CN103297400A

CN103297400A - Security alliance management method and system based on bidirectional forwarding detection protocol

Info

Publication number: CN103297400A
Application number: CN2012100512176A
Authority: CN
Inventors: 韦银星; 苗忠明; 万长胜
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2012-03-01
Filing date: 2012-03-01
Publication date: 2013-09-11

Abstract

The invention discloses a security alliance management method based on a bidirectional forwarding detection protocol. A Type field, a Nonce field and a keyidentifier field are arranged in interactive control messages between a first router and a second router, and the first router and the second router complete creation and renewal of a security alliance according to the control messages. The invention further discloses a security alliance management system based on the bidirectional forwarding detection protocol. Through the renewal of the security alliance at fixed period, when a serial number repeatedly emerges, due to the fact that the security alliance has been renewed, penetrated authentication data also differ. Accordingly, if an attacker uses data packages in the same overdue serial number to carry out replay attack, a receiver can recognize replayed data packages. Therefore, an effect of replay attack prevention is achieved, and system security is improved.

Description

Security Association management method and system based on bidirectional transmission detecting protocol

Technical field

The present invention relates to the routing safety technology in the communication network, relate in particular to a kind of based on two-way forwarding detection (Bidirectional Forwarding Detection, BFD) Security Association of agreement (security association, SA) management method and system.

Background technology

The BFD agreement produces for the deficiency that solves existing testing mechanism, it is the unified testing mechanism of a cover the whole network, the forwarding that is used for fast detecting, monitor network link or IP route is communicated with situation, guarantee fast detecting to arrive communication failure between the neighbours, recover communication thereby set up alternate channel fast.BFD provides the quick fault testing mechanism of general, standardized a, media independent, protocol-independent, can be each upper-layer protocol such as Routing Protocol, MPLS etc. the fault of two-way forward-path between two routers of fast detecting uniformly.BFD itself is discovery mechanism not, but notify it to set up session with whom by the upper-layer protocol that is serviced, if session foundation back is not received the BFD control message of opposite end then is thought and break down in detection time, the upper-layer protocol that notice is serviced, upper-layer protocol is handled accordingly.

The primary demand of BFD protocol security is integrality and preventing playback attack.Assailant's interception and forgery BFD message, in a single day router accepts the BFD message of this mistake, will provide wrong condition notification to upper-layer protocol.For addressing this problem, be necessary for the BFD agreement integrity protection mechanism is provided, to prevent assailant's forgery message.Assailant's out-of-date BFD message of also may resetting also will influence the operate as normal of BFD agreement.

In the protected data integrality that the BFD agreement is formulated and the standard (existing security mechanism) of preventing playback attack:

The BFD agreement does not comprise interior (in-band) mechanism of band that is used for creating or managing BFD SA.A BFD SA comprises a series of parameters of being shared by two legal BFD routers.The BFD agreement uses this Security Association to come value in the calculation of integrity object of protection, thereby reaches the purpose of integrity protection.The standard of BFD has comprised five kinds of dissimilar certificate schemes: simple password, Keyed MD5, MeticulousKeyed MD5, Keyed SHA-1 and Meticulous SHA-1, wherein, in Keyed MD5 and Meticulous Keyed MD5, the BFD router is shared the key of a secret, this key is utilized for each bag and generates the keyed MD5 digest, and the sequence number mechanism of a monotone increasing is used for preventing Replay Attack.In Keyed SHA-1 and Meticulous SHA-1, the BFD router is shared a privacy key, and this key is utilized for each bag and generates keyed SHA-1 summary, and the sequence number mechanism of a monotone increasing is used for preventing Replay Attack.

In addition, the parameter of BFD SA association comprises:

The signless integer of-two octets of Authentication Key Identifier (Key ID) authenticate key sign is used for unique identification BFD SA, by network operator (perhaps some IKMP settings that might be ietf definition future) is set manually.The Key id field is the index field of SA: the recipient receives that by observation this field of packet finds corresponding SA, and use this SA to verify the integrality of the packet of receiving, the sender finds corresponding SA according to Key ID value, and uses this SA to generate verify data (authentication data).Use Key ID to make to change key when keeping protocol operation and become convenient.Each Key ID has stipulated two independent parts, authentication protocol and authenticate keys.A common implementation allows the network operator in a key chain a series of key to be set, and each key in the chain has the fixing life-span.Notice that each Key ID can indicate the key of different authentication protocols.This uses a plurality of authentication mechanisms and does not interrupt the BFD session in the different time with regard to allowing, and comprises the introduction to new authentication mechanism.

The identifying algorithm that Authentication Algorithm identifying algorithm-show BFD SA uses.Following value is available: Keyed MD5, Keyed SHA-1, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512.

The encryption key that Authentication Key authenticate key-expression is related with this BFD SA.The variable-length of key and determined by the identifying algorithm of BFD SA appointment.The operator must guarantee that key can be by any agreement with expressly in transmission over networks.And must guarantee that the key of selecting is uncertain, avoid the weak key that uses algorithm known arbitrarily simultaneously.

BFD authentication section form as shown in Figure 1, wherein:

Auth Type: auth type is 6 (cipher authentications) or 7 (Meticulous cipher authentications).

Auth Len: the length of authentication field.

Auth Key ID: authenticate key sign.Allow a plurality of keys active simultaneously.

Sequence Number: the sequence number of this bag.To cipher authentication, this value increases sometimes.To the Meticulous cipher authentication, this value successfully increases during transmission package in each session.

Authentication Data: this field has been carried the summary that the cipher authentication algorithm calculates.

This security mechanism of BFD can solve the problem of integrity protection and preventing playback attack to a certain extent.Yet it is not enough only defining Security Association and authentication object.

Also there are the following problems for the BFD security mechanism:

In the authentication mechanism of simple password, with plaintext form exchange, any physics is linked into the safety that people in the network can both obtain password and jeopardize the BFD territory to password in network;

Two kinds of cryptographic algorithm (MD5 and SHA-1) of using in the integrity protection all are proved to be and often suffer collision attack;

In the same conversation procedure.Two routers are when communication; can set up link earlier; and some parameters of link are somebody's turn to do in initialization; sometimes because some cause specifics; after restarting as router; router need rebulid link, and BFD provides an incomplete intra-session (referring to not rebulid the period before linking) the Replay Attack protection, and does not have inter-session (referring to rebulid two periods of link front and back) Replay Attack to protect.When cryptographic authentication mechanisms was adopted by BFD, non-32 bit long sequence numbers that subtract were used.In Keyed MD5 and Keyed SHA-1 mechanism, sequence number is not needed as each bag to be increased.Therefore an assailant can reset with up-to-date sequence number always and wrap, and is updated up to sequence number.This problem is eliminated in Meticulous Keyed MD5 and Meticulous Keyed SHA-1 mechanism;

Sequence number may arrive its maximum and be reversed in session.Usually be sent out in the interval that wraps in microsecond and millisecond of BFD.And the sequence number space of password has only 32 bits, and how long sequence space will reach capacity and overflow.In this case, do not have the support of automatic key management mechanism, the BFD session will be vulnerable to Replay Attack, by the bag before the upset that sends sequence number;

When wrapping in the short time of malice is sent out, because the setting of authentication position can bring Denial of Service attack.Because the BFD standard considers that the change of authentication state is based on the state of the bag of receiving.Make node be sure of the packet loss of big figure very such as, assailant sequence number of can resetting than present big a lot of bag, cause state that the victim changes oneself to down;

The key updating function is limited.In the BFD of each authentication control bag a Key ID is arranged, sign is carried out the key that hash transformation adopts to bag.For the BFD router provides a kind of level and smooth key conversion method, do not move to another from a key;

In the BFD session, each node need select the discriminator of 32 bits to identify itself.Therefore, a BFD session is identified by two discriminators.If a node selects a new discriminator for a new session randomly, and use authentication mechanism to protect the control bag, the inter-session Replay Attack can be alleviated to a certain extent.Yet in existing BFD demultiplexing mechanism, the discriminator that new BFD session is used may be educible.This problem can be used to carry out Replay Attack by victim.If two parallel BFD sessions adopt same discriminator to and use identical key to protect the safety of control bag, the authentication bag of a malice can be used to realize the inner Replay Attack that connects;

Any safety problem under BFD echo pattern will directly influence BFD agreement and session status, and therefore influence stability of network.Such as, the router that any Replay Attack can't be tested is distinguished with normal the forwarding.An attack also can cause a problematic connection to be trusted for being.Yet, if wrapping, echo can guess, can cheat from external source, and make BFD believe that an one-way linkage is two-way.The echo that the result comprises random content wraps in after the reception also detected.

Generally speaking, the administrative mechanism of existing BFD SA is subjected to Replay Attack easily, and security of system is relatively poor.

Summary of the invention

In view of this, main purpose of the present invention is to provide a kind of Security Association management method and system based on bidirectional transmission detecting protocol, can avoid being subjected to Replay Attack, improves security of system.

For achieving the above object, technical scheme of the present invention is achieved in that

A kind of Security Association management method based on bidirectional transmission detecting protocol arranges the type field, Nonce field and key identifier field in the mutual control message between the first router and the second router, this method comprises:

The first router and the second router are finished establishment and the renewal of Security Association according to described control message.

Described the first router and the second router are finished being created as of Security Association according to described control message:

The first router is obtained the record of the second router correspondence from local key list, and generates a random number nonce1;

The first router generates and stores Security Association according to record and the nonce1 of described the second router correspondence;

The first router sends the first control message according to described Security Association to the second router, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of the described first control message authentication part, the Nonce field is filled described nonce1, and the type field indicates this message for create the request message of Security Association based on individual Nonce;

The second router finds corresponding record according to the key identifier field in the described first control message in local key list, then record and the nonce1 according to described correspondence generates and stores corresponding Security Association, after complete according to the described Security Association checking first control message, send the second control message according to described Security Association to the first router, wherein, the key identifier field of the described second control message authentication part is identical with the first control message with the Nonce field, and the type field indicates this message for create the response message of Security Association based on individual Nonce;

The first router is controlled the Security Association that message judgement the second router has been approved own generation according to described second, and then Security Association is created successfully.

When described the first router or the second router generate Security Association, determine K and AuthKey ID according to following formula:

K＝trancate(prf(Key，LocalKeyID，interface，nonce1))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce1))，

Wherein, Key is the key in the described record that obtains from local key table, and LocalKeyID is the field in the described record that obtains from local key table, and trancate-16 represents 16 of from the result that the prf function generates intercepting front.Trancate when generating K represents the key according to algorithm needs intercepting respective length in the Security Association.

The first router is obtained the record of the second router correspondence from local key list, and generates a random number nonce2;

The first router generates and stores Security Association according to record and the nonce2 of described the second router correspondence;

The first router sends the 3rd control message according to described Security Association to the second router, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 3rd control message authentication part, the Nonce field is filled described nonce2, and the type field indicates this message for create the request message of Security Association based on both sides Nonce;

The second router finds corresponding record according to the key identifier field in described the 3rd control message from local key list, then record and the nonce2 according to described correspondence generates and stores corresponding Security Association, according to described Security Association verify the 3rd control message complete after, generate a random number nonce3, and revise the Security Association of local storage according to record, nonce2 and the nonce3 of described correspondence;

The second router sends the 4th control message according to described amended Security Association to the first router, wherein, the key identifier field of described the 4th control message authentication part is identical with the 3rd control message, the Nonce field is filled to nonce3, and the type field indicates this message for create the response message of Security Association based on both sides Nonce;

The first router has been approved the Security Association of own generation according to described the 4th control message judgement the second router, then revise the Security Association of local storage according to record, nonce2 and the nonce3 of the second router correspondence in the local key list, Security Association is created successfully.

When described the first router or the second router generate Security Association according to the record of this locality and nonce2, determine Auth Key ID and K according to following formula:

K＝trancate(prf(Key，LocalKeyID，interface，nonce2))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce2))；

When described the first router or the second router are revised the Security Association of local storage according to the record of this locality, nonce2 and nonce3, determine Auth Key ID and K according to following formula:

K＝trancate(prf(Key，PeerKeyID，interface，nonce2，nonce3))，

Auth?Key?ID＝trancate-16(prf(Key，PeerKeyID，interface，nonce2，nonce3))；

Wherein, Key is the key in the described record that obtains from local key table, and PeerKeyID is the field in the record that obtains from local key table.Trancate-16 represents 16 of from the result that the prf function generates intercepting front.Trancate when generating K represents the key according to the needs intercepting respective length of algorithm among the BFD SA.

Described the first router and the second router are finished being updated to of Security Association according to described control message:

The first router is obtained the record of the second router correspondence from local key list, and generates a random number nonce4;

The first router generates new Security Association according to record and the nonce4 of described the second router correspondence;

The first router sends the 5th control message according to original Security Association to the second router, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 5th control message authentication part, the Nonce field is filled described nonce4, and the type field indicates this message for upgrade the request message of Security Association based on individual Nonce;

The second router verifies that according to existing Security Association the 5th control message is complete, and in local key list, find corresponding record according to the key identifier field in the 5th control message, then record and the nonce4 according to described correspondence generates corresponding Security Association, Security Association according to described generation sends the 6th control message to the first router afterwards, wherein, the key identifier field of described the 6th control message authentication part is identical with the first control message with the Nonce field, and the type field indicates this message for upgrade the response message of Security Association based on individual Nonce;

The first router is controlled the Security Association that message judgement the second router has been approved own generation according to described second, then Security Association is updated to the Security Association of described generation, and Security Association upgrades successfully.

K＝trancate(prf(Key，LocalKeyID，interface，nonce4))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce4))，

The first router is obtained the record of the second router correspondence from local key list, and generates a random number nonce5;

The first router sends the 7th control message according to existing Security Association to the second router, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 7th control message authentication part, the Nonce field is filled described nonce5, and the type field indicates this message for upgrade the request message of Security Association based on both sides Nonce;

The second router verifies that according to existing Security Association the 7th control message is complete, and find corresponding record according to the key identifier field in described the 7th control message from local key list, then generate a random number nonce6, and upgrade the Security Association of local storage according to record, nonce5 and the nonce6 of described correspondence;

The second router sends the 8th control message according to the Security Association after upgrading to the first router, wherein, the key identifier field of described the 8th control message authentication part is identical with the 7th control message, the Nonce field is filled to nonce6, and the type field indicates this message for upgrade the response message of Security Association based on both sides Nonce;

The first router has been approved the method for own renewal Security Association according to described the 8th control message judgement the second router, then upgrade the Security Association of local storage according to record, nonce5 and the nonce6 of the second router correspondence in the local key list, Security Association upgrades successfully.

When described the first router or the second router are upgraded the Security Association of local storage according to the record of this locality, nonce5 and nonce6, determine Auth Key ID and K according to following formula:

K＝trancate(prf(Key，PeerKeyID，interface，nonce5，nonce6))，

Auth?Key?ID＝trancate-16(prf(Key，PeerKeyID，interface，nonce5，nonce6))；

Described the first router judges whether the second router approves that the own Security Association that generates is: check that Nonce field and key identifier field in the control message of receiving be whether consistent with respective field in the control message of oneself transmission.

Described the first router judges whether the second router approves that the own Security Association that generates is: check that the key identifier field in the control message of receiving is whether consistent with respective field in the control message of oneself transmission.

This method also comprises: the second router does not find corresponding record in local key list, key identifier field and Nonce field in the control message that then will return are set to 0.

A kind of Security Association management system based on bidirectional transmission detecting protocol, comprise: the first router and the second router, in the mutual control message the type field, Nonce field and key identifier field are set between described the first router and the second router, described the first router and the second router are finished establishment and the renewal of Security Association according to described control message.

Described the first router, concrete being used for obtained the record of the second router correspondence from local key list, and generates a random number nonce1; Record and nonce1 according to described the second router correspondence generate and store Security Association; And send the first control message according to described Security Association to the second router, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of the described first control message authentication part, the Nonce field is filled described nonce1, and the type field indicates this message for create the request message of Security Association based on individual Nonce; And control message according to described second and judge whether the second router approves the Security Association that oneself generates;

Described the second router, concrete being used for found corresponding record according to the key identifier field of the described first control message in local key list, and generate and store corresponding Security Association according to the record of described correspondence and nonce1, after complete according to the described Security Association checking first control message, send the second control message according to described Security Association to the first router, wherein, the key identifier field of the described second control message authentication part is identical with the first control message with the Nonce field, and the type field indicates this message for create the response message of Security Association based on individual Nonce.

Described the first router, the concrete record that is used for obtaining from local key list the second router correspondence, and generate a random number nonce2, record and nonce2 according to described the second router correspondence, generate and store Security Association, send the 3rd control message according to described Security Association to the second router afterwards, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 3rd control message authentication part, the Nonce field is filled described nonce2, and the type field indicates this message for create the request message of Security Association based on both sides Nonce; And after judging that according to the 4th control message the second router has been approved the Security Association of own generation, revise the Security Association of local storage according to record, nonce2 and the nonce3 of the second router correspondence in the local key list;

Described the second router, concrete being used for found corresponding record according to the key identifier field of described the 3rd control message from local key list, and generate and store corresponding Security Association according to the record of described correspondence and nonce2, according to described Security Association verify the 3rd control message complete after, generate a random number nonce3, and revise the Security Association of local storage according to record, nonce2 and the nonce3 of described correspondence; Send the 4th control message according to described amended Security Association to the first router afterwards, wherein, the key identifier field of described the 4th control message authentication part is identical with the 3rd control message, the Nonce field is filled to nonce3, and the type field indicates this message for create the response message of Security Association based on both sides Nonce.

Described the first router, the concrete record that is used for obtaining from local key list the second router correspondence generates a random number nonce4, and according to record and the nonce4 of described the second router correspondence, generates new Security Association; Send the 5th control message according to original Security Association to the second router afterwards, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 5th control message authentication part, the Nonce field is filled described nonce4, and the type field indicates this message for upgrade the request message of Security Association based on individual Nonce; And after judging that according to the described second control message the second router has been approved the Security Association of own generation, Security Association is updated to the Security Association of described generation;

Described the second router, concrete being used for verifying that according to existing Security Association the 5th control message is complete, and when in local key list, finding corresponding record according to the key identifier field in the 5th control message, record and nonce4 according to described correspondence generate corresponding Security Association, Security Association according to described generation sends the 6th control message to the first router afterwards, wherein, the key identifier field of described the 6th control message authentication part is identical with the first control message with the Nonce field, and the type field indicates this message for upgrade the response message of Security Association based on individual Nonce.

Described the first router, concrete being used for obtained the record of the second router correspondence from local key list, and generates a random number nonce5; Send the 7th control message according to existing Security Association to the second router afterwards, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 7th control message authentication part, the Nonce field is filled described nonce5, and the type field indicates this message for upgrade the request message of Security Association based on both sides Nonce; And when judging that according to described the 8th control message the second router has been approved the method for own renewal Security Association, upgrade the Security Association of local storage according to record, nonce5 and the nonce6 of the second router correspondence in the local key list;

Described the second router, concrete being used for verifying that according to existing Security Association the 7th control message is complete, and after finding corresponding record according to the key identifier field of described the 7th control in the message from local key list, generate a random number nonce6, and upgrade the Security Association of local storage according to record, nonce5 and the nonce6 of described correspondence; And send the 8th control message according to the Security Association after upgrading to the first router, wherein, the key identifier field of described the 8th control message authentication part is identical with the 7th control message, the Nonce field is filled to nonce6, and the type field indicates this message for upgrade the response message of Security Association based on both sides Nonce.

The present invention is based on Security Association management method and the system of bidirectional transmission detecting protocol, in the mutual control message the type field, Nonce field and key identifier field are set between the first router and the second router, the first router and the second router are finished establishment and the renewal of Security Association according to described control message.The present invention is by regularly Security Association being upgraded, and when sequence number repeated, because Security Association has obtained renewal, (authentication data) was also inequality for the verify data that generates.Therefore, if the assailant uses the packet of an expired same sequence number to carry out Replay Attack, the recipient can identify the packet of this playback, thereby reach the effect of preventing playback attack, improve security of system.

Description of drawings

Fig. 1 is BFD authentication section form schematic diagram in the prior art;

Fig. 2 is BFD control message format schematic diagram in the prior art;

Fig. 3 is BFD authentication section form schematic diagram among the present invention;

Fig. 4 is the method flow schematic diagram of creating SA in the embodiment of the invention 1;

Fig. 5 is the method flow schematic diagram of creating SA in the embodiment of the invention 2;

Fig. 6 is the method flow schematic diagram of creating SA in the embodiment of the invention 3;

Fig. 7 is the method flow schematic diagram of creating SA in the embodiment of the invention 4.

Embodiment

Basic thought of the present invention is: in the mutual control message the type field, Nonce field and key identifier field are set between the first router and the second router, the first router and the second router are finished establishment and the renewal of Security Association according to described control message.

Need to prove that key table is the long term keys table of BFD.The Security Association administrative mechanism must be carried out key updating according to key table and be handled.Yet key table has defined fixing long term keys, and the Security Association administrative mechanism needs more new key.Therefore, the Nonce field that must define BFD realizes key updating.

Security Association of the present invention is created and the core concept of Dynamic Updating Mechanism is: router when creating and upgrade Security Association, Nonce value alternately.Then, both sides generate sub-key according to the father's key that defines among Nonce value and the key table, and this sub-key is the key that uses in the BFD Security Association.Simultaneously, how the present invention provides also that the field from key table generates the mechanism of other field among the BFD SA, thereby makes and only need mutual Nonce value between the router, just can finish the establishment of Security Association and dynamically update the process of (cycle renewal).

When creating Security Association, safety how to protect article one message is crucial.Though can directly use key table to protect the safety of article one message.Yet what deposit among the key table all is long term keys, and these long term keys generally all are strong encryption keys.The encryption and decryption expense is big, can influence the performance of Routing Protocol, therefore preferably uses ephemeral keys to carry out encryption and decryption.The present invention will propose a kind of new article one message protection mechanism.

When upgrading Security Association, corresponding key ID also needs to upgrade, and the present invention will provide the key updating negotiation mechanism of a kind of BFD inside.

The present invention proposes a kind of new Security Association management method and system based on bidirectional transmission detecting protocol, relates generally to Security Association and creates and dynamically update.

Need to prove that BFD control message is encapsulated in the UDP message and transmits, detecting its UDP destination slogan for single-hop is 3784, and detecting its UDP destination slogan for multi-hop is 4784 (also can be configured to 3784, specifically referring to configuration task).

BFD echo message and BFD control message format similar (difference is that field Desired Min TXInterval and Required Min RX Interval are for empty), its UDP destination slogan is 3785.BFD controls message format as shown in Figure 2, and each explanation of field is as follows in the message:

Vers: the version number of agreement, protocol version is 1.

Diag: local session is transformed into the reason of other states for the last time from the up state.

State (Sta): BFD session current state, value is: 0 represents AdminDown, and 1 represents Down, and 2 represent Init, and 3 represent Up.

Poll (P): be set to 1, the request of expression transmit leg connects affirmation, perhaps sends the affirmation that required parameter changes; Be set to 0, the expression transmit leg does not ask to confirm.

Final (F): be set to 1, it is 1 BFD control message that one of expression transmit leg response receives the P bit; Be set to 0, the expression transmit leg does not respond one, and to receive the P bit be 1 BFD control message.

Control Plane Independent (C): be set to 1, the BFD of expression transmit leg realizes not relying on its control plane (that is, the BFD message transmits at Forwarding plane, even control plane lost efficacy, BFD still can work); Be set to 0, expression BFD message transmits at control plane.

Authentication Present (A): if be set to 1, then expression control message comprises authentication field, and session is authentic.

Demand (D): be set to 1, the expression transmit leg wishes to operate in query pattern; Be set to 0, the expression transmit leg does not distinguish whether operate in query pattern, represents that perhaps transmit leg can not operate in query pattern.

Reserved (R): when sending, be set to 0, when receiving, ignore.

Detect Mult: detection time multiple.Whether be that the recipient allows transmit leg to send the maximum number of dropped packets continuously of message, it is normal to be used for detecting link.

The length of Length:BFD control message, the unit byte.

My Discriminator: unique, non-0 authenticating value that transmit leg produces are used for distinguishing a plurality of BFD sessions between two agreements.

Your Discriminator: the authenticating value that the recipient receives " My Discriminator ", just do not return 0 if receive this value.

Desired Min Tx Interval: want the minimum interval of adopting, unit millisecond when transmit leg sends BFD control message.

Required Min Rx Interval: the interval between two BFD control of the reception that transmit leg can the be supported message, unit millisecond.

Required Min Echo Rx Interval: the interval between two BFD echoes of reception message that transmit leg can be supported, unit millisecond.If this value is set to 0, then sends and do not support to receive BFD echo message.

The auth type that Auth Type:BFD control message uses.

Auth Len: the length of authentication field comprises auth type and authentication length field.

As shown in Figure 3, the present invention has increased by three fields in the BFD authentication section: the type field, Nonce field and key identifier field, wherein, described the type field Indication message type, described Nonce field is indicated a random number, described key identifier field indication key identification.

Among the present invention, finish establishment and the renewal of Security Association between the router according to described control message.

Optionally, described the first router and the second router are finished being created as of Security Association according to described control message:

K＝trancate(prf(Key，LocalKeyID，interface，nonce1))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce1))，

K＝trancate(prf(Key，LocalKeyID，interface，nonce2))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce2))；

K＝trancate(prf(Key，PeerKeyID，interface，nonce2，nonce3))，

Optionally, described the first router and the second router are finished being updated to of Security Association according to described control message:

K＝trancate(prf(Key，LocalKeyID，interface，nonce4))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce4))，

K＝trancate(prf(Key，PeerKeyID，interface，nonce5，nonce6))，

Need to prove that this method also comprises: the second router does not find corresponding record in local key list, key identifier field and Nonce field in the control message that then will return are set to 0.

The present invention also correspondingly discloses a kind of Security Association management system based on bidirectional transmission detecting protocol, comprise: the first router and the second router, in the mutual control message the type field, Nonce field and key identifier field are set between described the first router and the second router, described the first router and the second router are finished establishment and the renewal of Security Association according to described control message.

Optionally, described the first router, concrete being used for obtained the record of the second router correspondence from local key list, and generates a random number nonce1; Record and nonce1 according to described the second router correspondence generate and store Security Association; And send the first control message according to described Security Association to the second router, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of the described first control message authentication part, the Nonce field is filled described nonce1, and the type field indicates this message for create the request message of Security Association based on individual Nonce; And control message according to described second and judge whether the second router approves the Security Association that oneself generates;

Optionally, described the first router, the concrete record that is used for obtaining from local key list the second router correspondence, and generate a random number nonce2, record and nonce2 according to described the second router correspondence, generate and store Security Association, send the 3rd control message according to described Security Association to the second router afterwards, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 3rd control message authentication part, the Nonce field is filled described nonce2, and the type field indicates this message for create the request message of Security Association based on both sides Nonce; And after judging that according to the 4th control message the second router has been approved the Security Association of own generation, revise the Security Association of local storage according to record, nonce2 and the nonce3 of the second router correspondence in the local key list;

Optionally, described the first router, the concrete record that is used for obtaining from local key list the second router correspondence generates a random number nonce4, and according to record and the nonce4 of described the second router correspondence, generates new Security Association; Send the 5th control message according to original Security Association to the second router afterwards, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 5th control message authentication part, the Nonce field is filled described nonce4, and the type field indicates this message for upgrade the request message of Security Association based on individual Nonce; And after judging that according to the described second control message the second router has been approved the Security Association of own generation, Security Association is updated to the Security Association of described generation;

Optionally, described the first router, concrete being used for obtained the record of the second router correspondence from local key list, and generates a random number nonce5; Send the 7th control message according to existing Security Association to the second router afterwards, wherein, the content of LocalKeyID field in the record of the key identifier field filling the second router correspondence of described the 7th control message authentication part, the Nonce field is filled described nonce5, and the type field indicates this message for upgrade the request message of Security Association based on both sides Nonce; And when judging that according to described the 8th control message the second router has been approved the method for own renewal Security Association, upgrade the Security Association of local storage according to record, nonce5 and the nonce6 of the second router correspondence in the local key list;

Below in conjunction with specific embodiment technical scheme of the present invention is described in further detail.

Among the following embodiment, the type field is defined as follows:

Type=1 represents for the request message of creating SA based on individual Nonce.

Type=2 represents for the response message of creating SA based on individual Nonce.

Type=3 represents for the request message of creating SA based on both sides Nonce.

Type=4 represents for the response message of creating SA based on both sides Nonce.

Type=5 represents for the request message that upgrades SA based on individual Nonce.

Type=6 represents for the response message of upgrading SA based on individual Nonce.

Type=7 represents for the request message that upgrades SA based on both sides Nonce.

Type=8 represents for the response message of upgrading SA based on both sides Nonce.

The Nonce field is defined as follows:

The Nonce field of 64-bit is used for mutual Nonce value, to generate the key of BFD SA.

Key identifier field is defined as follows:

The key identifier field of 16-bit is used for the entry of mutual key table.

Embodiment 1

BFD is simple " Hello " agreement, and aspect a lot, it is similar to the neighbours test section of those famous Routing Protocols.The periodic detection messages that sends on the passage of the session of setting up of a pair of system between them, if the detection messages of opposite end is not received by certain system in the sufficiently long time, then think and in this certain part to the duplex channel of adjacent system fault has taken place.Under certain conditions, in order to reduce load, the transmission between the system and receiving velocity need to consult.

When router-A sent first BFD control bag to router B, both sides had only disposed shared among the key table, but do not set up Security Association.How present embodiment research create the method for SA in this case based on individual Nonce.

Present embodiment is example with the control bag of BFD, introduces method how to create SA between router-A and the router B in BFD control bag.

The method of in BFD control bag, creating SA based on individual Nonce as shown in Figure 4, wherein, before sending message 112, router-A need be finished following steps:

(1) router-A at first finds the record r of router B correspondence from key table.

(2) generate the Nonce value of a 64-bit then at random, be designated as nonce.

(3) will record the content of the LocalKeyID field among the r as the key identifier field of authentication section, and with the Nonce field of the middle nonce that generates of above-mentioned steps (2) as authentication section.Wherein the type field value of authentication section is 1.

(4) use pseudo-random function prf to generate Auth Key id field and the key K of the BFD that defines among the draft draft-bhatia-bfd-crypto-auth-03.The generation method is as follows: K=trancate (prf (Key, LocalKeyID, interface, nonce)), Auth Key ID=trancate-16 (prf (Key, LocalKeyID, interface, nonce)), the input field of prf function is explained as follows: Key is the key among the record r among the key table, LocalKeyID is the field among the r, and nonce is generated by step (2).Trancate-16 represents 16 of from the result that the prf function generates intercepting front.Trancate when generating K represents the key according to the needs intercepting respective length of algorithm among the BFD SA.

(5) information such as Auth Key ID, K that generate are write local BFD SA storehouse, finish the constructive process of local SA.In the process of creating SA, also need to generate other field of SA.In these fields, the identifying algorithm of BFD SA is by algorithm Field Definition corresponding among the key table.Initial sequencenumber generates at random, and the management method of other field is with draft draft-bhatia-bfd-crypto-auth-03.

(6) after having created SA, calculate verify data according to this SA, and fill complete BFD control bag according to the content among the RFC5880.

Router B is after receiving message 112, and the Type types value that is checked through the control message is 1, just knows that router-A is wished and the own method establishment SA that uses based on individual Nonce.So router B carries out following steps processing messages 112:

(1) router B obtains the LocalKeyID field from the control message, the PeerKeyID field in the local key table of this LocalKeyID field corresponding router B database.So, router B according to this field just can find with router-A on identical record r.Then, use the method identical with top router-A to calculate Auth Key id field and the key K (the corresponding local PeerKeyID of LocalKeyID wherein) of BFD SA, and generate corresponding SA.Like this, router B also generates corresponding SA.

(2) router B uses this SA to verify the integrality of message 112.

(3) router B changes the type field value in the control message of receiving into 2, generates the control message.

After handling message 112, router B just can send to router-A to the control message (message 114) that above-mentioned steps (3) generates.

What whether Nonce field and key identifier field sent with oneself in the control message that the router-A inspection is received is consistent, confirms whether router B has approved the SA of own establishment.

After message 112 and message 114, router-A and B have just set up security alliance SA.

Router B also may not approve this SA creation method of router-A, also may there be corresponding key table record on the router B simultaneously, at this moment, router B is in the authentication field of the control message that returns, and Nonce field and key identifier field are set to 0.

This embodiment makes router-A and B under the situation that does not have BFD SA, utilizes key table to create SA.

Embodiment 2

The method of in the control message, creating SA based on both sides Nonce as shown in Figure 5, wherein, before sending message 116, router-A need be finished following steps:

(2) generate the Nonce value of a 64-bit then at random, be designated as nonce1.

(3) will record the content of the LocalKeyID field among the r as the key identifier field of authentication section, and with the Nonce field of the middle nonce1 value that generates of above-mentioned steps (2) as authentication section.Wherein the type field value is 3.

(4) use pseudo-random function prf to generate Auth Key id field and the key K of the BFD that defines among the draft draft-bhatia-bfd-crypto-auth-03.The generation method is as follows: K=trancate (prf (Key, LocalKeyID, interface, nonce1)), Auth Key ID=trancate-16 (prf (Key, LocalKeyID, interface, nonce1)), the input field of prf function is explained as follows: Key is the key among the record r among the key table, LocalKeyID is the field among the r, and nonce1 is generated by step (2).Trancate-16 represents 16 of from the result that the prf function generates intercepting front.Trancate when generating K represents the key according to the needs intercepting respective length of algorithm among the BFD SA.

(5) with the Auth Key ID that generates, information such as K write local BFD SA storehouse, finish the constructive process of local SA.In the process of creating SA, also need to generate other field of SA.In these fields, the identifying algorithm of BFD SA is by algorithm Field Definition corresponding among the key table.Initial sequencenumber generates at random, and the management method of other field is with draft draft-bhatia-bfd-crypto-auth-03.

Router B is after receiving message 116, and the Type types value that is checked through the control message is 3, just knows that router-A is wished and the own method establishment SA that uses based on both sides Nonce.So router B carries out following steps processing messages 116:

(1) router B obtains the LocalKeyID field from the control message, the PeerKeyID field in the local key table of this LocalKeyID field corresponding router B database.So, router B according to this field just can find with router-A on identical record r.Then, use the method identical with top router-A to calculate Auth Key id field and the key K of BFD SA, and generate corresponding SA.Like this, router B also generates corresponding SA.

(2) router B uses this SA to verify the integrality of message 116.

(3) router B generates the nonce2 value of a 64-bit at random.

(4) router B uses pseudo-random function prf to generate Auth Key id field and the key K of the BFD that defines among the draft draft-bhatia-bfd-crypto-auth-03.The generation method is as follows: K=trancate (prf (Key, PeerKeyID, interface, nonce1, nonce2)), Auth Key ID=trancate-16 (prf (Key, PeerKeyID, interface, nonce1, nonce2)), the input field of prf function is explained as follows: Key is the key among the record r among the keytable, and PeerKeyID is the field among the r.Trancate-16 represents 16 of from the result that the prf function generates intercepting front.Trancate when generating K represents the key according to the needs intercepting respective length of algorithm among the BFD SA.Revise K corresponding among the local BFD SA and the value of Auth Key id field then.

(5) router B changes the type field value of the authentication section received into 4, changes Nonce value wherein the value of the own nonce2 that generates into, and message is controlled in generation.

After handling message 116, router B just can send to router-A to the control message (message 118) that above-mentioned steps (5) generates.

It is consistent whether the key identifier field in the control message that the router-A inspection is received sends with oneself, confirms whether router B has approved the SA of own establishment.Then, router-A obtains the nonce2 that router B provides from authentication section, and uses pseudo-random function prf to generate draft draft-bhatia-bfd-crypto-auth-03

Auth Key id field and the key K of the BFD of definition.The generation method is as follows: K=trancate (prf (Key, PeerKeyID, interface, nonce1, nonce2)), Auth Key ID=trancate-16 (prf (Key, PeerKeyID, interface, nonce1, nonce2)).Revise K corresponding among the local BFD SA and the value of AuthKey id field then.

After message 116 and message 118, router-A and B have just set up security alliance SA.

Router B also may not approve this SA creation method of router-A, also may not have corresponding key table record on the router B simultaneously, and at this moment, router B is in the control message that returns, and Nonce and key identifier are set to 0.

Embodiment

1 and 2 difference are that embodiment 1 is by router-A unilateral decision BFD SA, and embodiment 2 determines BFDSA jointly by router-A and B.Therefore, its interactive messages looks similar, but Message Processing flow process difference is very big.

Embodiment 3

When router-A was initiated the SA updating message to router B, there was a SA in both sides.How present embodiment research upgrade the method for SA in this case based on individual Nonce.

The method of in the control message, upgrading SA based on individual Nonce as shown in Figure 6, wherein, before sending message 120, router-A need be finished following steps:

(3) will record the content of the LocalKeyID field among the r as the key Identifier field of authentication section, and with the Nonce field of the middle nonce that generates of above-mentioned steps (2) as authentication section.The type field value is 5.

(4) use pseudo-random function prf to generate Auth Key id field and the key K of the BFD that defines among the draft draft-bhatia-bfd-crypto-auth-03.The generation method is as follows: K=trancate (prf (Key, LocalKeyID, interface, nonce)), Auth Key ID=trancate-16 (prf (Key, LocalKeyID, interface, nonce)), the input field of prf function is explained as follows: Key is the key among the record r among the key table, LocalKeyID is the field among the r, and nonce is generated by step (2).Trancate-16 represents 16 of from the result that the prf function generates intercepting front.Trancate when generating K represents the key according to the needs intercepting respective length of algorithm among the BFD SA.Notice that the K that this moment, router-A also need not be new and Auth Key ID replace the field among the old SA.

(5) after having created SA, calculate verify data according to original SA, and fill complete BFD control bag according to the content among the RFC5880.

Router B is after receiving message 120, and the Type types value that is checked through the control message is 5, just knows that router-A is wished and the own method renewal SA that uses based on individual Nonce.So router B carries out following steps processing messages 120:

(1) router B uses existing SA to verify the integrality of message 120.

(2) router B obtains the LocalKeyID field from authentication section, the PeerKeyID field in the local key table of this LocalKeyID field corresponding router B database.So, router B according to this field just can find with router-A on identical record r.Then, use the method identical with top router-A to calculate Auth Key id field and the key K (the corresponding local PeerKeyID of LocalKeyID wherein) of BFD SA, and generate corresponding SA.Like this, router B also generates corresponding SA.

(3) router B changes the type field value of the control message of receiving into 6, uses new SA to generate the control message.

After handling message 120, router B just can send to router-A to the control message (message 122) that above-mentioned steps (3) generates.

It is consistent whether the authentication section Nonce that the router-A inspection is received and key identifier field send with oneself, confirms whether router B has approved the SA of own renewal.If approved the SA of own renewal, then router-A is with the Auth Key ID that generates, and information such as K write local BFD SA storehouse, finish the renewal process of local SA.In the process of upgrading SA, also need to generate other field of SA.In these fields, the identifying algorithm of BFD SA is by algorithm Field Definition corresponding among the key table.Initial sequence number generates at random, and the management method of other field is with draft draft-bhatia-bfd-crypto-auth-03.

After message 120 and message 122, router-A and B have just upgraded security alliance SA.

Router B also may not approve this SA update method of router-A, also may not have corresponding key table record on the router B simultaneously, and at this moment, router B is in the control message that returns, and Nonce and key identifier are set to 0.After router-A is received this message, will not upgrade SA.

This embodiment makes router-A and B utilize key table to upgrade SA.

Embodiment 4

When router-A was initiated the SA updating message to router B, there was a SA in both sides.How present embodiment research upgrade the method for SA in this case based on both sides Nonce.

The method of in the control message, upgrading SA based on both sides Nonce as shown in Figure 7, wherein, before sending message 124, router-A need be finished following steps:

(2) generate the nonce1 value of a 64-bit then at random.

(3) will record the content of the LocalKeyID field among the r as the key identifier field of authentication section, and with the Nonce field of the middle nonce1 value that generates of above-mentioned steps (2) as authentication section.The type field value is 7.

(4) calculate verify data according to original SA, and fill complete BFD control bag according to the content among the RFC5880.

Router B is after receiving message 124, and the Type types value that is checked through the control message is 7, just knows that router-A is wished and the own method renewal SA that uses based on both sides Nonce.So router B carries out following steps processing messages 124:

(1) router B uses current SA to verify the integrality of message 124.

(2) router B obtains the LocalKeyID field from the control message, the PeerKeyID field in the local key table of this LocalKeyID field corresponding router B database.So, router B according to this field just can find with router-A on identical record r.

(3) router B generates the nonce2 value of a 64-bit at random.

(5) router B changes the type field value in the control message of receiving into 8, changes Nonce value the value of the own nonce2 that generates into, re-uses new SA generation and controls message.

After handling message 124, router B just can send to router-A to the control message (message 126) that above-mentioned steps (5) generates.

It is consistent whether the key identifier field in the control message that the router-A inspection is received sends with oneself, confirms whether router B has approved the method for the renewal SA of oneself.Then, router-A obtains the nonce2 that router B provides from the control message, and uses pseudo-random function prf to generate Auth Key id field and the key K of the BFD that defines among the draft draft-bhatia-bfd-crypto-auth-03.The generation method is as follows: K=trancate (prf (Key, PeerKeyID, interface, nonce1, nonce2)), Auth KeyID=trancate-16 (prf (Key, PeerKeyID, interface, nonce1, nonce2)).Upgrade K corresponding among the local BFD SA and the value of Auth Key id field then.Notice that the present invention does not need to upgrade sequence number field.

After message 124 and message 126, router-A and B have just upgraded security alliance SA.

Router B also may not approve this SA update method of router-A, also may not have corresponding key table record on the router B simultaneously, and at this moment, router B is in the control message that returns, and Nonce and key identifier are set to 0.

This embodiment makes router-A and B can utilize key table to upgrade SA.

In above-described embodiment, be described as follows about establishment and the update mechanism of other field among the BFD SA:

Key Table is a table (draft-ietf-karp-crypto-key-table) of manual configuration, shares in all legal routes of common network.Need use when initialization SA and key updating, below be that the main field among the KeyTable is as follows:

-LocalKeyID:16 position integer is as a sign of local routing node.

-PeerKeyID:16 position integer is as a sign of opposite end routing node.

-Peers: record has the peer IP address of identical father's key (Key).

-Interfaces: record has the opposite end physical address of identical father's key (Key).

-Protocol: using the Routing Protocol of father's key in this table, is the BFD agreement among the present invention

-KDF: the key generating function, use among the present invention pseudo-random function (Pseudo-Random Function, PRF)

-AlgID: identifying algorithm shows that security protocol is the cryptographic algorithm that specified node uses.This algorithm can be a cryptographic algorithm and pattern (as AES-128-CBC), an identifying algorithm (as HMAC-SHA1-96 or AES-128-CMAC), perhaps any other symmetric cryptographic algorithms of security protocol needs.If the KDF field is " none ", long term keys is directly used by this algorithm so, otherwise algorithm uses the ephemeral keys that generates.When long term keys is used for generating the ephemeral keys of a series of security protocols uses, cipher suite of AlgID field identification rather than an independent cryptographic algorithm.

-Key: father's key, also be long term keys.

Main field is as follows among the BFD SA of draft draft-bhatia-bfd-crypto-auth-03 definition:

The signless integer of-two octets of Authentication Key Identifier (Key ID) authenticate key sign is used for unique identification BFD SA, by network operator (perhaps some IKMP settings that might be ietf definition future) is set manually.The recipient decides active SA by this part that observation is subjected to packet.The value that the sender gives Key ID according to active configuration to the BFD bag.Use KeyID to make to change key when keeping protocol operation and become convenient.Each key ID has stipulated two independent parts, authentication protocol and authenticate keys.A common implementation allows the network operator in a key chain a series of key to be set, and each key in the chain has the fixing life-span.

The encryption key that Authentication Key authenticate key-expression is related with this BFD SA.The variable-length of key and determined by the identifying algorithm of BFD SA appointment.The operator must guarantee that key can be by any agreement with expressly in transmission over networks.And must guarantee that the key of selecting is uncertain, avoid the known weak key of algorithm to using arbitrarily simultaneously.

The corresponding relation of corresponding field is as described below among the field generation BFD from Key table:

-Authentication Key Identifier field: the generation method is by embodiment 2345 definition.

-Authentication Algorithm field: by the AlgID Field Definition among the key table.When creating and upgrade BFD SA, directly the copy of the AlgID field from key table comes to get final product.

-Authentication Key field: generated according to the KDF function by the key field among the key table.The embodiment of the

invention

1,2,3,4 has defined the generation method.

As can be seen, embodiment 1 (3) and 2 (4) difference are that embodiment 1 (3) is by router-A unilateral decision BFD SA, and embodiment 2 (4) determines BFD SA jointly by router-A and B.Therefore, its interactive messages looks similar, but Message Processing flow process difference is very big.

Embodiment

3,4 and

embodiment

1,2 difference be:

embodiment

3,4 uses old SA to protect negotiations process, and

embodiment

1,2 uses the new SA that creates to protect negotiations process.The former requires before key is expired, starts the SA update mechanism before perhaps sequence number repeats.The latter then creates SA when not having SA.Its interactive messages is similar, but the creation-time of the handling process of message and SA is different.

The above is preferred embodiment of the present invention only, is not for limiting protection scope of the present invention.

Claims

1. the Security Association management method based on bidirectional transmission detecting protocol is characterized in that, in the mutual control message the type field, Nonce field and keyidentifier field is set between the first router and the second router, and this method comprises:

2. method according to claim 1 is characterized in that, described the first router and the second router are finished being created as of Security Association according to described control message:

3. method according to claim 2 is characterized in that, when described the first router or the second router generate Security Association, determines K and Auth Key ID according to following formula:

K＝trancate(prf(Key，LocalKeyID，interface，nonce1))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce1))，

4. method according to claim 1 is characterized in that, described the first router and the second router are finished being created as of Security Association according to described control message:

5. method according to claim 4 is characterized in that, when described the first router or the second router generate Security Association according to the record of this locality and nonce2, determines Auth Key ID and K according to following formula:

K＝trancate(prf(Key，LocalKeyID，interface，nonce2))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce2))；

K＝trancate(prf(Key，PeerKeyID，interface，nonce2，nonce3))，

6. the described method of claim 1 is characterized in that, described the first router and the second router are finished being updated to of Security Association according to described control message:

7. method according to claim 6 is characterized in that, when described the first router or the second router generate Security Association, determines K and Auth Key ID according to following formula:

K＝trancate(prf(Key，LocalKeyID，interface，nonce4))，

Auth?Key?ID＝trancate-16(prf(Key，LocalKeyID，interface，nonce4))，

8. method according to claim 1 is characterized in that, described the first router and the second router are finished being created as of Security Association according to described control message:

9. method according to claim 8 is characterized in that, when described the first router or the second router are upgraded the Security Association of local storage according to the record of this locality, nonce5 and nonce6, determines Auth Key ID and K according to following formula:

K＝trancate(prf(Key，PeerKeyID，interface，nonce5，nonce6))，

10. according to claim 2,3,6 or 7 described methods, it is characterized in that described the first router judges whether the second router approves that the own Security Association that generates is: check that Nonce field and key identifier field in the control message of receiving be whether consistent with respective field in the control message of oneself transmission.

11. according to claim 4,5,8 or 9 described methods, it is characterized in that described the first router judges whether the second router approves that the own Security Association that generates is: check that the key identifier field in the control message of receiving is whether consistent with respective field in the control message of oneself transmission.

12. according to each described method of claim 1 to 9, it is characterized in that this method also comprises: the second router does not find corresponding record in local key list, keyidentifier field and Nonce field in the control message that then will return are set to 0.

13. Security Association management system based on bidirectional transmission detecting protocol, it is characterized in that, this system comprises: the first router and the second router, in the mutual control message the type field, Nonce field and key identifier field are set between described the first router and the second router, described the first router and the second router are finished establishment and the renewal of Security Association according to described control message.

14. system according to claim 13 is characterized in that,

15. system according to claim 13 is characterized in that,

16. system according to claim 13 is characterized in that,

17. system according to claim 13 is characterized in that,