CN109347836A - A kind of IPv6 network node identity security guard method - Google Patents

A kind of IPv6 network node identity security guard method Download PDF

Info

Publication number
CN109347836A
CN109347836A CN201811249923.5A CN201811249923A CN109347836A CN 109347836 A CN109347836 A CN 109347836A CN 201811249923 A CN201811249923 A CN 201811249923A CN 109347836 A CN109347836 A CN 109347836A
Authority
CN
China
Prior art keywords
node
router
key
subnet
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811249923.5A
Other languages
Chinese (zh)
Other versions
CN109347836B (en
Inventor
王俊
向宏
苗春华
韩正甫
丁东平
尹凯
王剑
宋星星
陈红艳
金丽
束杨宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Asky Quantum Technology Co Ltd
Original Assignee
Anhui Asky Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Asky Quantum Technology Co Ltd filed Critical Anhui Asky Quantum Technology Co Ltd
Priority to CN201811249923.5A priority Critical patent/CN109347836B/en
Publication of CN109347836A publication Critical patent/CN109347836A/en
Application granted granted Critical
Publication of CN109347836B publication Critical patent/CN109347836B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a kind of IPv6 network node identity security guard methods, including inject a group key K1 to node A initial network entry router and node A, and node A saves initial network entry router unicast ip address;Node A obtains temporary subnet IP address;Node A sends access the Internet request message to subnet I router using temporary subnet IP address;The key K1 of subnet I router acquisition initial network entry router;Subnet I router to the unique PIN code of subnet I router and random number encryption and feeds back to node A using key K1;Node A decrypts encrypted cipher text X using key K1, and node A calculates the MAC Address of the correct PIN code of decryption, random number and node A, obtains the interface identifier of global unicast IP address;The present invention obtains 64 bit address after the IPv6 unicast address of egress, effectively hiding IPv6 network node identity using safety application and combinatorial operation.

Description

A kind of IPv6 network node identity security guard method
Technical field
The present invention relates to IPv6 network technique fields, and in particular to a kind of IPv6 network node identity security guard method.
Background technique
As implementation and the rapid expansion of mobile Internet, Internet of Things are implemented in IPv6 development plan, network environment is Earth-shaking variation occurs.The current multinational erection for having begun IPv6 root server, the bis- stackizations transformations of IPv6 and IPv6 without Gauze network is gradually implemented.Internet mainstream applications have supported IPv6 to access, and user's flowing of access increases rapidly, access network All kinds of novel joint number of devices are in explosive growth, the biography that the information of real world will more and more in virtual network It is defeated, but the IP address in IPv6 agreement is fixed and openly, and user node personal behavior and privacy information are fully exposed to internet On.
Note: network node, which refers to, to be possessed independent address and has the unit for sending or receive data function in network, it can To be that the point of departure again of network such as interchanger, router, server is also possible to the end of network, such as sensor, personal meter Calculation machine etc..
With the deployment of IPv6 network, each network node can distribute globally unique unicast ip address, referring to Fig. 1, Fig. 1 is IPv6 network unicast IP address structure;The IP address has 128, and first 64 are subnet prefix, when accessing different sub-network It can change;64 are interface identifier afterwards, and generally according to the generation of the physical address of node device, (EUI-64 is next generation network Network adapter MAC address is encoded using 64).Due to the uniqueness of the address EUI-64, no matter which son node device accesses Net, latter 64 of IP address be all it is constant, this results in node device in a network and has risk tracked always.
Aiming at the problem that node identities can not be hidden, RFC4941 describes another side for generating IPv6 interface identifier Method, i.e., the random number for generating one group 64 is as interface identifier.This group of random number is actually the 128 of node history IP address Latter 64 of position MD5 value, this calculation method protects the identity information of node to a certain extent, but malicious user is still It can be combined by the history IP address of node using the identical IP address that node future is calculated, then be swept by address Retouch the node after capable of finding transformation IP.
It can be seen that the identity security problem of IPv6 network node never obtains effective solution, next generation network The privacy of node and user face a severe challenge.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of IPv6 network node in view of the above shortcomings of the prior art Identity security guard method, this IPv6 network node identity security guard method obtain egress with combinatorial operation using safety application IPv6 unicast address after 64 bit address, can effectively hide IPv6 network node identity, greatly protect that user's is hidden Private and network safety.
To realize the above-mentioned technical purpose, the technical scheme adopted by the invention is as follows:
A kind of IPv6 network node identity security guard method, comprising the following steps:
Step 1: the router that the node A of internet to be accessed is registered is as the initial network entry router of node A, to just Begin to inject identical group key K1 into network router and node A, the whole world that node A saves the initial network entry router is unique single Broadcast IP address and the corresponding key group number of K1;
Step 2: node A has found subnet I router by the Neighbor Discovery Protocol of IPv6 and obtains the distribution of subnet I router Random temporary subnet IP address;
Step 3: node A sends the request of access internet using the temporary subnet IP address obtained to subnet I router Message, the request message include the initial network entry router of node A global Unique unicast IP address and key K1 it is corresponding Key group number;
Step 4: subnet I router inquires the initial of node A by the global Unique unicast IP address in request message Enter network router, and obtained by the way of key relaying it is in initial network entry router and with the key group number in request message Corresponding key K1;
Step 5: subnet I router is using the key K1 obtained to 64 unique PIN codes of subnet I router and one group 64 Position random number is encrypted, and encrypted cipher text X is obtained;
Step 6: encrypted cipher text X is fed back to node A by subnet I router;
Step 7: node A obtain subnet I router feedback message after, using itself key K1 to encrypted cipher text X into Row decryption, obtains PIN code and the hash value of PIN code and random number is fed back to subnet I router by random number, node A;
Step 8: subnet I router judges the PIN code of node A feedback and the hash value of random number and the unique PIN of itself Whether code is consistent with the hash value of one group of 64 random number, if unanimously, feeding back correct message to node A, otherwise return step 6 Encrypted cipher text X to node A is retransmitted, until subnet I router feeds back correct message to node A;
Step 9: after node A obtains the correct message of subnet I router feedback, by correct PIN code, random number and node The MAC Address of A is combined calculating, obtains 64 bit values, using 64 bit value as itself global Unique unicast IP address Interface identifier.
Technical solution as a further improvement of that present invention, the step 1 include:
Judge whether the node A of internet to be accessed needs to register, if node A is in a router in internet It registered and thens follow the steps 2, the MAC Address that node A is otherwise stored in the router of proximal most position completes registration;Its interior joint The router that A is registered as the initial network entry router of node A, to initial network entry router and node A injection it is identical one group it is close Key K1, node A save the global Unique unicast IP address and the corresponding key group number of K1 of the initial network entry router.
Technical solution as a further improvement of that present invention, the step 4 include:
(1) subnet I router inquires the initial network entry of node A by the global Unique unicast IP address in request message Router;
(2) subnet I router issues key request to the initial network entry router of node A, which includes key Group number;
(3) using key relaying by the way of make subnet I router obtain initial network entry router in and with key group number Corresponding key K1;
The mode of the described key relaying includes:
Node x and node y, subnet I router and the area node x are equipped between subnet I router and initial network entry router Domain is adjacent and shared a pair of secret keys Kx, node x a pair of secret keys K adjacent and shared with the region node yxy, node y and initial network entry road It is adjacent by device region and interconnect and share a pair of secret keys Ky
Initial network entry router uses key KyKey K1 corresponding with key group number is encrypted, ciphertext K is obtainedy1, And by ciphertext Ky1It is transferred to node y;
Node y uses key KyTo ciphertext Ky1It is decrypted, obtains key K1;Node y uses key KxyTo key K1 into Row encryption, obtains ciphertext Kxy1, and by ciphertext Kxy1It is transferred to node x;
Node x uses key KxyTo ciphertext Kxy1It is decrypted, obtains key K1;Node x uses key KxTo key K1 into Row encryption, obtains ciphertext Kx1, and by ciphertext Kx1It is transferred to subnet I router;
Subnet I router uses key KxTo ciphertext Kx1It is decrypted, obtains key K1.
4, IPv6 network node identity security guard method according to claim 2, which is characterized in that the step The calculation formula that the MAC Address by correct PIN code, random number and node A in rapid 9 is combined calculating can be with are as follows:
Wherein Y is 64 bit values, and X1 is PIN code, and X2 is random number, and X3 is the MAC Address of node A.
The invention has the benefit that IPv6 network node identity security guard method of the invention can effectively hide IPv6 network node identity, is fixed or side random according to certain rules different from 64 bit address after existing IPv6 unicast address Formula, the present invention obtain 64 bit address after IPv6 unicast address with combinatorial operation using safety application, so that global Unique unicast IP The interface identifier of address and the relationship of node obtain hiding protection, and malicious user can not obtain the interface identifier of unicast ip address The safety application of symbol and calculating process, can not be tracked in a network;And the subnet of node access is different, then the interface of IP address Identifier is different, and safety is higher, therefore can effectively hide IPv6 network node identity;In addition, being needed in supervision department When supervision, node identities are found using the address arithmetic information of secure storage in subnet router, are both avoided that illegal user The identity of node is inquired in a network, can also be allowed supervision department to trace the source of illegal information publication, greatly be protected The privacy of user and the safety of network.
Detailed description of the invention
Fig. 1 is IPv6 network unicast IP address structure.
Fig. 2 is that embodiment interior joint is connected to the network schematic diagram.
Fig. 3 is the schematic diagram of key trunking scheme in embodiment.
Fig. 4 is the sequence chart of the interface identifier of the global Unique unicast IP address of node A application.
Specific embodiment
A specific embodiment of the invention is further illustrated below according to Fig. 1 to Fig. 4:
Fig. 1 is IPv6 network unicast IP address structure, which has 128, and first 64 are subnet prefix, when access not It can change with when subnet;64 are interface identifier afterwards, are generally generated according to the physical address of node device.
Demand is hidden for the identity of network node unicast ip address, the present embodiment uses MAC+ to 64 after unicast address The combinatorial operation of PIN+KEY generates (wherein KEY is random number hereafter), under the premise of tightly guaranteeing node identity information, Normal data communication is not influenced, and supervision department can also be allowed to carry out identification to node in the case where authorization.
Referring to fig. 2, Fig. 2 indicates a meshed network connection, and interior joint A and node B access subnet I, pass through the road subnet I Internet is connected by device, and each region in internet has one to summarize router, summarizes router and constitutes between region each other It interconnects, as region A summarizes router, region B summarizes router, region C summarizes router interconnection intercommunication in figure.
The present embodiment describes the generation step of the global Unique unicast address of node A by taking node A as an example, specific as follows:
Referring to fig. 4, a kind of IPv6 network node identity security guard method, comprising the following steps:
Step 1: node A access first determines whether node A is registered before internet, if node A is being interconnected It was registered in a router in net and thens follow the steps 2, the MAC of node A is otherwise stored in the router of proximal most position Complete registration in location;The router that its interior joint A is registered gives initial network entry router and section as the initial network entry router of node A Point A injects identical group key K1, and node A saves the global Unique unicast IP address of the initial network entry router and K1 is corresponded to Key group number;
Step 2: when node A accesses subnet I, node A has found subnet I router by the Neighbor Discovery Protocol of IPv6 and obtains The random temporary subnet IP address for taking subnet I router to distribute;That is node A is to subnet I router solicitation temporary subnet IP Location, subnet I router distribute random temporary subnet IP address to node A;
Step 3: node A sends the request of access internet using the temporary subnet IP address obtained to subnet I router Message, the request message include the initial network entry router of node A global Unique unicast IP address and key K1 it is corresponding Key group number;
Step 4: subnet I router inquires the initial of node A by the global Unique unicast IP address in request message Enter network router, and obtained by the way of key relaying it is in initial network entry router and with the key group number in request message Corresponding key K1;
Step 5: subnet I router is using the key K1 obtained to 64 unique PIN codes of subnet I router and one group 64 Position random number is encrypted, and encrypted cipher text X is obtained;
Step 6: encrypted cipher text X is fed back to node A by subnet I router;
Step 7: node A obtain subnet I router feedback message after, using itself key K1 to encrypted cipher text X into Row decryption, obtains PIN code and the hash value of PIN code and random number is fed back to subnet I router by random number, node A, for true Recognize whether node A receives correct message;
Step 8: subnet I router judges the PIN code of node A feedback and the hash value of random number and the unique PIN of itself Whether code is consistent with the hash value of one group of 64 random number, if unanimously, feeding back correct message to node A, otherwise return step 6 Encrypted cipher text X to node A is retransmitted, until subnet I router feeds back correct message to node A;
Step 9: after node A obtains the correct message of subnet I router feedback, by correct PIN code, random number and node The MAC Address of A is combined calculating, obtains 64 bit values, using 64 bit value as itself global Unique unicast IP address Interface identifier.The combination calculation method can be after three's exclusive or as a result, being also possible to other algorithms.
The MAC Address by correct PIN code, random number and node A in step 9 is combined the exclusive or formula of calculating Are as follows:
Wherein Y is 64 bit values, and X1 is PIN code, and X2 is random number, and X3 is the MAC Address of node A.
Step 4 in the present embodiment specifically includes:
(1) subnet I router inquires the initial network entry of node A by the global Unique unicast IP address in request message Router;
(2) subnet I router issues key request to the initial network entry router of node A, which includes key Group number;
(3) using key relaying by the way of make subnet I router obtain initial network entry router in and with key group number Corresponding key K1;
As shown in figure 3, the mode of key relaying is to be combined to complete with certain topological structure by multiple relay points, in relay point Key carries out xor operation, and key can obtain between final any two user by being transferred to next node after exclusive or It takes global secret, realizes that key is cross-domain shared, what Fig. 3 interior joint x and node y indicated different zones summarizes router, specific to wrap It includes:
Such as Fig. 3, node x and node y is equipped between subnet I router and initial network entry router, and (node x and node y belong to In relay point), subnet I router a pair of secret keys K adjacent and shared with the region node xx, node x is adjacent with the region node y and is total to Enjoy a pair of secret keys Kxy, node y is adjacent with initial network entry router region and interconnects and shares a pair of secret keys Ky
Initial network entry router uses key KyKey K1 corresponding with key group number is encrypted, ciphertext K is obtainedy1, And by ciphertext Ky1It is transferred to node y;
Node y uses key KyTo ciphertext Ky1It is decrypted, obtains key K1;Node y uses key KxyTo key K1 into Row encryption, obtains ciphertext Kxy1, and by ciphertext Kxy1It is transferred to node x;
Node x uses key KxyTo ciphertext Kxy1It is decrypted, obtains key K1;Node x uses key KxTo key K1 into Row encryption, obtains ciphertext Kx1, and by ciphertext Kx1It is transferred to subnet I router;
Subnet I router uses key KxTo ciphertext Kx1It is decrypted, obtains key K1.
Number of nodes between above-mentioned subnet I router and initial network entry router does not limit, can be using in key After mode obtain key K1.
Node A can be accessed in any subnet, step with it is above-mentioned consistent.At this point, being solved if there is supervision needs to IP packet Analysis can first find subnet I router, recycle the PIN value being stored in subnet I router and random number, calculate corresponding IP Address, so as to correctly know the node A identity that do not hide out.
The IP address acquisition modes of the IPv6 network node are compatible with existing IPv6 address distribution, encrypt between routing Transmit data compatibility ipsec protocol.
IPv6 network node identity can be effectively hidden using IPv6 identity security technical method of the invention, is different from 64 bit address are fixed or random manner according to certain rules after existing IPv6 unicast address, the present invention be using safety application with The method that operation obtains 64 bit address after IPv6 unicast address, so that IP address and the relationship of node obtain hiding protection, and When supervision department needs to supervise, node identities are found using the address arithmetic information of secure storage in subnet router, both It is avoided that illegal user inquires the identity of node in a network, supervision department can also be allowed to trace the source of illegal information publication Head greatly protects the privacy of user and the safety of network.
Protection scope of the present invention includes but is not limited to embodiment of above, and protection scope of the present invention is with claims Subject to, replacement, deformation, the improvement that those skilled in the art that any pair of this technology is made is readily apparent that each fall within of the invention Protection scope.

Claims (4)

1. a kind of IPv6 network node identity security guard method, which comprises the following steps:
Step 1: the router that the node A of internet to be accessed is registered is as the initial network entry router of node A, to initially entering Network router and node A inject identical group key K1, and node A saves the global Unique unicast IP of the initial network entry router Address and the corresponding key group number of K1;
Step 2: node A subnet I router is found by the Neighbor Discovery Protocol of IPv6 and obtain the distribution of subnet I router with The temporary subnet IP address of machine;
Step 3: node A sends the request message of access internet using the temporary subnet IP address obtained to subnet I router, The request message includes the global Unique unicast IP address and the corresponding key group of key K1 of the initial network entry router of node A Number;
Step 4: subnet I router inquires the initial network entry of node A by the global Unique unicast IP address in request message Router, and using key relaying by the way of obtain it is in initial network entry router and corresponding with the key group number in request message Key K1;
Step 5: subnet I router using the key K1 obtained to 64 unique PIN codes of subnet I router and one group 64 with Machine number is encrypted, and encrypted cipher text X is obtained;
Step 6: encrypted cipher text X is fed back to node A by subnet I router;
Step 7: after node A obtains the feedback message of subnet I router, encrypted cipher text X being solved using the key K1 of itself It is close, it obtains PIN code and the hash value of PIN code and random number is fed back to subnet I router by random number, node A;
Step 8: subnet I router judge node A feedback PIN code and random number hash value and itself unique PIN code and Whether the hash value of one group of 64 random number is consistent, if unanimously, feeding back correct message to node A, otherwise return step 6 is again Encrypted cipher text X to node A is sent, until subnet I router feeds back correct message to node A;
Step 9: after node A obtains the correct message of subnet I router feedback, by correct PIN code, random number and node A MAC Address is combined calculating, obtains 64 bit values, connects 64 bit value as the global Unique unicast IP address of itself Mouth identifier.
2. IPv6 network node identity security guard method according to claim 1, which is characterized in that the step 1 Include:
Judge whether the node A of internet to be accessed needs to register, if node A is registered in a router in internet It crosses and thens follow the steps 2, the MAC Address that node A is otherwise stored in the router of proximal most position completes registration;Its interior joint A note The router of volume is the initial network entry router of node A, injects an identical group key to initial network entry router and node A K1, node A save the global Unique unicast IP address and the corresponding key group number of K1 of the initial network entry router.
3. IPv6 network node identity security guard method according to claim 2, which is characterized in that the step 4 Include:
(1) subnet I router is routed by the initial network entry that the global Unique unicast IP address in request message inquires node A Device;
(2) subnet I router issues key request to the initial network entry router of node A, which includes key group number;
(3) made by the way of key relaying in subnet I router acquisition initial network entry router and corresponding with key group number Key K1;
The mode of the described key relaying includes:
Node x and node y, subnet I router and the region node x phase are equipped between subnet I router and initial network entry router Adjacent and shared a pair of secret keys Kx, node x a pair of secret keys K adjacent and shared with the region node yxy, node y and initial network entry router Region is adjacent and interconnects and shares a pair of secret keys Ky
Initial network entry router uses key KyKey K1 corresponding with key group number is encrypted, ciphertext K is obtainedy1, and will Ciphertext Ky1It is transferred to node y;
Node y uses key KyTo ciphertext Ky1It is decrypted, obtains key K1;Node y uses key KxyKey K1 is added It is close, obtain ciphertext Kxy1, and by ciphertext Kxy1It is transferred to node x;
Node x uses key KxyTo ciphertext Kxy1It is decrypted, obtains key K1;Node x uses key KxKey K1 is added It is close, obtain ciphertext Kx1, and by ciphertext Kx1It is transferred to subnet I router;
Subnet I router uses key KxTo ciphertext Kx1It is decrypted, obtains key K1.
4. IPv6 network node identity security guard method according to claim 2, which is characterized in that the step 9 The calculation formula that the interior MAC Address by correct PIN code, random number and node A is combined calculating can be with are as follows:
Y=X1 ⊕ X2 ⊕ X3 (1);
Wherein Y is 64 bit values, and X1 is PIN code, and X2 is random number, and X3 is the MAC Address of node A.
CN201811249923.5A 2018-10-25 2018-10-25 IPv6 network node identity safety protection method Active CN109347836B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811249923.5A CN109347836B (en) 2018-10-25 2018-10-25 IPv6 network node identity safety protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811249923.5A CN109347836B (en) 2018-10-25 2018-10-25 IPv6 network node identity safety protection method

Publications (2)

Publication Number Publication Date
CN109347836A true CN109347836A (en) 2019-02-15
CN109347836B CN109347836B (en) 2020-12-15

Family

ID=65311739

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811249923.5A Active CN109347836B (en) 2018-10-25 2018-10-25 IPv6 network node identity safety protection method

Country Status (1)

Country Link
CN (1) CN109347836B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131491A (en) * 2019-12-30 2020-05-08 哈尔滨工业大学 IPv 6-based data transmission method for power plant data acquisition system
CN117201005A (en) * 2023-09-08 2023-12-08 国家计算机网络与信息安全管理中心江苏分中心 IPv6 address dynamic coding method based on ZUC encryption and decryption and application method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155196A (en) * 2006-09-27 2008-04-02 中国电信股份有限公司 Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same
CN101277257A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Method, apparatus and system for dynamically updating DNS
CN101902482A (en) * 2010-08-23 2010-12-01 中国电信股份有限公司 Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration
CN102769677A (en) * 2012-07-20 2012-11-07 清华大学 IPv6 address setting method for real user identity information and server
US20140056301A1 (en) * 2012-08-22 2014-02-27 Hon Hai Precision Industry Co., Ltd. Network communication system, device, and method for reducing a network addressing header
US8688807B2 (en) * 2011-08-18 2014-04-01 Cisco Technology, Inc. Deriving unique local addresses from device names
CN105791226A (en) * 2014-12-23 2016-07-20 中国电信股份有限公司 Method, device and system of identifying user identity based on IPv6 (Internet Protocol version 6) address

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155196A (en) * 2006-09-27 2008-04-02 中国电信股份有限公司 Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same
CN101277257A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Method, apparatus and system for dynamically updating DNS
CN101902482A (en) * 2010-08-23 2010-12-01 中国电信股份有限公司 Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration
US8688807B2 (en) * 2011-08-18 2014-04-01 Cisco Technology, Inc. Deriving unique local addresses from device names
CN102769677A (en) * 2012-07-20 2012-11-07 清华大学 IPv6 address setting method for real user identity information and server
US20140056301A1 (en) * 2012-08-22 2014-02-27 Hon Hai Precision Industry Co., Ltd. Network communication system, device, and method for reducing a network addressing header
CN105791226A (en) * 2014-12-23 2016-07-20 中国电信股份有限公司 Method, device and system of identifying user identity based on IPv6 (Internet Protocol version 6) address

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A. COOPER ET AL: "Security and Privacy Considerations for IPv6 Address Generation Mechanisms", 《IETF》 *
虞军伟: "浅谈IPv6地址的无状态自动发现", 《网络通讯与安全》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131491A (en) * 2019-12-30 2020-05-08 哈尔滨工业大学 IPv 6-based data transmission method for power plant data acquisition system
CN117201005A (en) * 2023-09-08 2023-12-08 国家计算机网络与信息安全管理中心江苏分中心 IPv6 address dynamic coding method based on ZUC encryption and decryption and application method
CN117201005B (en) * 2023-09-08 2024-03-15 国家计算机网络与信息安全管理中心江苏分中心 IPv6 address dynamic coding method based on ZUC encryption and decryption and application method

Also Published As

Publication number Publication date
CN109347836B (en) 2020-12-15

Similar Documents

Publication Publication Date Title
CN1969526B (en) Securing home agent to mobile node communication with HA-MN key
Stubblefield et al. A key recovery attack on the 802.11 b wired equivalent privacy protocol (WEP)
US8254581B2 (en) Lightweight key distribution and management method for sensor networks
Zhang et al. Securing sensor networks with location-based keys
CN100579304C (en) Method and device for reconfirming authentication roaming mobile node by utilizing cipher key
CN101969638B (en) Method for protecting international mobile subscriber identity (IMSI) in mobile communication
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN101965722B (en) Re-establishment of a security association
US11917061B2 (en) Decentralized and/or hybrid decentralized secure cryptographic key storage method
WO2008098611A1 (en) Signalling delegation in a moving network
CN109347836A (en) A kind of IPv6 network node identity security guard method
US8275987B2 (en) Method for transmission of DHCP messages
Benkahla et al. Security analysis in enhanced LoRaWAN duty cycle
Simic et al. A survey of wireless security
CN116055091B (en) Method and system for realizing IPSec VPN by adopting software definition and quantum key distribution
Barriga et al. Securing End-Node to Gateway Communication in LoRaWAN with a Lightweight Security Protocol
CN114614984A (en) Time-sensitive network secure communication method based on state cryptographic algorithm
Lee et al. Design of secure arp on MACsec (802.1 Ae)
CN100536471C (en) Method for effective protecting signalling message between mobile route and hometown agent
KR101591306B1 (en) Method and apparatus for communication using virtual MAC address
Pisa et al. On the feasibility of attribute-based encryption for WLAN access control
Lukas et al. WMNSec: security for wireless mesh networks
Hartl et al. Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures
Kong et al. ESCORT: a decentralized and localized access control system for mobile wireless access to secured domains
CN115459972B (en) Safe anonymous core network access method based on multi-unmanned aerial vehicle relay

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant