CN111431858B - Centralized safe transmission and authentication method for routing message - Google Patents
Centralized safe transmission and authentication method for routing message Download PDFInfo
- Publication number
- CN111431858B CN111431858B CN202010123451.XA CN202010123451A CN111431858B CN 111431858 B CN111431858 B CN 111431858B CN 202010123451 A CN202010123451 A CN 202010123451A CN 111431858 B CN111431858 B CN 111431858B
- Authority
- CN
- China
- Prior art keywords
- authentication
- routing
- neighbor
- routing equipment
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses a centralized safe transmission and authentication method facing to a routing message, which comprises the following steps that firstly, newly added routing equipment establishes a neighbor relation with each equipment participating in routing through a neighbor table; secondly, the newly added routing equipment performs equipment authentication through a centralized authentication center; thirdly, before the message is sent, the centralized authentication center carries out authentication confirmation on the neighbor routing equipment; and secondly, after the neighbor routing equipment completes authentication and confirmation, encrypting and sending the message to the neighbor routing equipment by using an asymmetric encryption technology, and finally, after receiving the encrypted message, decrypting the message by using the asymmetric encryption technology to obtain an original message for a specific routing protocol to use. The method adds a mechanism of newly added routing equipment authentication, improves the safety of each routing equipment in the domain, and carries out authentication confirmation on the neighbor routing equipment before message transmission, thereby reducing the leakage risk of message transmission between the routing equipment and greatly improving the safety of message transmission between the routing equipment.
Description
Technical Field
The invention relates to the technical field of network communication, in particular to a centralized safe transmission and authentication method for routing messages.
Background
At present, routing protocols common in the internet include RIP, OSPF, EIGRP, IS-IS, IGRP, BGP and the like, the safety of various protocols mainly depends on the specific authentication methods of respective protocols, and the authentication of various protocols IS incompatible. However, in a new application such as a software-defined network, uniform security management needs to be performed on different routing protocols in many scenarios, and a universal method capable of ensuring communication security of all routing protocols is still lacking.
The invention is mainly used for solving the problem, and the whole idea is to establish a brand-new authentication mechanism outside the routing process of various routing protocols, and perform specific routing communication after the authentication is successful. The method performs shell adding outside the traditional routing protocol, thereby ensuring compatibility with various traditional routing protocols.
Disclosure of Invention
The invention provides a centralized safe transmission and authentication method facing to routing messages, which effectively improves the safety of message transmission among routes and reduces the risk of data leakage.
The invention is realized by the following technical proposal that a centralized safe transmission and authentication method facing to the routing message is characterized in that: the method comprises four processes of establishing a neighbor table of the routing equipment, performing centralized authentication on the routing equipment, confirming authentication of the neighbor routing equipment and encrypting and transmitting a message, and specifically comprises the following steps:
firstly, the newly added routing equipment establishes a neighbor relation with each equipment participating in routing through a neighbor table;
secondly, the newly added routing equipment performs equipment authentication through a centralized authentication center;
thirdly, before the message is sent, the centralized authentication center carries out authentication confirmation on the neighbor routing equipment;
secondly, after the neighbor routing equipment completes authentication and confirmation, the message is encrypted and sent to the neighbor routing equipment by using an encryption technology;
and finally, after receiving the encrypted message, the neighbor routing equipment decrypts the message by using an encryption technology to obtain an original message for a specific routing protocol to use.
Preferably, each device participating in routing establishes a neighbor table, and each interface in establishing a neighbor relationship experiences 5 states, which are: down state, Init state, delete state, Success state and Fail state; the specific design of each state is as follows:
(1) down state: the port is not started, and is in a Down state by default;
(2) the Init state: the port starts the method, sends a Discover exploration protocol packet, does not acquire a Coop packet of the opposite side yet, and replies the Coop packet if the Discover packet of the opposite side is received;
(3) decide status: receiving a Coop packet sent by the other party, and judging whether the authentication is successful or not;
(4) the Success state: after judging that the authentication in the Coop packet is consistent with the authentication set by the local computer, entering a Success state, and detecting once every 5 Coop packets are received in the Success state;
(5) a Fail state: the authentication in the Coop packet does not accord with the authentication set by the local computer, the state of Fail is entered, and the state of Init is entered after the authentication of 3 Coop packets is not accord with the authentication set by the local computer in the state of Fail.
Preferably, the packet sending time periods of the various packets are as follows: the discovery packet is sent once every 5 seconds in a default mode, the Coop packet is sent once every 10 seconds in a default mode, the Coop packet is sent once every 5 seconds when the routing equipment is in a delete state, and the Coop packet is sent once every 30 seconds when the routing equipment is in a Success state;
preferably, the format of the Discover packet is as follows: source address, destination address, time to live.
Preferably, the format of the Coop packet is: the routing device comprises a routing device name, a source address, a destination address, a survival time, a sending time and an authentication identifier.
Preferably, the authentication flow in the loop packet is as follows: after receiving the Coop packet, the routing equipment judges that the authentication identifier in the packet is consistent with the authentication identifier set by the local machine; if the authentication is inconsistent, entering a Fail state, and if the authentication is not successful for 3 times continuously, entering an Init state; and if the routing device name and the source address are consistent, recording the routing device name and the source address into the neighbor table.
Preferably, the newly added routing equipment performs equipment authentication through the centralized authentication center, if the authentication is successful, the newly added routing equipment is included in the authentication table, and if the authentication is failed, the newly added routing equipment is required to perform authentication again; the centralized authentication process of the routing equipment is as follows:
(1) in the same domain, when a routing device is added, a pair of public key and private key is distributed for the routing device, and a unique device-id is distributed;
(2) sending a data packet to a centralized authentication center by using a newly added route, wherein the field of the data packet comprises device-id, a public key and own IP;
(3) after receiving a data packet sent by a newly added route, the centralized authentication center records device-id, a public key and IP of the route equipment;
(4) the centralized authentication center returns the own public key to the newly added routing equipment;
(5) after receiving the public key, the newly added routing equipment encrypts the authentication key by using the public key and returns the encrypted authentication key to the centralized authentication center;
(6) after receiving the encrypted authentication key, the centralized authentication center decrypts the encrypted authentication key by using a private key of the centralized authentication center, and compares the decrypted authentication key with the original authentication key;
(7) if the comparison is consistent, recording the device-id, the public key and the IP into an authentication table, returning authentication success information to the newly added routing equipment, and if the comparison is inconsistent, sending authentication failure information to the newly added routing equipment for re-authentication.
Preferably, before the message is sent, the centralized authentication center authenticates and confirms the neighbor routing equipment, if the neighbor routing equipment is not authenticated in the centralized authentication center, the message is directly stopped being sent to the neighbor routing equipment, if the neighbor routing equipment is authenticated in the centralized authentication center and is not recorded in the local public key storage table, the message is secondarily authenticated in the centralized authentication center, and if the local public key storage table has records, the message is prepared for encrypted transmission; the authentication confirmation process of the neighbor route is as follows:
(1) after the routing engine generates a message, acquiring a neighbor routing device IP according to a neighbor table;
(2) the routing equipment generates a target IP to a centralized authentication center and carries out authentication confirmation request of neighbor routing equipment;
(3) after receiving the authentication confirmation request, the centralized authentication center inquires whether the IP of the neighbor routing equipment exists in an authentication table;
(4) if the neighbor routing equipment IP does not exist, returning authentication confirmation failure information to the routing equipment;
(5) if the neighbor route IP exists, returning the device-id corresponding to the neighbor route equipment IP to the route;
(6) after receiving the neighbor route device-id, the route inquires the device-id in a local public key storage table, if the device-id exists in the table, message encryption transmission is prepared, the process is finished, and if the device-id does not exist in the table, a secondary authentication confirmation request is sent to a centralized authentication center;
(7) after receiving the secondary authentication confirmation request, the centralized authentication center sends the public key of the centralized authentication center to the neighbor routing equipment for carrying out the authentication confirmation request;
(8) after receiving the authentication confirmation request, the neighbor routing equipment encrypts the authentication key by using the received public key and returns the encrypted authentication key to the centralized authentication center;
(9) after receiving the encrypted authentication key, the centralized authentication center decrypts the encrypted authentication key by using a private key of the centralized authentication center, and compares the decrypted authentication key with the original authentication key;
(10) if the comparison is inconsistent, returning authentication confirmation failure information and the neighbor routing equipment device-id to the route, and sending a re-authentication request to the neighbor route;
(11) after receiving the authentication confirmation failure information, the routing equipment stops sending the message to the neighbor routing equipment;
(12) if the comparison is consistent, the centralized authentication center returns the authentication and confirmation success information, the neighboring routing equipment device-id and the public key to the routing equipment;
(13) and after receiving the authentication and confirmation success information, the routing equipment records the neighbor routing equipment device-id and the public key into a local public key storage table and prepares for message encryption transmission.
Preferably, after the neighbor routing device completes authentication and confirmation, the message is encrypted and sent to the neighbor routing device by using an asymmetric encryption technology, and after the neighbor routing device receives the encrypted message, the message is decrypted by using the asymmetric encryption technology to obtain an original message for service requirement; the message encryption transmission flow is as follows:
(1) after the routing equipment generates a message and the neighbor routing equipment authenticates and confirms, obtaining the device-id of the neighbor routing equipment;
(2) inquiring in a public key storage table by using the neighbor routing equipment device-id to obtain a public key corresponding to the neighbor routing equipment;
(3) encrypting the original message by using a public key of the neighbor routing equipment, and sending the original message to the neighbor routing equipment;
(4) and after receiving the encrypted message, the neighbor routing equipment decrypts the encrypted message by using the private key to obtain an original message and processes the original message by using the routing engine.
Compared with the prior art, the invention has the following beneficial effects:
(1) on the basis of a routing protocol, a mechanism of newly adding routing authentication is added, so that the safety of each routing device in the domain is improved;
(2) before message transmission, authentication confirmation needs to be carried out on neighbor routing equipment, and the leakage risk of message transmission between the routing equipment is reduced;
(3) the risk that messages between the routing devices are grabbed and cracked in transmission is reduced by using the asymmetric encryption technology, and the security of message transmission between the routing devices is greatly improved.
Drawings
The invention will be further explained with reference to the drawings.
FIG. 1 is a schematic view of the present invention;
FIG. 2 is a schematic diagram of a neighbor establishment process in the present invention;
FIG. 3 is a schematic diagram illustrating a centralized authentication process according to the present invention;
FIG. 4 is a schematic diagram of a neighbor routing authentication confirmation process in the present invention;
FIG. 5 is a schematic diagram of a message encryption transmission flow in the present invention;
FIG. 6 is a diagram illustrating a public key storage table format according to the present invention;
FIG. 7 is a diagram illustrating an authentication table format according to the present invention;
FIG. 8 is a diagram illustrating a neighbor table format according to the present invention;
FIG. 9 is a diagram illustrating a Discover packet format according to the present invention;
FIG. 10 is a diagram illustrating the format of the Coop packet according to the present invention.
Detailed Description
As shown in fig. 1, a centralized secure transmission and authentication method for routing messages includes four processes, namely, establishment of a neighbor table of a routing device, centralized authentication of the routing device, authentication confirmation of the neighbor routing device, and encrypted transmission of messages. Firstly, a newly-added routing device establishes a neighbor relation with each device participating in routing through a neighbor table; secondly, the newly added route carries out equipment authentication through a centralized authentication center; thirdly, before the message is sent, the centralized authentication center carries out authentication confirmation on the neighbor routing equipment; and secondly, after the neighbor routing equipment completes authentication and confirmation, encrypting and sending the message to the neighbor routing equipment by using an asymmetric encryption technology, and finally, after receiving the encrypted message, decrypting the message by using the asymmetric encryption technology to obtain an original message for service requirements.
As shown in fig. 2, each device participating in routing establishes a neighbor table, and each interface in the establishment of a neighbor relationship experiences 5 states, which are: down state, Init state, delete state, Success state and Fail state; the specific design of each state is as follows:
(1) down state: the port is not started with the method designed by the invention and is in a Down state by default;
(2) the Init state: the port starts the method designed by the invention, sends the Discover exploration protocol packet, does not obtain the Coop packet of the opposite side yet, and replies the Coop packet if the Discover packet of the opposite side is received;
(3) decide status: receiving a Coop packet sent by the other party, and judging whether the authentication is successful or not;
(4) the Success state: after judging that the authentication in the Coop packet is consistent with the authentication set by the local computer, entering a Success state, and detecting once every 5 Coop packets are received in the Success state;
(5) a Fail state: the authentication in the Coop packet does not accord with the authentication set by the local computer, the state of Fail is entered, and the state of Init is entered after the authentication of 3 Coop packets is not accord with the authentication set by the local computer in the state of Fail.
In the above state: the Discover packet is sent once every 5 seconds in a default mode, the Coop packet is sent once every 10 seconds in a default mode, the Coop packet is sent once every 5 seconds when the routing equipment is in a delete state, and the Coop packet is sent once every 30 seconds when the routing equipment is in a Success state. As shown in fig. 9, the format of Discover packet is: source address, destination address, time to live. The Coop packet format as shown in FIG. 10 is: the routing device comprises a routing device name, a source address, a destination address, a survival time, a sending time and an authentication identifier.
As shown in fig. 3, the newly added routing device performs device authentication through the centralized authentication center, and if the authentication is successful, the newly added routing device is included in the authentication table, and if the authentication is failed, the newly added routing device is required to perform authentication again; the centralized authentication process of the routing device is as follows:
(1) in the same domain, a pair of public key and private key is distributed for the routing when the routing is added, and a unique device-id is distributed (in practical application, the device-id recommends using a point-to-point 10-ary representation format, such as 10.10.10.1);
(2) sending a data packet to a centralized authentication center by using a newly added route, wherein the field of the data packet comprises device-id, a public key and own IP (in practical application, JSON data packet format is recommended to be used, such as { "device-id": 10.10.10.1 "," key ": xxx", "IP": 10.10.1 "});
(3) after receiving a data packet sent by a newly added route, the centralized authentication center records the route device-id, the public key and the IP;
(4) the centralized authentication center returns the own public key to the newly added routing equipment;
(5) after receiving the public key, the newly added routing equipment encrypts the authentication key by using the public key and returns the encrypted authentication key to the centralized authentication center;
(6) after receiving the encrypted authentication key, the centralized authentication center decrypts the encrypted authentication key by using a private key of the centralized authentication center, and compares the decrypted authentication key with the original authentication key;
(7) and after the comparison is consistent, recording the device-id, the public key and the IP into an authentication table, returning authentication success information to the newly added route, and sending authentication failure information to newly added route equipment for re-authentication if the comparison is inconsistent.
As shown in fig. 4-8, before sending a message, the centralized authentication center authenticates and confirms the neighbor routing device, if the neighbor routing device is not authenticated in the centralized authentication center, the message is directly stopped from being sent to the neighbor routing device, if the neighbor routing device is authenticated in the centralized authentication center and is not recorded in the local public key storage table, the message is secondarily authenticated in the centralized authentication center, and if the record is recorded in the local public key storage table, the message is prepared for encrypted transmission; the authentication confirmation process of the neighbor route is as follows:
(1) after the routing engine generates a message, acquiring a neighbor routing device IP according to a neighbor table;
(2) the routing equipment generates a target IP to a centralized authentication center and carries out authentication confirmation request of neighbor routing equipment;
(3) after receiving the authentication confirmation request, the centralized authentication center inquires whether the IP of the neighbor routing equipment exists in an authentication table;
(4) if the neighbor routing equipment IP does not exist, returning authentication confirmation failure information to the routing equipment;
(5) if the neighbor route IP exists, returning the device-id corresponding to the neighbor route equipment IP to the route;
(6) after receiving the neighbor route device-id, the route inquires the device-id in a local public key storage table, if the device-id exists in the table, message encryption transmission is prepared, the process is finished, and if the device-id does not exist in the table, a secondary authentication confirmation request is sent to a centralized authentication center;
(7) after receiving the secondary authentication confirmation request, the centralized authentication center sends the public key of the centralized authentication center to the neighbor routing equipment for carrying out the authentication confirmation request;
(8) after receiving the authentication confirmation request, the neighbor routing equipment encrypts the authentication key by using the received public key and returns the encrypted authentication key to the centralized authentication center;
(9) after receiving the encrypted authentication key, the centralized authentication center decrypts the encrypted authentication key by using a private key of the centralized authentication center, and compares the decrypted authentication key with the original authentication key;
(10) if the comparison is inconsistent, returning authentication confirmation failure information and the neighbor routing equipment device-id to the route, and sending a re-authentication request to the neighbor route;
(11) after receiving the authentication confirmation failure information, the routing equipment stops sending the message to the neighbor routing equipment;
(12) if the comparison is consistent, the centralized authentication center returns the authentication and confirmation success information, the neighboring routing equipment device-id and the public key to the routing equipment;
(13) and after receiving the authentication and confirmation success information, the routing equipment records the neighbor routing equipment device-id and the public key into a local public key storage table and prepares for message encryption transmission.
As shown in fig. 5, after the neighbor routing device completes authentication and confirmation, the asymmetric encryption technology is used to encrypt and send the message to the neighbor routing device, and after receiving the encrypted message, the neighbor routing device decrypts the message by using the asymmetric encryption technology to obtain the original message for service requirement; the message encryption transmission flow is as follows:
(1) after a route generates a message and neighbor route authentication is confirmed, acquiring neighbor route device-id;
(2) inquiring in a public key storage table by using the neighbor route device-id to obtain a public key corresponding to the neighbor route;
(3) encrypting the original message by using a public key of the neighbor route, and sending the original message to the neighbor route;
(4) and after receiving the encrypted message, the neighbor router decrypts the encrypted message by using the private key to obtain an original message and processes the original message by using the routing engine.
According to the technical scheme, a mechanism of newly adding route authentication is added on a routing protocol, the safety of each routing device in the domain is improved, the neighbor routes need to be authenticated and confirmed before message transmission, the leakage risk of message transmission between the routes is reduced, the risk of grabbing and cracking of the messages between the routes in transmission is reduced by using an asymmetric encryption technology, and the safety of message transmission between the routes is greatly improved.
Claims (8)
1. A centralized safe transmission and authentication method facing to routing message is characterized in that: the method comprises four processes of establishing a neighbor table of the routing equipment, performing centralized authentication on the routing equipment, confirming authentication of the neighbor routing equipment and encrypting and transmitting a message, and specifically comprises the following steps:
firstly, the newly added routing equipment establishes a neighbor relation with each equipment participating in routing through a neighbor table;
secondly, the newly added routing equipment carries out equipment authentication through a centralized authentication center;
thirdly, before the message is sent, the centralized authentication center carries out authentication confirmation on the neighbor routing equipment;
secondly, after the neighbor routing equipment completes authentication confirmation, the message is encrypted and sent to the neighbor routing equipment by using an encryption technology;
finally, after receiving the encrypted message, the neighbor routing equipment decrypts the message by using an encryption technology to obtain an original message for a specific routing protocol to use;
before sending the message, the centralized authentication center authenticates and confirms the neighbor routing equipment, if the neighbor routing equipment is not authenticated in the centralized authentication center, the message is directly stopped to be sent to the neighbor routing equipment, if the neighbor routing equipment is authenticated in the centralized authentication center and is not recorded in the local public key storage table, the message is secondarily authenticated in the centralized authentication center, and if the local public key storage table has records, the message is prepared for encrypted transmission; the authentication confirmation process of the neighbor route is as follows:
(1) after the routing engine generates a message, acquiring a neighbor routing device IP according to a neighbor table;
(2) the routing equipment generates a target IP to a centralized authentication center and carries out authentication confirmation request of neighbor routing equipment;
(3) after receiving the authentication confirmation request, the centralized authentication center inquires whether the IP of the neighbor routing equipment exists in an authentication table;
(4) if the neighbor routing equipment IP does not exist, returning authentication confirmation failure information to the routing equipment;
(5) if the neighbor route IP exists, returning the device-id corresponding to the neighbor route equipment IP to the route;
(6) after receiving the neighbor route device-id, the route inquires the device-id in a local public key storage table, if the device-id exists in the table, message encryption transmission is prepared, the process is finished, and if the device-id does not exist in the table, a secondary authentication confirmation request is sent to a centralized authentication center;
(7) after receiving the secondary authentication confirmation request, the centralized authentication center sends the public key of the centralized authentication center to the neighbor routing equipment for carrying out the authentication confirmation request;
(8) after receiving the authentication confirmation request, the neighbor routing equipment encrypts the authentication key by using the received public key and returns the encrypted authentication key to the centralized authentication center;
(9) after receiving the encrypted authentication key, the centralized authentication center decrypts the encrypted authentication key by using a private key of the centralized authentication center, and compares the decrypted authentication key with the original authentication key;
(10) if the comparison is inconsistent, returning authentication confirmation failure information and the device-id of the neighbor routing equipment to the router, and sending a re-authentication request to the neighbor router;
(11) after receiving the authentication confirmation failure information, the routing equipment stops sending the message to the neighbor routing equipment;
(12) if the comparison is consistent, the centralized authentication center returns the authentication and confirmation success information, the neighboring routing equipment device-id and the public key to the routing equipment;
(13) and after receiving the authentication and confirmation success information, the routing equipment records the neighbor routing equipment device-id and the public key into a local public key storage table and prepares for message encryption transmission.
2. The centralized secure transmission and authentication method for routing-oriented packets according to claim 1, wherein: each device participating in routing establishes a neighbor table, and each interface in the established neighbor relation experiences 5 states, which are respectively: down state, Init state, delete state, Success state and Fail state; the specific design of each state is as follows:
(1) down state: the port is not started, and is in a Down state by default;
(2) the Init state: the port starts the method, sends a Discover exploration protocol packet, does not acquire a Coop packet of the other side, and replies the Coop packet if the Discover packet of the other side is received;
(3) decide status: receiving a Coop packet sent by the other party, and judging whether the authentication is successful or not;
(4) the Success state: after judging that the authentication in the Coop packet is consistent with the authentication set by the local computer, entering a Success state, and detecting once every 5 Coop packets are received in the Success state;
(5) a Fail state: the authentication in the Coop packet does not accord with the authentication set by the local computer, the state of Fail is entered, and the state of Init is entered after the authentication of 3 Coop packets is not accord with the authentication set by the local computer in the state of Fail.
3. The centralized secure transmission and authentication method for routing-oriented packets according to claim 2, wherein: the packet transmission time periods of various packets are as follows: the Discover packet is sent once every 5 seconds in a default mode, the Coop packet is sent once every 10 seconds in a default mode, the Coop packet is sent once every 5 seconds when the routing equipment is in a delete state, and the Coop packet is sent once every 30 seconds when the routing equipment is in a Success state.
4. The centralized secure transmission and authentication method for routing-oriented packets according to claim 2, wherein: the Discover packet format is: source address, destination address, time to live.
5. The centralized secure transmission and authentication method for routing-oriented packets according to claim 2, wherein: the format of the Coop packet in the step is as follows: the routing device comprises a routing device name, a source address, a destination address, a survival time, a sending time and an authentication identifier.
6. The centralized secure transmission and authentication method for routing-oriented packets according to claim 5, wherein: the authentication process in the Coop packet is as follows: after receiving the Coop packet, the routing equipment judges that the authentication identifier in the packet is consistent with the authentication identifier set by the local machine; if the two are not consistent, entering a Fail state, and if the two are not successfully authenticated for 3 times continuously, entering an Init state; and if the routing device name and the source address are consistent, recording the routing device name and the source address into the neighbor table.
7. The centralized secure transmission and authentication method for routing-oriented packets according to claim 1, wherein: the newly added routing equipment carries out equipment authentication through the centralized authentication center, if the authentication is successful, the newly added routing equipment is included in the authentication table, and if the authentication is failed, the newly added routing equipment is required to carry out authentication again; the centralized authentication process of the routing equipment is as follows:
(1) in the same domain, when a routing device is added, a pair of public key and private key is distributed for the routing device, and a unique device-id is distributed;
(2) sending a data packet to a centralized authentication center by using a newly added route, wherein the field of the data packet comprises device-id, a public key and own IP;
(3) after receiving a data packet sent by a newly added route, the centralized authentication center records device-id, a public key and IP of the route equipment;
(4) the centralized authentication center returns the public key to the newly added routing equipment;
(5) after receiving the public key, the newly added routing equipment encrypts the authentication key by using the public key and returns the encrypted authentication key to the centralized authentication center;
(6) after receiving the encrypted authentication key, the centralized authentication center decrypts the encrypted authentication key by using a private key of the centralized authentication center, and compares the decrypted authentication key with the original authentication key;
(7) if the comparison is consistent, the device-id, the public key and the IP are recorded in an authentication table, authentication success information is returned to the newly added routing equipment, and if the comparison is inconsistent, authentication failure information is sent to the newly added routing equipment for re-authentication.
8. The centralized secure transmission and authentication method for routing-oriented packets according to claim 1, wherein: after the neighbor routing equipment completes authentication confirmation, the message is encrypted and sent to the neighbor routing equipment by using an asymmetric encryption technology, and after the neighbor routing equipment receives the encrypted message, the message is decrypted by using the asymmetric encryption technology to obtain an original message for service requirement; the message encryption transmission flow is as follows:
(1) after the routing equipment generates a message and the neighbor routing equipment authenticates and confirms, obtaining the device-id of the neighbor routing equipment;
(2) inquiring in a public key storage table by using the neighbor routing equipment device-id to obtain a public key corresponding to the neighbor routing equipment;
(3) encrypting the original message by using a public key of the neighbor routing equipment, and sending the original message to the neighbor routing equipment;
(4) and after receiving the encrypted message, the neighbor routing equipment decrypts the encrypted message by using the private key to obtain an original message and processes the original message by using the routing engine.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010123451.XA CN111431858B (en) | 2020-02-27 | 2020-02-27 | Centralized safe transmission and authentication method for routing message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010123451.XA CN111431858B (en) | 2020-02-27 | 2020-02-27 | Centralized safe transmission and authentication method for routing message |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111431858A CN111431858A (en) | 2020-07-17 |
CN111431858B true CN111431858B (en) | 2022-07-12 |
Family
ID=71547305
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010123451.XA Active CN111431858B (en) | 2020-02-27 | 2020-02-27 | Centralized safe transmission and authentication method for routing message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111431858B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060479A (en) * | 2007-05-28 | 2007-10-24 | 广州杰赛科技股份有限公司 | Wireless self-organized network distribution authentication multi-layer tree route method |
CN102594706A (en) * | 2012-03-20 | 2012-07-18 | 南京邮电大学 | Wireless broadband secure routing method for smart home control |
CN104486082A (en) * | 2014-12-15 | 2015-04-01 | 中电长城网际系统应用有限公司 | Authentication method and router |
CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
CN107249003A (en) * | 2017-07-20 | 2017-10-13 | 电子科技大学 | The access authentication method of Batman adv agreements |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8161283B2 (en) * | 2007-02-28 | 2012-04-17 | Motorola Solutions, Inc. | Method and device for establishing a secure route in a wireless network |
-
2020
- 2020-02-27 CN CN202010123451.XA patent/CN111431858B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060479A (en) * | 2007-05-28 | 2007-10-24 | 广州杰赛科技股份有限公司 | Wireless self-organized network distribution authentication multi-layer tree route method |
CN102594706A (en) * | 2012-03-20 | 2012-07-18 | 南京邮电大学 | Wireless broadband secure routing method for smart home control |
CN104486082A (en) * | 2014-12-15 | 2015-04-01 | 中电长城网际系统应用有限公司 | Authentication method and router |
CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
CN107249003A (en) * | 2017-07-20 | 2017-10-13 | 电子科技大学 | The access authentication method of Batman adv agreements |
Also Published As
Publication number | Publication date |
---|---|
CN111431858A (en) | 2020-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7813509B2 (en) | Key distribution method | |
US8205074B2 (en) | Data communication method and data communication system | |
JP5143125B2 (en) | Authentication method, system and apparatus for inter-domain information communication | |
US20070198837A1 (en) | Establishment of a secure communication | |
EP1374533B1 (en) | Facilitating legal interception of ip connections | |
US20060248337A1 (en) | Establishment of a secure communication | |
JP4962117B2 (en) | Encryption communication processing method and encryption communication processing apparatus | |
JP6345816B2 (en) | Network communication system and method | |
CA2419853A1 (en) | Location-independent packet routing and secure access in a short-range wireless networking environment | |
JP2002082907A (en) | Security function substitution method in data communication and its system, and recording medium | |
JP6067651B2 (en) | Method and apparatus for incorporating dual-stack operation authorization | |
WO2009082889A1 (en) | A method for internet key exchange negotiation and device, system thereof | |
WO2011041962A1 (en) | Method and system for end-to-end session key negotiation which support lawful interception | |
US20080267395A1 (en) | Apparatus and method for encrypted communication processing | |
WO2009082950A1 (en) | Key distribution method, device and system | |
CN111614596B (en) | Remote equipment control method and system based on IPv6 tunnel technology | |
CN115567205A (en) | Method and system for realizing encryption and decryption of network session data stream by quantum key distribution | |
CN112887278B (en) | Interconnection system and method of private cloud and public cloud | |
EP3340530B1 (en) | Transport layer security (tls) based method to generate and use a unique persistent node identity, and corresponding client and server | |
GB2411086A (en) | Secure communication between terminals over a local channel using encryption keys exchanged over a different network | |
CN111431858B (en) | Centralized safe transmission and authentication method for routing message | |
JP2009260847A (en) | Vpn connection method, and communication device | |
JP3911697B2 (en) | Network connection device, network connection method, network connection program, and storage medium storing the program | |
CN109756487B (en) | Authentication method, device, equipment and storage medium | |
CN117395059A (en) | NAT penetration method based on TLS protocol of negotiation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |