CN109040025B - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN109040025B
CN109040025B CN201810746205.2A CN201810746205A CN109040025B CN 109040025 B CN109040025 B CN 109040025B CN 201810746205 A CN201810746205 A CN 201810746205A CN 109040025 B CN109040025 B CN 109040025B
Authority
CN
China
Prior art keywords
check
gateway
message
sequence
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810746205.2A
Other languages
Chinese (zh)
Other versions
CN109040025A (en
Inventor
张冬冬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201810746205.2A priority Critical patent/CN109040025B/en
Publication of CN109040025A publication Critical patent/CN109040025A/en
Application granted granted Critical
Publication of CN109040025B publication Critical patent/CN109040025B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the application provides a message processing method and a message processing device, which are applied to a server in LoRaWAN, and the method comprises the following steps: receiving a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway; if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, determining second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance; and if the first check information is inconsistent with the second check information, discarding the first message. By applying the embodiment of the application, the safety of LoRaWAN can be effectively improved.

Description

Message processing method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet.
Background
Long range (Long range) technology is a wireless modulation technology used in Long range, low power consumption, low rate applications. LoRa can be used in almost all network technologies and is a generic term for long distance low power consumption protocol families. In LoRaWAN (LoRa Wide Area Network), a gateway is a transparent relay, and the gateway connects a front-end terminal device and a back-end server.
When the gateway communicates with the server, the message sent by the gateway to the server carries the gateway identifier. After receiving the message sent by the gateway, the server determines whether the gateway is a gateway allowed to be accessed according to the gateway identifier in the message. And then processes the message. For example, if the gateway is not allowed to access, the server discards the message; if the access is allowed, the server encapsulates the Token in the message into another message and sends the other message to the gateway.
Currently, a Message between a gateway and a server is a GWMP (Long ranging gateway Message Protocol) Message, and the content of the GWMP Message is an unencrypted plaintext. Therefore, the gateway identification carried in the message transmitted between the gateway and the server is easy to be maliciously intercepted and counterfeited, and the server is attacked according to the counterfeited gateway identification, so that the network security is threatened.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for processing a packet, so as to solve the problem that a gateway identifier is easily intercepted and counterfeited, and improve the security of a LoRaWAN. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present application provides a packet processing method, which is applied to a server in a LoRaWAN, and the method includes:
receiving a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway;
if the first gateway corresponding to the first gateway identifier is determined to be a gateway allowing access, determining second check information of the first gateway identifier according to a check algorithm agreed in advance with the first gateway and the first check sequence;
and if the first check information is inconsistent with the second check information, discarding the first message.
In a second aspect, an embodiment of the present application provides a packet processing method, which is applied to a gateway in a LoRaWAN, and the method includes:
receiving a first message sent by a server; the first message comprises a first check sequence and first check information;
determining second check information of the gateway identifier according to a check algorithm agreed with the server in advance and the first check sequence;
and if the first check information is inconsistent with the second check information, discarding the first message.
In a third aspect, an embodiment of the present application provides a packet processing apparatus, which is applied to a server in a LoRaWAN, where the apparatus includes:
the receiving module is used for receiving a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway;
a determining module, configured to determine, if it is determined that the first gateway corresponding to the first gateway identifier is a gateway allowed to access, second check information of the first gateway identifier according to a check algorithm agreed in advance with the first gateway and the first check sequence;
and the discarding module is used for discarding the first message if the first check information is inconsistent with the second check information.
In a fourth aspect, an embodiment of the present application provides a packet processing apparatus, which is applied to a gateway in a LoRaWAN, where the apparatus includes:
the receiving module is used for receiving a first message sent by the server; the first message comprises a first check sequence and first check information;
the determining module is used for determining second check information of the gateway identifier according to a check algorithm agreed with the server in advance and the first check sequence;
and the discarding module is used for discarding the first message if the first check information is inconsistent with the second check information.
In a fifth aspect, embodiments provide a server comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the message processing method provided by the first aspect is implemented.
In a sixth aspect, embodiments of the present application provide a gateway, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the message processing method provided by the second aspect is implemented.
In a seventh aspect, an embodiment of the present application provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the message processing method provided by the first aspect is implemented.
In an eighth aspect, embodiments of the present application provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the message processing method provided by the second aspect is implemented.
The embodiment of the application provides a message processing method and device, wherein a server in LoRaWAN receives a first message sent by a first gateway, and the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway. And if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, the server determines second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance. And then, the server carries out secondary verification on the first gateway identification according to the second verification information and the first verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the server determines that the first gateway identifier is a counterfeit gateway identifier, the first message is a message sent by an attacker, and discards the first message. The method effectively solves the problem that the gateway identification is easy to intercept, intercept and counterfeit, and improves the security of LoRaWAN. Of course, it is not necessary for any product or method of the present application to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a network architecture of a LoRaWAN according to an embodiment of the present disclosure;
fig. 2 is a first flowchart illustrating a message processing method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a corresponding relationship between each byte of a specific gateway identifier and each bit of a check sequence according to an embodiment of the present application;
fig. 4 is another schematic diagram of a corresponding relationship between each byte of a specific gateway identifier and each bit of a check sequence according to an embodiment of the present application;
fig. 5 is a second flowchart of a message processing method according to an embodiment of the present application;
fig. 6 is a schematic view of a first structure of a message processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic diagram of a second structure of a message processing apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a gateway according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Token: is a random value. The Token can be used as a message serial number for ensuring that the interactive messages between the gateway and the server can be in one-to-one correspondence.
The network architecture of LoRaWAN is shown in fig. 1, and includes a terminal device 100, a gateway 110, a server 130, and a server 140. Here, the description is given only by taking an example that the LoRaWAN includes 1 terminal device, 3 gateways, and 1 server, and is not limited to other examples.
The messages transmitted between the gateway 110 and the server 140 include a Push message and a Pull message. The Pull messages include a Pull _ Data message, a Pull _ Ack message, and a Pull _ Resp message. The Push message comprises a Push _ Data message and a Push _ Ack message.
The Pull _ Data message is a keep-alive request message, and the gateway 110 and 130 periodically send the keep-alive request message. The Pull _ Ack packet is a keep-alive response packet, and the server 140 receives a packet responded by the gateway 110 and 130 after the gateway 110 and 130 send the keep-alive request packet to the gateway 110 and 130. The Push _ Data message is a message sent by the terminal device 100 and forwarded by the gateway 110 and the gateway 130, and the statistical information of the message sent by the gateway 110 and the gateway 130. The Push _ Ack message is a response message of the Push _ Data message responded by the server 140. The Pull _ Resp message is a data message sent by the server 140 and required to be forwarded to the terminal device 140, and includes the relevant configuration information of the terminal device 140.
The Push message and the Pull message are GWMP messages. And the contents of the GWMP message are unencrypted plaintext. Therefore, the gateway identification carried in the message transmitted between the gateway and the server is easy to be maliciously intercepted and counterfeited, and the server is attacked according to the counterfeited gateway identification, so that the network security is threatened.
In order to improve the security of the LoRaWAN, an embodiment of the present application provides a message processing method. The method is applied to a server in LoRaWAN.
The server receives a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway. And if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, the server determines second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance. And then, the server carries out secondary verification on the first gateway identification according to the second verification information and the first verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the server determines that the first gateway identifier is a counterfeit gateway identifier, the first message is a message sent by an attacker, and discards the first message. The method effectively solves the problem that the gateway identification is easy to intercept, intercept and counterfeit, and improves the security of LoRaWAN.
The present application will be described below with reference to specific examples.
Referring to fig. 2, fig. 2 is a schematic flowchart of a first message processing method according to an embodiment of the present application. The method is applied to a server in LoRaWAN and comprises the following steps.
Step 201, receiving a first message sent by a first gateway, where the first message carries a first gateway identifier, a first check sequence, and first check information of the first gateway.
Here, the first message may be a Pull _ Data message or a Push _ Data message. The first message may be a message generated by the first gateway, or may also be a message sent by the terminal device to the first gateway. The identifier of the first gateway is the first gateway identifier.
In one implementation, the first check sequence and the first check information are included in a Token carried in the first packet. Because the message sent by the gateway to the server all carries the gateway identifier and the Token, the first check sequence and the first check information are included in the Token, and the server is ensured to be capable of acquiring the check sequence and the check information from the received message.
In one example, the format of Token is shown in table 1.
TABLE 1
15:8 7:0
Verification information Check sequence
In table 1, 8 bits (7: 0) are check sequences. The check sequence is a random value and has a value ranging from 1 to 255. The gateway identifier is 8 bytes, and each bit in the check sequence may correspond to each byte of the gateway identifier one to one, as shown in fig. 3 and 4, which is the corresponding relationship between the bit in the check sequence and the byte of the gateway identifier.
15:8 the 8 bits are check information. The check information is obtained by calculation according to the bytes of the gateway identification corresponding to each bit of the check sequence.
Step 202, if it is determined that the first gateway corresponding to the first gateway identifier is a gateway allowed to access, determining second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed in advance with the first gateway.
The server stores the identification of the gateway which allows access in advance. If the first gateway identifier exists in the pre-stored identifiers of the gateways allowing access, the server can determine that the first gateway corresponding to the first gateway identifier is the gateway allowing access. And if the server determines that the first gateway corresponding to the first gateway identifier is the gateway allowing access, determining second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance. The Check Algorithm includes, but is not limited to, CRC (Cyclic Redundancy Check), MD (Message digest Algorithm), and SHA (Secure Hash Algorithm).
If the first gateway identifier does not exist in the pre-stored identifiers of the gateways allowing access, the server can determine that the first gateway corresponding to the first gateway identifier is a gateway not allowing access. If the server determines that the first gateway corresponding to the first gateway identifier is a gateway which is not allowed to be accessed, the first message can be discarded.
In one implementation, the contents of the GWMP packet are unencrypted plaintext, that is, the first check sequence and the first check information are unencrypted plaintext. In order to improve the security of LoRaWAN and prevent the first check sequence and the first check information from being intercepted, after the server determines that the first gateway corresponding to the first gateway identification is the gateway allowing access, the server judges whether the first check sequence exists in the preset number of reference check sequences. The reference check sequence is a check sequence carried in a preset number of recently received messages with the same message type as the first message. The message types include a Pull _ Data message, a Pull _ Ack message, a Pull _ Resp message, a Push _ Data message, a Push _ Ack message and the like.
And if the first check sequence does not exist in the reference check sequence, the server determines that the first check sequence and the first check information are not intercepted, and determines second check information of the first gateway identifier according to a check algorithm and the first check sequence agreed with the first gateway in advance.
If the first check sequence exists in the reference check sequence, the server determines that the first check sequence and the first check information are intercepted, and discards the first message.
For example, the preset number is 10, and the packet type of the first packet is Push _ Data packet. The server obtains the check sequences 1-10 carried in the 10 most recently received Push _ Data messages, and takes the check sequences 1-10 as the reference check sequences. If the first check sequence exists in the check sequences 1-10, if the first check sequence is the check sequence 1, the server determines the second check information of the first gateway identifier according to a check algorithm agreed with the first gateway in advance and the first check sequence. And if the first check sequence does not exist in the check sequences 1-10, the server discards the first message.
In one implementation, the server and the first gateway agree in advance on a correspondence relationship between each byte of the gateway identifier and each bit of the check sequence, as shown in fig. 3 and 4. The corresponding relationship between each byte of the gateway identifier and each bit of the check sequence agreed in advance by the server and the first gateway may also be in other forms, which is not limited in this embodiment of the application.
After the server determines that the first gateway corresponding to the first gateway identifier is a gateway allowed to be accessed, the server extracts bytes corresponding to bits which are preset values in the first check sequence from the first gateway identifier according to the correspondence between each byte of the gateway identifier agreed in advance with the first gateway and each bit of the check sequence. And then, the server calculates the check information of the extracted bytes according to a check algorithm agreed with the first gateway in advance, and the calculated check information is used as second check information of the first gateway identifier.
As shown in fig. 3, if the preset value is 1, 3, and 5 bytes of the gateway identifier corresponding to the bit of 1 in the check sequence are obtained, check information 1 of the 1, 3, and 5 bytes is calculated, and the check information 1 is used as the second check information of the first gateway identifier. If the preset value is 0, acquiring 0, 2, 4, 6 and 7 bytes of the gateway identifier corresponding to the bit of 0 in the check sequence, calculating the check information 2 of the 0, 2, 4, 6 and 7 bytes, and taking the check information 2 as the second check information of the first gateway identifier.
Step 203, if the first check information is inconsistent with the second check information, discarding the first message.
If the first check information carried in the first message is inconsistent with the calculated second check information, the server can determine that the first gateway identifier is a counterfeit gateway identifier and the first message is a message sent by an attacker, and discards the first message. The method effectively solves the problem that the gateway identification is easy to intercept, intercept and counterfeit, and improves the security of LoRaWAN.
And if the first check information carried in the first message is consistent with the calculated second check information, the server can determine that the first gateway identifier is not a counterfeit gateway identifier, and the server processes the first message. For example, the first message is a Pull _ Data message, and the server responds to the first gateway with a Pull _ Ack message after the first gateway identifier is not a counterfeit gateway identifier. For another example, the first message is a Push _ Data message, and the server responds to the first gateway with a Push _ Ack message after the first gateway identifier is not a counterfeit gateway identifier.
Corresponding to the embodiment of the message processing method applied to the server in the LoRaWAN, the embodiment of the application also provides a message processing method applied to the gateway in the LoRaWAN. Referring to fig. 5, fig. 5 is a schematic flowchart of a second message processing method according to an embodiment of the present application. The method is applied to a gateway in LoRaWAN and comprises the following steps.
Step 501, receiving a first message sent by a server, where the first message includes a first check sequence and first check information.
Here, the first message may be a Pull _ Ack message, a Push _ Ack message, or a Pull _ Resp message. The first packet in this embodiment may be the same as or different from the first packet in the above-described packet processing method applied to the server in the LoRaWAN. Similarly, the first check sequence and the first check information may be the same as or different from those in the above-described embodiment of the message processing method applied to the server in the LoRaWAN.
In one implementation, the first check sequence and the first check information are included in a Token carried in the first packet. Because the Token is carried in the message sent by the server to the gateway, the first check sequence and the first check information are included in the Token, so that the gateway can acquire the check sequence and the check information from the received message. In one example, the format of Token is shown in table 1.
Step 502, determining second check information of the identifier of the gateway according to a check algorithm and a first check sequence agreed with the server in advance.
The checking algorithm includes, but is not limited to, CRC, MD, and SHA.
In one implementation, the contents of the GWMP packet are unencrypted plaintext, that is, the first check sequence and the first check information are unencrypted plaintext. In order to prevent the first check sequence and the first check information from being intercepted and improve the security of LoRaWAN, the gateway judges whether a second check sequence exists in a preset number of reference check sequences. The reference check sequence is a check sequence carried in a preset number of recently received messages with the same message type as the first message. The preset number in this embodiment may be the same as or different from the preset number in the above embodiment of the message processing method applied to the server in the LoRaWAN.
If the first check sequence does not exist in the reference check sequence, the gateway determines that the first check sequence and the first check information are not intercepted, and determines second check information of the identification of the gateway according to a check algorithm and the first check sequence agreed with the server in advance.
If the first check sequence exists in the reference check sequence, the gateway determines that the first check sequence and the first check information are intercepted, and discards the first message.
In one implementation, the gateway and the server agree in advance on a correspondence relationship between each byte of the gateway identifier and each bit of the check sequence, as shown in fig. 3 and 4. The corresponding relationship between each byte of the gateway identifier and each bit of the check sequence agreed in advance by the gateway and the server may also be in other forms, which is not limited in the embodiment of the present application.
And the gateway extracts the bytes corresponding to the bits which are preset values in the first check sequence from the identification of the gateway according to the corresponding relation between each byte of the gateway identification agreed in advance with the server and each bit of the check sequence. And then, the gateway calculates the check information of the extracted bytes according to a check algorithm agreed with the server in advance, and the obtained check information is used as second check information of the identifier of the gateway.
Step 503, if the first check information is inconsistent with the second check information, discarding the first packet.
If the first check information carried in the first message is inconsistent with the calculated second check information, the gateway can determine that the first message is a message sent by an attacker and discard the first message. This effectively improves the security of LoRaWAN.
And if the first check information carried in the first message is consistent with the calculated second check information, the gateway can process the first message. For example, if the first message is a Pull _ Resp message, the gateway sends the first message to the terminal device.
In an implementation manner, if the first packet carries the gateway identifier, after receiving the first packet, the gateway may detect whether the identifier of the gateway itself is consistent with the gateway identifier carried in the first packet. If not, the gateway determines that the first message is the message sent by the attacker, and discards the first message.
In another implementation, if the Token is carried in the first packet, the gateway may perform consistency check on the first packet after receiving the first packet. For example, if the first message is a Pull _ Ack message, the gateway detects that the Token in the previously sent Pull _ Data message is consistent with the Token in the first message, and if the Token is not consistent, discards the first message. If the first message is a Push _ Ack message, the gateway detects that the Token in the previously sent Push _ Data message is consistent with the Token in the first message, and if the Token is not consistent, the gateway discards the first message.
In this embodiment of the application, the gateway may have sent multiple Push _ Data messages before receiving a Push _ Ack message of a Push _ Data message, and therefore, only after receiving a Token in a Push _ Ack message, the Token in one Push _ Data message is consistent.
By applying the embodiment of the application, the gateway receives a first message sent by the server, and the first message carries a first check sequence and first check information. And the gateway determines second check information of the identifier of the gateway according to a check algorithm and a first check sequence agreed with the server in advance. And finally, the gateway verifies the identifier of the gateway according to the first verification information and the second verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the gateway determines that the first message is a message sent by an attacker, and discards the first message. This effectively improves the security of LoRaWAN.
Corresponding to the embodiment of the message processing method applied to the server in the LoRaWAN, the embodiment of the application also provides a message processing device applied to the server in the LoRaWAN. Referring to fig. 6, fig. 6 is a schematic view of a first structure of a message processing apparatus according to an embodiment of the present application. The device is applied to a server in LoRaWAN and comprises the following modules.
A receiving module 601, configured to receive a first packet sent by a first gateway, where the first packet carries a first gateway identifier, a first check sequence, and first check information of the first gateway;
a determining module 602, configured to determine, if it is determined that the first gateway corresponding to the first gateway identifier is a gateway allowed to be accessed, second verification information of the first gateway identifier according to a verification algorithm and a first verification sequence agreed in advance with the first gateway;
a discarding module 603, configured to discard the first packet if the first check information is inconsistent with the second check information.
Optionally, the discarding module 603 may be further configured to:
and if the first gateway is determined to be the gateway which is not allowed to be accessed, discarding the first message.
Optionally, the determining module 602 may be specifically configured to:
if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, judging whether a first check sequence exists in a preset number of reference check sequences; the reference check sequence is a check sequence carried in a preset number of messages which are received recently and have the same message type as the first message;
and if the first check sequence does not exist, determining second check information of the first gateway identifier according to a check algorithm agreed in advance with the first gateway and the first check sequence.
Optionally, the discarding module 603 may be further configured to:
and if the first check sequence exists in the preset number of reference check sequences, discarding the first message.
Optionally, the determining module 602 may be specifically configured to:
extracting bytes corresponding to bits which are preset values in the first check sequence from the first gateway identification according to the corresponding relation between each byte of the gateway identification agreed in advance with the first gateway and each bit of the check sequence;
and calculating the check information of the extracted bytes according to a check algorithm agreed with the first gateway in advance, wherein the check information is used as second check information of the first gateway identification.
Optionally, the first check sequence and the first check information are included in a Token carried in the first packet.
By applying the embodiment of the application, the server receives a first message sent by the first gateway, wherein the first message carries the first gateway identifier, the first check sequence and the first check information of the first gateway. And if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, the server determines second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance. And then, the server carries out secondary verification on the first gateway identification according to the second verification information and the first verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the server determines that the first gateway identifier is a counterfeit gateway identifier, the first message is a message sent by an attacker, and discards the first message. The method effectively solves the problem that the gateway identification is easy to intercept, intercept and counterfeit, and improves the security of LoRaWAN.
Corresponding to the embodiment of the message processing method applied to the gateway in the LoRaWAN, the embodiment of the application also provides a message processing device applied to the gateway in the LoRaWAN. Referring to fig. 7, fig. 7 is a schematic diagram of a second structure of a message processing apparatus according to an embodiment of the present application. The device is applied to a gateway in LoRaWAN and comprises the following modules.
A receiving module 701, configured to receive a first message sent by a server; the first message comprises a first check sequence and first check information;
a determining module 702, configured to determine, according to a check algorithm and a first check sequence agreed with the server in advance, second check information of the identifier of the gateway;
the discarding module 703 is configured to discard the first packet if the first check information is inconsistent with the second check information.
Optionally, the determining module 702 may be specifically configured to:
judging whether a first check sequence exists in a preset number of reference check sequences; the reference check sequence is a check sequence carried in a preset number of messages which are received recently and have the same message type as the first message;
and if the first check sequence does not exist, determining second check information of the identifier of the gateway according to a check algorithm agreed with the server in advance and the first check sequence.
Optionally, the discarding module 703 may also be used for
And if the first check sequence exists in the preset number of reference check sequences, discarding the first message.
Optionally, the determining module 702 may be specifically configured to:
extracting bytes corresponding to bits which are preset values in the first check sequence from the identification of the gateway according to the corresponding relation between each byte of the gateway identification agreed in advance with the server and each bit of the check sequence;
and calculating the check information of the extracted bytes as second check information of the identification of the gateway according to a check algorithm agreed with the server in advance.
Optionally, the first check sequence and the first check information are included in a Token carried in the first packet.
By applying the embodiment of the application, the gateway receives a first message sent by the server, and the first message carries a first check sequence and first check information. And the gateway determines second check information of the identifier of the gateway according to a check algorithm and a first check sequence agreed with the server in advance. And finally, the gateway verifies the identifier of the gateway according to the first verification information and the second verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the gateway determines that the first message is a message sent by an attacker, and discards the first message. This effectively improves the security of LoRaWAN.
Corresponding to the above message processing method embodiment applied to the server in the LoRaWAN, an embodiment of the present application further provides a server, as shown in fig. 8, including a processor 801 and a machine-readable storage medium 802, where the machine-readable storage medium 802 stores machine-executable instructions that can be executed by the processor 801.
In addition, as shown in fig. 8, the electronic device may further include: a communication interface 803 and a communication bus 804; the processor 801, the machine-readable storage medium 802, and the communication interface 803 complete communication with each other through the communication bus 804, and the communication interface 803 is used for communication between the server and other devices.
The processor 801 is caused by machine executable instructions to implement the message processing method described above for application to a server in a LoRaWAN. Specifically, the message processing method applied to the server in the LoRaWAN comprises the following steps:
receiving a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway;
if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, determining second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance;
and if the first check information is inconsistent with the second check information, discarding the first message.
By applying the embodiment of the application, the server receives a first message sent by the first gateway, wherein the first message carries the first gateway identifier, the first check sequence and the first check information of the first gateway. And if the first gateway corresponding to the first gateway identifier is determined to be the gateway allowing access, the server determines second check information of the first gateway identifier according to a check algorithm and a first check sequence agreed with the first gateway in advance. And then, the server carries out secondary verification on the first gateway identification according to the second verification information and the first verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the server determines that the first gateway identifier is a counterfeit gateway identifier, the first message is a message sent by an attacker, and discards the first message. The method effectively solves the problem that the gateway identification is easy to intercept, intercept and counterfeit, and improves the security of LoRaWAN.
Corresponding to the above embodiment of the message processing method applied to the gateway in the LoRaWAN, an embodiment of the present application further provides a gateway, as shown in fig. 9, where the gateway includes a processor 901 and a machine-readable storage medium 902, and the machine-readable storage medium 902 stores machine-executable instructions that can be executed by the processor 901.
In addition, as shown in fig. 9, the electronic device may further include: a communication interface 903 and a communication bus 904; the processor 901, the machine-readable storage medium 902, and the communication interface 903 are configured to complete communication with each other through the communication bus 904, and the communication interface 903 is configured to communicate with other devices through the gateway.
The processor 901 is caused by machine executable instructions to implement the message processing method described above for a gateway in a LoRaWAN. Specifically, the message processing method applied to the gateway in the LoRaWAN includes:
receiving a first message sent by a server; the first message comprises a first check sequence and first check information;
determining second check information of the gateway identifier according to a check algorithm and a first check sequence agreed with the server in advance;
and if the first check information is inconsistent with the second check information, discarding the first message.
By applying the embodiment of the application, the gateway receives a first message sent by the server, and the first message carries a first check sequence and first check information. And the gateway determines second check information of the identifier of the gateway according to a check algorithm and a first check sequence agreed with the server in advance. And finally, the gateway verifies the identifier of the gateway according to the first verification information and the second verification information. Specifically, if it is determined that the first check information is inconsistent with the second check information, the gateway determines that the first message is a message sent by an attacker, and discards the first message. This effectively improves the security of LoRaWAN.
The communication bus may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 8 and 9, but this does not indicate only one bus or one type of bus.
The machine-readable storage medium may include a RAM (Random Access Memory) and a NVM (Non-Volatile Memory), such as at least one disk Memory. Additionally, the machine-readable storage medium may be at least one memory device located remotely from the aforementioned processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also DSPs (Digital Signal Processing), ASICs (Application Specific Integrated circuits), FPGAs (Field Programmable Gate arrays) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
Corresponding to the above message processing method applied to the server in the LoRaWAN, an embodiment of the present application further provides a machine-readable storage medium storing machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause the processor to implement the above message processing method applied to the server in the LoRaWAN.
Corresponding to the above embodiment of the message processing method applied to the gateway in the LoRaWAN, an embodiment of the present application further provides a machine-readable storage medium storing machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause the processor to implement the above message processing method applied to the gateway in the LoRaWAN.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the message processing apparatus, the server, the gateway and the machine-readable storage medium, since they are basically similar to the embodiments of the message processing method, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the embodiments of the message processing method.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.

Claims (16)

1. A message processing method is applied to a server in a long-distance wide area network LoRaWAN, and the method comprises the following steps:
receiving a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway;
if the first gateway corresponding to the first gateway identifier is determined to be a gateway allowed to be accessed, extracting bytes corresponding to bits which are preset values in the first check sequence from the first gateway identifier according to the correspondence between the bytes of the gateway identifier agreed in advance with the first gateway and the bits of the check sequence;
calculating check information of the extracted bytes according to a check algorithm agreed with the first gateway in advance, wherein the check information is used as second check information of the first gateway identifier;
and if the first check information is inconsistent with the second check information, discarding the first message.
2. The method of claim 1, further comprising:
and if the first gateway is determined to be a gateway which is not allowed to be accessed, discarding the first message.
3. The method according to claim 1, wherein the step of determining the second check-up information of the first gateway identifier according to the check-up algorithm pre-agreed with the first gateway and the first check-up sequence comprises:
judging whether the first check sequence exists in a preset number of reference check sequences or not; the reference check sequence is a check sequence carried in the recently received messages with the preset number and the same message type as the first message;
if the first check sequence does not exist, determining second check information of the first gateway identifier according to a check algorithm agreed in advance with the first gateway and the first check sequence;
the method further comprises the following steps: and if the first check sequence exists in the preset number of reference check sequences, discarding the first message.
4. The method according to any of claims 1-3, wherein the first check sequence and the first check information are included in a Token carried in the first packet.
5. A message processing method is applied to a gateway in a long-distance wide area network LoRaWAN, and the method comprises the following steps:
receiving a first message sent by a server; the message comprises a first check sequence and first check information;
extracting bytes corresponding to bits which are preset values in the first check sequence from the identification of the gateway according to the corresponding relation between the bytes of the gateway identification agreed in advance with the server and the bits of the check sequence;
calculating the check information of the extracted bytes according to a check algorithm agreed with the server in advance, wherein the check information is used as second check information of the identifier of the gateway;
and if the first check information is inconsistent with the second check information, discarding the first message.
6. The method according to claim 5, wherein the step of determining the second check-up information of the gateway identifier according to the check-up algorithm pre-agreed with the server and the first check-up sequence comprises:
judging whether the first check sequence exists in a preset number of reference check sequences or not; the reference check sequence is a check sequence carried in the recently received messages with the preset number and the same message type as the first message;
if the first check sequence does not exist, determining second check information of the gateway identifier according to a check algorithm agreed in advance with the server and the first check sequence;
the method further comprises the following steps: and if the first check sequence exists in the preset number of reference check sequences, discarding the first message.
7. The method according to any of claims 5-6, wherein the first check sequence and the first check information are included in a Token carried in the first packet.
8. A message processing apparatus, for use in a server in a long-distance wide area network LoRaWAN, the apparatus comprising:
the receiving module is used for receiving a first message sent by a first gateway, wherein the first message carries a first gateway identifier, a first check sequence and first check information of the first gateway;
a determining module, configured to, if it is determined that the first gateway corresponding to the first gateway identifier is a gateway allowed to access, extract, from the first gateway identifier, a byte corresponding to a bit of the first check sequence that is a preset value according to a correspondence between each byte of the gateway identifier and each bit of the check sequence, where the correspondence is agreed in advance with the first gateway; calculating check information of the extracted bytes according to a check algorithm agreed with the first gateway in advance, wherein the check information is used as second check information of the first gateway identifier;
and the discarding module is used for discarding the first message if the first check information is inconsistent with the second check information.
9. The apparatus of claim 8, wherein the discarding module is further configured to:
and if the first gateway is determined to be a gateway which is not allowed to be accessed, discarding the first message.
10. The apparatus of claim 8, wherein the determining module is specifically configured to: if the first gateway corresponding to the first gateway identifier is determined to be a gateway allowing access, judging whether the first check sequence exists in a preset number of reference check sequences; the reference check sequence is a check sequence carried in the recently received messages with the preset number and the same message type as the first message; if the first check sequence does not exist, determining second check information of the first gateway identifier according to a check algorithm agreed in advance with the first gateway and the first check sequence;
the discarding module is further configured to discard the first packet if it is determined that the first check sequence exists in the preset number of reference check sequences.
11. The apparatus according to any of claims 8-10, wherein the first check sequence and the first check information are included in a Token carried in the first packet.
12. A message processing apparatus, for use in a gateway in a long-distance wide area network LoRaWAN, the apparatus comprising:
the receiving module is used for receiving a first message sent by the server; the first message comprises a first check sequence and first check information;
a determining module, configured to extract, from the identifier of the gateway, a byte corresponding to a bit of the first check sequence that is a preset value according to a correspondence between each byte of the gateway identifier and each bit of the check sequence, where the correspondence is agreed with the server in advance; calculating the check information of the extracted bytes according to a check algorithm agreed with the server in advance, wherein the check information is used as second check information of the identifier of the gateway;
and the discarding module is used for discarding the first message if the first check information is inconsistent with the second check information.
13. The apparatus of claim 12, wherein the determining module is specifically configured to: judging whether the first check sequence exists in a preset number of reference check sequences or not; the reference check sequence is a check sequence carried in the recently received messages with the preset number and the same message type as the first message; if the first check sequence does not exist, determining second check information of the gateway identifier according to a check algorithm agreed in advance with the server and the first check sequence;
the discarding module is further configured to discard the first packet if it is determined that the first check sequence exists in the preset number of reference check sequences.
14. The apparatus according to any of claims 12-13, wherein the first check sequence and the first check information are included in a Token carried in the first packet.
15. A server comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: carrying out the method steps of any one of claims 1 to 4.
16. A gateway comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: -carrying out the method steps of any one of claims 5 to 7.
CN201810746205.2A 2018-07-09 2018-07-09 Message processing method and device Active CN109040025B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810746205.2A CN109040025B (en) 2018-07-09 2018-07-09 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810746205.2A CN109040025B (en) 2018-07-09 2018-07-09 Message processing method and device

Publications (2)

Publication Number Publication Date
CN109040025A CN109040025A (en) 2018-12-18
CN109040025B true CN109040025B (en) 2020-02-04

Family

ID=64641739

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810746205.2A Active CN109040025B (en) 2018-07-09 2018-07-09 Message processing method and device

Country Status (1)

Country Link
CN (1) CN109040025B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270222A (en) * 2014-07-28 2015-01-07 中国科学院信息工程研究所 Information isolating method and device resistant to covert channel
CN106487746A (en) * 2015-08-26 2017-03-08 中兴通讯股份有限公司 A kind of method and device of BMP message authentication
CN107707435A (en) * 2017-09-14 2018-02-16 新华三技术有限公司 A kind of message processing method and device
CN108111471A (en) * 2016-11-25 2018-06-01 中国电信股份有限公司 Processing method, system and the VTEP of message

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101834834A (en) * 2009-03-09 2010-09-15 华为软件技术有限公司 Authentication method, device and system
CN102170395A (en) * 2011-04-21 2011-08-31 中兴通讯股份有限公司 Data transmission method and network equipment
CN102710422B (en) * 2012-06-07 2014-09-17 西安电子科技大学 Node authentication method for avoiding authentication congestion
US20150007349A1 (en) * 2013-06-29 2015-01-01 Alcatel-Lucent Usa Inc. Efficient Assurance of Database Server Integrity
CN105959308B (en) * 2016-06-30 2019-03-15 中电长城网际系统应用有限公司 A kind of Intranet IP data package management method, apparatus and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270222A (en) * 2014-07-28 2015-01-07 中国科学院信息工程研究所 Information isolating method and device resistant to covert channel
CN106487746A (en) * 2015-08-26 2017-03-08 中兴通讯股份有限公司 A kind of method and device of BMP message authentication
CN108111471A (en) * 2016-11-25 2018-06-01 中国电信股份有限公司 Processing method, system and the VTEP of message
CN107707435A (en) * 2017-09-14 2018-02-16 新华三技术有限公司 A kind of message processing method and device

Also Published As

Publication number Publication date
CN109040025A (en) 2018-12-18

Similar Documents

Publication Publication Date Title
WO2017038500A1 (en) Relay device
PH12020550861A1 (en) Data control method and terminal device
CN111447235A (en) Network device and network system
CN107370636B (en) Link state determination method and device
CN104717105A (en) Industrial sensor network data repeated detecting method based on standard ISA 100.11a
CN104486243A (en) Data transmission method, equipment and system
CN110474922B (en) Communication method, PC system and access control router
CN107959930B (en) Terminal access method and device, Lora server and Lora terminal
WO2016008212A1 (en) Terminal as well as method for detecting security of terminal data interaction, and storage medium
CN109600364B (en) Method, device and computer readable storage medium for realizing message verification
US9241048B2 (en) Mechanism for processing network event protocol messages
CN113905012A (en) Communication method, device, equipment and medium
CN109040025B (en) Message processing method and device
CN109525682B (en) Service processing method, device, network element entity and computer readable storage medium
CN106888098A (en) The method and terminal of the checking communication information source true and false
CN108243034B (en) Fault determination method, receiver and transmitter
CN105471839A (en) Method for judging whether router data is tampered
CN102571277A (en) Method and device for sending serial number detection message
CN111162914A (en) Internet of things IPv4 identity authentication method and system based on PUF
CN106657030B (en) A kind of method and system based on Dynamic Host Configuration Protocol server invalid packet security protection
EP3979583B1 (en) Smart device identity recognition method and system, electronic device, and storage medium
CN112291270B (en) Data transmission method and device
CN117040909B (en) Method and system for carrying out safety protection on network equipment
CN112104615B (en) IPv6 address-based file credibility judgment processing method and device
CN114979172B (en) Data transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant