CN109347836A - A kind of IPv6 network node identity security guard method - Google Patents
A kind of IPv6 network node identity security guard method Download PDFInfo
- Publication number
- CN109347836A CN109347836A CN201811249923.5A CN201811249923A CN109347836A CN 109347836 A CN109347836 A CN 109347836A CN 201811249923 A CN201811249923 A CN 201811249923A CN 109347836 A CN109347836 A CN 109347836A
- Authority
- CN
- China
- Prior art keywords
- node
- router
- key
- subnet
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of IPv6 network node identity security guard methods, including inject a group key K1 to node A initial network entry router and node A, and node A saves initial network entry router unicast ip address;Node A obtains temporary subnet IP address;Node A sends access the Internet request message to subnet I router using temporary subnet IP address;The key K1 of subnet I router acquisition initial network entry router;Subnet I router to the unique PIN code of subnet I router and random number encryption and feeds back to node A using key K1;Node A decrypts encrypted cipher text X using key K1, and node A calculates the MAC Address of the correct PIN code of decryption, random number and node A, obtains the interface identifier of global unicast IP address;The present invention obtains 64 bit address after the IPv6 unicast address of egress, effectively hiding IPv6 network node identity using safety application and combinatorial operation.
Description
Technical field
The present invention relates to IPv6 network technique fields, and in particular to a kind of IPv6 network node identity security guard method.
Background technique
As implementation and the rapid expansion of mobile Internet, Internet of Things are implemented in IPv6 development plan, network environment is
Earth-shaking variation occurs.The current multinational erection for having begun IPv6 root server, the bis- stackizations transformations of IPv6 and IPv6 without
Gauze network is gradually implemented.Internet mainstream applications have supported IPv6 to access, and user's flowing of access increases rapidly, access network
All kinds of novel joint number of devices are in explosive growth, the biography that the information of real world will more and more in virtual network
It is defeated, but the IP address in IPv6 agreement is fixed and openly, and user node personal behavior and privacy information are fully exposed to internet
On.
Note: network node, which refers to, to be possessed independent address and has the unit for sending or receive data function in network, it can
To be that the point of departure again of network such as interchanger, router, server is also possible to the end of network, such as sensor, personal meter
Calculation machine etc..
With the deployment of IPv6 network, each network node can distribute globally unique unicast ip address, referring to Fig. 1,
Fig. 1 is IPv6 network unicast IP address structure;The IP address has 128, and first 64 are subnet prefix, when accessing different sub-network
It can change;64 are interface identifier afterwards, and generally according to the generation of the physical address of node device, (EUI-64 is next generation network
Network adapter MAC address is encoded using 64).Due to the uniqueness of the address EUI-64, no matter which son node device accesses
Net, latter 64 of IP address be all it is constant, this results in node device in a network and has risk tracked always.
Aiming at the problem that node identities can not be hidden, RFC4941 describes another side for generating IPv6 interface identifier
Method, i.e., the random number for generating one group 64 is as interface identifier.This group of random number is actually the 128 of node history IP address
Latter 64 of position MD5 value, this calculation method protects the identity information of node to a certain extent, but malicious user is still
It can be combined by the history IP address of node using the identical IP address that node future is calculated, then be swept by address
Retouch the node after capable of finding transformation IP.
It can be seen that the identity security problem of IPv6 network node never obtains effective solution, next generation network
The privacy of node and user face a severe challenge.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of IPv6 network node in view of the above shortcomings of the prior art
Identity security guard method, this IPv6 network node identity security guard method obtain egress with combinatorial operation using safety application
IPv6 unicast address after 64 bit address, can effectively hide IPv6 network node identity, greatly protect that user's is hidden
Private and network safety.
To realize the above-mentioned technical purpose, the technical scheme adopted by the invention is as follows:
A kind of IPv6 network node identity security guard method, comprising the following steps:
Step 1: the router that the node A of internet to be accessed is registered is as the initial network entry router of node A, to just
Begin to inject identical group key K1 into network router and node A, the whole world that node A saves the initial network entry router is unique single
Broadcast IP address and the corresponding key group number of K1;
Step 2: node A has found subnet I router by the Neighbor Discovery Protocol of IPv6 and obtains the distribution of subnet I router
Random temporary subnet IP address;
Step 3: node A sends the request of access internet using the temporary subnet IP address obtained to subnet I router
Message, the request message include the initial network entry router of node A global Unique unicast IP address and key K1 it is corresponding
Key group number;
Step 4: subnet I router inquires the initial of node A by the global Unique unicast IP address in request message
Enter network router, and obtained by the way of key relaying it is in initial network entry router and with the key group number in request message
Corresponding key K1;
Step 5: subnet I router is using the key K1 obtained to 64 unique PIN codes of subnet I router and one group 64
Position random number is encrypted, and encrypted cipher text X is obtained;
Step 6: encrypted cipher text X is fed back to node A by subnet I router;
Step 7: node A obtain subnet I router feedback message after, using itself key K1 to encrypted cipher text X into
Row decryption, obtains PIN code and the hash value of PIN code and random number is fed back to subnet I router by random number, node A;
Step 8: subnet I router judges the PIN code of node A feedback and the hash value of random number and the unique PIN of itself
Whether code is consistent with the hash value of one group of 64 random number, if unanimously, feeding back correct message to node A, otherwise return step 6
Encrypted cipher text X to node A is retransmitted, until subnet I router feeds back correct message to node A;
Step 9: after node A obtains the correct message of subnet I router feedback, by correct PIN code, random number and node
The MAC Address of A is combined calculating, obtains 64 bit values, using 64 bit value as itself global Unique unicast IP address
Interface identifier.
Technical solution as a further improvement of that present invention, the step 1 include:
Judge whether the node A of internet to be accessed needs to register, if node A is in a router in internet
It registered and thens follow the steps 2, the MAC Address that node A is otherwise stored in the router of proximal most position completes registration;Its interior joint
The router that A is registered as the initial network entry router of node A, to initial network entry router and node A injection it is identical one group it is close
Key K1, node A save the global Unique unicast IP address and the corresponding key group number of K1 of the initial network entry router.
Technical solution as a further improvement of that present invention, the step 4 include:
(1) subnet I router inquires the initial network entry of node A by the global Unique unicast IP address in request message
Router;
(2) subnet I router issues key request to the initial network entry router of node A, which includes key
Group number;
(3) using key relaying by the way of make subnet I router obtain initial network entry router in and with key group number
Corresponding key K1;
The mode of the described key relaying includes:
Node x and node y, subnet I router and the area node x are equipped between subnet I router and initial network entry router
Domain is adjacent and shared a pair of secret keys Kx, node x a pair of secret keys K adjacent and shared with the region node yxy, node y and initial network entry road
It is adjacent by device region and interconnect and share a pair of secret keys Ky;
Initial network entry router uses key KyKey K1 corresponding with key group number is encrypted, ciphertext K is obtainedy1,
And by ciphertext Ky1It is transferred to node y;
Node y uses key KyTo ciphertext Ky1It is decrypted, obtains key K1;Node y uses key KxyTo key K1 into
Row encryption, obtains ciphertext Kxy1, and by ciphertext Kxy1It is transferred to node x;
Node x uses key KxyTo ciphertext Kxy1It is decrypted, obtains key K1;Node x uses key KxTo key K1 into
Row encryption, obtains ciphertext Kx1, and by ciphertext Kx1It is transferred to subnet I router;
Subnet I router uses key KxTo ciphertext Kx1It is decrypted, obtains key K1.
4, IPv6 network node identity security guard method according to claim 2, which is characterized in that the step
The calculation formula that the MAC Address by correct PIN code, random number and node A in rapid 9 is combined calculating can be with are as follows:
Wherein Y is 64 bit values, and X1 is PIN code, and X2 is random number, and X3 is the MAC Address of node A.
The invention has the benefit that IPv6 network node identity security guard method of the invention can effectively hide
IPv6 network node identity, is fixed or side random according to certain rules different from 64 bit address after existing IPv6 unicast address
Formula, the present invention obtain 64 bit address after IPv6 unicast address with combinatorial operation using safety application, so that global Unique unicast IP
The interface identifier of address and the relationship of node obtain hiding protection, and malicious user can not obtain the interface identifier of unicast ip address
The safety application of symbol and calculating process, can not be tracked in a network;And the subnet of node access is different, then the interface of IP address
Identifier is different, and safety is higher, therefore can effectively hide IPv6 network node identity;In addition, being needed in supervision department
When supervision, node identities are found using the address arithmetic information of secure storage in subnet router, are both avoided that illegal user
The identity of node is inquired in a network, can also be allowed supervision department to trace the source of illegal information publication, greatly be protected
The privacy of user and the safety of network.
Detailed description of the invention
Fig. 1 is IPv6 network unicast IP address structure.
Fig. 2 is that embodiment interior joint is connected to the network schematic diagram.
Fig. 3 is the schematic diagram of key trunking scheme in embodiment.
Fig. 4 is the sequence chart of the interface identifier of the global Unique unicast IP address of node A application.
Specific embodiment
A specific embodiment of the invention is further illustrated below according to Fig. 1 to Fig. 4:
Fig. 1 is IPv6 network unicast IP address structure, which has 128, and first 64 are subnet prefix, when access not
It can change with when subnet;64 are interface identifier afterwards, are generally generated according to the physical address of node device.
Demand is hidden for the identity of network node unicast ip address, the present embodiment uses MAC+ to 64 after unicast address
The combinatorial operation of PIN+KEY generates (wherein KEY is random number hereafter), under the premise of tightly guaranteeing node identity information,
Normal data communication is not influenced, and supervision department can also be allowed to carry out identification to node in the case where authorization.
Referring to fig. 2, Fig. 2 indicates a meshed network connection, and interior joint A and node B access subnet I, pass through the road subnet I
Internet is connected by device, and each region in internet has one to summarize router, summarizes router and constitutes between region each other
It interconnects, as region A summarizes router, region B summarizes router, region C summarizes router interconnection intercommunication in figure.
The present embodiment describes the generation step of the global Unique unicast address of node A by taking node A as an example, specific as follows:
Referring to fig. 4, a kind of IPv6 network node identity security guard method, comprising the following steps:
Step 1: node A access first determines whether node A is registered before internet, if node A is being interconnected
It was registered in a router in net and thens follow the steps 2, the MAC of node A is otherwise stored in the router of proximal most position
Complete registration in location;The router that its interior joint A is registered gives initial network entry router and section as the initial network entry router of node A
Point A injects identical group key K1, and node A saves the global Unique unicast IP address of the initial network entry router and K1 is corresponded to
Key group number;
Step 2: when node A accesses subnet I, node A has found subnet I router by the Neighbor Discovery Protocol of IPv6 and obtains
The random temporary subnet IP address for taking subnet I router to distribute;That is node A is to subnet I router solicitation temporary subnet IP
Location, subnet I router distribute random temporary subnet IP address to node A;
Step 3: node A sends the request of access internet using the temporary subnet IP address obtained to subnet I router
Message, the request message include the initial network entry router of node A global Unique unicast IP address and key K1 it is corresponding
Key group number;
Step 4: subnet I router inquires the initial of node A by the global Unique unicast IP address in request message
Enter network router, and obtained by the way of key relaying it is in initial network entry router and with the key group number in request message
Corresponding key K1;
Step 5: subnet I router is using the key K1 obtained to 64 unique PIN codes of subnet I router and one group 64
Position random number is encrypted, and encrypted cipher text X is obtained;
Step 6: encrypted cipher text X is fed back to node A by subnet I router;
Step 7: node A obtain subnet I router feedback message after, using itself key K1 to encrypted cipher text X into
Row decryption, obtains PIN code and the hash value of PIN code and random number is fed back to subnet I router by random number, node A, for true
Recognize whether node A receives correct message;
Step 8: subnet I router judges the PIN code of node A feedback and the hash value of random number and the unique PIN of itself
Whether code is consistent with the hash value of one group of 64 random number, if unanimously, feeding back correct message to node A, otherwise return step 6
Encrypted cipher text X to node A is retransmitted, until subnet I router feeds back correct message to node A;
Step 9: after node A obtains the correct message of subnet I router feedback, by correct PIN code, random number and node
The MAC Address of A is combined calculating, obtains 64 bit values, using 64 bit value as itself global Unique unicast IP address
Interface identifier.The combination calculation method can be after three's exclusive or as a result, being also possible to other algorithms.
The MAC Address by correct PIN code, random number and node A in step 9 is combined the exclusive or formula of calculating
Are as follows:
Wherein Y is 64 bit values, and X1 is PIN code, and X2 is random number, and X3 is the MAC Address of node A.
Step 4 in the present embodiment specifically includes:
(1) subnet I router inquires the initial network entry of node A by the global Unique unicast IP address in request message
Router;
(2) subnet I router issues key request to the initial network entry router of node A, which includes key
Group number;
(3) using key relaying by the way of make subnet I router obtain initial network entry router in and with key group number
Corresponding key K1;
As shown in figure 3, the mode of key relaying is to be combined to complete with certain topological structure by multiple relay points, in relay point
Key carries out xor operation, and key can obtain between final any two user by being transferred to next node after exclusive or
It takes global secret, realizes that key is cross-domain shared, what Fig. 3 interior joint x and node y indicated different zones summarizes router, specific to wrap
It includes:
Such as Fig. 3, node x and node y is equipped between subnet I router and initial network entry router, and (node x and node y belong to
In relay point), subnet I router a pair of secret keys K adjacent and shared with the region node xx, node x is adjacent with the region node y and is total to
Enjoy a pair of secret keys Kxy, node y is adjacent with initial network entry router region and interconnects and shares a pair of secret keys Ky;
Initial network entry router uses key KyKey K1 corresponding with key group number is encrypted, ciphertext K is obtainedy1,
And by ciphertext Ky1It is transferred to node y;
Node y uses key KyTo ciphertext Ky1It is decrypted, obtains key K1;Node y uses key KxyTo key K1 into
Row encryption, obtains ciphertext Kxy1, and by ciphertext Kxy1It is transferred to node x;
Node x uses key KxyTo ciphertext Kxy1It is decrypted, obtains key K1;Node x uses key KxTo key K1 into
Row encryption, obtains ciphertext Kx1, and by ciphertext Kx1It is transferred to subnet I router;
Subnet I router uses key KxTo ciphertext Kx1It is decrypted, obtains key K1.
Number of nodes between above-mentioned subnet I router and initial network entry router does not limit, can be using in key
After mode obtain key K1.
Node A can be accessed in any subnet, step with it is above-mentioned consistent.At this point, being solved if there is supervision needs to IP packet
Analysis can first find subnet I router, recycle the PIN value being stored in subnet I router and random number, calculate corresponding IP
Address, so as to correctly know the node A identity that do not hide out.
The IP address acquisition modes of the IPv6 network node are compatible with existing IPv6 address distribution, encrypt between routing
Transmit data compatibility ipsec protocol.
IPv6 network node identity can be effectively hidden using IPv6 identity security technical method of the invention, is different from
64 bit address are fixed or random manner according to certain rules after existing IPv6 unicast address, the present invention be using safety application with
The method that operation obtains 64 bit address after IPv6 unicast address, so that IP address and the relationship of node obtain hiding protection, and
When supervision department needs to supervise, node identities are found using the address arithmetic information of secure storage in subnet router, both
It is avoided that illegal user inquires the identity of node in a network, supervision department can also be allowed to trace the source of illegal information publication
Head greatly protects the privacy of user and the safety of network.
Protection scope of the present invention includes but is not limited to embodiment of above, and protection scope of the present invention is with claims
Subject to, replacement, deformation, the improvement that those skilled in the art that any pair of this technology is made is readily apparent that each fall within of the invention
Protection scope.
Claims (4)
1. a kind of IPv6 network node identity security guard method, which comprises the following steps:
Step 1: the router that the node A of internet to be accessed is registered is as the initial network entry router of node A, to initially entering
Network router and node A inject identical group key K1, and node A saves the global Unique unicast IP of the initial network entry router
Address and the corresponding key group number of K1;
Step 2: node A subnet I router is found by the Neighbor Discovery Protocol of IPv6 and obtain the distribution of subnet I router with
The temporary subnet IP address of machine;
Step 3: node A sends the request message of access internet using the temporary subnet IP address obtained to subnet I router,
The request message includes the global Unique unicast IP address and the corresponding key group of key K1 of the initial network entry router of node A
Number;
Step 4: subnet I router inquires the initial network entry of node A by the global Unique unicast IP address in request message
Router, and using key relaying by the way of obtain it is in initial network entry router and corresponding with the key group number in request message
Key K1;
Step 5: subnet I router using the key K1 obtained to 64 unique PIN codes of subnet I router and one group 64 with
Machine number is encrypted, and encrypted cipher text X is obtained;
Step 6: encrypted cipher text X is fed back to node A by subnet I router;
Step 7: after node A obtains the feedback message of subnet I router, encrypted cipher text X being solved using the key K1 of itself
It is close, it obtains PIN code and the hash value of PIN code and random number is fed back to subnet I router by random number, node A;
Step 8: subnet I router judge node A feedback PIN code and random number hash value and itself unique PIN code and
Whether the hash value of one group of 64 random number is consistent, if unanimously, feeding back correct message to node A, otherwise return step 6 is again
Encrypted cipher text X to node A is sent, until subnet I router feeds back correct message to node A;
Step 9: after node A obtains the correct message of subnet I router feedback, by correct PIN code, random number and node A
MAC Address is combined calculating, obtains 64 bit values, connects 64 bit value as the global Unique unicast IP address of itself
Mouth identifier.
2. IPv6 network node identity security guard method according to claim 1, which is characterized in that the step 1
Include:
Judge whether the node A of internet to be accessed needs to register, if node A is registered in a router in internet
It crosses and thens follow the steps 2, the MAC Address that node A is otherwise stored in the router of proximal most position completes registration;Its interior joint A note
The router of volume is the initial network entry router of node A, injects an identical group key to initial network entry router and node A
K1, node A save the global Unique unicast IP address and the corresponding key group number of K1 of the initial network entry router.
3. IPv6 network node identity security guard method according to claim 2, which is characterized in that the step 4
Include:
(1) subnet I router is routed by the initial network entry that the global Unique unicast IP address in request message inquires node A
Device;
(2) subnet I router issues key request to the initial network entry router of node A, which includes key group number;
(3) made by the way of key relaying in subnet I router acquisition initial network entry router and corresponding with key group number
Key K1;
The mode of the described key relaying includes:
Node x and node y, subnet I router and the region node x phase are equipped between subnet I router and initial network entry router
Adjacent and shared a pair of secret keys Kx, node x a pair of secret keys K adjacent and shared with the region node yxy, node y and initial network entry router
Region is adjacent and interconnects and shares a pair of secret keys Ky;
Initial network entry router uses key KyKey K1 corresponding with key group number is encrypted, ciphertext K is obtainedy1, and will
Ciphertext Ky1It is transferred to node y;
Node y uses key KyTo ciphertext Ky1It is decrypted, obtains key K1;Node y uses key KxyKey K1 is added
It is close, obtain ciphertext Kxy1, and by ciphertext Kxy1It is transferred to node x;
Node x uses key KxyTo ciphertext Kxy1It is decrypted, obtains key K1;Node x uses key KxKey K1 is added
It is close, obtain ciphertext Kx1, and by ciphertext Kx1It is transferred to subnet I router;
Subnet I router uses key KxTo ciphertext Kx1It is decrypted, obtains key K1.
4. IPv6 network node identity security guard method according to claim 2, which is characterized in that the step 9
The calculation formula that the interior MAC Address by correct PIN code, random number and node A is combined calculating can be with are as follows:
Y=X1 ⊕ X2 ⊕ X3 (1);
Wherein Y is 64 bit values, and X1 is PIN code, and X2 is random number, and X3 is the MAC Address of node A.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811249923.5A CN109347836B (en) | 2018-10-25 | 2018-10-25 | IPv6 network node identity safety protection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811249923.5A CN109347836B (en) | 2018-10-25 | 2018-10-25 | IPv6 network node identity safety protection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109347836A true CN109347836A (en) | 2019-02-15 |
CN109347836B CN109347836B (en) | 2020-12-15 |
Family
ID=65311739
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811249923.5A Active CN109347836B (en) | 2018-10-25 | 2018-10-25 | IPv6 network node identity safety protection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109347836B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131491A (en) * | 2019-12-30 | 2020-05-08 | 哈尔滨工业大学 | IPv 6-based data transmission method for power plant data acquisition system |
CN117201005A (en) * | 2023-09-08 | 2023-12-08 | 国家计算机网络与信息安全管理中心江苏分中心 | IPv6 address dynamic coding method based on ZUC encryption and decryption and application method |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155196A (en) * | 2006-09-27 | 2008-04-02 | 中国电信股份有限公司 | Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same |
CN101277257A (en) * | 2007-03-26 | 2008-10-01 | 华为技术有限公司 | Method, apparatus and system for dynamically updating DNS |
CN101902482A (en) * | 2010-08-23 | 2010-12-01 | 中国电信股份有限公司 | Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration |
CN102769677A (en) * | 2012-07-20 | 2012-11-07 | 清华大学 | IPv6 address setting method for real user identity information and server |
US20140056301A1 (en) * | 2012-08-22 | 2014-02-27 | Hon Hai Precision Industry Co., Ltd. | Network communication system, device, and method for reducing a network addressing header |
US8688807B2 (en) * | 2011-08-18 | 2014-04-01 | Cisco Technology, Inc. | Deriving unique local addresses from device names |
CN105791226A (en) * | 2014-12-23 | 2016-07-20 | 中国电信股份有限公司 | Method, device and system of identifying user identity based on IPv6 (Internet Protocol version 6) address |
-
2018
- 2018-10-25 CN CN201811249923.5A patent/CN109347836B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155196A (en) * | 2006-09-27 | 2008-04-02 | 中国电信股份有限公司 | Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same |
CN101277257A (en) * | 2007-03-26 | 2008-10-01 | 华为技术有限公司 | Method, apparatus and system for dynamically updating DNS |
CN101902482A (en) * | 2010-08-23 | 2010-12-01 | 中国电信股份有限公司 | Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration |
US8688807B2 (en) * | 2011-08-18 | 2014-04-01 | Cisco Technology, Inc. | Deriving unique local addresses from device names |
CN102769677A (en) * | 2012-07-20 | 2012-11-07 | 清华大学 | IPv6 address setting method for real user identity information and server |
US20140056301A1 (en) * | 2012-08-22 | 2014-02-27 | Hon Hai Precision Industry Co., Ltd. | Network communication system, device, and method for reducing a network addressing header |
CN105791226A (en) * | 2014-12-23 | 2016-07-20 | 中国电信股份有限公司 | Method, device and system of identifying user identity based on IPv6 (Internet Protocol version 6) address |
Non-Patent Citations (2)
Title |
---|
A. COOPER ET AL: "Security and Privacy Considerations for IPv6 Address Generation Mechanisms", 《IETF》 * |
虞军伟: "浅谈IPv6地址的无状态自动发现", 《网络通讯与安全》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131491A (en) * | 2019-12-30 | 2020-05-08 | 哈尔滨工业大学 | IPv 6-based data transmission method for power plant data acquisition system |
CN117201005A (en) * | 2023-09-08 | 2023-12-08 | 国家计算机网络与信息安全管理中心江苏分中心 | IPv6 address dynamic coding method based on ZUC encryption and decryption and application method |
CN117201005B (en) * | 2023-09-08 | 2024-03-15 | 国家计算机网络与信息安全管理中心江苏分中心 | IPv6 address dynamic coding method based on ZUC encryption and decryption and application method |
Also Published As
Publication number | Publication date |
---|---|
CN109347836B (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1969526B (en) | Securing home agent to mobile node communication with HA-MN key | |
Stubblefield et al. | A key recovery attack on the 802.11 b wired equivalent privacy protocol (WEP) | |
US8254581B2 (en) | Lightweight key distribution and management method for sensor networks | |
Zhang et al. | Securing sensor networks with location-based keys | |
CN100579304C (en) | Method and device for reconfirming authentication roaming mobile node by utilizing cipher key | |
CN101969638B (en) | Method for protecting international mobile subscriber identity (IMSI) in mobile communication | |
CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
CN101965722B (en) | Re-establishment of a security association | |
US11917061B2 (en) | Decentralized and/or hybrid decentralized secure cryptographic key storage method | |
WO2008098611A1 (en) | Signalling delegation in a moving network | |
CN109347836A (en) | A kind of IPv6 network node identity security guard method | |
US8275987B2 (en) | Method for transmission of DHCP messages | |
Benkahla et al. | Security analysis in enhanced LoRaWAN duty cycle | |
Simic et al. | A survey of wireless security | |
CN116055091B (en) | Method and system for realizing IPSec VPN by adopting software definition and quantum key distribution | |
Barriga et al. | Securing End-Node to Gateway Communication in LoRaWAN with a Lightweight Security Protocol | |
CN114614984A (en) | Time-sensitive network secure communication method based on state cryptographic algorithm | |
Lee et al. | Design of secure arp on MACsec (802.1 Ae) | |
CN100536471C (en) | Method for effective protecting signalling message between mobile route and hometown agent | |
KR101591306B1 (en) | Method and apparatus for communication using virtual MAC address | |
Pisa et al. | On the feasibility of attribute-based encryption for WLAN access control | |
Lukas et al. | WMNSec: security for wireless mesh networks | |
Hartl et al. | Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures | |
Kong et al. | ESCORT: a decentralized and localized access control system for mobile wireless access to secured domains | |
CN115459972B (en) | Safe anonymous core network access method based on multi-unmanned aerial vehicle relay |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |