CN106375301A - Network device authentication method and device - Google Patents

Network device authentication method and device Download PDF

Info

Publication number
CN106375301A
CN106375301A CN201610779289.0A CN201610779289A CN106375301A CN 106375301 A CN106375301 A CN 106375301A CN 201610779289 A CN201610779289 A CN 201610779289A CN 106375301 A CN106375301 A CN 106375301A
Authority
CN
China
Prior art keywords
eigenvalue
network equipment
cluster
authenticating device
eigenvalue cluster
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610779289.0A
Other languages
Chinese (zh)
Other versions
CN106375301B (en
Inventor
张奕
胡涛
黄得高
张磊
李鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Source Information Technology Co Ltd
Original Assignee
Chengdu Source Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Source Information Technology Co Ltd filed Critical Chengdu Source Information Technology Co Ltd
Priority to CN201610779289.0A priority Critical patent/CN106375301B/en
Publication of CN106375301A publication Critical patent/CN106375301A/en
Application granted granted Critical
Publication of CN106375301B publication Critical patent/CN106375301B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Abstract

The invention discloses a network device authentication method and device. The method comprises the following steps: the authentication device collects characteristic information of a network device and generates a characteristic value group A; the authentication device compares characteristic values in the characteristic value group A with corresponding characteristic values in a characteristic value group B in sequence according to priorities, wherein the characteristic value group B is a characteristic value group pre-stored in the network device; when the characteristic values in the characteristic value group A are inconsistent with the characteristic values in the characteristic value group B, the network device is judged as an illegal device; and when the characteristic values in the characteristic value group A are all consistent with the characteristic values in the characteristic value group B, the network device is judged as a legal device.

Description

A kind of network equipment identification method and authenticating device
Technical field
The present invention relates to technical field of network security, more particularly to a kind of network equipment identification method and authenticating device.
Background technology
The speed of social informatization is constantly accelerated, and the increasing network equipment needs to be linked in network and just can carry out Communication, and the legitimacy certification of the network equipment has become a big hidden danger of network security.It is ensured that legitimate device accesses in prior art The authentication mechanism of network, is normally based on the authentication mechanism of local information: pass through to bind Internet protocol (internet Protocol, ip) authentication mechanism of address and medium access control (media access control, mac) address or pass through Matching used software is installed and does the authentication mechanism that corresponding configuration the network equipment is authenticated.
Although the authentication mechanism certification by binding ip address and mac address is simple and convenient, because illegality equipment holds Easily legitimate device network environment is accessed by the ip address and mac address of counterfeit legitimate device, thus can not safely and effectively protect The legitimacy of the barrier network equipment.Although and passing through the authentication mechanism peace installed matching used software or hardware and do corresponding configuration Full property increases, but the pattern of this authentication mechanism is fixed, and does not have universality, and compatibility is poor.
Content of the invention
For solving the above problems, first aspect present invention provides a kind of network equipment identification method, is used for realizing unidirectional network Network device authentication, methods described includes:
Authenticating device gathers the characteristic information of the network equipment, generates eigenvalue cluster a;
Authenticating device by the eigenvalue in described eigenvalue cluster a according to priority successively with corresponding feature in eigenvalue cluster b Value is contrasted;Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment prestoring;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent, Judge the described network equipment as illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge institute Stating the network equipment is legitimate device.
Further, described characteristic information includes ip address, mac address, clock jitter, clock frequency and implementor name.
Further, the method that described authenticating device gathers the ip address of the described network equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries ip address, obtains Obtain the ip address of the described network equipment.
Further, the method that described authenticating device gathers the mac address of the described network equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries mac address, Obtain the mac address of the described network equipment
Further, the method that described authenticating device gathers the implementor name of the described network equipment is:
Described authenticating device directly scans the version of the described network equipment by device scan instrument
Information, obtains the implementor name of the described network equipment.
Further, the method that described authenticating device gathers the clock frequency of the described network equipment is:
Step s1: described authenticating device gathers the packet of the network equipment at least twice, extracts the time of each packet Timestamp value;
Step s2: calculate the timestamp value extracted from the packet of last collection and the data from first time collection The difference of the timestamp value extracted in bag, described difference is obtained a quotient divided by time interval, and described interval time is Time between the packet once gathering afterwards and the packet gathering for the first time;
Step s3: step s1~step s2 is repeated several times, obtains multiple quotients, the plurality of quotient is averaged and obtains institute State the clock frequency of the network equipment.
Further, described authenticating device obtains new eigenvalue and is stored in eigenvalue cluster b, obtains eigenvalue cluster b';
Described authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b' of the described network equipment, obtains eigenvalue cluster a';
Described authenticating device by the eigenvalue in described eigenvalue cluster a' according to priority successively with eigenvalue cluster b' in spy Value indicative is contrasted;
When contrasting, corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a' and described eigenvalue cluster b' is inconsistent When, judge the described network equipment as illegality equipment;
When the eigenvalue in described eigenvalue cluster a' and corresponding eigenvalue in described eigenvalue cluster b' are all consistent, judge The described network equipment is legitimate device.
Further, described authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b of the described network equipment, obtains Eigenvalue cluster a;
Described authenticating device by the eigenvalue in described eigenvalue cluster a according to priority successively with eigenvalue cluster b in feature Value is contrasted;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent, Judge the described network equipment as illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge institute Stating the network equipment is legitimate device.
A second aspect of the present invention provides a kind of network equipment mutual authentication method it is characterised in that methods described includes:
First authenticating device extracts the characteristic information of the second authenticating device, obtains eigenvalue cluster a1, and described second certification sets The standby characteristic information extracting described first authenticating device, obtains eigenvalue cluster b1;
Described first authenticating device by the eigenvalue in described eigenvalue cluster a1 according to priority successively with described eigenvalue cluster a In eigenvalue contrasted, described eigenvalue cluster a is the eigenvalue cluster of described second authenticating device prestoring;Work as contrast Go out eigenvalue eigenvalue corresponding with described eigenvalue cluster b1 in described eigenvalue cluster a1 inconsistent when, judge described network Equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a1 and corresponding eigenvalue in described eigenvalue cluster b1 are all consistent, judge The described network equipment is legitimate device;
Described second authenticating device by the eigenvalue in described eigenvalue cluster b1 according to priority successively with described eigenvalue cluster b In eigenvalue contrasted, described eigenvalue cluster b is the eigenvalue cluster of described first authenticating device prestoring, and works as contrast Go out eigenvalue eigenvalue corresponding with described eigenvalue cluster a1 in described eigenvalue cluster b1 inconsistent when, judge described network Equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster b1 and corresponding eigenvalue in described eigenvalue cluster a1 are all consistent, judge The described network equipment is legitimate device.
A third aspect of the present invention provides a kind of authenticating device it is characterised in that including:
Acquisition module, for gathering the characteristic information of the network equipment, and generates eigenvalue cluster a;
Contrast module, for the eigenvalue in described eigenvalue cluster a and the eigenvalue in eigenvalue cluster b are contrasted, Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment that described acquisition module is previously stored.
Beneficial effect
A kind of network equipment identification method provided by the present invention, by extracting in advance and preserving intrinsic in the network equipment Eigenvalue cluster b, when in this network equipment connecting network, extracts its eigenvalue cluster a, again by the eigenvalue in eigenvalue cluster a According to priority contrasted with the eigenvalue in eigenvalue cluster b, when contrasting eigenvalue and being inconsistent, then be can determine that this network sets Standby for illegality equipment;Only when the eigenvalue in value indicative group a and the eigenvalue in eigenvalue cluster b are all consistent, just can determine that this The network equipment is legitimate device;Therefore only have same equipment be linked in network, by extract its intrinsic eigenvalue cluster a again with Inherent feature group b stored in advance is contrasted, and this network equipment just can pass through certification.
It can thus be seen that network equipment identification method provided by the present invention significantly reduces False Rate thus very well Ensure that the safety of network, and the present invention does not have hardware or software requirement to the network equipment, so using the method very yet Convenient;
Furthermore the authenticating device of the present invention obtains the new eigenvalue of the network equipment at any time, restore in existing eigenvalue cluster, When the network equipment is authenticated, authenticating device accordingly gathers the characteristic information of the network equipment, obtains the feature updating therewith That is to say, that the eigenvalue of contrast increases, then the credibility of the network equipment improves value group, reduces False Rate further thus more Ensure well the safety of network.
Brief description
A kind of flow chart of extraction network equipment identification method that Fig. 1 provides for the present invention.
A kind of network equipment infrastructure schematic diagram that Fig. 2 provides for the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is all other that those of ordinary skill in the art are obtained under the premise of not making creative work Embodiment, broadly falls into the scope of protection of the invention.
A kind of network equipment identification method flow chart that the present invention provides is as shown in figure 1, being used for unidirectional device certification, described Method includes:
Authenticating device gathers the characteristic information of the network equipment, generates eigenvalue cluster a;
Specifically, the characteristic information of the authenticating device collection network equipment includes: the ip address of this network equipment, media interviews Control address (media access contro, mac) address, clock jitter, clock frequency and implementor name.
Further, the method that authenticating device gathers the ip address of the network equipment is:
When in LAN, authenticating device gathers the address resolution protocol packet that the network equipment sends, and directly reads institute State the ip address in packet.
Not in LAN, authenticating device directly scans the described network equipment by device scan instrument and carries ip address Packet, obtains the ip address of the described network equipment.
Further, the method that authenticating device gathers the mac address of the network equipment is:
When in LAN, when authenticating device monitors that the network equipment is linked in network, authenticating device is to the network equipment Send network message (address resolution protocol authentication data packet), treat that the network equipment returns network message (the address solution of the network equipment Analysis protocol authentication packet) after, the packet that authenticating device parsing receives, extracts mac address.
Not in LAN, authenticating device directly scans the described network equipment by device scan instrument and carries mac address Packet, obtain the described network equipment mac address
Further, the method that described authenticating device gathers the implementor name of the described network equipment is:
Authenticating device directly scans the version information of the network equipment by its device scan software tool (such as: nmap), obtains Take the implementor name of this network equipment.
Specifically, the method that authenticating device gathers the clock frequency of the network equipment is:
Step s1: authenticating device gathers the packet with timestamp value for the network equipment at least twice and extracts each band sometimes Between timestamp value packet timestamp value;
Step s2: calculate the timestamp value extracted from the packet with timestamp value for the last collection with from first The difference with the timestamp value extracted in the packet of timestamp value for the secondary collection, then obtain a quotient divided by times of collection;
Step s3: step s1~step s2 is repeated several times, obtains multiple quotients, multiple quotients are averaged and obtain described net The clock frequency of network equipment.
Further, the method that authenticating device gathers the clock jitter of the network equipment is:
Authenticating device is pressed preset time interval δ t and is sent the n packet with timestamp value to the network equipment;Receive institute State the n response package with timestamp value of network equipment transmission, and record receives n with timestamp value successively The time value of response package, obtains very first time value sequence, is designated as ti, i=1,2 ..., n;
The n timestamp value with the response package of timestamp value is processed successively, is obtained the second time value sequence Row, are designated as t'i, i=1,2 ..., n;
Measure the timestamp value in each described response package with timestamp value, by each packet Timestamp value obtains the second time value sequence divided by the system clock frequency in corresponding data bag, is designated as t'i, i=1,2 ..., n;
Two timestamp value carrying in the response package of timestamp value that system clock frequency passes through to receive are poor Obtain difference, then the time interval with the response package of timestamp value obtains divided by above-mentioned two by this difference.
Very first time value sequence is processed with the second time value sequence, is obtained the clock jitter of the described network equipment.
Especially, can be obtained by following two processing methods:
Method one: in very first time value sequence ti and the second time value sequence t'i respectively by sequentially carrying out from front to back Exceptional value judges;Wherein, the method for judgement can be: due to being the time value recording successively, then in very first time value sequence Time value should be proportional incremental, if some time value deviates considerably from this increasing trend, is exceptional value, in the same manner, The exceptional value determination methods of the second time value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as very first time value, records the second time value The time value of order in sequence, is designated as the second time value;
For example, judge first in second time value t2 and the second time value sequence t'i in very first time value sequence ti When second time value t'2 is all not exceptional value, record t2 was worth for the very first time, and t'2 is the second time value.
Make with very first time value t2 successively rear time value t3 of very first time value t2 from very first time value sequence Difference, obtains the first sequence of differences ri, specifically,
Ri=t (i+2)-t2, i=3,4 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain very first time intervening sequence, specifically Ground, such as below equation:
Mi=i* δ t, i=1,2 ..., n-2;
Rear time value t'3 of the second time value t'2 from the second time value sequence successively with the second time value t'2 Differ from, obtain the second sequence of differences r'i, specifically,
R'i=t'(i+2)-t'2, i=1,2 ..., n-2;
It is poor that first sequence of differences ri and the second sequence of differences r'i are corresponding in turn to, and obtains the 3rd sequence of differences ei;Specifically Ground, ei=ri-r'i, i=1,2 ..., n-2;
Exceptional value in 3rd sequence of differences ei is eliminated, obtains the 4th sequence of differences e'i, i=1,2 ..., n-1;Specifically Ground, the 3rd sequence of differences ei is eliminated after the exceptional value in the 3rd sequence of differences ei based on Pauta criterion or Grubbs test method Obtain the 4th sequence of differences e'i, and eliminate in very first time intervening sequence with the 3rd sequence of differences in exceptional value same position The time interval value at place, obtains the second time interval sequence;
By the 4th sequence of differences e'i and the second time interval sequence carry out linear regression obtain the network equipment clock inclined Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square One of method.
Method two:
Sentence by sequentially carrying out exceptional value from back to front respectively in very first time value sequence ti and the second time value sequence t'i Disconnected;Wherein, the method for judgement can be: due to being the time value recording successively, then the time value in very first time value sequence should Should be proportional incremental, if some time value deviates considerably from this increasing trend, be exceptional value, in the same manner, the second time The exceptional value determination methods of value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as the 3rd time value, when recording described second Between in value sequence order time value, be designated as the 4th time value;
For example, penultimate time value t (n-1) and the second time value sequence in very first time value sequence ti are judged first Penultimate time value t'(n-1 in row t'i) when being all not exceptional value, record t (n-1) is the 3rd time value, t'(n-1) be 4th time value.
3rd time value t (n-1) and the time value before the 3rd time value t (n-1) in very first time value sequence are made successively Difference, obtains the 5th sequence of differences ni;Specifically, ni=t (n-1)-ti, i=1,2 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain the 3rd time interval sequence, specifically Ground, such as below equation:
M'i=(n-i) * δ t, i=1,2 ..., n-2;
By the 4th time value t'(n-1 in the second time value sequence) with the 4th time value t'(n-1) before time value successively Differ from, obtain the 6th sequence of differences n'i;Specifically, n'i=t'(n-1)-t'i, i=1,2 ..., n-2;
It is poor that 5th sequence of differences ni and the 6th sequence of differences n'i are corresponding in turn to, and obtains the 7th sequence of differences di;Specifically Ground, di=ni-n'i, i=1,2 ..., n-2;
Exceptional value in 7th sequence of differences di is eliminated, obtains the 8th sequence of differences d'i, i=1,2 ..., n-1;Specifically Ground, the 7th sequence of differences di is eliminated after the exceptional value in the 7th sequence of differences di based on Pauta criterion or Grubbs test method Obtain the 8th sequence of differences d'i
Eliminate between the time at the exceptional value same position in the 3rd time interval sequence and in the 7th sequence of differences simultaneously Every value, obtain the 4th time interval sequence;
By the 8th sequence of differences d'i and the 4th time interval sequence carry out linear regression obtain the network equipment clock inclined Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square One of method.
The above-mentioned characteristic information collecting can be formed eigenvalue cluster a directly as eigenvalue by authenticating device, or will be upper State the characteristic information collecting and eigenvalue composition eigenvalue cluster a is generated one by one by hash algorithm;
Authenticating device by the eigenvalue in eigenvalue cluster a according to priority order with eigenvalue cluster b in eigenvalue carry out right Than;Eigenvalue cluster b is the eigenvalue cluster of the described network equipment prestoring, the concrete generating process of eigenvalue cluster b and above-mentioned Sample;
Specifically, as described above, the eigenvalue in eigenvalue cluster a includes ip address, mac address, clock jitter, clock frequency Rate and implementor name, these eigenvalues are according to priority made the form of a similar decision tree, according to form side from top to bottom To being contrasted with corresponding eigenvalue in eigenvalue cluster b successively, when contrasting corresponding eigenvalue and being inconsistent, then can determine that This network equipment is illegality equipment, now avoids the need for being determined again;
When the eigenvalue in eigenvalue cluster a and the eigenvalue in described eigenvalue cluster b are all consistent, then can determine that this network Equipment is legitimate device, and authenticating device sends the signal by certification for the network equipment, then this network equipment is accessible to network In.
It will be apparent that this authenticating device only needs to the eigenvalue cluster b of a prior storage networking device, network followed by sets Standby multiple certification all gathers characteristic information corresponding with eigenvalue cluster b, generates eigenvalue cluster a according still further to said method, by feature All eigenvalues in value group a are according to priority contrasted successively with all eigenvalues in eigenvalue cluster b, if all eigenvalues All consistent, then it is legitimate device, you can by certification thus being linked in network, if it is inconsistent to contrast eigenvalue of safety When, such as: as the eigenvalue of primary contrast, when contrast is out inconsistent, then the network equipment accessing is illegal for ip address Equipment.
Especially, due to the renewal of network technology, authenticating device can collect the new eigenvalue of the network equipment, then certification is recognized Card equipment obtains new eigenvalue and is stored in the eigenvalue cluster b being previously stored, and obtains eigenvalue cluster b';
Now by following two modes, the network equipment can be authenticated:
Mode one: authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b of the network equipment, obtains eigenvalue cluster a;
It is right that eigenvalue in eigenvalue in eigenvalue cluster a and eigenvalue cluster b is according to priority carried out by authenticating device successively Ratio when contrasting corresponding eigenvalue and being inconsistent, then can determine that this network equipment is illegality equipment, now avoids the need for entering again Row determined;
When the eigenvalue in eigenvalue cluster a and the eigenvalue in eigenvalue cluster b are all consistent, then can determine that this network equipment For legitimate device, authenticating device sends the signal by certification for the network equipment, then this network equipment is accessible in network.
Mode two: when in network equipment connecting network, authenticating device can obtain with the eigenvalue cluster b' of the network equipment in Corresponding eigenvalue, obtains eigenvalue cluster a';
Now, the eigenvalue in eigenvalue cluster a' is contrasted by authenticating device with the eigenvalue in eigenvalue cluster b', when Contrast corresponding eigenvalue inconsistent when, then can determine that this network equipment be illegality equipment, now avoid the need for being sentenced again Fixed;
When the eigenvalue in eigenvalue cluster a' and the eigenvalue in eigenvalue cluster b' are all consistent, then can determine that this network sets Standby for legitimate device, authenticating device sends the signal by certification for this network equipment, then this network equipment is accessible to network In.
It will be apparent that mode two is due to increased new eigenvalue, that is, further increase new comparative run, then the network equipment Credibility lifted further, then which also further reduce False Rate, thus better ensuring that the safety of network.
A second aspect of the present invention provides a kind of network equipment mutual authentication method, comprising:
First authenticating device extracts the characteristic information of the second authenticating device, obtains eigenvalue cluster a1, and the second authenticating device carries Take the characteristic information of the first authenticating device, obtain eigenvalue cluster b1;
Eigenvalue in eigenvalue cluster a1 is contrasted by the first authenticating device with the eigenvalue in described eigenvalue cluster a, Eigenvalue cluster a is the eigenvalue cluster of described second authenticating device prestoring;When contrasting corresponding eigenvalue and being inconsistent, Then can determine that this network equipment is illegality equipment, now avoid the need for being determined again;
When the eigenvalue in eigenvalue cluster a1 is consistent with the eigenvalue in described eigenvalue cluster a, then can determine that this network Equipment is legitimate device, and the first authenticating device sends the signal by certification for described second authenticating device simultaneously;
Eigenvalue in described eigenvalue cluster b1 and the eigenvalue in eigenvalue cluster b are contrasted by the second authenticating device, Eigenvalue cluster b is the eigenvalue cluster of described first authenticating device prestoring, when contrasting corresponding eigenvalue and being inconsistent, Then can determine that this network equipment is illegality equipment, now avoid the need for being determined again;
When the eigenvalue in eigenvalue cluster b1 is consistent with the eigenvalue in described eigenvalue cluster b, then can determine that this network Equipment is legitimate device, and the second authenticating device sends the signal by certification for first authenticating device simultaneously, then this first certification sets Standby it is accessible in network with the second authenticating device.
It is pointed out that in bilateral network device authentication first authenticating device obtain the second authenticating device characteristic information and The method that second authenticating device obtains the first authenticating device characteristic information obtains characteristic information with authenticating device during unilateral authentication Method is consistent, and characteristic information is alternatively above-mentioned characteristic information (ip address, the media access control address (media comprising Access contro, mac) address, clock jitter, clock frequency and implementor name.) same this feature information can be directly as spy Value indicative, constitutive characteristic value group, also can by hash algorithm generate hash algorithm value, reconstruct eigenvalue cluster, repeat no more here.
It is pointed out that in bi-directional device certification, as long as there being side's authenticating device to be illegality equipment, then this mutual authentication Equipment all certifications are unsuccessful, this right and wrong for the high network of network security requirements (for example: bank network, police network) Often necessary.
Further, either network equipment unilateral authentication or two-way authentication, when the network equipment is linked in network When, if authenticating device has had determined that any one eigenvalue is inconsistent, authenticating device need not contrast other eigenvalues again , you can judge this network equipment for illegality equipment.
Corresponding with embodiment of the method, a third aspect of the present invention provides a kind of authenticating device, as shown in Fig. 2 can wrap Include:
Acquisition module 201, for gathering the characteristic information of the network equipment, and generates eigenvalue cluster a;
Contrast module 202 is right for carrying out the eigenvalue in the eigenvalue in described eigenvalue cluster a and eigenvalue cluster b Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment that described acquisition module is previously stored to ratio.
Specifically, when in LAN, acquisition module 201 gathers the address resolution protocol packet that the network equipment sends, Directly read the ip address in described packet.
The method that acquisition module 201 gathers the mac address of the network equipment is:
When in LAN, when acquisition module 201 monitors that the network equipment is linked in network, acquisition module 201 is to net Network equipment sends network message (address resolution protocol authentication data packet), treats that the network equipment returns the network message of the network equipment After (address resolution protocol authentication data packet), the packet that acquisition module 201 parsing receives, extracts mac address.
The method that acquisition module 201 gathers the implementor name of the described network equipment is:
Acquisition module 201 directly scans the version information of the network equipment by its device scan software tool (such as: nmap), Obtain the implementor name of this network equipment.
The method that acquisition module 201 gathers the clock frequency of the network equipment is:
Step s1: acquisition module 201 gathers the packet with timestamp value for the network equipment at least twice and extracts each band There is the timestamp value of timestamp value packet;
Step s2: last collection is carried the timestamp value extracted in the packet of timestamp value by acquisition module 201 With from first time collection with timestamp value packet in extract timestamp value make difference obtain time difference, then divided by this two Obtain a quotient individual interval time, wherein time interval is the packet with collection for the first time for the packet of last collection Between time;
Step s3: acquisition module 201 is repeated several times step s1~step s2, obtains multiple quotients, and multiple quotients are made even All obtain the clock frequency of the described network equipment.
The method that acquisition module 201 gathers the clock jitter of the network equipment is:
Acquisition module 201 is pressed preset time interval δ t and is sent the n packet with timestamp value to the network equipment;Connect Receive the n response package with timestamp value of described network equipment transmission, and record receives n with timestamp successively The time value of the response package of value, obtains very first time value sequence, is designated as ti, i=1,2 ..., n;
The n timestamp value with the response package of timestamp value is processed successively, is obtained the second time value sequence Row, are designated as t'i, i=1,2 ..., n;
Measure the timestamp value in each described response package with timestamp value, by each packet Timestamp value obtains the second time value sequence divided by the system clock frequency in corresponding data bag, is designated as t'i, i=1,2 ..., n;
Two timestamp value carrying in the response package of timestamp value that system clock frequency passes through to receive are poor Obtain difference, then the time interval with the response package of timestamp value obtains divided by above-mentioned two by this difference.
Very first time value sequence is processed with the second time value sequence, is obtained the clock jitter of the described network equipment.
Especially, can be obtained by following two processing methods:
Method one: in very first time value sequence ti and the second time value sequence t'i respectively by sequentially carrying out from front to back Exceptional value judges;Wherein, the method for judgement can be: due to being the time value recording successively, then in very first time value sequence Time value should be proportional incremental, if some time value deviates considerably from this increasing trend, is exceptional value, in the same manner, The exceptional value determination methods of the second time value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as very first time value, records the second time value The time value of order in sequence, is designated as the second time value;
For example, judge first in second time value t2 and the second time value sequence t'i in very first time value sequence ti When second time value t'2 is all not exceptional value, record t2 was worth for the very first time, and t'2 is the second time value.
Make with very first time value t2 successively rear time value t3 of very first time value t2 from very first time value sequence Difference, obtains the first sequence of differences ri, specifically,
Ri=t (i+2)-t2, i=1,2 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain very first time intervening sequence, specifically Ground, such as below equation:
Mi=i* δ t, i=1,2 ..., n-2;
Rear time value t'3 of the second time value t'2 from the second time value sequence successively with the second time value t'2 Differ from, obtain the second sequence of differences r'i, specifically,
R'i=t'(i+2)-t'2, i=1,2 ..., n-2;
It is poor that first sequence of differences ri and the second sequence of differences r'i are corresponding in turn to, and obtains the 3rd sequence of differences ei;Specifically Ground, ei=ri-r'i, i=1,2 ..., n-2;
Exceptional value in 3rd sequence of differences ei is eliminated, obtains the 4th sequence of differences e'i, i=1,2 ..., n-1;Specifically Ground, the 3rd sequence of differences ei is eliminated after the exceptional value in the 3rd sequence of differences ei based on Pauta criterion or Grubbs test method Obtain the 4th sequence of differences e'i, and eliminate in very first time intervening sequence with the 3rd sequence of differences in exceptional value same position The time interval value at place, obtains the second time interval sequence;
By the 4th sequence of differences e'i and the second time interval sequence carry out linear regression obtain the network equipment clock inclined Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square One of method.
Method two:
Sentence by sequentially carrying out exceptional value from back to front respectively in very first time value sequence ti and the second time value sequence t'i Disconnected;Wherein, the method for judgement can be: due to being the time value recording successively, then the time value in very first time value sequence should Should be proportional incremental, if some time value deviates considerably from this increasing trend, be exceptional value, in the same manner, the second time The exceptional value determination methods of value sequence are also consistent;
When two time values judging same order in very first time value sequence ti and the second time value sequence t'i first When being all not exceptional value, in record very first time value sequence, the time value of order, is designated as the 3rd time value, when recording described second Between in value sequence order time value, be designated as the 4th time value;
For example, penultimate time value t (n-1) and the second time value sequence in very first time value sequence ti are judged first Penultimate time value t'(n-1 in row t'i) when being all not exceptional value, record t (n-1) is the 3rd time value, t'(n-1) be 4th time value.
3rd time value t (n-1) and the time value before the 3rd time value t (n-1) in very first time value sequence are made successively Difference, obtains the 5th sequence of differences ni;Specifically, ni=t (n-1)-ti, i=1,2 ..., n-2,
Obtain the time interval between each time value and very first time value again, obtain the 3rd time interval sequence, specifically Ground, such as below equation:
M'i=(n-i) * δ t, i=1,2 ..., n-2;
By the 4th time value t'(n-1 in the second time value sequence) with the 4th time value t'(n-1) before time value successively Differ from, obtain the 6th sequence of differences n'i;Specifically, n'i=t'(n-1)-t'i, i=1,2 ..., n-2;
It is poor that 5th sequence of differences ni and the 6th sequence of differences n'i are corresponding in turn to, and obtains the 7th sequence of differences di;Specifically Ground, di=ni-n'i, i=1,2 ..., n-2;
Exceptional value in 7th sequence of differences di is eliminated, obtains the 8th sequence of differences d'i, i=1,2 ..., n-1;Specifically Ground, the 7th sequence of differences di is eliminated after the exceptional value in the 7th sequence of differences di based on Pauta criterion or Grubbs test method Obtain the 8th sequence of differences d'i
Eliminate between the time at the exceptional value same position in the 3rd time interval sequence and in the 7th sequence of differences simultaneously Every value, obtain the 4th time interval sequence;
By the 8th sequence of differences d'i and the 4th time interval sequence carry out linear regression obtain the network equipment clock inclined Difference;Wherein, the method carrying out linear regression can be with simple method of least square, weighted least-squares method, ordinary least square One of method.
The above-mentioned characteristic information collecting can be formed eigenvalue cluster a directly as eigenvalue by acquisition module 201, or will The above-mentioned characteristic information collecting generates eigenvalue one by one by hash algorithm and forms eigenvalue cluster a;
Eigenvalue in eigenvalue cluster a is contrasted one by one by contrast module 202 with the eigenvalue in eigenvalue cluster b;Special Value indicative group b is the eigenvalue cluster of the described network equipment prestoring;(the concrete generating process of eigenvalue cluster b is same as above);
When the eigenvalue in eigenvalue cluster a and the eigenvalue in described eigenvalue cluster b are all consistent, contrast module 202 Go out the signal by certification for the described network equipment, then this network equipment is accessible in network.
Above a kind of network equipment identification method provided by the present invention and authenticating device are described in detail.Herein In apply specific case the principle of the present invention and embodiment be set forth, the explanation of above example is only intended to help Assistant's solution method of the present invention and its core concept.It should be pointed out that for those skilled in the art, not On the premise of departing from the principle of the invention, the present invention can also be carried out with some improvement and modify, these improve and modification also falls into In the protection domain of the claims in the present invention.

Claims (10)

1. a kind of network equipment identification method is it is characterised in that methods described includes:
Authenticating device gathers the characteristic information of the network equipment, generates eigenvalue cluster a;
Eigenvalue in described eigenvalue cluster a is according to priority entered by authenticating device successively with corresponding eigenvalue in eigenvalue cluster b Row contrast;Described eigenvalue cluster b is the eigenvalue cluster of the described network equipment prestoring;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent, judge The described network equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge described net Network equipment is legitimate device.
2. network equipment identification method according to claim 1 it is characterised in that described characteristic information include ip address, Mac address, clock jitter, clock frequency and implementor name.
3. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network The method of the ip address of equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries ip address, obtains institute State the ip address of the network equipment.
4. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network The method of the mac address of equipment is:
Described authenticating device directly scans, by device scan instrument, the packet that the described network equipment carries mac address, obtains The mac address of the described network equipment.
5. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network The method of the implementor name of equipment is:
Described authenticating device directly scans the version information of the described network equipment by device scan instrument, obtains described network and sets Standby implementor name.
6. network equipment identification method according to claim 2 is it is characterised in that described authenticating device gathers described network The method of the clock frequency of equipment is:
Step s1: described authenticating device gathers the packet of the network equipment at least twice, extracts the timestamp value of each packet;
Step s2: calculate the timestamp value extracted from the packet of last collection and from the packet of first time collection The difference of the timestamp value extracted, described difference is obtained a quotient divided by time interval, and described interval time is last Time between the packet of secondary collection and for the first time packet of collection;
Step s3: step s1~step s2 is repeated several times, obtains multiple quotients, the plurality of quotient is averaged and obtains described net The clock frequency of network equipment.
7. network equipment identification method according to claim 1 is it is characterised in that described authenticating device obtains new feature It is worth and is stored in eigenvalue cluster b, obtain eigenvalue cluster b';
Described authenticating device obtains and corresponding eigenvalue in the eigenvalue cluster b' of the described network equipment, obtains eigenvalue cluster a';
Described authenticating device by the eigenvalue in described eigenvalue cluster a' according to priority successively with eigenvalue cluster b' in eigenvalue Contrasted;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a' and described eigenvalue cluster b' and being inconsistent, sentence The fixed described network equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a' and corresponding eigenvalue in described eigenvalue cluster b' are all consistent, judge described The network equipment is legitimate device.
8. network equipment identification method according to claim 7 is it is characterised in that described authenticating device obtains and described net Corresponding eigenvalue in the eigenvalue cluster b of network equipment, obtains eigenvalue cluster a;
Eigenvalue in described eigenvalue cluster a is according to priority entered by described authenticating device successively with the eigenvalue in eigenvalue cluster b Row contrast;
When contrasting corresponding eigenvalue in the eigenvalue in described eigenvalue cluster a and described eigenvalue cluster b and being inconsistent, judge The described network equipment is illegality equipment;
When the eigenvalue in described eigenvalue cluster a and corresponding eigenvalue in described eigenvalue cluster b are all consistent, judge described net Network equipment is legitimate device.
9. a kind of network equipment mutual authentication method is it is characterised in that methods described includes:
First authenticating device extracts the characteristic information of the second authenticating device, obtains eigenvalue cluster a1, and described second authenticating device carries Take the characteristic information of described first authenticating device, obtain eigenvalue cluster b1;
Described first authenticating device by the eigenvalue in described eigenvalue cluster a1 according to priority successively with described eigenvalue cluster a in Eigenvalue is contrasted, and described eigenvalue cluster a is the eigenvalue cluster of described second authenticating device prestoring;When contrasting State eigenvalue eigenvalue corresponding with described eigenvalue cluster b1 in eigenvalue cluster a1 inconsistent when, judge the described network equipment For illegality equipment;
When the eigenvalue in described eigenvalue cluster a1 and corresponding eigenvalue in described eigenvalue cluster b1 are all consistent, judge described The network equipment is legitimate device;
Described second authenticating device by the eigenvalue in described eigenvalue cluster b1 according to priority successively with described eigenvalue cluster b in Eigenvalue is contrasted, and described eigenvalue cluster b is the eigenvalue cluster of described first authenticating device prestoring, when contrasting State eigenvalue eigenvalue corresponding with described eigenvalue cluster a1 in eigenvalue cluster b1 inconsistent when, judge the described network equipment For illegality equipment;
When the eigenvalue in described eigenvalue cluster b1 and corresponding eigenvalue in described eigenvalue cluster a1 are all consistent, judge described The network equipment is legitimate device.
10. a kind of authenticating device is it is characterised in that include:
Acquisition module, for gathering the characteristic information of the network equipment, and generates eigenvalue cluster a;
Contrast module, for being contrasted the eigenvalue in described eigenvalue cluster a and the eigenvalue in eigenvalue cluster b, described Eigenvalue cluster b is the eigenvalue cluster of the described network equipment that described acquisition module is previously stored.
CN201610779289.0A 2016-08-30 2016-08-30 Network equipment authentication method and authentication equipment Active CN106375301B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610779289.0A CN106375301B (en) 2016-08-30 2016-08-30 Network equipment authentication method and authentication equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610779289.0A CN106375301B (en) 2016-08-30 2016-08-30 Network equipment authentication method and authentication equipment

Publications (2)

Publication Number Publication Date
CN106375301A true CN106375301A (en) 2017-02-01
CN106375301B CN106375301B (en) 2020-01-03

Family

ID=57902299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610779289.0A Active CN106375301B (en) 2016-08-30 2016-08-30 Network equipment authentication method and authentication equipment

Country Status (1)

Country Link
CN (1) CN106375301B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107404491A (en) * 2017-08-14 2017-11-28 腾讯科技(深圳)有限公司 Terminal environments method for detecting abnormality, detection means and computer-readable recording medium
CN115086072A (en) * 2022-07-20 2022-09-20 紫光同芯微电子有限公司 Smart card attack testing method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010010081A1 (en) * 2000-01-25 2001-07-26 Kotaro Nagahama Terminal certification system and method of certifying the same
CN1703004A (en) * 2005-02-28 2005-11-30 联想(北京)有限公司 Method for implementing network access authentication
CN101977383A (en) * 2010-08-03 2011-02-16 北京星网锐捷网络技术有限公司 Authentication processing method, system, client side and server for network access
CN103096301A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Method for verifying wireless local area network access point and station for the same
CN103716795A (en) * 2012-10-09 2014-04-09 中兴通讯股份有限公司 Wireless network safe access method, apparatus and system
CN104394180A (en) * 2014-12-18 2015-03-04 电子科技大学 Wireless terminal authentication method, wireless router and system
CN105450652A (en) * 2015-12-03 2016-03-30 迈普通信技术股份有限公司 Authentication method, device and system
CN105553981A (en) * 2015-12-18 2016-05-04 成都三零瑞通移动通信有限公司 Rapid authentication and key negotiation method for WLAN

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010010081A1 (en) * 2000-01-25 2001-07-26 Kotaro Nagahama Terminal certification system and method of certifying the same
CN1703004A (en) * 2005-02-28 2005-11-30 联想(北京)有限公司 Method for implementing network access authentication
CN101977383A (en) * 2010-08-03 2011-02-16 北京星网锐捷网络技术有限公司 Authentication processing method, system, client side and server for network access
CN103096301A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Method for verifying wireless local area network access point and station for the same
CN103716795A (en) * 2012-10-09 2014-04-09 中兴通讯股份有限公司 Wireless network safe access method, apparatus and system
CN104394180A (en) * 2014-12-18 2015-03-04 电子科技大学 Wireless terminal authentication method, wireless router and system
CN105450652A (en) * 2015-12-03 2016-03-30 迈普通信技术股份有限公司 Authentication method, device and system
CN105553981A (en) * 2015-12-18 2016-05-04 成都三零瑞通移动通信有限公司 Rapid authentication and key negotiation method for WLAN

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107404491A (en) * 2017-08-14 2017-11-28 腾讯科技(深圳)有限公司 Terminal environments method for detecting abnormality, detection means and computer-readable recording medium
CN107404491B (en) * 2017-08-14 2018-06-22 腾讯科技(深圳)有限公司 Terminal environments method for detecting abnormality, detection device and computer readable storage medium
CN115086072A (en) * 2022-07-20 2022-09-20 紫光同芯微电子有限公司 Smart card attack testing method and device
CN115086072B (en) * 2022-07-20 2022-12-16 紫光同芯微电子有限公司 Smart card attack testing method and device

Also Published As

Publication number Publication date
CN106375301B (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CN103269332B (en) Safeguard system for power secondary system
CN103313429B (en) A kind of processing method identifying forgery WIFI hot spot
CN104796261A (en) Secure access control system and method for network terminal nodes
CN104363207B (en) Multiple-factor strengthens safely authorization and identification method
CN106254370B (en) A kind of network equipment fingerprint generation method and detecting devices
CN101557287A (en) Method for identity identification according to characteristics of user keystroke
Cui et al. Spatio-temporal characterization of synchrophasor data against spoofing attacks in smart grids
CN106790238A (en) It is a kind of to forge CSRF defence authentication method and device across station request
CN103166966B (en) Identify the method to the unauthorized access request of website and device
CN103929440A (en) Web page tamper prevention device based on web server cache matching and method thereof
CN109257393A (en) XSS attack defence method and device based on machine learning
CN103118035A (en) Website access request parameter legal range analysis method and device
CN109756460A (en) A kind of anti-replay-attack method and device
CN106453378A (en) Data authentication method, apparatus and system
CN103178969A (en) Service authentication method and system
CN110135162A (en) The recognition methods of the back door WEBSHELL, device, equipment and storage medium
CN106375301A (en) Network device authentication method and device
CN106209905A (en) A kind of network safety managing method and device
CN111901128A (en) Method and system for protecting data safety of water purification equipment based on block chain
KR20160087187A (en) Cyber blackbox system and method thereof
CN113630421A (en) Method for preventing data migration of web system based on asymmetric encryption algorithm
CN113949414A (en) Low-voltage power line carrier communication trusted security access method
CN104518871B (en) A kind of network platform and method of self-service certification movable storage device
CN204697072U (en) A kind of secure accessing managing and control system of network end nodes
CN101980477A (en) Method and device for detecting number of shadow users, and network equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Zhang Yi

Inventor after: Hu Tao

Inventor after: Huang Degao

Inventor after: Zhang Lei

Inventor after: Li Peng

Inventor after: Yan Zhangling

Inventor before: Zhang Yi

Inventor before: Hu Tao

Inventor before: Huang Degao

Inventor before: Zhang Lei

Inventor before: Li Peng

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant