CN106375301A - Network device authentication method and device - Google Patents
Network device authentication method and device Download PDFInfo
- Publication number
- CN106375301A CN106375301A CN201610779289.0A CN201610779289A CN106375301A CN 106375301 A CN106375301 A CN 106375301A CN 201610779289 A CN201610779289 A CN 201610779289A CN 106375301 A CN106375301 A CN 106375301A
- Authority
- CN
- China
- Prior art keywords
- eigenvalue
- network equipment
- cluster
- authenticating device
- eigenvalue cluster
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Abstract
The invention discloses a network device authentication method and device. The method comprises the following steps: the authentication device collects characteristic information of a network device and generates a characteristic value group A; the authentication device compares characteristic values in the characteristic value group A with corresponding characteristic values in a characteristic value group B in sequence according to priorities, wherein the characteristic value group B is a characteristic value group pre-stored in the network device; when the characteristic values in the characteristic value group A are inconsistent with the characteristic values in the characteristic value group B, the network device is judged as an illegal device; and when the characteristic values in the characteristic value group A are all consistent with the characteristic values in the characteristic value group B, the network device is judged as a legal device.
Description
Technical field
The present invention relates to technical field of network security, more particularly to a kind of network equipment identification method and authenticating device.
Background technology
The speed of social informatization is constantly accelerated, and the increasing network equipment needs to be linked in network and just can carry out
Communication, and the legitimacy certification of the network equipment has become a big hidden danger of network security.It is ensured that legitimate device accesses in prior art
The authentication mechanism of network, is normally based on the authentication mechanism of local information: pass through to bind Internet protocol (internet
Protocol, ip) authentication mechanism of address and medium access control (media access control, mac) address or pass through
Matching used software is installed and does the authentication mechanism that corresponding configuration the network equipment is authenticated.
Although the authentication mechanism certification by binding ip address and mac address is simple and convenient, because illegality equipment holds
Easily legitimate device network environment is accessed by the ip address and mac address of counterfeit legitimate device, thus can not safely and effectively protect
The legitimacy of the barrier network equipment.Although and passing through the authentication mechanism peace installed matching used software or hardware and do corresponding configuration
Full property increases, but the pattern of this authentication mechanism is fixed, and does not have universality, and compatibility is poor.
Content of the invention
For solving the above problems, first aspect present invention provides a kind of network equipment identification method, is used for realizing unidirectional network
Network device authentication, methods described includes:
Authenticating device gathers the characteristic information of the network equipment, generates eigenvalue cluster a;
Authenticating device by the eigenvalue in described eigenvalue cluster a according to priority successively with corresponding feature in eigenvalue cluster b
Value is contrasted;Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment prestoring;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent,
Judge the described network equipment as illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge institute
Stating the network equipment is legitimate device.
Further, described characteristic information includes ip address, mac address, clock jitter, clock frequency and implementor name.
Further, the method that described authenticating device gathers the ip address of the described network equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries ip address, obtains
Obtain the ip address of the described network equipment.
Further, the method that described authenticating device gathers the mac address of the described network equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries mac address,
Obtain the mac address of the described network equipment
Further, the method that described authenticating device gathers the implementor name of the described network equipment is:
Described authenticating device directly scans the version of the described network equipment by device scan instrument
Information, obtains the implementor name of the described network equipment.
Further, the method that described authenticating device gathers the clock frequency of the described network equipment is:
Step s1: described authenticating device gathers the packet of the network equipment at least twice, extracts the time of each packet
Timestamp value;
Step s2: calculate the timestamp value extracted from the packet of last collection and the data from first time collection
The difference of the timestamp value extracted in bag, described difference is obtained a quotient divided by time interval, and described interval time is
Time between the packet once gathering afterwards and the packet gathering for the first time;
Step s3: step s1~step s2 is repeated several times, obtains multiple quotients, the plurality of quotient is averaged and obtains institute
State the clock frequency of the network equipment.
Further, described authenticating device obtains new eigenvalue and is stored in eigenvalue cluster b, obtains eigenvalue cluster b';
Described authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b' of the described network equipment, obtains eigenvalue cluster
a';
Described authenticating device by the eigenvalue in described eigenvalue cluster a' according to priority successively with eigenvalue cluster b' in spy
Value indicative is contrasted;
When contrasting, corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a' and described eigenvalue cluster b' is inconsistent
When, judge the described network equipment as illegality equipment;
When the eigenvalue in described eigenvalue cluster a' and corresponding eigenvalue in described eigenvalue cluster b' are all consistent, judge
The described network equipment is legitimate device.
Further, described authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b of the described network equipment, obtains
Eigenvalue cluster a;
Described authenticating device by the eigenvalue in described eigenvalue cluster a according to priority successively with eigenvalue cluster b in feature
Value is contrasted;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent,
Judge the described network equipment as illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge institute
Stating the network equipment is legitimate device.
A second aspect of the present invention provides a kind of network equipment mutual authentication method it is characterised in that methods described includes:
First authenticating device extracts the characteristic information of the second authenticating device, obtains eigenvalue cluster a1, and described second certification sets
The standby characteristic information extracting described first authenticating device, obtains eigenvalue cluster b1;
Described first authenticating device by the eigenvalue in described eigenvalue cluster a1 according to priority successively with described eigenvalue cluster a
In eigenvalue contrasted, described eigenvalue cluster a is the eigenvalue cluster of described second authenticating device prestoring;Work as contrast
Go out eigenvalue eigenvalue corresponding with described eigenvalue cluster b1 in described eigenvalue cluster a1 inconsistent when, judge described network
Equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a1 and corresponding eigenvalue in described eigenvalue cluster b1 are all consistent, judge
The described network equipment is legitimate device;
Described second authenticating device by the eigenvalue in described eigenvalue cluster b1 according to priority successively with described eigenvalue cluster b
In eigenvalue contrasted, described eigenvalue cluster b is the eigenvalue cluster of described first authenticating device prestoring, and works as contrast
Go out eigenvalue eigenvalue corresponding with described eigenvalue cluster a1 in described eigenvalue cluster b1 inconsistent when, judge described network
Equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster b1 and corresponding eigenvalue in described eigenvalue cluster a1 are all consistent, judge
The described network equipment is legitimate device.
A third aspect of the present invention provides a kind of authenticating device it is characterised in that including:
Acquisition module, for gathering the characteristic information of the network equipment, and generates eigenvalue cluster a;
Contrast module, for the eigenvalue in described eigenvalue cluster a and the eigenvalue in eigenvalue cluster b are contrasted,
Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment that described acquisition module is previously stored.
Beneficial effect
A kind of network equipment identification method provided by the present invention, by extracting in advance and preserving intrinsic in the network equipment
Eigenvalue cluster b, when in this network equipment connecting network, extracts its eigenvalue cluster a, again by the eigenvalue in eigenvalue cluster a
According to priority contrasted with the eigenvalue in eigenvalue cluster b, when contrasting eigenvalue and being inconsistent, then be can determine that this network sets
Standby for illegality equipment;Only when the eigenvalue in value indicative group a and the eigenvalue in eigenvalue cluster b are all consistent, just can determine that this
The network equipment is legitimate device;Therefore only have same equipment be linked in network, by extract its intrinsic eigenvalue cluster a again with
Inherent feature group b stored in advance is contrasted, and this network equipment just can pass through certification.
It can thus be seen that network equipment identification method provided by the present invention significantly reduces False Rate thus very well
Ensure that the safety of network, and the present invention does not have hardware or software requirement to the network equipment, so using the method very yet
Convenient;
Furthermore the authenticating device of the present invention obtains the new eigenvalue of the network equipment at any time, restore in existing eigenvalue cluster,
When the network equipment is authenticated, authenticating device accordingly gathers the characteristic information of the network equipment, obtains the feature updating therewith
That is to say, that the eigenvalue of contrast increases, then the credibility of the network equipment improves value group, reduces False Rate further thus more
Ensure well the safety of network.
Brief description
A kind of flow chart of extraction network equipment identification method that Fig. 1 provides for the present invention.
A kind of network equipment infrastructure schematic diagram that Fig. 2 provides for the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is all other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of protection of the invention.
A kind of network equipment identification method flow chart that the present invention provides is as shown in figure 1, being used for unidirectional device certification, described
Method includes:
Authenticating device gathers the characteristic information of the network equipment, generates eigenvalue cluster a;
Specifically, the characteristic information of the authenticating device collection network equipment includes: the ip address of this network equipment, media interviews
Control address (media access contro, mac) address, clock jitter, clock frequency and implementor name.
Further, the method that authenticating device gathers the ip address of the network equipment is:
When in LAN, authenticating device gathers the address resolution protocol packet that the network equipment sends, and directly reads institute
State the ip address in packet.
Not in LAN, authenticating device directly scans the described network equipment by device scan instrument and carries ip address
Packet, obtains the ip address of the described network equipment.
Further, the method that authenticating device gathers the mac address of the network equipment is:
When in LAN, when authenticating device monitors that the network equipment is linked in network, authenticating device is to the network equipment
Send network message (address resolution protocol authentication data packet), treat that the network equipment returns network message (the address solution of the network equipment
Analysis protocol authentication packet) after, the packet that authenticating device parsing receives, extracts mac address.
Not in LAN, authenticating device directly scans the described network equipment by device scan instrument and carries mac address
Packet, obtain the described network equipment mac address
Further, the method that described authenticating device gathers the implementor name of the described network equipment is:
Authenticating device directly scans the version information of the network equipment by its device scan software tool (such as: nmap), obtains
Take the implementor name of this network equipment.
Specifically, the method that authenticating device gathers the clock frequency of the network equipment is:
Step s1: authenticating device gathers the packet with timestamp value for the network equipment at least twice and extracts each band sometimes
Between timestamp value packet timestamp value;
Step s2: calculate the timestamp value extracted from the packet with timestamp value for the last collection with from first
The difference with the timestamp value extracted in the packet of timestamp value for the secondary collection, then obtain a quotient divided by times of collection;
Step s3: step s1~step s2 is repeated several times, obtains multiple quotients, multiple quotients are averaged and obtain described net
The clock frequency of network equipment.
Further, the method that authenticating device gathers the clock jitter of the network equipment is:
Authenticating device is pressed preset time interval δ t and is sent the n packet with timestamp value to the network equipment;Receive institute
State the n response package with timestamp value of network equipment transmission, and record receives n with timestamp value successively
The time value of response package, obtains very first time value sequence, is designated as ti, i=1,2 ..., n;
The n timestamp value with the response package of timestamp value is processed successively, is obtained the second time value sequence
Row, are designated as t'i, i=1,2 ..., n;
Measure the timestamp value in each described response package with timestamp value, by each packet
Timestamp value obtains the second time value sequence divided by the system clock frequency in corresponding data bag, is designated as t'i, i=1,2 ...,
n;
Two timestamp value carrying in the response package of timestamp value that system clock frequency passes through to receive are poor
Obtain difference, then the time interval with the response package of timestamp value obtains divided by above-mentioned two by this difference.
Very first time value sequence is processed with the second time value sequence, is obtained the clock jitter of the described network equipment.
Especially, can be obtained by following two processing methods:
Method one: in very first time value sequence ti and the second time value sequence t'i respectively by sequentially carrying out from front to back
Exceptional value judges;Wherein, the method for judgement can be: due to being the time value recording successively, then in very first time value sequence
Time value should be proportional incremental, if some time value deviates considerably from this increasing trend, is exceptional value, in the same manner,
The exceptional value determination methods of the second time value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first
When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as very first time value, records the second time value
The time value of order in sequence, is designated as the second time value;
For example, judge first in second time value t2 and the second time value sequence t'i in very first time value sequence ti
When second time value t'2 is all not exceptional value, record t2 was worth for the very first time, and t'2 is the second time value.
Make with very first time value t2 successively rear time value t3 of very first time value t2 from very first time value sequence
Difference, obtains the first sequence of differences ri, specifically,
Ri=t (i+2)-t2, i=3,4 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain very first time intervening sequence, specifically
Ground, such as below equation:
Mi=i* δ t, i=1,2 ..., n-2;
Rear time value t'3 of the second time value t'2 from the second time value sequence successively with the second time value t'2
Differ from, obtain the second sequence of differences r'i, specifically,
R'i=t'(i+2)-t'2, i=1,2 ..., n-2;
It is poor that first sequence of differences ri and the second sequence of differences r'i are corresponding in turn to, and obtains the 3rd sequence of differences ei;Specifically
Ground, ei=ri-r'i, i=1,2 ..., n-2;
Exceptional value in 3rd sequence of differences ei is eliminated, obtains the 4th sequence of differences e'i, i=1,2 ..., n-1;Specifically
Ground, the 3rd sequence of differences ei is eliminated after the exceptional value in the 3rd sequence of differences ei based on Pauta criterion or Grubbs test method
Obtain the 4th sequence of differences e'i, and eliminate in very first time intervening sequence with the 3rd sequence of differences in exceptional value same position
The time interval value at place, obtains the second time interval sequence;
By the 4th sequence of differences e'i and the second time interval sequence carry out linear regression obtain the network equipment clock inclined
Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square
One of method.
Method two:
Sentence by sequentially carrying out exceptional value from back to front respectively in very first time value sequence ti and the second time value sequence t'i
Disconnected;Wherein, the method for judgement can be: due to being the time value recording successively, then the time value in very first time value sequence should
Should be proportional incremental, if some time value deviates considerably from this increasing trend, be exceptional value, in the same manner, the second time
The exceptional value determination methods of value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first
When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as the 3rd time value, when recording described second
Between in value sequence order time value, be designated as the 4th time value;
For example, penultimate time value t (n-1) and the second time value sequence in very first time value sequence ti are judged first
Penultimate time value t'(n-1 in row t'i) when being all not exceptional value, record t (n-1) is the 3rd time value, t'(n-1) be
4th time value.
3rd time value t (n-1) and the time value before the 3rd time value t (n-1) in very first time value sequence are made successively
Difference, obtains the 5th sequence of differences ni;Specifically, ni=t (n-1)-ti, i=1,2 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain the 3rd time interval sequence, specifically
Ground, such as below equation:
M'i=(n-i) * δ t, i=1,2 ..., n-2;
By the 4th time value t'(n-1 in the second time value sequence) with the 4th time value t'(n-1) before time value successively
Differ from, obtain the 6th sequence of differences n'i;Specifically, n'i=t'(n-1)-t'i, i=1,2 ..., n-2;
It is poor that 5th sequence of differences ni and the 6th sequence of differences n'i are corresponding in turn to, and obtains the 7th sequence of differences di;Specifically
Ground, di=ni-n'i, i=1,2 ..., n-2;
Exceptional value in 7th sequence of differences di is eliminated, obtains the 8th sequence of differences d'i, i=1,2 ..., n-1;Specifically
Ground, the 7th sequence of differences di is eliminated after the exceptional value in the 7th sequence of differences di based on Pauta criterion or Grubbs test method
Obtain the 8th sequence of differences d'i
Eliminate between the time at the exceptional value same position in the 3rd time interval sequence and in the 7th sequence of differences simultaneously
Every value, obtain the 4th time interval sequence;
By the 8th sequence of differences d'i and the 4th time interval sequence carry out linear regression obtain the network equipment clock inclined
Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square
One of method.
The above-mentioned characteristic information collecting can be formed eigenvalue cluster a directly as eigenvalue by authenticating device, or will be upper
State the characteristic information collecting and eigenvalue composition eigenvalue cluster a is generated one by one by hash algorithm;
Authenticating device by the eigenvalue in eigenvalue cluster a according to priority order with eigenvalue cluster b in eigenvalue carry out right
Than;Eigenvalue cluster b is the eigenvalue cluster of the described network equipment prestoring, the concrete generating process of eigenvalue cluster b and above-mentioned
Sample;
Specifically, as described above, the eigenvalue in eigenvalue cluster a includes ip address, mac address, clock jitter, clock frequency
Rate and implementor name, these eigenvalues are according to priority made the form of a similar decision tree, according to form side from top to bottom
To being contrasted with corresponding eigenvalue in eigenvalue cluster b successively, when contrasting corresponding eigenvalue and being inconsistent, then can determine that
This network equipment is illegality equipment, now avoids the need for being determined again;
When the eigenvalue in eigenvalue cluster a and the eigenvalue in described eigenvalue cluster b are all consistent, then can determine that this network
Equipment is legitimate device, and authenticating device sends the signal by certification for the network equipment, then this network equipment is accessible to network
In.
It will be apparent that this authenticating device only needs to the eigenvalue cluster b of a prior storage networking device, network followed by sets
Standby multiple certification all gathers characteristic information corresponding with eigenvalue cluster b, generates eigenvalue cluster a according still further to said method, by feature
All eigenvalues in value group a are according to priority contrasted successively with all eigenvalues in eigenvalue cluster b, if all eigenvalues
All consistent, then it is legitimate device, you can by certification thus being linked in network, if it is inconsistent to contrast eigenvalue of safety
When, such as: as the eigenvalue of primary contrast, when contrast is out inconsistent, then the network equipment accessing is illegal for ip address
Equipment.
Especially, due to the renewal of network technology, authenticating device can collect the new eigenvalue of the network equipment, then certification is recognized
Card equipment obtains new eigenvalue and is stored in the eigenvalue cluster b being previously stored, and obtains eigenvalue cluster b';
Now by following two modes, the network equipment can be authenticated:
Mode one: authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b of the network equipment, obtains eigenvalue cluster a;
It is right that eigenvalue in eigenvalue in eigenvalue cluster a and eigenvalue cluster b is according to priority carried out by authenticating device successively
Ratio when contrasting corresponding eigenvalue and being inconsistent, then can determine that this network equipment is illegality equipment, now avoids the need for entering again
Row determined;
When the eigenvalue in eigenvalue cluster a and the eigenvalue in eigenvalue cluster b are all consistent, then can determine that this network equipment
For legitimate device, authenticating device sends the signal by certification for the network equipment, then this network equipment is accessible in network.
Mode two: when in network equipment connecting network, authenticating device can obtain with the eigenvalue cluster b' of the network equipment in
Corresponding eigenvalue, obtains eigenvalue cluster a';
Now, the eigenvalue in eigenvalue cluster a' is contrasted by authenticating device with the eigenvalue in eigenvalue cluster b', when
Contrast corresponding eigenvalue inconsistent when, then can determine that this network equipment be illegality equipment, now avoid the need for being sentenced again
Fixed;
When the eigenvalue in eigenvalue cluster a' and the eigenvalue in eigenvalue cluster b' are all consistent, then can determine that this network sets
Standby for legitimate device, authenticating device sends the signal by certification for this network equipment, then this network equipment is accessible to network
In.
It will be apparent that mode two is due to increased new eigenvalue, that is, further increase new comparative run, then the network equipment
Credibility lifted further, then which also further reduce False Rate, thus better ensuring that the safety of network.
A second aspect of the present invention provides a kind of network equipment mutual authentication method, comprising:
First authenticating device extracts the characteristic information of the second authenticating device, obtains eigenvalue cluster a1, and the second authenticating device carries
Take the characteristic information of the first authenticating device, obtain eigenvalue cluster b1;
Eigenvalue in eigenvalue cluster a1 is contrasted by the first authenticating device with the eigenvalue in described eigenvalue cluster a,
Eigenvalue cluster a is the eigenvalue cluster of described second authenticating device prestoring;When contrasting corresponding eigenvalue and being inconsistent,
Then can determine that this network equipment is illegality equipment, now avoid the need for being determined again;
When the eigenvalue in eigenvalue cluster a1 is consistent with the eigenvalue in described eigenvalue cluster a, then can determine that this network
Equipment is legitimate device, and the first authenticating device sends the signal by certification for described second authenticating device simultaneously;
Eigenvalue in described eigenvalue cluster b1 and the eigenvalue in eigenvalue cluster b are contrasted by the second authenticating device,
Eigenvalue cluster b is the eigenvalue cluster of described first authenticating device prestoring, when contrasting corresponding eigenvalue and being inconsistent,
Then can determine that this network equipment is illegality equipment, now avoid the need for being determined again;
When the eigenvalue in eigenvalue cluster b1 is consistent with the eigenvalue in described eigenvalue cluster b, then can determine that this network
Equipment is legitimate device, and the second authenticating device sends the signal by certification for first authenticating device simultaneously, then this first certification sets
Standby it is accessible in network with the second authenticating device.
It is pointed out that in bilateral network device authentication first authenticating device obtain the second authenticating device characteristic information and
The method that second authenticating device obtains the first authenticating device characteristic information obtains characteristic information with authenticating device during unilateral authentication
Method is consistent, and characteristic information is alternatively above-mentioned characteristic information (ip address, the media access control address (media comprising
Access contro, mac) address, clock jitter, clock frequency and implementor name.) same this feature information can be directly as spy
Value indicative, constitutive characteristic value group, also can by hash algorithm generate hash algorithm value, reconstruct eigenvalue cluster, repeat no more here.
It is pointed out that in bi-directional device certification, as long as there being side's authenticating device to be illegality equipment, then this mutual authentication
Equipment all certifications are unsuccessful, this right and wrong for the high network of network security requirements (for example: bank network, police network)
Often necessary.
Further, either network equipment unilateral authentication or two-way authentication, when the network equipment is linked in network
When, if authenticating device has had determined that any one eigenvalue is inconsistent, authenticating device need not contrast other eigenvalues again
, you can judge this network equipment for illegality equipment.
Corresponding with embodiment of the method, a third aspect of the present invention provides a kind of authenticating device, as shown in Fig. 2 can wrap
Include:
Acquisition module 201, for gathering the characteristic information of the network equipment, and generates eigenvalue cluster a;
Contrast module 202 is right for carrying out the eigenvalue in the eigenvalue in described eigenvalue cluster a and eigenvalue cluster b
Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment that described acquisition module is previously stored to ratio.
Specifically, when in LAN, acquisition module 201 gathers the address resolution protocol packet that the network equipment sends,
Directly read the ip address in described packet.
The method that acquisition module 201 gathers the mac address of the network equipment is:
When in LAN, when acquisition module 201 monitors that the network equipment is linked in network, acquisition module 201 is to net
Network equipment sends network message (address resolution protocol authentication data packet), treats that the network equipment returns the network message of the network equipment
After (address resolution protocol authentication data packet), the packet that acquisition module 201 parsing receives, extracts mac address.
The method that acquisition module 201 gathers the implementor name of the described network equipment is:
Acquisition module 201 directly scans the version information of the network equipment by its device scan software tool (such as: nmap),
Obtain the implementor name of this network equipment.
The method that acquisition module 201 gathers the clock frequency of the network equipment is:
Step s1: acquisition module 201 gathers the packet with timestamp value for the network equipment at least twice and extracts each band
There is the timestamp value of timestamp value packet;
Step s2: last collection is carried the timestamp value extracted in the packet of timestamp value by acquisition module 201
With from first time collection with timestamp value packet in extract timestamp value make difference obtain time difference, then divided by this two
Obtain a quotient individual interval time, wherein time interval is the packet with collection for the first time for the packet of last collection
Between time;
Step s3: acquisition module 201 is repeated several times step s1~step s2, obtains multiple quotients, and multiple quotients are made even
All obtain the clock frequency of the described network equipment.
The method that acquisition module 201 gathers the clock jitter of the network equipment is:
Acquisition module 201 is pressed preset time interval δ t and is sent the n packet with timestamp value to the network equipment;Connect
Receive the n response package with timestamp value of described network equipment transmission, and record receives n with timestamp successively
The time value of the response package of value, obtains very first time value sequence, is designated as ti, i=1,2 ..., n;
The n timestamp value with the response package of timestamp value is processed successively, is obtained the second time value sequence
Row, are designated as t'i, i=1,2 ..., n;
Measure the timestamp value in each described response package with timestamp value, by each packet
Timestamp value obtains the second time value sequence divided by the system clock frequency in corresponding data bag, is designated as t'i, i=1,2 ...,
n;
Two timestamp value carrying in the response package of timestamp value that system clock frequency passes through to receive are poor
Obtain difference, then the time interval with the response package of timestamp value obtains divided by above-mentioned two by this difference.
Very first time value sequence is processed with the second time value sequence, is obtained the clock jitter of the described network equipment.
Especially, can be obtained by following two processing methods:
Method one: in very first time value sequence ti and the second time value sequence t'i respectively by sequentially carrying out from front to back
Exceptional value judges;Wherein, the method for judgement can be: due to being the time value recording successively, then in very first time value sequence
Time value should be proportional incremental, if some time value deviates considerably from this increasing trend, is exceptional value, in the same manner,
The exceptional value determination methods of the second time value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first
When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as very first time value, records the second time value
The time value of order in sequence, is designated as the second time value;
For example, judge first in second time value t2 and the second time value sequence t'i in very first time value sequence ti
When second time value t'2 is all not exceptional value, record t2 was worth for the very first time, and t'2 is the second time value.
Make with very first time value t2 successively rear time value t3 of very first time value t2 from very first time value sequence
Difference, obtains the first sequence of differences ri, specifically,
Ri=t (i+2)-t2, i=1,2 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain very first time intervening sequence, specifically
Ground, such as below equation:
Mi=i* δ t, i=1,2 ..., n-2;
Rear time value t'3 of the second time value t'2 from the second time value sequence successively with the second time value t'2
Differ from, obtain the second sequence of differences r'i, specifically,
R'i=t'(i+2)-t'2, i=1,2 ..., n-2;
It is poor that first sequence of differences ri and the second sequence of differences r'i are corresponding in turn to, and obtains the 3rd sequence of differences ei;Specifically
Ground, ei=ri-r'i, i=1,2 ..., n-2;
Exceptional value in 3rd sequence of differences ei is eliminated, obtains the 4th sequence of differences e'i, i=1,2 ..., n-1;Specifically
Ground, the 3rd sequence of differences ei is eliminated after the exceptional value in the 3rd sequence of differences ei based on Pauta criterion or Grubbs test method
Obtain the 4th sequence of differences e'i, and eliminate in very first time intervening sequence with the 3rd sequence of differences in exceptional value same position
The time interval value at place, obtains the second time interval sequence;
By the 4th sequence of differences e'i and the second time interval sequence carry out linear regression obtain the network equipment clock inclined
Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square
One of method.
Method two:
Sentence by sequentially carrying out exceptional value from back to front respectively in very first time value sequence ti and the second time value sequence t'i
Disconnected;Wherein, the method for judgement can be: due to being the time value recording successively, then the time value in very first time value sequence should
Should be proportional incremental, if some time value deviates considerably from this increasing trend, be exceptional value, in the same manner, the second time
The exceptional value determination methods of value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first
When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as the 3rd time value, when recording described second
Between in value sequence order time value, be designated as the 4th time value;
For example, penultimate time value t (n-1) and the second time value sequence in very first time value sequence ti are judged first
Penultimate time value t'(n-1 in row t'i) when being all not exceptional value, record t (n-1) is the 3rd time value, t'(n-1) be
4th time value.
3rd time value t (n-1) and the time value before the 3rd time value t (n-1) in very first time value sequence are made successively
Difference, obtains the 5th sequence of differences ni;Specifically, ni=t (n-1)-ti, i=1,2 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain the 3rd time interval sequence, specifically
Ground, such as below equation:
M'i=(n-i) * δ t, i=1,2 ..., n-2;
By the 4th time value t'(n-1 in the second time value sequence) with the 4th time value t'(n-1) before time value successively
Differ from, obtain the 6th sequence of differences n'i;Specifically, n'i=t'(n-1)-t'i, i=1,2 ..., n-2;
It is poor that 5th sequence of differences ni and the 6th sequence of differences n'i are corresponding in turn to, and obtains the 7th sequence of differences di;Specifically
Ground, di=ni-n'i, i=1,2 ..., n-2;
Exceptional value in 7th sequence of differences di is eliminated, obtains the 8th sequence of differences d'i, i=1,2 ..., n-1;Specifically
Ground, the 7th sequence of differences di is eliminated after the exceptional value in the 7th sequence of differences di based on Pauta criterion or Grubbs test method
Obtain the 8th sequence of differences d'i
Eliminate between the time at the exceptional value same position in the 3rd time interval sequence and in the 7th sequence of differences simultaneously
Every value, obtain the 4th time interval sequence;
By the 8th sequence of differences d'i and the 4th time interval sequence carry out linear regression obtain the network equipment clock inclined
Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square
One of method.
The above-mentioned characteristic information collecting can be formed eigenvalue cluster a directly as eigenvalue by acquisition module 201, or will
The above-mentioned characteristic information collecting generates eigenvalue one by one by hash algorithm and forms eigenvalue cluster a;
Eigenvalue in eigenvalue cluster a is contrasted one by one by contrast module 202 with the eigenvalue in eigenvalue cluster b;Special
Value indicative group b is the eigenvalue cluster of the described network equipment prestoring;(the concrete generating process of eigenvalue cluster b is same as above);
When the eigenvalue in eigenvalue cluster a and the eigenvalue in described eigenvalue cluster b are all consistent, contrast module 202
Go out the signal by certification for the described network equipment, then this network equipment is accessible in network.
Above a kind of network equipment identification method provided by the present invention and authenticating device are described in detail.Herein
In apply specific case the principle of the present invention and embodiment be set forth, the explanation of above example is only intended to help
Assistant's solution method of the present invention and its core concept.It should be pointed out that for those skilled in the art, not
On the premise of departing from the principle of the invention, the present invention can also be carried out with some improvement and modify, these improve and modification also falls into
In the protection domain of the claims in the present invention.
Claims (10)
1. a kind of network equipment identification method is it is characterised in that methods described includes:
Authenticating device gathers the characteristic information of the network equipment, generates eigenvalue cluster a;
Eigenvalue in described eigenvalue cluster a is according to priority entered by authenticating device successively with corresponding eigenvalue in eigenvalue cluster b
Row contrast;Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment prestoring;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent, judge
The described network equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge described net
Network equipment is legitimate device.
2. network equipment identification method according to claim 1 it is characterised in that described characteristic information include ip address,
Mac address, clock jitter, clock frequency and implementor name.
3. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network
The method of the ip address of equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries ip address, obtains institute
State the ip address of the network equipment.
4. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network
The method of the mac address of equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries mac address, obtains
The mac address of the described network equipment.
5. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network
The method of the implementor name of equipment is:
Described authenticating device directly scans the version information of the described network equipment by device scan instrument, obtains described network and sets
Standby implementor name.
6. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network
The method of the clock frequency of equipment is:
Step s1: described authenticating device gathers the packet of the network equipment at least twice, extracts the timestamp value of each packet;
Step s2: calculate the timestamp value extracted from the packet of last collection and from the packet of first time collection
The difference of the timestamp value extracted, described difference is obtained a quotient divided by time interval, and described interval time is last
Time between the packet of secondary collection and for the first time packet of collection;
Step s3: step s1~step s2 is repeated several times, obtains multiple quotients, the plurality of quotient is averaged and obtains described net
The clock frequency of network equipment.
7. network equipment identification method according to claim 1 is it is characterised in that described authenticating device obtains new feature
It is worth and is stored in eigenvalue cluster b, obtain eigenvalue cluster b';
Described authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b' of the described network equipment, obtains eigenvalue cluster a';
Described authenticating device by the eigenvalue in described eigenvalue cluster a' according to priority successively with eigenvalue cluster b' in eigenvalue
Contrasted;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a' and described eigenvalue cluster b' and being inconsistent, sentence
The fixed described network equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a' and corresponding eigenvalue in described eigenvalue cluster b' are all consistent, judge described
The network equipment is legitimate device.
8. network equipment identification method according to claim 7 is it is characterised in that described authenticating device obtains and described net
Corresponding eigenvalue in the eigenvalue cluster b of network equipment, obtains eigenvalue cluster a;
Eigenvalue in described eigenvalue cluster a is according to priority entered by described authenticating device successively with the eigenvalue in eigenvalue cluster b
Row contrast;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent, judge
The described network equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge described net
Network equipment is legitimate device.
9. a kind of network equipment mutual authentication method is it is characterised in that methods described includes:
First authenticating device extracts the characteristic information of the second authenticating device, obtains eigenvalue cluster a1, and described second authenticating device carries
Take the characteristic information of described first authenticating device, obtain eigenvalue cluster b1;
Described first authenticating device by the eigenvalue in described eigenvalue cluster a1 according to priority successively with described eigenvalue cluster a in
Eigenvalue is contrasted, and described eigenvalue cluster a is the eigenvalue cluster of described second authenticating device prestoring;When contrasting
State eigenvalue eigenvalue corresponding with described eigenvalue cluster b1 in eigenvalue cluster a1 inconsistent when, judge the described network equipment
For illegality equipment;
When the eigenvalue in described eigenvalue cluster a1 and corresponding eigenvalue in described eigenvalue cluster b1 are all consistent, judge described
The network equipment is legitimate device;
Described second authenticating device by the eigenvalue in described eigenvalue cluster b1 according to priority successively with described eigenvalue cluster b in
Eigenvalue is contrasted, and described eigenvalue cluster b is the eigenvalue cluster of described first authenticating device prestoring, when contrasting
State eigenvalue eigenvalue corresponding with described eigenvalue cluster a1 in eigenvalue cluster b1 inconsistent when, judge the described network equipment
For illegality equipment;
When the eigenvalue in described eigenvalue cluster b1 and corresponding eigenvalue in described eigenvalue cluster a1 are all consistent, judge described
The network equipment is legitimate device.
10. a kind of authenticating device is it is characterised in that include:
Acquisition module, for gathering the characteristic information of the network equipment, and generates eigenvalue cluster a;
Contrast module, for being contrasted the eigenvalue in described eigenvalue cluster a and the eigenvalue in eigenvalue cluster b, described
Eigenvalue cluster b is the eigenvalue cluster of the described network equipment that described acquisition module is previously stored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610779289.0A CN106375301B (en) | 2016-08-30 | 2016-08-30 | Network equipment authentication method and authentication equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610779289.0A CN106375301B (en) | 2016-08-30 | 2016-08-30 | Network equipment authentication method and authentication equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106375301A true CN106375301A (en) | 2017-02-01 |
CN106375301B CN106375301B (en) | 2020-01-03 |
Family
ID=57902299
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610779289.0A Active CN106375301B (en) | 2016-08-30 | 2016-08-30 | Network equipment authentication method and authentication equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106375301B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404491A (en) * | 2017-08-14 | 2017-11-28 | 腾讯科技(深圳)有限公司 | Terminal environments method for detecting abnormality, detection means and computer-readable recording medium |
CN115086072A (en) * | 2022-07-20 | 2022-09-20 | 紫光同芯微电子有限公司 | Smart card attack testing method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010010081A1 (en) * | 2000-01-25 | 2001-07-26 | Kotaro Nagahama | Terminal certification system and method of certifying the same |
CN1703004A (en) * | 2005-02-28 | 2005-11-30 | 联想(北京)有限公司 | Method for implementing network access authentication |
CN101977383A (en) * | 2010-08-03 | 2011-02-16 | 北京星网锐捷网络技术有限公司 | Authentication processing method, system, client side and server for network access |
CN103096301A (en) * | 2011-10-31 | 2013-05-08 | 华为技术有限公司 | Method for verifying wireless local area network access point and station for the same |
CN103716795A (en) * | 2012-10-09 | 2014-04-09 | 中兴通讯股份有限公司 | Wireless network safe access method, apparatus and system |
CN104394180A (en) * | 2014-12-18 | 2015-03-04 | 电子科技大学 | Wireless terminal authentication method, wireless router and system |
CN105450652A (en) * | 2015-12-03 | 2016-03-30 | 迈普通信技术股份有限公司 | Authentication method, device and system |
CN105553981A (en) * | 2015-12-18 | 2016-05-04 | 成都三零瑞通移动通信有限公司 | Rapid authentication and key negotiation method for WLAN |
-
2016
- 2016-08-30 CN CN201610779289.0A patent/CN106375301B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010010081A1 (en) * | 2000-01-25 | 2001-07-26 | Kotaro Nagahama | Terminal certification system and method of certifying the same |
CN1703004A (en) * | 2005-02-28 | 2005-11-30 | 联想(北京)有限公司 | Method for implementing network access authentication |
CN101977383A (en) * | 2010-08-03 | 2011-02-16 | 北京星网锐捷网络技术有限公司 | Authentication processing method, system, client side and server for network access |
CN103096301A (en) * | 2011-10-31 | 2013-05-08 | 华为技术有限公司 | Method for verifying wireless local area network access point and station for the same |
CN103716795A (en) * | 2012-10-09 | 2014-04-09 | 中兴通讯股份有限公司 | Wireless network safe access method, apparatus and system |
CN104394180A (en) * | 2014-12-18 | 2015-03-04 | 电子科技大学 | Wireless terminal authentication method, wireless router and system |
CN105450652A (en) * | 2015-12-03 | 2016-03-30 | 迈普通信技术股份有限公司 | Authentication method, device and system |
CN105553981A (en) * | 2015-12-18 | 2016-05-04 | 成都三零瑞通移动通信有限公司 | Rapid authentication and key negotiation method for WLAN |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404491A (en) * | 2017-08-14 | 2017-11-28 | 腾讯科技(深圳)有限公司 | Terminal environments method for detecting abnormality, detection means and computer-readable recording medium |
CN107404491B (en) * | 2017-08-14 | 2018-06-22 | 腾讯科技(深圳)有限公司 | Terminal environments method for detecting abnormality, detection device and computer readable storage medium |
CN115086072A (en) * | 2022-07-20 | 2022-09-20 | 紫光同芯微电子有限公司 | Smart card attack testing method and device |
CN115086072B (en) * | 2022-07-20 | 2022-12-16 | 紫光同芯微电子有限公司 | Smart card attack testing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106375301B (en) | 2020-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103269332B (en) | Safeguard system for power secondary system | |
CN103313429B (en) | A kind of processing method identifying forgery WIFI hot spot | |
CN104796261A (en) | Secure access control system and method for network terminal nodes | |
CN104363207B (en) | Multiple-factor strengthens safely authorization and identification method | |
CN106254370B (en) | A kind of network equipment fingerprint generation method and detecting devices | |
CN101557287A (en) | Method for identity identification according to characteristics of user keystroke | |
Cui et al. | Spatio-temporal characterization of synchrophasor data against spoofing attacks in smart grids | |
CN106790238A (en) | It is a kind of to forge CSRF defence authentication method and device across station request | |
CN103166966B (en) | Identify the method to the unauthorized access request of website and device | |
CN103929440A (en) | Web page tamper prevention device based on web server cache matching and method thereof | |
CN109257393A (en) | XSS attack defence method and device based on machine learning | |
CN103118035A (en) | Website access request parameter legal range analysis method and device | |
CN109756460A (en) | A kind of anti-replay-attack method and device | |
CN106453378A (en) | Data authentication method, apparatus and system | |
CN103178969A (en) | Service authentication method and system | |
CN110135162A (en) | The recognition methods of the back door WEBSHELL, device, equipment and storage medium | |
CN106375301A (en) | Network device authentication method and device | |
CN106209905A (en) | A kind of network safety managing method and device | |
CN111901128A (en) | Method and system for protecting data safety of water purification equipment based on block chain | |
KR20160087187A (en) | Cyber blackbox system and method thereof | |
CN113630421A (en) | Method for preventing data migration of web system based on asymmetric encryption algorithm | |
CN113949414A (en) | Low-voltage power line carrier communication trusted security access method | |
CN104518871B (en) | A kind of network platform and method of self-service certification movable storage device | |
CN204697072U (en) | A kind of secure accessing managing and control system of network end nodes | |
CN101980477A (en) | Method and device for detecting number of shadow users, and network equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Zhang Yi Inventor after: Hu Tao Inventor after: Huang Degao Inventor after: Zhang Lei Inventor after: Li Peng Inventor after: Yan Zhangling Inventor before: Zhang Yi Inventor before: Hu Tao Inventor before: Huang Degao Inventor before: Zhang Lei Inventor before: Li Peng |
|
CB03 | Change of inventor or designer information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |