CN105282266A - IPV6 address generating and analyzing methods and systems - Google Patents

IPV6 address generating and analyzing methods and systems Download PDF

Info

Publication number
CN105282266A
CN105282266A CN201510373855.3A CN201510373855A CN105282266A CN 105282266 A CN105282266 A CN 105282266A CN 201510373855 A CN201510373855 A CN 201510373855A CN 105282266 A CN105282266 A CN 105282266A
Authority
CN
China
Prior art keywords
preset length
ipv6 address
bits
interface identifier
current time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510373855.3A
Other languages
Chinese (zh)
Inventor
任罡
刘莹
吴建平
张圣林
何林
贾溢豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201510373855.3A priority Critical patent/CN105282266A/en
Publication of CN105282266A publication Critical patent/CN105282266A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供一种IPv6地址生成、解析方法及装置,IPv6地址生成方法包括:获取第一预设长度的用户网络身份标识,以及获取第二预设长度的当前时间信息;将所述用户网络身份标识、预设的第三预设长度的选择位、预设的第四预设长度的预留位和当前时间信息依次连接,以生成64比特位的数据;根据预先选择的第一加密算法和第一密钥,对所生成的数据进行加密,以生成接口标识;将地址前缀与生成的接口标识进行合并,以生成IPv6地址。上述方法地址生成速度快,配置简单,适用于网络中用户的追溯,利于进行网络管理和控制。

The present invention provides a method and device for generating and resolving an IPv6 address. The method for generating an IPv6 address includes: acquiring a user network identity of a first preset length, and acquiring current time information of a second preset length; The identification, the preset selection bit of the third preset length, the preset reserved bit of the fourth preset length and the current time information are sequentially connected to generate 64-bit data; according to the pre-selected first encryption algorithm and The first key encrypts the generated data to generate an interface identifier; combines the address prefix with the generated interface identifier to generate an IPv6 address. The above method has fast address generating speed and simple configuration, is suitable for traceability of users in the network, and is beneficial for network management and control.

Description

一种IPv6地址生成、解析方法及装置A method and device for generating and analyzing IPv6 addresses

技术领域technical field

本发明涉及互联网技术领域,尤其涉及一种IPv6地址生成、解析方法及装置。The invention relates to the technical field of the Internet, in particular to a method and device for generating and analyzing an IPv6 address.

背景技术Background technique

随着传统的网际协议版本4(InternetProtocolVersion4,简称IPv4)的地址空间已经不能再满足互联网的发展的需求,大家都认为有必要开始设计和测试一种新的协议来接替IPv4。因此,128位地址空间的下一版本的互联网协议网际协议版本6(InternetProtocolVersion6,简称IPv6)应运而生。As the traditional Internet Protocol Version 4 (Internet Protocol Version 4, referred to as IPv4) address space can no longer meet the needs of the development of the Internet, everyone believes that it is necessary to start designing and testing a new protocol to replace IPv4. Therefore, the Internet Protocol Version 6 (Internet Protocol Version 6, referred to as IPv6), the next version of the Internet protocol with a 128-bit address space, came into being.

IPv6协议由地址前缀(前64位)和接口地址(后64位)组成,128位地址中后64位的接口地址具有巨大的子网地址空间。IPv6协议的这一特点带来两个影响:一方面,为子网内网际协议(InternetProtocol,简称IP)分组的来源和追溯增加了困难,需要更精细粒度的方法确定和验证分组的来源信息。另一方面,为其他标识信息的嵌入提供了空间。The IPv6 protocol consists of an address prefix (the first 64 bits) and an interface address (the last 64 bits). The last 64 bits of the interface address in the 128-bit address have a huge subnet address space. This feature of the IPv6 protocol has two effects: on the one hand, it increases the difficulty for the source and traceability of the Internet Protocol (IP) packets in the subnet, and requires a finer-grained method to determine and verify the source information of the packets. On the other hand, it provides space for the embedding of other identification information.

鉴于此,如何生成IPv6地址以实现网络中用户的追溯成为当前需要解决的技术问题。In view of this, how to generate IPv6 addresses to realize the traceability of users in the network has become a technical problem that needs to be solved at present.

发明内容Contents of the invention

针对现有技术中的缺陷,本发明提供一种IPv6地址生成、解析方法及装置,在IPv6后64位接口地址中嵌入用户网络身份标识和时间信息,配置简单,地址生成速度快,适用于网络中用户的追溯,利于进行网络管理和控制。Aiming at the defects in the prior art, the present invention provides an IPv6 address generation and analysis method and device, which embeds user network identity and time information in the last 64-bit interface address of IPv6, which is simple in configuration and fast in address generation, and is suitable for network The traceability of users in the network is conducive to network management and control.

第一方面,本发明提供一种IPv6地址生成方法,包括:In a first aspect, the present invention provides a method for generating an IPv6 address, comprising:

获取第一预设长度的用户网络身份标识,以及获取第二预设长度的当前时间信息;Obtain a user network identity of a first preset length, and obtain current time information of a second preset length;

将所述用户网络身份标识、预设的第三预设长度的选择位、预设的第四预设长度的预留位和当前时间信息依次连接,以生成64比特位的数据;sequentially connecting the user network identity, a preset selection bit of a third preset length, a preset reserved bit of a fourth preset length, and current time information to generate 64-bit data;

根据预先选择的第一加密算法和第一密钥,对所生成的数据进行加密,以生成接口标识;Encrypt the generated data according to a pre-selected first encryption algorithm and a first key to generate an interface identifier;

将地址前缀与生成的接口标识进行合并,以生成IPv6地址。Combine the address prefix with the generated interface ID to generate an IPv6 address.

可选地,所述第一预设长度为40比特位,所述第二预设长度为22比特位,所述第三预设长度为1比特位,所述第四预设长度为1比特位。Optionally, the first preset length is 40 bits, the second preset length is 22 bits, the third preset length is 1 bit, and the fourth preset length is 1 bit bit.

可选地,所述获取第二预设长度的当前时间信息,包括:Optionally, the acquiring current time information of a second preset length includes:

获取当前时间t1;Get the current time t1;

将当前时间t1与所述t1对应的年初时间t2做差,得到结果t;Make a difference between the current time t1 and the time t2 at the beginning of the year corresponding to said t1 to obtain the result t;

将所述结果t转换为以预设时间段为一个单位的整数t’;Converting the result t into an integer t' with a preset time period as a unit;

将整数t’转换为22比特位的当前时间信息。Convert the integer t' to 22-bit current time information.

可选地,所述根据预先选择的第一加密算法和第一密钥,对所生成的数据进行加密,以生成接口标识,包括:Optionally, said encrypting the generated data according to a pre-selected first encryption algorithm and a first key to generate an interface identifier includes:

根据预先选择的第一密钥,采用国际数据加密算法IDEA或三重数据加密算法3DES,对所生成的数据进行加密,以生成接口标识标识。According to the pre-selected first key, the generated data is encrypted using the International Data Encryption Algorithm IDEA or the Triple Data Encryption Algorithm 3DES to generate the interface identifier.

第二方面,本发明提供一种IPv6地址解析方法,包括:Second aspect, the present invention provides a kind of IPv6 address resolution method, comprising:

获取待解析的IPv6地址,从IPv6地址中提取接口标识;Obtain the IPv6 address to be resolved, and extract the interface identifier from the IPv6 address;

根据预先选择的第二密钥和第二加密算法,对提取的接口标识进行解密,得到64比特位的明文;Decrypt the extracted interface identifier according to the pre-selected second key and the second encryption algorithm to obtain 64-bit plaintext;

提取所述明文的前第五预设长度的信息,将提取的信息作为用户网络身份标识。Extracting the information of the first fifth preset length of the plaintext, and using the extracted information as the user network identity.

可选地,所述第五预设长度为40比特位。Optionally, the fifth preset length is 40 bits.

可选地,所述根据预先选择的第二密钥和第二加密算法,对提取的接口标识进行解密,得到64比特位的明文,包括:Optionally, the decryption of the extracted interface identifier according to the pre-selected second key and the second encryption algorithm to obtain a 64-bit plaintext includes:

根据预先选择的第二密钥,采用国际数据加密算法IDEA或三重数据加密算法3DES,对提取的接口标识进行解密,得到64比特位的明文。According to the pre-selected second key, use the international data encryption algorithm IDEA or the triple data encryption algorithm 3DES to decrypt the extracted interface identifier to obtain 64-bit plaintext.

第三方面,本发明提供一种IPv6地址生成装置,包括:In a third aspect, the present invention provides a device for generating an IPv6 address, comprising:

第一获取模块,用于获取第一预设长度的用户网络身份标识,以及获取第二预设长度的当前时间信息;The first acquisition module is configured to acquire a user network identity of a first preset length, and acquire current time information of a second preset length;

第一生成模块,用于将所述用户网络身份标识、预设的第三预设长度的选择位、预设的第四预设长度的预留位和当前时间信息依次连接,以生成64比特位的数据;The first generation module is used to sequentially connect the user network identity, the preset selection bit of the third preset length, the preset reserved bit of the fourth preset length and the current time information to generate 64 bits bits of data;

加密模块,用于根据预先选择的第一加密算法和第一密钥,对所生成的数据进行加密,以生成接口标识;An encryption module, configured to encrypt the generated data according to a pre-selected first encryption algorithm and a first key, so as to generate an interface identifier;

第二生成模块,用于将地址前缀与生成的接口标识进行合并,以生成IPv6地址。The second generating module is used to combine the address prefix with the generated interface identifier to generate an IPv6 address.

第四方面,本发明提供一种IPv6地址解析装置,包括:In a fourth aspect, the present invention provides an IPv6 address resolution device, comprising:

第一提取模块,用于获取待解析的IPv6地址,从IPv6地址中提取接口标识;The first extraction module is used to obtain the IPv6 address to be resolved, and extract the interface identifier from the IPv6 address;

解密模块,用于根据预先选择的第二密钥和第二加密算法,对提取的接口标识进行解密,得到64比特位的明文;A decryption module, configured to decrypt the extracted interface identifier according to a pre-selected second key and a second encryption algorithm to obtain 64-bit plaintext;

第二提取模块,用于提取所述明文的前第五预设长度的信息,将提取的信息作为用户网络身份标识。The second extraction module is configured to extract information of the first fifth preset length of the plaintext, and use the extracted information as a user network identity.

由上述技术方案可知,本发明的一种IPv6地址生成、解析方法及装置,在IPv6后64位接口地址中嵌入用户网络身份标识和时间信息,配置简单,地址生成速度快,适用于网络中的用户的追溯,利于进行网络管理和控制。It can be seen from the above technical solution that a method and device for generating and resolving an IPv6 address of the present invention embed user network identity and time information in the last 64-bit interface address of IPv6, the configuration is simple, the address generation speed is fast, and it is suitable for User traceability is beneficial for network management and control.

附图说明Description of drawings

图1为本发明一实施例提供的IPv6地址生成方法的流程示意图;Fig. 1 is the schematic flow chart of the IPv6 address generation method that an embodiment of the present invention provides;

图2为本发明一实施例提供的IPv6地址生成方法的原理示意图;Fig. 2 is the schematic diagram of the principle of the IPv6 address generation method that an embodiment of the present invention provides;

图3为本发明一实施例提供的一种IPv6地址解析方法的流程示意图;Fig. 3 is the schematic flow chart of a kind of IPv6 address resolution method that an embodiment of the present invention provides;

图4为本发明一实施例提供的IPv6地址生成装置的结构示意图;FIG. 4 is a schematic structural diagram of an IPv6 address generation device provided by an embodiment of the present invention;

图5为本发明一实施例提供的IPv6地址解析装置的结构示意图。FIG. 5 is a schematic structural diagram of an IPv6 address resolution device provided by an embodiment of the present invention.

具体实施方式detailed description

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整的描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他的实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

图1示出了本发明一实施例提供的IPv6地址生成方法的流程示意图,图2示出了本发明一实施例提供的IPv6地址生成方法的原理示意图,如图1及图2所示,本实施例的IPv6地址生成方法如下所述。Fig. 1 shows a schematic flowchart of a method for generating an IPv6 address provided by an embodiment of the present invention, and Fig. 2 shows a schematic diagram of the principle of a method for generating an IPv6 address provided by an embodiment of the present invention, as shown in Fig. 1 and Fig. 2 , the present invention The IPv6 address generation method of the embodiment is as follows.

101、获取第一预设长度的用户网络身份标识,以及获取第二预设长度的当前时间信息。101. Acquire a user network identity of a first preset length, and acquire current time information of a second preset length.

102、将所述用户网络身份标识、预设的第三预设长度的选择位、预设的第四预设长度的预留位和当前时间信息依次连接,以生成64比特位的数据。102. Connect the user network identity, the preset selection bits of the third preset length, the preset reserved bits of the fourth preset length, and the current time information in order to generate 64-bit data.

103、根据预先选择的第一加密算法和第一密钥,对所生成的数据进行加密,以生成(64比特位)接口标识。103. Encrypt the generated data according to a preselected first encryption algorithm and a first key to generate a (64-bit) interface identifier.

应说明的是,本实施例预先选择的第一加密算法应满足其输入数据块为64比特位、输出数据块也为64比特位的安全性高对称加密算法;本实施例预先选择的第一密钥为非该算法的弱密钥。It should be noted that the first encryption algorithm pre-selected in this embodiment should satisfy the high-security symmetric encryption algorithm whose input data block is 64 bits and the output data block is also 64 bits; the first encryption algorithm pre-selected in this embodiment The key is a weak key other than the algorithm.

目前,加密算法蓬勃发展,多种密码算法在世界各国相继出现。举例来说,可根据预先选择的第一密钥,采用国际数据加密算法(InternationalDataEncryptionAlgorithm,简称IDEA),对所生成的数据进行加密,以生成接口标识。At present, encryption algorithms are developing vigorously, and a variety of encryption algorithms have appeared in various countries in the world. For example, the generated data may be encrypted by using an International Data Encryption Algorithm (IDEA for short) according to the pre-selected first key, so as to generate the interface identifier.

应说明的是,IDEA在密码学中属于数据块加密算法(BlockCipher)类。IDEA使用长度为128位的密钥,数据块大小为64位。从理论上讲,IDEA属于“强”加密算法,至今还没有出现对该算法的有效攻击算法。It should be noted that IDEA belongs to the block encryption algorithm (BlockCipher) category in cryptography. IDEA uses keys with a length of 128 bits and a data block size of 64 bits. Theoretically speaking, IDEA belongs to the "strong" encryption algorithm, and there is no effective attack algorithm for this algorithm yet.

举例来说,可根据预先选择的第一密钥,采用三重数据加密算法(TripleDataEncryptionAlgorithm,简称TDEA,通称3DES),对所生成的数据进行加密,以生成IPv6地址后64比特位的接口标识。For example, the generated data can be encrypted by using the Triple Data Encryption Algorithm (TDEA for short, 3DES) according to the pre-selected first key to generate the last 64-bit interface identifier of the IPv6 address.

应说明的是,3DES是数据加密标准(DataEncryptionStandard,简称DES)向高级加密标准(AdvancedEncryptionStandard,简称AES)过渡的加密算法,它使用3条56位的密钥对数据进行三次加密。是DES的一个更安全的变形。它以DES为基本模块,通过组合分组方法设计出分组加密算法。比起最初的DES,3DES更为安全。It should be noted that 3DES is an encryption algorithm transitioning from Data Encryption Standard (DES) to Advanced Encryption Standard (AES). It uses three 56-bit keys to encrypt data three times. is a more secure variant of DES. It uses DES as the basic module, and designs a block encryption algorithm through a combined block method. 3DES is more secure than the original DES.

104、将地址前缀与生成的接口标识进行合并,以生成IPv6地址。104. Combine the address prefix with the generated interface identifier to generate an IPv6 address.

本实施例的IPv6地址生成方法,通过在IPv6后64位接口地址中嵌入用户网络身份标识和时间信息,配置简单,地址生成速度快,适用于网络中的用户的追溯,利于进行网络管理和控制。The IPv6 address generation method of this embodiment, by embedding the user network identity and time information in the IPv6 last 64-bit interface address, the configuration is simple, the address generation speed is fast, and it is suitable for traceability of users in the network, which is beneficial to network management and control .

在具体应用中,本实施例的所述第一预设长度可优选为40比特位,所述第二预设长度可优选为22比特位,所述第三预设长度可优选为1比特位,所述第四预设长度可优选为1比特位。In a specific application, the first preset length of this embodiment may preferably be 40 bits, the second preset length may preferably be 22 bits, and the third preset length may preferably be 1 bit , the fourth preset length may preferably be 1 bit.

应说明的是,本实施例的优选40比特位的用户网络身份标识,具有可扩展、层次性、灵活性、私密性、可记忆和易用性等特性。It should be noted that the preferred 40-bit user network identity in this embodiment has the characteristics of scalability, hierarchy, flexibility, privacy, memorability, and ease of use.

应说明的是,在具体应用中,本实施例的预设的选择位用于区别本方法和其他类似地址生成方法、预设的预留位是本IPv6地址生成方法的可扩展性使用字段,在默认情况下,本实施例预设的选择位与预留位这两个字段均为0。It should be noted that, in a specific application, the preset selection bits in this embodiment are used to distinguish this method from other similar address generation methods, and the preset reserved bits are the scalability usage fields of this IPv6 address generation method. By default, the two fields of the selection bit and the reserved bit preset in this embodiment are both 0.

在具体应用中,本实施例上述步骤101中的“获取第二预设长度的当前时间信息”,可以包括:In a specific application, the "obtaining the current time information of the second preset length" in the above step 101 of this embodiment may include:

获取当前时间t1;Get the current time t1;

将当前时间t1与所述t1对应的年初时间t2做差,得到结果t;Make a difference between the current time t1 and the time t2 at the beginning of the year corresponding to said t1 to obtain the result t;

将所述结果t转换为以预设时间段为一个单位的整数t’;Converting the result t into an integer t' with a preset time period as a unit;

将整数t’转换为22比特位的当前时间信息。Convert the integer t' to 22-bit current time information.

可理解的是,举例来说,所获取的当前时间t1为:a年b月c日d点e分,所述t1对应的年初时间t2为:a年1月1日0点0分,将当前时间信息t1与当年年初时间t2做差,得到结果t=t1-t2。It is understandable that, for example, the acquired current time t1 is: b, month, c day, year a, d o'clock, e minute, and the time t2 at the beginning of the year corresponding to t1 is: 0:00, January 1, year a, and the The difference between the current time information t1 and the time t2 at the beginning of the year is obtained to obtain the result t=t1-t2.

举例来说,本实施例的预设时间段可以优选为1分钟或30秒。应说明的是,在采用1分钟为嵌入时间的单位时,22比特位的时间信息的最高2位实际是并未使用的(均为0)。因此,可以嵌入更加细粒度的时间,如半分钟,每30秒为一个时间单位。For example, the preset time period in this embodiment may preferably be 1 minute or 30 seconds. It should be noted that when 1 minute is used as the embedding time unit, the highest 2 bits of the 22-bit time information are actually unused (both are 0). Therefore, more fine-grained time can be embedded, such as half a minute, and every 30 seconds is a time unit.

本实施例的IPv6地址生成方法,通过在IPv6后64位接口地址中嵌入用户网络身份标识和时间信息,配置简单,地址生成速度快,适用于网络中的用户的追溯,利于进行网络管理和控制。The IPv6 address generation method of this embodiment, by embedding the user network identity and time information in the IPv6 last 64-bit interface address, the configuration is simple, the address generation speed is fast, and it is suitable for traceability of users in the network, which is beneficial to network management and control .

图3示出了本发明一实施例提供的一种IPv6地址解析方法的流程示意图,如图3所示,本实施例的IPv6地址解析方法如下所述。FIG. 3 shows a schematic flow chart of an IPv6 address resolution method provided by an embodiment of the present invention. As shown in FIG. 3 , the IPv6 address resolution method of this embodiment is described as follows.

301、获取待解析的IPv6地址,从IPv6地址中提取接口标识。301. Obtain an IPv6 address to be resolved, and extract an interface identifier from the IPv6 address.

302、根据预先选择的第二密钥和第二加密算法,对提取的接口标识进行解密,得到64比特位的明文。302. Decrypt the extracted interface identifier according to a preselected second key and a second encryption algorithm to obtain 64-bit plaintext.

应说明的是,可利用本实施例的IPv6地址解析方法对图1或图2所示实施例所生成的IPv6地址进行解析,本实施例的预先选择的第二加密算法对应图1或图2所示实施例中的预先选择的第一加密算法,本实施例的预先选择的第二密钥对应图1或图2所示实施例中的预先选择的第一密钥。It should be noted that the IPv6 address resolution method of this embodiment can be used to analyze the IPv6 address generated by the embodiment shown in Figure 1 or Figure 2, and the pre-selected second encryption algorithm in this embodiment corresponds to Figure 1 or Figure 2 The preselected first encryption algorithm in the illustrated embodiment and the preselected second key in this embodiment correspond to the preselected first key in the embodiment shown in FIG. 1 or FIG. 2 .

举例来说,当图1或图2所示实施例中的预先选择的第一加密算法为国际数据加密算法IDEA时,本实施例的预先选择的第二加密算法也为IDEA算法;当图1或图2所示实施例中的预先选择的第一加密算法为三重数据加密算法3DES时,本实施例的预先选择的第二加密算法也为3DES算法。For example, when the pre-selected first encryption algorithm in the embodiment shown in Figure 1 or Figure 2 is the International Data Encryption Algorithm IDEA, the pre-selected second encryption algorithm in this embodiment is also the IDEA algorithm; when Figure 1 Or when the preselected first encryption algorithm in the embodiment shown in FIG. 2 is the triple data encryption algorithm 3DES, the preselected second encryption algorithm in this embodiment is also the 3DES algorithm.

303、提取所述明文的前第五预设长度的信息,将提取的信息作为用户网络身份标识。303. Extract information of the first fifth preset length of the plaintext, and use the extracted information as a user network identity.

应说明的是,本实施例的所述第五预设长度对应图1或图2所示实施例中的用户网络身份标识的第一预设长度,当图1或图2所示实施例中的第一预设长度为40比特位时,本实施例的所述第五预设长度也为40比特位。It should be noted that the fifth preset length in this embodiment corresponds to the first preset length of the user network identity in the embodiment shown in FIG. 1 or FIG. 2 , when in the embodiment shown in FIG. 1 or FIG. When the first preset length of is 40 bits, the fifth preset length of this embodiment is also 40 bits.

本实施例的IPv6地址解析方法,通过对图1或图2所示实施例所生成的IPv6地址进行解析,可以获得网络中的用户网络身份标识,进而实现网络中用户的追溯,利于进行网络管理和控制。The IPv6 address resolution method of this embodiment, by analyzing the IPv6 address generated by the embodiment shown in Figure 1 or Figure 2, can obtain the network identity of the user in the network, and then realize the traceability of the user in the network, which is beneficial to network management and control.

图4示出了本发明一实施例提供的IPv6地址生成装置的结构示意图,如图4所示,本实施例的IPv6地址生成装置,包括:第一获取模块41、第一生成模块42、加密模块43和第二生成模块44;Fig. 4 shows a schematic structural diagram of an IPv6 address generating device provided by an embodiment of the present invention. As shown in Fig. 4, the IPv6 address generating device of this embodiment includes: a first acquiring module 41, a first generating module 42, an encryption Module 43 and second generating module 44;

第一获取模块41,用于获取第一预设长度的用户网络身份标识,以及获取第二预设长度的当前时间信息;The first acquiring module 41 is configured to acquire a user network identity of a first preset length, and acquire current time information of a second preset length;

第一生成模块42,用于将所述用户网络身份标识、预设的第三预设长度的选择位、预设的第四预设长度的预留位和当前时间信息依次连接,以生成64比特位的数据;The first generating module 42 is used to sequentially connect the user network identity, the preset selection bit of the third preset length, the preset reserved bit of the fourth preset length, and the current time information to generate 64 bits of data;

加密模块43,用于根据预先选择的第一加密算法和第一密钥,对所生成的数据进行加密,以生成接口标识;An encryption module 43, configured to encrypt the generated data according to a pre-selected first encryption algorithm and a first key, so as to generate an interface identifier;

第二生成模块44,用于将地址前缀与生成的接口标识进行合并,以生成IPv6地址。The second generating module 44 is configured to combine the address prefix with the generated interface identifier to generate an IPv6 address.

应说明的是,本实施例预先选择的第一加密算法应满足其输入数据块为64比特位、输出数据块也为64比特位的安全性高对称加密算法;本实施例预先选择的第一密钥为非该算法的弱密钥。举例来说,本实施例预先选择的第一加密算法可以优选为国际数据加密算法(InternationalDataEncryptionAlgorithm,简称IDEA)或者三重数据加密算法(TripleDataEncryptionAlgorithm,简称TDEA,通称3DES)。It should be noted that the first encryption algorithm pre-selected in this embodiment should satisfy the high-security symmetric encryption algorithm whose input data block is 64 bits and the output data block is also 64 bits; the first encryption algorithm pre-selected in this embodiment The key is a weak key other than the algorithm. For example, the pre-selected first encryption algorithm in this embodiment may preferably be the International Data Encryption Algorithm (IDEA for short) or the Triple Data Encryption Algorithm (TDEA for short, 3DES in general).

应说明的是,IDEA在密码学中属于数据块加密算法(BlockCipher)类。IDEA使用长度为128位的密钥,数据块大小为64位。从理论上讲,IDEA属于“强”加密算法,至今还没有出现对该算法的有效攻击算法;3DES是数据加密标准(DataEncryptionStandard,简称DES)向高级加密标准(AdvancedEncryptionStandard,简称AES)过渡的加密算法,它使用3条56位的密钥对数据进行三次加密。是DES的一个更安全的变形。它以DES为基本模块,通过组合分组方法设计出分组加密算法。比起最初的DES,3DES更为安全。It should be noted that IDEA belongs to the block encryption algorithm (BlockCipher) category in cryptography. IDEA uses keys with a length of 128 bits and a data block size of 64 bits. Theoretically speaking, IDEA belongs to the "strong" encryption algorithm, and no effective attack algorithm has been found so far; 3DES is an encryption algorithm for the transition from Data Encryption Standard (DES) to Advanced Encryption Standard (AES). , which uses three 56-bit keys to encrypt the data three times. is a more secure variant of DES. It uses DES as the basic module, and designs a block encryption algorithm through a combined block method. 3DES is more secure than the original DES.

在具体应用中,本实施例的所述第一预设长度可优选为40比特位,所述第二预设长度可优选为22比特位,所述第三预设长度可优选为1比特位,所述第四预设长度可优选为1比特位。In a specific application, the first preset length of this embodiment may preferably be 40 bits, the second preset length may preferably be 22 bits, and the third preset length may preferably be 1 bit , the fourth preset length may preferably be 1 bit.

应说明的是,本实施例的优选40比特位的用户网络身份标识,具有可扩展、层次性、灵活性、私密性、可记忆和易用性等特性;本实施例的预设的选择位用于区别本方法和其他类似地址生成方法、预设的预留位是本IPv6地址生成方法的可扩展性使用字段,在默认情况下,本实施例预设的选择位与预留位这两个字段均为0。It should be noted that the preferred 40-bit user network identity in this embodiment has the characteristics of scalability, hierarchy, flexibility, privacy, memorability, and ease of use; the preset selection bit of this embodiment It is used to distinguish this method from other similar address generation methods, and the preset reserved bits are the scalability fields of this IPv6 address generation method. By default, the preset selection bits and reserved bits in this embodiment All fields are 0.

在具体应用中,本实施例所述第一获取模块41可包括图中未示出的:In a specific application, the first acquisition module 41 described in this embodiment may include not shown in the figure:

第一获取单元41a,用于获取第一预设长度的用户网络身份标识;The first acquiring unit 41a is configured to acquire a user network identity of a first preset length;

第二获取单元41b,用于获取第二预设长度的当前时间信息。The second acquiring unit 41b is configured to acquire current time information of a second preset length.

在具体应用中,所述第二获取单元41b,可具体用于In a specific application, the second acquisition unit 41b can be specifically used for

获取当前时间t1;Get the current time t1;

将当前时间t1与所述t1对应的年初时间t2做差,得到结果t;Make a difference between the current time t1 and the time t2 at the beginning of the year corresponding to said t1 to obtain the result t;

将所述结果t转换为以预设时间段为一个单位的整数t’;Converting the result t into an integer t' with a preset time period as a unit;

将整数t’转换为22比特位的当前时间信息。Convert the integer t' to 22-bit current time information.

可理解的是,举例来说,所获取的当前时间t1为:a年b月c日d点e分,所述t1对应的年初时间t2为:a年1月1日0点0分,将当前时间信息t1与当年年初时间t2做差,得到结果t=t1-t2。It is understandable that, for example, the acquired current time t1 is: b, month, c day, year a, d o'clock, e minute, and the time t2 at the beginning of the year corresponding to t1 is: 0:00, January 1, year a, and the The difference between the current time information t1 and the time t2 at the beginning of the year is obtained to obtain the result t=t1-t2.

举例来说,本实施例的预设时间段可以优选为1分钟或30秒。应说明的是,在采用1分钟为嵌入时间的单位时,22比特位的时间信息的最高2位实际是并未使用的(均为0)。因此,可以嵌入更加细粒度的时间,如半分钟,每30秒为一个时间单位。For example, the preset time period in this embodiment may preferably be 1 minute or 30 seconds. It should be noted that when 1 minute is used as the embedding time unit, the highest 2 bits of the 22-bit time information are actually unused (both are 0). Therefore, more fine-grained time can be embedded, such as half a minute, and every 30 seconds is a time unit.

本实施例的IPv6地址生成装置,通过在IPv6后64位接口地址中嵌入用户网络身份标识和时间信息,配置简单,地址生成速度快,适用于网络中的用户的追溯,利于进行网络管理和控制。The IPv6 address generating device of this embodiment, by embedding user network identity and time information in the IPv6 last 64-bit interface address, the configuration is simple, the address generation speed is fast, and it is suitable for traceability of users in the network, which is beneficial to network management and control .

本实施例的IPv6地址生成装置,可以用于执行前述图1及图2所示方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device for generating an IPv6 address in this embodiment can be used to execute the technical solution of the method embodiment shown in FIG. 1 and FIG. 2 , and its implementation principle and technical effect are similar, and will not be repeated here.

图5示出了本发明一实施例提供的IPv6地址解析装置的结构示意图,如图5所示,本实施例的IPv6地址解析装置,包括:第一提取模块51、解密模块52和第二提取模块53;Fig. 5 shows a schematic structural diagram of an IPv6 address resolution device provided by an embodiment of the present invention. As shown in Fig. 5, the IPv6 address resolution device of this embodiment includes: a first extraction module 51, a decryption module 52 and a second extraction module Module 53;

第一提取模块51,用于获取待解析的IPv6地址,从IPv6地址中提取接口标识;The first extraction module 51 is used to obtain the IPv6 address to be resolved, and extract the interface identifier from the IPv6 address;

解密模块52,用于根据预先选择的第二密钥和第二加密算法,对提取的接口标识进行解密,得到64比特位的明文;The decryption module 52 is used to decrypt the extracted interface identifier according to the pre-selected second key and the second encryption algorithm to obtain 64-bit plaintext;

第二提取模块53,用于提取所述明文的前第五预设长度的信息,将提取的信息作为用户网络身份标识。The second extraction module 53 is configured to extract information of the first fifth preset length of the plaintext, and use the extracted information as the user network identity.

应说明的是,可利用本实施例的IPv6地址解析装置对图1或图2所示实施例所生成的IPv6地址进行解析,本实施例的预先选择的第二加密算法对应图1或图2所示实施例中的预先选择的第一加密算法,本实施例的预先选择的第二密钥对应图1或图2所示实施例中的预先选择的第一密钥。It should be noted that the IPv6 address resolution device of this embodiment can be used to analyze the IPv6 address generated by the embodiment shown in Figure 1 or Figure 2, and the pre-selected second encryption algorithm in this embodiment corresponds to Figure 1 or Figure 2 The preselected first encryption algorithm in the illustrated embodiment and the preselected second key in this embodiment correspond to the preselected first key in the embodiment shown in FIG. 1 or FIG. 2 .

举例来说,当图1或图2所示实施例中的预先选择的第一加密算法为国际数据加密算法IDEA时,本实施例的预先选择的第二加密算法也为IDEA算法;当图1或图2所示实施例中的预先选择的第一加密算法为三重数据加密算法3DES时,本实施例的预先选择的第二加密算法也为3DES算法。For example, when the pre-selected first encryption algorithm in the embodiment shown in Figure 1 or Figure 2 is the International Data Encryption Algorithm IDEA, the pre-selected second encryption algorithm in this embodiment is also the IDEA algorithm; when Figure 1 Or when the preselected first encryption algorithm in the embodiment shown in FIG. 2 is the triple data encryption algorithm 3DES, the preselected second encryption algorithm in this embodiment is also the 3DES algorithm.

应说明的是,本实施例的所述第五预设长度对应图1或图2所示实施例中的用户网络身份标识的第一预设长度,当图1或图2所示实施例中的第一预设长度为40比特位时,本实施例的所述第五预设长度也为40比特位。It should be noted that the fifth preset length in this embodiment corresponds to the first preset length of the user network identity in the embodiment shown in FIG. 1 or FIG. 2 , when in the embodiment shown in FIG. 1 or FIG. When the first preset length of is 40 bits, the fifth preset length of this embodiment is also 40 bits.

本实施例的IPv6地址装置方法,通过对图1、图2及图4所示实施例所生成的IPv6地址进行解析,可以获得网络中的用户网络身份标识,进而实现网络中用户的追溯,利于进行网络管理和控制。The IPv6 address device method of this embodiment, by analyzing the IPv6 address generated by the embodiments shown in Figure 1, Figure 2 and Figure 4, can obtain the network identity of the user in the network, and then realize the traceability of the user in the network, which is beneficial Network management and control.

本实施例的IPv6地址解析装置,可以用于执行前述图3所示方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The IPv6 address resolution device of this embodiment can be used to implement the technical solution of the aforementioned method embodiment shown in FIG. 3 , and its implementation principle and technical effect are similar, and will not be repeated here.

在本实施方式中“第一”、“第二”、“第三”和“第四”等并不是对先后顺序做出规定,只是对名称做出区别,在本实施方式中,不做出任何的限定。In this embodiment, "first", "second", "third" and "fourth" do not stipulate the sequence, but only distinguish the names. In this embodiment, no any restrictions.

本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above method embodiments can be completed by program instructions and related hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it executes the steps including the above-mentioned method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明权利要求所限定的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the scope defined by the claims of the present invention .

Claims (9)

1. an IPv6 address generating method, is characterized in that, comprising:
Obtain the user network identify label of the first preset length, and obtain the current time information of the second preset length;
The selection position of described user network identify label, the 3rd default preset length, the reserved place of the 4th default preset length are connected with current time information, successively to generate the data of 64 bits;
According to the first cryptographic algorithm selected in advance and the first key, generated data are encrypted, to generate interface identifier;
The interface identifier of address prefix and generation is merged, to generate IPv6 address.
2. method according to claim 1, is characterized in that, described first preset length is 40 bits, and described second preset length is 22 bits, and described 3rd preset length is 1 bit, and described 4th preset length is 1 bit.
3. method according to claim 2, is characterized in that, the current time information of described acquisition second preset length, comprising:
Obtain current time t1;
Time at beginning of the year t2 corresponding with described t1 for current time t1 is done difference, obtains result t;
Being converted to by described result t with preset time period is the integer t ' of a unit;
Integer t ' is converted to the current time information of 22 bits.
4. method according to claim 1, is characterized in that, the first cryptographic algorithm that described basis is selected in advance and the first key, be encrypted generated data, to generate interface identifier, comprise:
According to the first key selected in advance, adopt IDEA IDEA or triple DEA 3DES, generated data are encrypted, to generate interface identifier.
5. an IPv6 address resolution method, is characterized in that, comprising:
Obtain IPv6 address to be resolved, from IPv6 address, extract interface identifier;
According to the second key selected in advance and the second cryptographic algorithm, the interface identifier extracted is decrypted, obtains the plaintext of 64 bits;
Extract the information of front 5th preset length of described plaintext, using the information of extraction as user network identify label.
6. method according to claim 5, is characterized in that, described 5th preset length is 40 bits.
7. method according to claim 5, is characterized in that, the second key that described basis is selected in advance and the second cryptographic algorithm, is decrypted, obtains the plaintext of 64 bits, comprising the interface identifier extracted:
According to the second key selected in advance, adopt IDEA IDEA or triple DEA 3DES, the interface identifier extracted is decrypted, obtains the plaintext of 64 bits.
8. an IPv6 address generating device, is characterized in that, comprising:
First acquisition module, for obtaining the user network identify label of the first preset length, and obtains the current time information of the second preset length;
First generation module, for being connected the selection position of described user network identify label, the 3rd default preset length, the reserved place of the 4th default preset length successively with current time information, to generate the data of 64 bits;
Encrypting module, for according to the first cryptographic algorithm selected in advance and the first key, is encrypted generated data, to generate interface identifier;
Second generation module, for being merged by the interface identifier of address prefix and generation, to generate IPv6 address.
9. an IPv6 address analyzing device, is characterized in that, comprising:
First extraction module, for obtaining IPv6 address to be resolved, extracts interface identifier from IPv6 address;
Deciphering module, for according to the second key selected in advance and the second cryptographic algorithm, is decrypted the interface identifier extracted, obtains the plaintext of 64 bits;
Second extraction module, for extracting the information of the 5th preset length before described plaintext, using the information extracted as user network identify label.
CN201510373855.3A 2015-06-30 2015-06-30 IPV6 address generating and analyzing methods and systems Pending CN105282266A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510373855.3A CN105282266A (en) 2015-06-30 2015-06-30 IPV6 address generating and analyzing methods and systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510373855.3A CN105282266A (en) 2015-06-30 2015-06-30 IPV6 address generating and analyzing methods and systems

Publications (1)

Publication Number Publication Date
CN105282266A true CN105282266A (en) 2016-01-27

Family

ID=55150569

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510373855.3A Pending CN105282266A (en) 2015-06-30 2015-06-30 IPV6 address generating and analyzing methods and systems

Country Status (1)

Country Link
CN (1) CN105282266A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027697A (en) * 2016-08-01 2016-10-12 清华大学 IPv6 address generation scheme management system
CN108810193A (en) * 2018-07-18 2018-11-13 赛尔网络有限公司 A kind of generation of the addresses IPv6, source tracing method and electronic equipment based on CERID
CN109005252A (en) * 2018-08-24 2018-12-14 赛尔网络有限公司 A kind of IPv6 address generating method, equipment, system and the medium of fictitious host computer
CN111131550A (en) * 2019-12-30 2020-05-08 江苏大周基业智能科技有限公司 IP address calculation method in local area network based on cryptographic algorithm
CN111432043A (en) * 2020-03-09 2020-07-17 清华大学 Density-based dynamic IPv6 address detection method
CN114301592A (en) * 2021-12-30 2022-04-08 李秦豫 Network encryption algorithm
WO2023155497A1 (en) * 2022-02-17 2023-08-24 华为技术有限公司 Communication system, network layer address generation method and related device
CN117040943A (en) * 2023-10-10 2023-11-10 华中科技大学 Cloud network endophytic security defense method and device based on IPv6 address driving

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060080728A1 (en) * 2004-10-12 2006-04-13 Alcatel Network service selection and authentication and stateless auto-configuration in an IPv6 access network
CN101155196A (en) * 2006-09-27 2008-04-02 中国电信股份有限公司 Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same
CN101710906A (en) * 2009-12-18 2010-05-19 工业和信息化部电信传输研究所 IPv6 address structure and method and device for allocating and tracing same
CN102006299A (en) * 2010-11-29 2011-04-06 西安交通大学 Trustworthy internet-oriented entity ID (Identity)-based ID authentication method and system
CN102340546A (en) * 2010-07-16 2012-02-01 中国电信股份有限公司 IPv6 (Internet Protocol Version 6) address allocation method and system
CN102801821A (en) * 2012-08-10 2012-11-28 中国联合网络通信集团有限公司 Address generation and analysis method, user equipment and network node

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060080728A1 (en) * 2004-10-12 2006-04-13 Alcatel Network service selection and authentication and stateless auto-configuration in an IPv6 access network
CN101155196A (en) * 2006-09-27 2008-04-02 中国电信股份有限公司 Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same
CN101710906A (en) * 2009-12-18 2010-05-19 工业和信息化部电信传输研究所 IPv6 address structure and method and device for allocating and tracing same
CN102340546A (en) * 2010-07-16 2012-02-01 中国电信股份有限公司 IPv6 (Internet Protocol Version 6) address allocation method and system
CN102006299A (en) * 2010-11-29 2011-04-06 西安交通大学 Trustworthy internet-oriented entity ID (Identity)-based ID authentication method and system
CN102801821A (en) * 2012-08-10 2012-11-28 中国联合网络通信集团有限公司 Address generation and analysis method, user equipment and network node

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027697A (en) * 2016-08-01 2016-10-12 清华大学 IPv6 address generation scheme management system
CN108810193A (en) * 2018-07-18 2018-11-13 赛尔网络有限公司 A kind of generation of the addresses IPv6, source tracing method and electronic equipment based on CERID
CN109005252A (en) * 2018-08-24 2018-12-14 赛尔网络有限公司 A kind of IPv6 address generating method, equipment, system and the medium of fictitious host computer
CN111131550A (en) * 2019-12-30 2020-05-08 江苏大周基业智能科技有限公司 IP address calculation method in local area network based on cryptographic algorithm
CN111131550B (en) * 2019-12-30 2022-07-15 江苏大周基业智能科技有限公司 IP address calculation method in local area network based on cryptographic algorithm
CN111432043A (en) * 2020-03-09 2020-07-17 清华大学 Density-based dynamic IPv6 address detection method
CN111432043B (en) * 2020-03-09 2021-06-01 清华大学 Density-based dynamic IPv6 address detection method
CN114301592A (en) * 2021-12-30 2022-04-08 李秦豫 Network encryption algorithm
CN114301592B (en) * 2021-12-30 2023-06-23 李秦豫 Network encryption algorithm
WO2023155497A1 (en) * 2022-02-17 2023-08-24 华为技术有限公司 Communication system, network layer address generation method and related device
CN117040943A (en) * 2023-10-10 2023-11-10 华中科技大学 Cloud network endophytic security defense method and device based on IPv6 address driving
CN117040943B (en) * 2023-10-10 2023-12-26 华中科技大学 Cloud network endophytic security defense method and device based on IPv6 address driving

Similar Documents

Publication Publication Date Title
CN105282266A (en) IPV6 address generating and analyzing methods and systems
CN105323329A (en) IPv6 address generating method and device, and IPv6 address analyzing method and device
CN110100422B (en) Data writing method, device and storage medium based on blockchain smart contract
Gupta et al. Multiphase encryption: A new concept in modern cryptography
CN107809644A (en) A kind of encryption area image reversible data concealing method of double-encryption
CN104281815B (en) The method and system of file encryption-decryption
CN106131207A (en) A kind of method and system bypassing audit HTTPS packet
CN105763331A (en) Data encryption method, device, data decryption method and device
CN106598882A (en) Secure memory data protection method and device
CN115499118A (en) Message key generation method, message key generation device, file encryption method, message key decryption method, file encryption device, file decryption device and medium
US10965454B2 (en) Apparatus and method for public key encryption
Jian et al. Audio steganography with embedded text
WO2018152618A1 (en) Symmetric cryptographic method and system and applications thereof
CN105959279A (en) Computer information transmission system and method based on encryption processing
Sharma et al. Analysis of AES Encryption with ECC
TW201720093A (en) Secure input method, device and system
Chen et al. Exploring unobservable blockchain-based covert channel for censorship-resistant systems
CN105872305B (en) A kind of completely separable encryption area image reversible data concealing method
CN105574371A (en) Text watermark based android application information hiding and software protection method
Ahmad Abusukhon et al. A novel network security algorithm based on encrypting text into a white-page image
JP2019519176A5 (en)
Orhanou et al. The new lte cryptographic algorithms eea3 and eia3
CN113722741A (en) Data encryption method and device and data decryption method and device
TWI611316B (en) Text processing method for safe input method, text processing device and text processing system
US12160509B2 (en) Cryptographic systems and methods for maintenance of pools of random numbers

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160127