CN103701700B - Node discovery method in a kind of communication network and system - Google Patents
Node discovery method in a kind of communication network and system Download PDFInfo
- Publication number
- CN103701700B CN103701700B CN201310723937.7A CN201310723937A CN103701700B CN 103701700 B CN103701700 B CN 103701700B CN 201310723937 A CN201310723937 A CN 201310723937A CN 103701700 B CN103701700 B CN 103701700B
- Authority
- CN
- China
- Prior art keywords
- node
- information
- address
- hop
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides the node discovery method in a kind of communication network and system;Method includes: source node sends and finds that request message, to next-hop node, carries the challenging value that the address information of source node, the identity information of source node, the address information of destination node and source node generate in described discovery request message;Receive and find that the node of request message returns this node to source node and submits to the checking information of source node;Judge node for the purpose of this node is whether according to address information therein, then will find that if not destination node request message is transmitted to the next-hop node of this node;Each node, after receiving the checking information that destination node returns, is verified by source node according to the checking information that each node received is submitted to;If be all verified, each node is defined as trusted node.The present invention can ensure that the safety and reliability of communications between the network equipment, reduces communication delay.
Description
Technical field
The present invention relates to the communications field, particularly relate to the node discovery method in a kind of communication network and system.
Background technology
The appearance of communication network so that can link up more rapidly between men, the exchange of information is more
Add smooth and easy.A kind of main carriers that communication network transmits as information, has been achieved for unprecedented
Exhibition, while status basic and of overall importance becomes increasingly conspicuous, is the most constantly faced with the most diversified peace
The Network Security Environment entirely threatened and become increasingly complex.Owing to the Internet has opening, global, empty
The features such as the property intended, the uncertainty of identity, decentralization and equality so that some demand of people obtains
To meet, also just because of these features of the Internet, create again many safety problems simultaneously.Especially
For high speed, communication network large-scale, complicated multi-hop, the safety of network is particularly important.
In the Internet, the transmission of information be the transmission medium by sections many in net and equipment (router,
Switch, server, gateway etc.) from one end arrival other end.Path selection is exploited in communication
With run one of the factor that have to consider.For the operation of network, its Path selection finds exactly
Article one, the information sent from source is transferred to destination through minimum cost.Due to communication network opening
Feature so that in packet, the confidentiality of information cannot be effectively ensured during communication network transmission.
Carry the malicious node that information in the packet may be exposed on path, on the one hand by violence mode
Crack the information in packet, on the other hand utilize some to surrender node to the information obtaining in network.?
After obtaining the topology information of these networks, malicious node will correspondingly implement various attack.Therefore, right
For the transmitting terminal of information, the active path of a believable arrival destination should be found, it is ensured that information
During transmission, each node is believable, thus guarantee information is not by acquired in illegal node.
In a communication network, existing the most frequently used node discovery procedure is traceroute detection process.This
Process utilizes increases the TTL(time-to-live) value realizes its function.Whenever packet is through a route
Device, its time-to-live will subtract 1;When its time-to-live is 0, equipment is just cancelled packet, and is passed
Send an ICMP(Internet Control Message Protocol, Internet Control Message Protocol) TTL
Packet gives the person of sending of former packet.But, this process does not guarantee on found path
The verity of node and reliability, and node discovery procedure is required for repeating to send a plurality of packet every time,
The most significantly consume network overhead.
IETF(Internet Engineering Task group) in order to solve on same link communication between different nodes and
Address Autoconfiguration problem, it is proposed that a kind of Neighbor Discovery Protocol NDP.This agreement is IPv6 agreement
Element, but must be set up on the basis of trustable network, also exist substantial amounts of in reality
Security threat.Subsequently, IETF proposes ipsec certification head and SEND(Secure Neighbor
Discovery, safety neighbor discovering) agreement improves the safety of NDP.Generate by adding password
Address, RSA(public key encryption algorithm) signature, timestamp and current sessions label option, and
Introducing the authentication mechanism of router, Secure Neighbor Discovery Protocol substantially increases the safety of neighbor discovery process
Property, but this agreement remains substantial amounts of safety problem, attacks as do not resisted forgery NDP message
Hit.In recent years, researcher also devises multiple point-to-point for adhoc() route discovery protocols of network,
But due to adhoc network local, small-sized, without the feature such as linear, be not suitable for cross-domain, at a high speed,
Large-scale communication network.
Summary of the invention
The technical problem to be solved in the present invention be how to guarantee between the network equipment safety of communications and
Reliability, reduces communication delay.
In order to solve the problems referred to above, the invention provides the node discovery method in a kind of communication network, bag
Include:
S101, source node send and find that request message, to next-hop node, is taken in described discovery request message
Address information, the identity information of source node, the address information of destination node and source node with source node are raw
The challenging value become;
S102, receive the node of described discovery request message and return this node to described source node and submit to institute
State the checking information of source node, including: the address information of this node and digital certificate, and this node pin
Challenge responses value to source node;Judge to save for the purpose of whether this node according to described address information therein
Point, is then transmitted to the next-hop node of this node if not destination node by described discovery request message;
S103, described source node are after receiving the checking information that destination node returns, each according to received
Each node is verified by the checking information that node is submitted to;If be all verified, by each described node
It is defined as trusted node.
Alternatively, node is the phase between source node and this node for the challenge responses value of source node
Pass information, with the result that the signature using the private key of this node to generate this relevant information carries out logical operations;
Wherein, the relevant information between source node and this node includes: the identity information of this node, source node
The challenging value that identity information and described source node generate;
The step that each node is verified by the checking information that described source node is submitted to according to each node received
Suddenly include:
Described source node separately verifies the address information in the checking information that each node is submitted to and digital certificate is
No effectively;The challenge responses generated by this node of public key verifications carried in each node digital certificate respectively
Signature in value is the most effective.
Alternatively, the step bag of the described next-hop node that described discovery request message is transmitted to this node
Include:
Preserve the upper hop address of node information in described discovery request message, then delete described discovery
The additional information of other node beyond source node in request message, increases in described discovery request message
The additional information of this node, is last transmitted to the next-hop node of this node;Described additional information includes:
The challenging value that the address information of this node, identity information and this node generate;
Described step S102 also includes:
When upper hop node is not for described source node, structure is neighbouring finds that response message is sent to upper hop joint
Point, wherein carries this node and submits to the checking information of upper hop node, including: this address of node is believed
Breath, digital certificate and this node are for the challenge responses value of upper hop node;This node is for upper hop
The challenge responses value of node is the relevant information between upper hop node and this node, with this node of employing
The signature that this relevant information is generated by private key carries out the result of logical operations;Wherein, upper hop node and
Relevant information between this node includes: the identity information of this node, the identity information of upper hop node,
And the challenging value that described upper hop node generates.
Alternatively, described method also includes:
Receive the address information sum of the described neighbouring node verification wherein next-hop node finding response message
Whether word certificate is effective, and by the public key verifications carried in the digital certificate of this next-hop node this next
Signature in the challenge responses value that hop node generates is the most effective;If all effective, preserve this down hop joint
The address information of point.
Alternatively, also include after described step S103:
S104, each intermediate node RiFollowing the steps below respectively, described intermediate node is described destination node
The node receiving described discovery request message in addition:
41、RiUsing the upper hop node of this node as upstream request Object node;If this node preserves
There is the address information of next-hop node, then using this next-hop node as downbound request Object node;To jump
Numerical value is set to 1;
42、RiTo described upstream request Object node sending node Address requests message, wherein carry described
Jumping figure value, the request of upper hop address of node information to described upstream request Object node, this node
Identity information and this node generate challenging value;
If there is described downbound request Object node, then RiJoint is sent to described downbound request Object node
Dot address request message, wherein carries described jumping figure value, down hop to described downbound request Object node
The challenging value that the request of address of node information, the identity information of this node and this node generate;
43, described uplink/downlink request Object node receives described RiThe request up/down one hop node ground sent
After the node address request message of location information, if this node has the address information of up/down one hop node, then
Structure node checking request message returns to Ri, wherein carry the identity information of this node, digital certificate,
The challenging value of this node generation and described node are for RiChallenge responses value;
44、RiAfter receiving the node verification request message of described uplink/downlink request Object node, if checking
Ask Object node to described uplink/downlink by then sending node auth response message, wherein carry RiNumber
Word certificate and RiChallenge responses value for described uplink/downlink request Object node;
45, after described uplink/downlink request Object node receives described node verification response message, if checking
Pass through, then the address information of up/down one hop node of this node is fed back to Ri;
If 46 address informations received also are not belonging to RiDestination node to be looked for, then by RiFrom described
Node corresponding to address information that upstream request Object node is received is as RiUpstream request object joint
Point, by RiNode corresponding to the address information that received from described downbound request Object node is as RiUnder
Row request Object node, adds 1 by described jumping figure value, is then back to step 42;If the address letter received
Breath belongs to RiDestination node to be looked for, then adjacent node discovery procedure terminates.
Present invention also offers the node in a kind of communication network and find system, including:
Multiple nodes, at least a part of which includes being ready for source node and the destination node that node finds;
Each node includes respectively:
Request sending module, for when this node is as source node, sends and finds that request message is to next
Hop node, carry in described discovery request message the address information of source node, the identity information of source node,
The challenging value that the address information of destination node and source node generate;
Request respond module, for after receiving described discovery request message, returns this node to source node
Submit to the checking information of described source node, including: the address information of this node and digital certificate, and
This node is for the challenge responses value of source node;
Request forwarding module, for after receiving described discovery request message, according to address information therein
Judge node for the purpose of this node is whether;If this node is intermediate node, by described discovery request message
It is transmitted to the next-hop node of this node;
Authentication module, for when this node is as source node, when receiving the checking letter that destination node returns
After breath, according to the checking information that each node received is submitted to, each node is verified;If all tested
Card is by being then defined as trusted node by each described node.
Alternatively, node is the phase between source node and this node for the challenge responses value of source node
Pass information, with the result that the signature using the private key of this node to generate this relevant information carries out logical operations;
Wherein, the relevant information between source node and this node includes: the identity information of this node, source node
The challenging value that identity information and described source node generate;
Described authentication module carries out checking according to the checking information that each node received is submitted to each node
Refer to:
Described authentication module separately verifies the address information in the checking information that each node is submitted to and digital certificate
The most effective;The challenge generated by this node of public key verifications carried in each node digital certificate respectively is rung
Signature in should being worth is the most effective.
Alternatively, described discovery request message is transmitted to the down hop of this node by described request forwarding module
Node refers to:
Described request forwarding module preserves the address information of the upper hop in described discovery request message, then
Delete described in described discovery request message the additional information of other node beyond source node, at described
Existing request message increases the additional information of this node, is last transmitted to the next-hop node of this node;Institute
State additional information to include: the challenging value that the address information of this node, identity information and this node generate;
Each node also includes:
Neighbouring respond module, for when upper hop node is not described source node, the neighbouring discovery of structure is rung
Answer message to be sent to upper hop node, wherein carry this node and submit to the checking information of upper hop node,
Including: the address information of this node, digital certificate and this node are for the challenge responses of upper hop node
Value;This node is being correlated with between upper hop node and this node for the challenge responses value of upper hop node
Information, with the result that the signature using the private key of this node to be generated this relevant information carries out logical operations;
Wherein, the relevant information between upper hop node and this node includes: the identity information of this node, upper
The challenging value that the identity information of hop node and described upper hop node generate.
Alternatively, described authentication module is additionally operable to, after receiving described neighbouring discovery response message, verify it
The address information of middle next-hop node and digital certificate are the most effective, and by the numeral of this next-hop node
Signature in the challenge responses value that this next-hop node of the public key verifications carried in certificate generates is the most effective;
If all effective, preserve the address information of this next-hop node.
Alternatively, each node also includes:
Adjacent node discovery module, including:
Address requests unit;
Unit is set, for receiving described discovery request message and this node is not described purpose when this section point
During node, using the upper hop node of this node as upstream request Object node;If this node is preserved
The address information of next-hop node, then using this next-hop node as downbound request Object node;By jumping figure
Value is set to 1, and described up, downbound request Object node sends jointly to described Address requests unit;
Described Address requests unit is for described upstream request Object node sending node Address requests report
Literary composition, wherein carries described jumping figure value, believes the upper hop address of node of described upstream request Object node
The challenging value that the request of breath, the identity information of this node and this node generate;If there is downbound request pair
As node, then to described downbound request Object node sending node Address requests message, wherein carry described
Jumping figure value, the request of address information of next-hop node to described downbound request Object node, this node
Identity information and this node generate challenging value;
Checking request unit, for when receiving node RaThe request up/down one hop node address information sent
After described node address request message, if this node preserves the address information of up/down one hop node, then
Structure node checking request message returns to described node Ra, wherein carry the identity information of this node, number
The challenging value of word certificate, this node generation and described node are for described node RaChallenge responses value;
Auth response unit, for when receiving node RbAfter the described node verification request message returned, as
Fruit be verified then sending node auth response message give described node Rb, wherein carry the numeral of this node
Certificate and this node are for described node RbChallenge responses value;
Described checking request unit is additionally operable to after receiving described node verification response message, if checking is logical
Cross, then feed back the address information of up/down one hop node of this node;
The described unit that arranges is additionally operable to work as received address information and be not belonging to the target joint that this section point is to be looked for
During point, node corresponding to address information that this node is received from described upstream request Object node as
Described upstream request Object node, by this node from the address letter that described downbound request Object node is received
Described jumping figure value, as described downbound request Object node, is added 1, then with described by the node of breath correspondence
Upstream request Object node, described downbound request Object node send jointly to described Address requests unit;
If the address information received belongs to the destination node that this node is to be looked for, then adjacent node discovery procedure terminates.
Technical scheme trusted node be applicable to communication network finds, uses challenge-response
Mode, by the authenticity verification of node on path, it is ensured that the node of discovery is all believable, thus
The communications being able to ensure that between the network equipment is safe and reliable, and flow process is simple, it is not necessary to repeat
Send a plurality of packet, therefore greatly reduce communication delay;The prioritization scheme of the present invention is applicable to communication
Adjacent node in network finds, the node on path can be looked into by the IP address of the relevant adjacent node of storage
Find the position of other nodes on path, and can internodal on realizing route be mutually authenticated.The present invention's
Technical scheme due to simple flow and safe and reliable, therefore at a high speed, the communication of multi-hop large-scale, complicated
Network can be suitable for too.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the node discovery method of embodiment one;
Fig. 2 is the schematic flow sheet that in embodiment one, trusted node finds method;
Fig. 3 is the schematic flow sheet of the adjacent node discovery method of embodiment one.
Detailed description of the invention
Below in conjunction with drawings and Examples, technical scheme is described in detail.
If it should be noted that do not conflict, each feature in the embodiment of the present invention and embodiment can
To be combined with each other, all within protection scope of the present invention.Although it addition, showing in flow charts and patrol
Collect sequentially, but in some cases, can be to be different from shown or described by order execution herein
Step.
Node discovery method in embodiment one, a kind of communication network, as it is shown in figure 1, include:
S101, source node send and find that request message, to next-hop node, is taken in described discovery request message
Address information, the identity information of source node, the address information of destination node and source node with source node are raw
The challenging value become;
S102, receive the node of described discovery request message and return this node to described source node and submit to institute
State the checking information of source node, including: the address information of this node and digital certificate, and this node pin
Challenge responses value to source node;Judge to save for the purpose of whether this node according to described address information therein
Point, is then transmitted to the next-hop node of this node if not destination node by described discovery request message;
S103, described source node are after receiving the checking information that destination node returns, each according to received
Each node is verified by the checking information that node is submitted to;If be all verified, by each described node
It is defined as trusted node.
In the present embodiment, by whole discovery request message transmittance process process, except described source node
It is referred to as intermediate node with the node beyond destination node;In step S101, the down hop joint of usual source node
Point is first intermediate node, but is also not excluded for the situation that next-hop node is exactly destination node.
In the present embodiment, described intermediate node can be, but not limited to find that response message is to institute by nonterminal
State source node to return this node and submit to the checking information of described source node;Described destination node can but not
It is limited by node and finds that end response message returns this node to described source node and submits to described source node
Checking information.
In the present embodiment, described address information can be, but not limited to as IP address;Receive described discovery to ask
The node of message can be by the IP address of the IP address and described destination node of comparing this node whether phase
With, judge node for the purpose of this node is whether.
The present embodiment uses identity information and digital certificate and asymmetrical challenge response authentication mechanism to come really
Protecting the safety in node discovery procedure, described source node can be by checking intermediate node/destination node
Address information, digital certificate and challenge responses value are the most effective, judge each node in discovery procedure
The most credible.
In an embodiment of the present embodiment, node for source node challenge responses value can but
It is not limited to the relevant information between source node and this node, to the private key using this node to this relevant letter
The signature that breath generates carries out the result of logical operations;Wherein, the relevant information between source node and this node
Including: the challenging value that the identity information of this node, the identity information of source node and described source node generate.
In present embodiment, the checking information that described source node is submitted to according to each node of being received is to each joint
The step that point carries out verifying specifically may include that
Described source node separately verifies the address information in the checking information that each node is submitted to and digital certificate is
No effectively;The challenge responses generated by this node of public key verifications carried in each node digital certificate respectively
Signature in value is the most effective.
In present embodiment, the identity information of described node, digital certificate and public private key pair can but do not limit
Then this node is to PKI(Public Key Infrastructure, PKIX) apply for.
Present embodiment is based further on the PKI technical system of certificate to the peace guaranteeing in node discovery procedure
Quan Xing;All of node can apply for relevant digital certificate and public private key pair when initializing to PKI, only
Have PKI to be considered legal user could apply for relevant digital certificate and public private key pair.At credible joint
During point discovery, all nodes (each intermediate node and destination node) on path all send PKI and divide
The digital certificate of this node of dispensing and distribute to, with PKI, the signature that the private key of this node generates and save to source
Point, source node realizes the authenticity verification to node identities by checking certificate and signature effectiveness.Only
The signature having the digital certificate of legal user and generation can be by the certification of source node.
In an embodiment of the present embodiment, described described discovery request message is transmitted to this node
The step of next-hop node specifically may include that
Preserve the upper hop address of node information in described discovery request message, then delete described discovery
The additional information of other node beyond source node described in request message, in described discovery request message
Increase the additional information of this node, be last transmitted to the next-hop node of this node;Described additional information bag
Include: the challenging value that the address information of this node, identity information and this node generate;
In present embodiment, in order to the original discovery request message sent with described source node distinguishes,
Discovery request message that can be forwarded by each intermediate node, that add this node additional information is referred to as transfer
Find request message.
In present embodiment, except directly receiving first centre finding request message from described source node
Outside node, remaining intermediate node is required for deleting and will find that request message is transmitted to upper the one of this node
The additional information of hop node.
In present embodiment, described step S102 can also include:
When upper hop node is not described source node, structure is neighbouring finds that response message is sent to upper hop
Node, wherein carries this node and submits to the checking information of upper hop node, including: this address of node
Information, digital certificate and this node are for the challenge responses value of upper hop node;This node is for upper one
The challenge responses value of hop node can be, but not limited to as the relevant information between upper hop node and this node,
With the result that the signature using the private key of this node to be generated this relevant information carries out logical operations;Wherein,
Relevant information between upper hop node and this node includes: the identity information of this node, upper hop node
Identity information and described upper hop node generate challenging value.
In present embodiment, described method can also include:
Receive the address information sum of the described neighbouring node verification wherein next-hop node finding response message
Whether word certificate is effective, and by the public key verifications carried in the digital certificate of this next-hop node this next
Signature in the challenge responses value that hop node generates is the most effective;If all effective, preserve this down hop joint
The address information of point.
In present embodiment, the only address information through the adjacent node of checking just can be deposited by intermediate node
Storage is got up and is found for adjacent node, has ensured the safety of node discovery procedure further.
The object lesson found by a trusted node below illustrates;In this example, it is assumed that PKI is
Through having issued digital certificate and the public private key pair of this node, described address respectively to each legal intermediate node
Information is IP address;By the trusted node discovery procedure of transmitting terminal to receiving terminal as in figure 2 it is shown, specifically wrap
Include following steps:
Step 201, initiator S will carry the address ip _ S of initiator, destination node to be searched
IP address ip _ Rn, jumping figure value Hop, the identity information ID_S of initiator and initiator randomly choose
The source end node of challenging value Random_S find that request message sends to first intermediate node R1, this
Time Hop be 0.
Step 202, intermediate node R1After receiving source end node discovery request message, preserve source end node
IP address ip _ S, and proceed as follows:
2021、R1Verify whether it self is destination node to be searched for initiator S, R1Contrast oneself
IP address and source end node find the IP address of the destination node in request message, if the same walk
Rapid 205;And if differed, then R1R is added on the basis of source end node finds request message1Attached
Add information;Described R1Additional information include: R1IP address ip _ R1、R1Identity information ID_R1
With a R1The challenging value Random_R generated1, and to change Hop be 1, thus obtain one forwards
By this transfer, existing request message, finds that request message sends to next-hop node R2;
2022, R simultaneously1Utilize the private key that PKI issues to it to S and R1Between relevant information generate
Signature;Described S and R1Between relevant information include: identity information ID_S, R of S1Identity letter
Breath ID_R1And the challenging value Random_S that S generates;By the signature obtained and described S and R1Between
Relevant information constitute R1Challenge responses value for S:
TokenR1S=ID_R1||ID_S||Random_S||SignR1(ID_R1||ID_S||Random_S);
Wherein | | represent predetermined logical operations, SignX(M) represent that the private key utilizing X is raw to message M
The signature become, signature algorithm used herein can be assigned by PKI and also can be consulted to determine by each node.Then
R1Construct a nonterminal and find that response message sends to initiator S, wherein carry R1Submit to testing of S
Card information, including R1IP address ip _ R1、R1Digital certificate Cert_R1And R1Choosing for S
War response value TokenR1S。
Step 2021 and 2022 is regardless of front and back, it is also possible to parallel.
Step 203, intermediate node R2After receiving transfer discovery request message, preserve upper hop node R1
IP address ip _ R1, and proceed as follows:
2031、R2It is similar to R in step 20211Operation, first determine whether whether self is destination node,
If it is step 205 is carried out;If it find that IP address is not mated, then R2The middle forwarding that will be received
R in existing request message1Additional information delete, add R2Additional information (be equivalent in source end node
R is added on the basis of finding request message2Additional information);Described R2Additional information include: R2
IP address ip _ R2、R2Identity information ID_R2With a R2The challenging value Random_R generated2,
And Hop is set to 2, thus obtain a new transfer and find request message, this new transfer is found
Request message sends to next-hop node R3;
2032、R2It is similar to R in step 20221Operation, simply by R1Submit to the checking information of S
Change R into2Submit to the checking information of S, by S and R1Between relevant information change described S and R into2It
Between relevant information;First generate R2Challenge responses value TokenR for S2S=ID_R2||ID_S||
Random_S||SignR2(ID_R2| | ID_S | | Random_S), and construct a new nonterminal discovery sound
Answer message to send to initiator S, wherein carry R2Submit to the checking information of S, including R2IP ground
Location IP_R2, digital certificate Cert_R2And R2Challenge responses value TokenR for S2S。
2033、R2Utilize the private key that PKI issues to it to R1And R2Between relevant information generate signature;
Described R1And R2Between relevant information include R1Identity information ID_R1、R2Identity information ID_R2
And R1The challenging value Random_R generated1;By the signature obtained and described R1And R2Between relevant
Information structure R2For R1Challenge responses value:
TokenR2R1=ID_R2||ID_R1||Random_R1||SignR2(ID_R2||ID_R1||Random_R1);
R2Construct a neighbouring discovery response message and be sent to upper hop node R1, wherein carry R2Submit to
To R1Checking information, including IP_R2、Cert_R2And R2For R1Challenge responses value
TokenR2R1。
In step 203, construct and send transfer and find that request message, nonterminal find response message and neighbour
The nearly step finding response message in no particular order and can be parallel, be also such in step 204.
Step 204, follow-up intermediate node Ri(2 < i≤n-1, wherein n-1 is that described node finds to ask
Message is asked to be delivered to the number of the intermediate node that destination node is experienced from described initiator S) receive transfer
Find request message and neighbouring find response message after, preserve that the transfer received finds in request message is upper
The IP address of one hop node, and proceed as follows:
2041、RiIt is similar to R in step 20312Operation, construct new transfer and find that request message is sent out
Deliver to next-hop node Ri+1, here only need to be by R all in step 20312Additional information replace with Ri
Additional information, namely RiLeave out received transfer and find R in request messagei-1Additional letter
Breath, adds RiAdditional information, thus obtain new transfer and find request message.
2042、RiIt is similar to R in step 20322Operation, structure nonterminal response message sends to S;
Here only need to be by R in step 20322The checking information submitting to S replaces with RiSubmit to the checking letter of S
Cease.
2043、RiIt is similar to R in step 20332Operation, construct and new neighbouring find that response message is sent out
Deliver to upper hop node Ri-1, here only need to be by R in step 20331And R2Between relevant information replace
For Ri-1And RiBetween relevant information (include Ri-1Identity information ID_Ri-1、RiIdentity information ID_Ri
And Ri-1The challenging value Random_R generatedi-1).
Intermediate node Ri(1≤i≤n-1) verifies from next-hop node Ri+1(wherein Rn-1Down hop
Node is destination node Rn) the neighbouring digital certificate Cert_R found in response messagei+1It is the most effective,
And utilize Ri+1Digital certificate in public key verifications Ri+1For RiChallenge responses value TokenRi+1Ri
In signature the most effective;If being all effective, then RiStore and find response from the neighbouring of down hop
R in messagei+1IP address ip _ Ri+1, in case the adjacent node between intermediate node finds.Digital certificate
As long as with signature in have one invalid, then RiThe IP address of next-hop node will not stored.
Step 205, destination node RnReceive upper hop node Rn-1(Rn-1Last intermediate node i.e.)
After the transfer sent finds request message, preserve the IP address of upper hop node, and proceed as follows:
2051, destination node RnUtilize the private key that PKI issues to it to S and RnBetween relevant information
Generate signature;Described S and RnBetween relevant information include: identity information ID_S, R of SnBody
Part Information ID _ Rn, and the challenging value Random_S that generates of S, by the signature that obtains and described S and
RnBetween relevant information constitute RnChallenge responses value for S:
TokenRnS=ID_Rn||ID_S||Random_S||SignRn(ID_Rn||ID_S||Random_S);
RnConstruct a node and find that terminating response message sends to initiator S, wherein carries RnIP
Address ip _ Rn, digital certificate Cert_RnAnd RnChallenge responses value TokenR for SnS, shows
Discovery procedure terminates.
2052、RnIt is similar to R in step 20332Operation, construct and new neighbouring find that response message is sent out
Deliver to upper hop node Rn-1, here only need to be by R1And R2Between relevant information replace with Rn-1And Rn
Between relevant information (include Rn-1Identity information ID_Rn-1、RnIdentity information ID_RnAnd Rn-1The challenging value Random_R generatedn-1).
In step 205, structure node finds to terminate the step of response message and neighbouring discovery response message not
Successively and can be parallel.
Step 206, initiator S checking from all intermediate nodes nonterminal find response message, with
And, and respectively profit the most effective from the digital certificate in the node discovery end response message of destination node
With this node of the public key verifications in the digital certificate of each node for the signature in the challenge responses value of S whether
Effectively;If all digital certificate and the signature of node (intermediate node and destination node) are all effective, then
Described whole nodes are defined as trusted node;As long as having the digital certificate of any one node or the signature to be
Invalid, then S will distrust the path searched for, and again initiates trusted node discovery procedure.
In an embodiment of the present embodiment, can also include after described step S103:
S104, each intermediate node RiFollowing the steps below respectively, described intermediate node is described destination node
The node receiving described discovery request message in addition:
41、RiUsing the upper hop node of this node as upstream request Object node;If this node preserves
There is the address information of next-hop node, then using this next-hop node as downbound request Object node;To jump
Numerical value is set to 1;
42、RiTo described upstream request Object node sending node Address requests message, wherein carry described
Jumping figure value, the request of upper hop address of node information to described upstream request Object node, this node
Identity information and this node generate challenging value;
If there is described downbound request Object node, then RiJoint is sent to described downbound request Object node
Dot address request message, wherein carries described jumping figure value, down hop to described downbound request Object node
The challenging value that the request of address of node information, the identity information of this node and this node generate;
43, described uplink/downlink request Object node receives described RiThe request up/down one hop node ground sent
After the node address request message of location information, if this node has the address information of up/down one hop node, then
Structure node checking request message returns to Ri, wherein carry the identity information of this node, digital certificate,
The challenging value of this node generation and described node are for RiChallenge responses value;
In this step and subsequent step, the operation of upstream request Object node and downbound request Object node is
The most independent, RiAlso it is each relative to the operation of upstream request Object node and downbound request Object node
From independent;Each independently mean to be independent of each other, and be independent of mutually the most all occurring, it is possible to
The part of uplink/downlink can only occur.In such as this step, as RiUpstream request Object node, only
R may be receivediThe node address request message of the request upper hop node address information sent, also has only to
Judge whether this node has upper hop address of node information;How to do as downbound request Object node,
Whether do, even regardless of whether there is downbound request Object node, all without affecting upstream request object joint
The operation of point.
44、RiAfter receiving the node verification request message of described uplink/downlink request Object node, if checking
Ask Object node to described uplink/downlink by then sending node auth response message, wherein carry RiNumber
Word certificate and RiChallenge responses value for described uplink/downlink request Object node;
45, after described uplink/downlink request Object node receives described node verification response message, if checking
Pass through, then the address information of up/down one hop node of this node is fed back to Ri;
If 46 address informations received also are not belonging to RiDestination node to be looked for, then by RiFrom described
Node corresponding to address information that upstream request Object node is received is as RiUpstream request object joint
Point, by RiNode corresponding to the address information that received from described downbound request Object node is as RiUnder
Row request Object node, adds 1 by described jumping figure value, is then back to step 42;If the address letter received
Breath belongs to RiDestination node to be looked for, then adjacent node discovery procedure terminates.
If confiscating the address information that uplink/downlink request Object node returns, then delete original uplink/downlink
Request Object node, so return step 42 after be only updated after request Object node side (up or
Descending) operation;If uplink/downlink request Object node does not all have return address information, then adjacent node is sent out
Existing process can also terminate.
In present embodiment, the step of checking, with similar, is also to include the numeral card that checking is received
Whether book is effective, and the label in the challenge responses value received according to the public key verifications in this digital certificate
Name is the most effective, and digital certificate and signature are verified time all effective;Obtain this node for Correspondent Node
The process of the challenge responses value of node is also with similar, and Correspondent Node is saved by the private key first with this node
Relevant information between point and this node generates signature, by the signature obtained and described correspondent node and
Relevant information between this node carries out logical operations, obtains the challenge for correspondent node of this node
Response value.Specifically can be found in example hereinafter.
In present embodiment, step S104 is the process that adjacent node finds, is also to use based on PKI
Asymmetric challenge response authentication mechanism design, intermediate node is by adjacent node sending node address
Request message goes to ask upper hop or the IP address of next-hop node of adjacent node;Then intermediate node and
The adjacent node of oneself realizes both sides' verity each other by one challenge response mechanism of execution and tests
Card, the most legal requesting party could obtain the IP address information of the adjacent node of interdependent node, also only have
The IP address information that believable Requested Party provides could be accepted by Requested Party, it is achieved that neighbouring joint
Being mutually authenticated between point.
The object lesson found with an adjacent node below illustrates;Described in this example is upper one
Process after trusted node has found in example, utilizes the most known node neighbour of the intermediate node on path
The characteristic of the IP address of nearly intermediate node, any one intermediate node R on pathiCan be according to being stored
The IP address search path of adjacent node at the middle and upper levels or the intermediate node of lower floor, as it is shown on figure 3, specifically walk
Rapid as follows:
Step 301: by intermediate node RiThe upper hop node R of (2 < i≤n)i-1As RiUpstream request
Object node, if RiIn save next-hop node Ri+1IP address, then by Ri+1As RiDescending
Request Object node.Jumping figure value Hop is set to 1.
Step 302:RiAccording to the IP address deposited to the upstream request Object node sending node ground of this node
Location request message, (the most up with the IP address asking the upper hop node of this upstream request Object node
Request Object node is Ri-1Time, request is Ri-2IP address), described node address request message is taken
Carry described Hop, solicited message ReqInfo, RiIdentity information ID_RiAnd RiThe challenging value generated
Random_Ri;What described solicited message ReqInfo showed request is the upper hop of upstream request Object node
The IP address of node or the IP address of the next-hop node of downbound request Object node.
Step 302 ', if there is downbound request Object node, as shown in phantom in Figure 3, then RiTo this section
The downbound request Object node also sending node Address requests message of point, asks this downbound request Object node
(such as downbound request Object node is R the IP address of next-hop nodei+1Time, request is Ri+2IP
Address), process and upper hop node Ri-1Request Ri-1Upper hop node Ri-2The process class of IP address
Seemingly.
If RiOnly there is the IP address of upper hop node and do not deposits the IP address of next-hop node, then
RiCan only be to Ri-1Ask its upper hop node Ri-2IP address.
With upstream request Object node as R in below step 303~305i-1It is described, if up
Request Object node is other node, replaces the R related in these steps with this nodei-1:
Step 303:Ri-1After receiving described node address request message, proceed as follows:
(3.1) Ri-1Utilize the private key that PKI issues to it to RiAnd Ri-1Between relevant information (include
RiIdentity information ID_Ri、Ri-1Identity information ID_Ri-1And RiThe challenging value Random_R generatedi)
Generate signature, and by the signature obtained and described RiAnd Ri-1Between relevant information constitute Ri-1For Ri
Challenge responses value TokenRi-1Ri=ID_Ri-1||ID_Ri||Random_Ri||SignRi-1(ID_Ri-1||ID_Ri
||Random_Ri);
(3.2) then Ri-1Construct a node verification request message, by the identity information of this node
ID_Ri-1, generate challenging value Random_Ri-1, digital certificate Cert_Ri-1And Ri-1For RiChoose
War response value TokenRi-1RiReturn to intermediate node Ri。
Step 303 ', downbound request Object node receive the processing procedure after described node address request message
It is similar to above-mentioned steps (3.1) and (3.2), as shown in phantom in Figure 3, simply will therein up ask
Object node is asked to replace to downbound request Object node (such as by Ri-1Replace with Ri+1).
If uplink/downlink request Object node does not deposit the IP address of up/down one hop node, the most do not process institute
The node address request message received.
Step 304:RiReceive from Ri-1Node verification request message after, verify wherein Ri-1Numeral
Certificate is the most effective, and utilizes Ri-1Public key verifications R in certificatei-1For RiChallenge responses value
TokenRi-1RiIn signature whether effective, as long as digital certificate and signature have one invalid, then abandon
Described node verification request message;If digital certificate and signature are all effective, then it is verified, RiUtilize
The private key that PKI issues to it is to Ri-1And RiBetween relevant information (include Ri-1Identity information ID_Ri-1、
RiIdentity information ID_RiAnd Ri-1The challenging value Random_R generatedi-1) generate and sign, and will
The signature arrived and described Ri-1And RiBetween relevant information constitute RiFor Ri-1Challenge responses value:
TokenRiRi-1=ID_Ri||ID_Ri-1||Random_Ri-1||SignRi(ID_Ri||ID_Ri-1||
Random_Ri-1), then will carry the digital certificate Cert_R of this nodeiAnd TokenRiRi-1Node
Auth response message is sent to adjacent node Ri-1。
Step 304 ' if RiReceive is the node verification request message from downbound request Object node,
Process is similar to above-mentioned steps 304, as shown in phantom in Figure 3, is simply replaced by upstream request Object node
Change downbound request Object node into.
Step 305:Ri-1After receiving described node verification response message, verify Cert_RiIt is the most effective,
And utilize Cert_RiIn public key verifications RiFor Ri-1Challenge responses value TokenRiRi-1In signature
The most effective, if digital certificate and signature are all effective, then it is verified, Ri-1By its upper hop
Node Ri-2IP address feed back to requesting party Ri;If digital certificate and signature in have one invalid, then
Abandon described node verification response message.
Step 305 ' if downbound request Object node receives described node verification response message, process
It is similar to above-mentioned steps 305, as shown in phantom in Figure 3, simply upstream request Object node is replaced to
Downbound request Object node;If digital certificate and signature be all effective, then be verified, descending please
Object node is asked to send the IP address of next-hop node of this node to requesting party Ri(such as downbound request pair
As node is Ri+1Time, send Ri+2IP address).
Step 306: if the IP address received not is RiWant the destination node looked for, then by Ri
The node corresponding from the IP address that described upstream request Object node is received is as new RiUpstream request
Object node, by RiThe node corresponding from the IP address that described downbound request Object node is received is as newly
RiDownbound request Object node, Hop is added 1, is then back to step 302.If the IP received
Address is RiWant the destination node looked for, then adjacent node discovery procedure terminates.
Embodiment two, the node in a kind of communication network finds system, including:
Multiple nodes, at least a part of which includes being ready for source node and the destination node that node finds;
Each node includes respectively:
Request sending module, for when this node is as source node, sends and finds that request message is to next
Hop node, carry in described discovery request message the address information of source node, the identity information of source node,
The challenging value that the address information of destination node and source node generate;
Request respond module, for after receiving described discovery request message, returns this node to source node
Submit to the checking information of described source node, including: the address information of this node and digital certificate, and
This node is for the challenge responses value of source node;
Request forwarding module, for after receiving described discovery request message, according to address information therein
Judge node for the purpose of this node is whether;If this node is intermediate node, by described discovery request message
It is transmitted to the next-hop node of this node;
Authentication module, for when this node is as source node, when receiving the checking letter that destination node returns
After breath, according to the checking information that each node received is submitted to, each node is verified;If all tested
Card is by being then defined as trusted node by each described node.
In an embodiment of the present embodiment, node for the challenge responses value of source node can be
Relevant information between source node and this node, generates this relevant information with the private key using this node
Signature carries out the result of logical operations;Wherein, the relevant information between source node and this node includes: should
The challenging value that the identity information of node, the identity information of source node and described source node generate;
Described authentication module carries out checking according to the checking information that each node received is submitted to each node to be had
Body may refer to:
Described authentication module separately verifies the address information in the checking information that each node is submitted to and digital certificate
The most effective;The challenge generated by this node of public key verifications carried in each node digital certificate respectively is rung
Signature in should being worth is the most effective.
In an embodiment of the present embodiment, described discovery request message is turned by described request forwarding module
The next-hop node issuing this node specifically may refer to:
Described request forwarding module preserves the upper hop address of node information in described discovery request message,
Then the additional information of other node beyond source node is deleted described in described discovery request message, in institute
State the additional information finding to increase this node in request message, be last transmitted to the next-hop node of this node;
Described additional information includes: the challenging value that the address information of this node, identity information and this node generate;
Each node can also include:
Neighbouring respond module, for when upper hop node is not described source node, the neighbouring discovery of structure is rung
Answer message to be sent to upper hop node, wherein carry this node and submit to the checking information of upper hop node,
Including: the address information of this node, digital certificate and this node are for the challenge responses of upper hop node
Value;This node is being correlated with between upper hop node and this node for the challenge responses value of upper hop node
Information, with the result that the signature using the private key of this node to be generated this relevant information carries out logical operations;
Wherein, the relevant information between upper hop node and this node includes: the identity information of this node, upper
The challenging value that the identity information of hop node and described upper hop node generate.
In present embodiment, described authentication module can be also used for when receiving described neighbouring discovery response message
After, verify that the address information of wherein next-hop node and digital certificate are the most effective, and by this down hop
Signature in the challenge responses value that this next-hop node of the public key verifications carried in the digital certificate of node generates
The most effective;If all effective, preserve the address information of this next-hop node.
In present embodiment, each node can also include adjacent node discovery module, specifically include:
Address requests unit;
Unit is set, for receiving described discovery request message and this node is not described purpose when this section point
During node, using the upper hop node of this node as upstream request Object node;If this node is preserved
The address information of next-hop node, then using this next-hop node as downbound request Object node;By jumping figure
Value is set to 1, and described up, downbound request Object node sends jointly to described Address requests unit;
Described Address requests unit is for described upstream request Object node sending node Address requests report
Literary composition, wherein carries described jumping figure value, believes the upper hop address of node of described upstream request Object node
The challenging value that the request of breath, the identity information of this node and this node generate;If there is downbound request pair
As node, then to described downbound request Object node sending node Address requests message, wherein carry described
Jumping figure value, the request of address information of next-hop node to described downbound request Object node, this node
Identity information and this node generate challenging value;
Checking request unit, for when receiving node RaThe request up/down one hop node address information sent
After described node address request message, if this node preserves the address information of up/down one hop node, then
Structure node checking request message returns to described node Ra, wherein carry the identity information of this node, number
The challenging value of word certificate, this node generation and described node are for described node RaChallenge responses value;
Auth response unit, for when receiving node RbAfter the described node verification request message returned, as
Fruit be verified then sending node auth response message give described node Rb, wherein carry the numeral of this node
Certificate and this node are for described node RbChallenge responses value;
Described checking request unit is additionally operable to after receiving described node verification response message, if checking is logical
Cross, then feed back up/down one hop node of this node address information (if the node address request report received
Literary composition request is upper hop address of node information, then feedback upper hop address of node information;If received
To node address request message request be the address information of next-hop node, then feed back next-hop node
Address information);
The described unit that arranges is additionally operable to work as received address information and be not belonging to the target joint that this section point is to be looked for
During point, node corresponding to address information that this node is received from described upstream request Object node as
Described upstream request Object node, by this node from the address letter that described downbound request Object node is received
Described jumping figure value, as described downbound request Object node, is added 1, then with described by the node of breath correspondence
Upstream request Object node, described downbound request Object node send jointly to described Address requests unit;
If the address information received belongs to the destination node that this node is to be looked for, then adjacent node discovery procedure terminates.
One of ordinary skill in the art will appreciate that all or part of step in said method can pass through program
Instructing related hardware to complete, described program can be stored in computer-readable recording medium, as read-only
Memorizer, disk or CD etc..Alternatively, all or part of step of above-described embodiment can also use
One or more integrated circuits realize.Correspondingly, each module/unit in above-described embodiment can use
The form of hardware realizes, it would however also be possible to employ the form of software function module realizes.The present invention is not restricted to appoint
The combination of the hardware and software of what particular form.
Certainly, the present invention also can have other various embodiments, spiritual and essence without departing substantially from the present invention
In the case of, those of ordinary skill in the art work as can make various corresponding change and deformation according to the present invention,
But these change accordingly and deform the scope of the claims that all should belong to the present invention.
Claims (8)
1. the node discovery method in communication network, including:
S101, source node send and find that request message, to next-hop node, is taken in described discovery request message
Address information, the identity information of source node, the address information of destination node and source node with source node are raw
The challenging value become;
S102, receive the node of described discovery request message and return this node to described source node and submit to institute
State the checking information of source node, including: the address information of this node and digital certificate, and this node pin
Challenge responses value to source node;Judge to save for the purpose of whether this node according to described address information therein
Point, then preserves the upper hop address of node letter in described discovery request message if not destination node
Breath, then deletes in described discovery request message the additional information of other node beyond source node, in institute
State the additional information finding to increase this node in request message, be last transmitted to the down hop joint of this node
Point;Described additional information includes: the challenge that the address information of this node, identity information and this node generate
Value;
When upper hop node is not described source node, structure is neighbouring finds that response message is sent to upper hop
Node, wherein carries this node and submits to the checking information of upper hop node, including: this address of node
Information, digital certificate and this node are for the challenge responses value of upper hop node;This node is for upper one
The challenge responses value of hop node is the relevant information between upper hop node and this node, with this node of employing
Private key signature that this relevant information is generated carry out the result of logical operations;Wherein, upper hop node
With the relevant information between this node includes: the identity information of this node, the identity information of upper hop node,
And the challenging value that described upper hop node generates;
S103, described source node are after receiving the checking information that destination node returns, each according to received
Each node is verified by the checking information that node is submitted to;If be all verified, by each described node
It is defined as trusted node.
2. the method for claim 1, it is characterised in that:
One node is the relevant information between source node and this node for the challenge responses value of source node,
With the result that the signature using the private key of this node to generate this relevant information carries out logical operations;Wherein,
Relevant information between source node and this node includes: the identity information of this node, the identity letter of source node
The challenging value that breath and described source node generate;
Each node is verified by the checking information that described source node is submitted to according to each node received
Step includes:
Described source node separately verifies the address information in the checking information that each node is submitted to and digital certificate
The most effective;The challenge generated by this node of public key verifications carried in each node digital certificate respectively is rung
Signature in should being worth is the most effective.
3. the method for claim 1, it is characterised in that also include:
Receive the described neighbouring node verification wherein next-hop node finding response message address information and
Whether digital certificate is effective, and by the public key verifications carried in the digital certificate of this next-hop node under this
Signature in the challenge responses value that one hop node generates is the most effective;If all effective, preserve this down hop
Address of node information.
4. method as claimed in claim 3, it is characterised in that also include after described S103:
S104, each intermediate node RiFollowing the steps below respectively, described intermediate node is described purpose joint
The node receiving described discovery request message beyond Dian:
41、RiUsing the upper hop node of this node as upstream request Object node;If this node preserves
There is the address information of next-hop node, then using this next-hop node as downbound request Object node;To jump
Numerical value is set to 1;
42、RiTo described upstream request Object node sending node Address requests message, wherein carry described
Jumping figure value, the request of upper hop address of node information to described upstream request Object node, this node
Identity information and this node generate challenging value;
If there is described downbound request Object node, then RiSend to described downbound request Object node
Node address request message, wherein carries described jumping figure value, to next of described downbound request Object node
The challenging value that the request of the address information of hop node, the identity information of this node and this node generate;
43, uplink/downlink request Object node receives described RiThe request up/down one hop node address letter sent
After the node address request message of breath, if this node has the address information of up/down one hop node, then structure
Make node verification request message and return to Ri, wherein carry the identity information of this node, digital certificate, basis
The challenging value of node generation and described node are for RiChallenge responses value;
44、RiAfter receiving the node verification request message of described uplink/downlink request Object node, if tested
Demonstrate,prove and ask Object node by then sending node auth response message to described uplink/downlink, wherein carry Ri
Digital certificate and RiChallenge responses value for described uplink/downlink request Object node;
45, after described uplink/downlink request Object node receives described node verification response message, if tested
Card passes through, then the address information of up/down one hop node of this node is fed back to Ri;
If 46 address informations received also are not belonging to RiDestination node to be looked for, then by RiFrom institute
State node corresponding to address information that upstream request Object node received as RiUpstream request object
Node, by RiNode corresponding to the address information that received from described downbound request Object node is as Ri
Downbound request Object node, described jumping figure value is added 1, is then back to step 42;If the ground received
Location information belongs to RiDestination node to be looked for, then adjacent node discovery procedure terminates.
5. the node in communication network finds a system, including:
Multiple nodes, at least a part of which includes being ready for source node and the destination node that node finds;
It is characterized in that, each node includes respectively:
Request sending module, for when this node is as source node, sends and finds that request message is to next
Hop node, carry in described discovery request message the address information of source node, the identity information of source node,
The challenging value that the address information of destination node and source node generate;
Request respond module, for after receiving described discovery request message, returns this node to source node
Submit to the checking information of described source node, including: the address information of this node and digital certificate, and
This node is for the challenge responses value of source node;
Request forwarding module, for after receiving described discovery request message, according to address information therein
Judge node for the purpose of this node is whether;If this node is intermediate node, preserves described discovery and ask report
The address information of the upper hop in literary composition, then deletes described in described discovery request message beyond source node
The additional information of other node, increases the additional information of this node, finally in described discovery request message
It is sent to the next-hop node of this node;Described additional information includes: the address information of this node, identity
The challenging value that information and this node generate;
Authentication module, for when this node is as source node, when receiving the checking letter that destination node returns
After breath, according to the checking information that each node received is submitted to, each node is verified;If all tested
Card is by being then defined as trusted node by each described node;
Neighbouring respond module, for when upper hop node is not described source node, the neighbouring discovery of structure is rung
Answer message to be sent to upper hop node, wherein carry this node and submit to the checking information of upper hop node,
Including: the address information of this node, digital certificate and this node are for the challenge responses of upper hop node
Value;This node is being correlated with between upper hop node and this node for the challenge responses value of upper hop node
Information, with the knot that the signature using the private key of this node to be generated this relevant information carries out logical operations
Really;Wherein, the relevant information between upper hop node and this node includes: the identity information of this node,
The challenging value that the identity information of upper hop node and described upper hop node generate.
6. system as claimed in claim 5, it is characterised in that:
One node is the relevant information between source node and this node for the challenge responses value of source node,
With the result that the signature using the private key of this node to generate this relevant information carries out logical operations;Wherein,
Relevant information between source node and this node includes: the identity information of this node, the identity letter of source node
The challenging value that breath and described source node generate;
Each node is verified by the checking information that described authentication module is submitted to according to each node received
Refer to:
Described authentication module separately verifies the address information in the checking information that each node is submitted to and numeral card
Book is the most effective;The challenge generated by this node of public key verifications carried in each node digital certificate respectively
Signature in response value is the most effective.
7. system as claimed in claim 5, it is characterised in that:
Described authentication module is additionally operable to, after receiving described neighbouring discovery response message, verify wherein down hop
Address of node information and digital certificate are the most effective, and by the digital certificate of this next-hop node is taken
Signature in the challenge responses value that this next-hop node of public key verifications of band generates is the most effective;If all had
Effect then preserves the address information of this next-hop node.
8. system as claimed in claim 7, it is characterised in that also include in each node:
Adjacent node discovery module, including:
Address requests unit;
Unit is set, for receiving described discovery request message and this node is not described purpose when this section point
During node, using the upper hop node of this node as upstream request Object node;If this node is preserved
The address information of next-hop node, then using this next-hop node as downbound request Object node;By jumping figure
Value is set to 1, and described up, downbound request Object node sends jointly to described Address requests unit;
Described Address requests unit is for described upstream request Object node sending node Address requests report
Literary composition, wherein carries described jumping figure value, believes the upper hop address of node of described upstream request Object node
The challenging value that the request of breath, the identity information of this node and this node generate;If there is downbound request pair
As node, then to described downbound request Object node sending node Address requests message, wherein carry described
Jumping figure value, the request of address information of next-hop node to described downbound request Object node, this node
Identity information and this node generate challenging value;
Checking request unit, for when receiving node RaThe request up/down one hop node address information sent
Described node address request message after, if this node preserves the address information of up/down one hop node,
Then structure node checking request message returns to described node Ra, wherein carry this node identity information,
The challenging value of digital certificate, this node generation and described node are for described node RaChallenge responses
Value;
Auth response unit, for when receiving node RbAfter the described node verification request message returned,
The most then sending node auth response message gives described node Rb, wherein carry this node
Digital certificate and this node are for described node RbChallenge responses value;
Described checking request unit is additionally operable to after receiving described node verification response message, if checking is logical
Cross, then feed back the address information of up/down one hop node of this node;
The described unit that arranges is additionally operable to work as received address information and be not belonging to the target that this section point is to be looked for
During node, node corresponding to the address information that received from described upstream request Object node by this node is made
For described upstream request Object node, the address that this node is received from described downbound request Object node
Then and institute described jumping figure value, as described downbound request Object node, is added 1 by node corresponding to information,
State upstream request Object node, described downbound request Object node sends jointly to described Address requests list
Unit;If the address information received belongs to the destination node that this node is to be looked for, then adjacent node discovery procedure
Terminate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310723937.7A CN103701700B (en) | 2013-12-24 | 2013-12-24 | Node discovery method in a kind of communication network and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310723937.7A CN103701700B (en) | 2013-12-24 | 2013-12-24 | Node discovery method in a kind of communication network and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103701700A CN103701700A (en) | 2014-04-02 |
CN103701700B true CN103701700B (en) | 2017-01-04 |
Family
ID=50363102
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310723937.7A Active CN103701700B (en) | 2013-12-24 | 2013-12-24 | Node discovery method in a kind of communication network and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103701700B (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105282161B (en) * | 2015-10-23 | 2019-02-26 | 绵阳师范学院 | Point-to-point anonymous communication method based on random stateless address allocation strategy in IPv6 network |
CN105933399A (en) * | 2016-04-18 | 2016-09-07 | 乐视控股(北京)有限公司 | Content distribution network implementation method and system based on SDN |
CN105933398A (en) * | 2016-04-18 | 2016-09-07 | 乐视控股(北京)有限公司 | Access request forwarding method and system in content distribution network |
CN108075895B (en) * | 2016-11-15 | 2020-03-24 | 深圳银链科技有限公司 | Node permission method and system based on block chain |
JP6665793B2 (en) * | 2017-01-17 | 2020-03-13 | 京セラドキュメントソリューションズ株式会社 | Ad hoc network route construction system, node, center node, and ad hoc network route construction method |
CN108337092B (en) * | 2017-01-17 | 2021-02-12 | 华为国际有限公司 | Method and system for performing collective authentication in a communication network |
CN106941492A (en) * | 2017-03-30 | 2017-07-11 | 南京瑞合新信息技术有限公司 | Data safe transmission method between multiple cloud service nodes |
CN108551678B (en) * | 2018-03-20 | 2021-11-12 | 深圳友讯达科技股份有限公司 | Node dual-mode sensing method and communication system |
CN109379740B (en) * | 2018-10-10 | 2022-03-04 | 北京智芯微电子科技有限公司 | Wireless cooperative communication safety interaction method |
CN109379283B (en) * | 2018-12-11 | 2021-04-23 | 浩云科技股份有限公司 | Ad hoc network communication method and device based on heterogeneous equipment of Internet of things and ad hoc network |
US20220182243A1 (en) * | 2019-04-25 | 2022-06-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and Apparatus for Distributed Ledger |
CN110234154B (en) * | 2019-06-17 | 2021-11-30 | 广东工业大学 | Outdoor team communication system supporting ad hoc network |
CN110430221A (en) * | 2019-08-30 | 2019-11-08 | 天津大学 | A kind of NDP-ESP network security method based on Neighbor Discovery Protocol |
CN113507434B (en) * | 2021-05-28 | 2022-11-29 | 清华大学 | Data security transmission method, node and system in communication network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098318A (en) * | 2011-03-23 | 2011-06-15 | 电子科技大学 | Method for performing end-to-end anonymity safety communication of hop network |
CN102158864A (en) * | 2011-04-15 | 2011-08-17 | 北京航空航天大学 | Mobile AD Hoc network self-adapting secure routing method based on reliability |
CN102325131A (en) * | 2011-07-20 | 2012-01-18 | 北京邮电大学 | Bidirectional identity authentication method for wireless sensor network node |
CN102404737A (en) * | 2011-12-29 | 2012-04-04 | 重庆邮电大学 | Dynamic-detection-based wireless sensor network secure routing method |
CN102970679A (en) * | 2012-11-21 | 2013-03-13 | 联想中望系统服务有限公司 | Identity-based safety signature method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2034782A1 (en) * | 2007-09-06 | 2009-03-11 | Siemens Aktiengesellschaft | A method for misbehaviour detection in secure wireless mesh networks |
-
2013
- 2013-12-24 CN CN201310723937.7A patent/CN103701700B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098318A (en) * | 2011-03-23 | 2011-06-15 | 电子科技大学 | Method for performing end-to-end anonymity safety communication of hop network |
CN102158864A (en) * | 2011-04-15 | 2011-08-17 | 北京航空航天大学 | Mobile AD Hoc network self-adapting secure routing method based on reliability |
CN102325131A (en) * | 2011-07-20 | 2012-01-18 | 北京邮电大学 | Bidirectional identity authentication method for wireless sensor network node |
CN102404737A (en) * | 2011-12-29 | 2012-04-04 | 重庆邮电大学 | Dynamic-detection-based wireless sensor network secure routing method |
CN102970679A (en) * | 2012-11-21 | 2013-03-13 | 联想中望系统服务有限公司 | Identity-based safety signature method |
Non-Patent Citations (2)
Title |
---|
《一种双向认证Ad hoc安全路由协议的研究》;李之棠等;《小型微型计算机系统》;20050930;第26卷(第9期);第1507-1509页 * |
《移动Ad Hoc网络安全按需路由协议》;刘巧平等;《现代电子技术》;20101231(第16期);第97-100页 * |
Also Published As
Publication number | Publication date |
---|---|
CN103701700A (en) | 2014-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103701700B (en) | Node discovery method in a kind of communication network and system | |
Ahmed et al. | IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey | |
CN104967609B (en) | Intranet exploitation server access method, apparatus and system | |
Stavrou et al. | WebSOS: an overlay-based system for protecting web servers from denial of service attacks | |
JP2005117626A (en) | Method for authenticating packet transmitted serially in network | |
Choo et al. | Robustness of DTN against routing attacks | |
CN110392128A (en) | The quasi- zero-address IPv6 method and system for disclosing web services are provided | |
CN101637004A (en) | Prefix reachability detection in a communication | |
Vijayakumar et al. | Study on reliable and secure routing protocols on manet | |
Li et al. | Invalidating idealized BGP security proposals and countermeasures | |
Selvakumar et al. | Secure group key management protocol for mobile ad hoc networks | |
Swati et al. | Design and analysis of DDoS mitigating network architecture | |
Walker | Internet security | |
Modares et al. | Enhancing security in mobile IPv6 | |
Bagnulo et al. | Secure neighbor discovery (send) source address validation improvement (savi) | |
Lent et al. | Strengthening the security of cognitive packet networks | |
Pooja et al. | Mobile ad-hoc networks security aspects in black hole attack | |
Rengarajan et al. | Secure verification technique for defending IP spoofing attacks. | |
Tu et al. | A secure contact protocol for delay tolerant networks | |
Lee et al. | Path information based packet verification for authentication of SDN network manager | |
Chen | Infrastructure-based anonymous communication protocols in future internet architectures | |
Rathee et al. | On Reduced Computational Cost, Efficient and Secure Routing (ESR) for Wireless Mesh Network | |
Hanna | Protecting a Corporate Network from Insider, Outsider and Collaborative Attacks | |
Kush et al. | Proposed protocol for secured routing in ad hoc networks | |
Sharma et al. | Detect and Prevent from Black Hole Attack in MANET |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |