | |
| Cai et al. | Source authentication and path validation in networks using orthogonal sequences | |
| Singh et al. | A review paper on ad hoc network security | |
| Bao et al. | A probabilistic and distributed validation framework based on blockchain for artificial intelligence of things | |
| Liu et al. | Secure name resolution for identifier-to-locator mappings in the global internet | |
| Li et al. | Secure routing in wired networks and wireless ad hoc networks | |
| Maan et al. | Vulnerability assessment of AODV and SAODV routing protocols against network routing attacks and performance comparisons | |
| Lagutin | Redesigning internet-the packet level authentication architecture | |
| Wang et al. | T-IP: A self-trustworthy and secure Internet protocol | |
| CN116633556B (en) | Firewall signature authentication method and firewall-based anti-network topology discovery system | |
| Liu et al. | DISCS: a distributed collaboration system for inter-AS spoofing defense | |
| Durresi et al. | Efficient and secure autonomous system based traceback | |
| Pirzada et al. | Secure routing protocols for mobile ad-hoc wireless networks | |
| Bao et al. | Smart-PKI: A blockchain-based distributed identity validation scheme for IoT devices | |
| Hu et al. | TrueID: A practical solution to enhance Internet accountability by assigning packets with creditable user identity code | |
| CN101702727A (en) | DDoS Defense Method in Address Separation Mapping Network | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |