CN109347885B - Authentication method of network authentication system - Google Patents
Authentication method of network authentication system Download PDFInfo
- Publication number
- CN109347885B CN109347885B CN201811480876.5A CN201811480876A CN109347885B CN 109347885 B CN109347885 B CN 109347885B CN 201811480876 A CN201811480876 A CN 201811480876A CN 109347885 B CN109347885 B CN 109347885B
- Authority
- CN
- China
- Prior art keywords
- authentication
- data packet
- real
- message
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network authentication system, which comprises a plurality of authentication servers, a network authentication server and a network authentication server, wherein the authentication servers are used for processing network authentication tasks; the authentication interface terminals are used for connecting the access nodes to be authenticated; the encryption module is connected with the authentication interface terminal and used for encrypting the authentication message of the access node; the address selection module is connected with the encryption module and used for selecting a transmission path of the encrypted data packet; and the decryption module is connected with the authentication server and used for decompressing the data packet and transmitting the data packet to the corresponding authentication server for authentication. The invention can improve the defects of the prior art and improve the security of network authentication.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network authentication system and an authentication method thereof.
Background
With the development of network technology, people's life and work increasingly depend on various information provided by networks. With the increase of the importance of network security. In order to ensure the security of network information, the existing network is mostly ensured by various authentication means. However, the existing authentication method is easy to be attacked and cracked by hackers, and the overall security is not high.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a network authentication system and an authentication method thereof, which can solve the defects of the prior art and improve the security of network authentication.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
A network authentication system includes a network authentication server including,
the authentication servers are used for processing network authentication tasks;
the authentication interface terminals are used for connecting the access nodes to be authenticated;
the encryption module is connected with the authentication interface terminal and used for encrypting the authentication message of the access node;
the address selection module is connected with the encryption module and used for selecting a transmission path of the encrypted data packet;
and the decryption module is connected with the authentication server and used for decompressing the data packet and transmitting the data packet to the corresponding authentication server for authentication.
An authentication method of the network authentication system includes the following steps:
A. the access node to be authenticated carries out speed measurement on each authentication interface terminal, and the authentication interface terminal with the highest connection speed is selected for connection;
B. the access node to be authenticated sends the authentication message to an encryption module through an authentication interface terminal for encryption;
C. the address selection module establishes transmission path connection between the encrypted data packet and the authentication server; for each transmission path, marking the data packet on the transmission path as a main data packet, and marking other data packets as auxiliary data packets;
D. the main data packet and a plurality of randomly selected auxiliary data packets are transmitted to a decryption module through a transmission path, the decryption module decrypts the main data packet to obtain an authentication message, and the auxiliary data packets directly pass through the decryption module without processing;
E. and the authentication server receiving the authentication message and the secondary data packet performs authentication processing according to the consistency of the authentication message and the data quantity distribution characteristics of the secondary data packet.
In the step B, the encryption module takes the real-time connection speed of the authentication interface terminal selected and connected in the step A during encryption as an encryption object, and encrypts the real-time connection speed after combining with the check bit of the authentication message.
Preferably, in step D, the secondary data packet is processed by a hash function to obtain a hash value, and the real-time transmission rate of the secondary data packet is determined according to the calculated hash value.
Preferably, in step E, the authentication server determines the security of the authentication packet according to the distortion of the check bit of the authentication packet and the linearity of the distortion of other positions of the authentication packet, if the linearity is lower than a set threshold, it is determined that the authentication is not secure, and if not, it is determined that the authentication is secure, and then the real-time transmission rate of the secondary data packet is measured, if the real-time transmission rate curve is the same as the preset curve, the authentication is successful, otherwise, the authentication is failed.
Preferably, the real-time transmission rate curve is reselected from the authentication messages which fail to be authenticated because the real-time transmission rate curve is different from the preset curve, and the secondary data packet is sent according to the new real-time transmission rate curve to carry out secondary measurement.
Adopt the beneficial effect that above-mentioned technical scheme brought to lie in: the invention improves the safety of the authentication process by using a double authentication mode of 'message authentication + flow characteristic authentication'. Meanwhile, the security of message transmission composition is improved by improving the message encryption process; the hash value is obtained by utilizing the hash function, the flow characteristic is controlled in real time, the possibility that the flow characteristic is illegally imitated can be effectively reduced, and therefore the safety of the double authentication mode provided by the invention is integrally improved.
Drawings
FIG. 1 is a block diagram of one embodiment of the present invention.
In the figure: 1. an authentication server; 2. authenticating the interface terminal; 3. an encryption module; 4. an address selection module; 5. and a decryption module.
Detailed Description
Referring to FIG. 1, one embodiment of the present invention includes
A plurality of authentication servers 1 for processing network authentication tasks;
the authentication interface terminals 2 are used for connecting access nodes to be authenticated;
the encryption module 3 is connected with the authentication interface terminal 2 and used for encrypting the authentication message of the access node;
the address selection module 4 is connected with the encryption module 3 and used for selecting a transmission path of the encrypted data packet;
and the decryption module 5 is connected with the authentication server 1 and used for decompressing the data packet and sending the data packet to the corresponding authentication server 1 for authentication.
An authentication method of the network authentication system includes the following steps:
A. the access node to be authenticated carries out speed measurement on each authentication interface terminal 2, and selects the authentication interface terminal 2 with the highest connection speed for connection;
B. the access node to be authenticated sends the authentication message to an encryption module 3 through an authentication interface terminal 2 for encryption;
C. the address selection module 4 establishes transmission path connection between the encrypted data packet and the authentication server 1; for each transmission path, marking the data packet on the transmission path as a main data packet, and marking other data packets as auxiliary data packets;
D. the main data packet and a plurality of randomly selected auxiliary data packets are transmitted to a decryption module 5 through a transmission path, the decryption module 5 decrypts the main data packet to obtain an authentication message, and the auxiliary data packets directly pass through the decryption module 5 without processing;
E. the authentication server 1 that has received the authentication packet and the sub data packet performs authentication processing according to the consistency of the authentication packet and the data amount distribution characteristics of the sub data packet.
In the step B, the encryption module 3 encrypts the real-time connection speed of the authentication interface terminal 2 selected and connected in the step a during encryption as an encryption object after combining with the check bit of the authentication message.
And D, processing the secondary data packet through a hash function to obtain a hash value, and determining the real-time transmission rate of the secondary data packet according to the calculated hash value.
In step E, the authentication server 1 determines the security of the authentication packet according to the distortion of the check bit of the authentication packet and the linearity of the distortion of other positions of the authentication packet, if the linearity is lower than a set threshold, it is determined that the authentication is not secure, and if not, it is determined that the authentication is secure, and then the real-time transmission rate of the secondary data packet is determined, if the real-time transmission rate curve is the same as the preset curve, the authentication is successful, otherwise, the authentication is failed.
And (3) reselecting the real-time transmission rate curve of the authentication message which fails to authenticate because the real-time transmission rate curve is different from the preset curve, sending the secondary data packet according to the new real-time transmission rate curve, and performing secondary measurement. When the real-time transmission rate curve is reselected, the real-time rate transmitted by the auxiliary data packet on the transmission path as the main data packet and the original real-time transmission rate curve are weighted and averaged to obtain the reselected real-time transmission rate curve. By carrying out secondary measurement on the authentication message and carrying out weighting processing on the original real-time transmission rate curve, the interference of transmission rate change caused by hardware problems on authentication is avoided.
In the description of the present invention, it is to be understood that the terms "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, are merely for convenience of description of the present invention, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (5)
1. An authentication method of a network authentication system comprises a plurality of authentication servers (1) for processing network authentication tasks; the authentication interface terminals (2) are used for connecting the access nodes to be authenticated; the encryption module (3) is connected with the authentication interface terminal (2) and is used for encrypting the authentication message of the access node; the address selection module (4) is connected with the encryption module (3) and is used for selecting a transmission path of the encrypted data packet; the decryption module (5) is connected with the authentication server (1) and used for decompressing the data packet and sending the data packet to the corresponding authentication server (1) for authentication, and is characterized by comprising the following steps:
A. the access node to be authenticated measures the speed of each authentication interface terminal (2), and selects the authentication interface terminal (2) with the highest connection speed for connection;
B. the access node to be authenticated sends the authentication message to an encryption module (3) through an authentication interface terminal (2) for encryption;
C. the address selection module (4) establishes transmission path connection between the encrypted data packet and the authentication server (1); for each transmission path, marking the data packet on the transmission path as a main data packet, and marking other data packets as auxiliary data packets;
D. the main data packet and a plurality of randomly selected auxiliary data packets are transmitted to a decryption module (5) through a transmission path, the decryption module (5) decrypts the main data packet to obtain an authentication message, and the auxiliary data packets directly pass through the decryption module (5) without processing;
E. and the authentication server (1) which receives the authentication message and the secondary data packet performs authentication processing according to the consistency of the authentication message and the data quantity distribution characteristics of the secondary data packet.
2. The authentication method of the network authentication system according to claim 1, characterized in that: in the step B, the encryption module (3) takes the real-time connection speed of the authentication interface terminal (2) selected and connected in the step A during encryption as an encryption object, and encrypts the encryption object after combining with the check bit of the authentication message.
3. The authentication method of the network authentication system according to claim 2, characterized in that: and D, processing the secondary data packet through a hash function to obtain a hash value, and determining the real-time transmission rate of the secondary data packet according to the calculated hash value.
4. The authentication method of the network authentication system according to claim 3, characterized in that: and step E, the authentication server (1) judges the safety of the authentication message according to the distortion of the check bit of the authentication message and the linearity of the distortion of other positions of the authentication message, if the linearity is lower than a set threshold value, the authentication is judged to be unsafe, the authentication fails, otherwise, the authentication is judged to be safe, then the real-time transmission rate of the secondary data packet is measured, if the real-time transmission rate curve is the same as the preset curve, the authentication succeeds, and if not, the authentication fails.
5. The authentication method of the network authentication system according to claim 4, wherein: and (3) reselecting the real-time transmission rate curve of the authentication message which fails to authenticate because the real-time transmission rate curve is different from the preset curve, sending the secondary data packet according to the new real-time transmission rate curve, and performing secondary measurement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811480876.5A CN109347885B (en) | 2018-12-05 | 2018-12-05 | Authentication method of network authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811480876.5A CN109347885B (en) | 2018-12-05 | 2018-12-05 | Authentication method of network authentication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109347885A CN109347885A (en) | 2019-02-15 |
| CN109347885B true CN109347885B (en) | 2020-12-08 |
Family
ID=65320034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811480876.5A Active CN109347885B (en) | 2018-12-05 | 2018-12-05 | Authentication method of network authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109347885B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486336A (en) * | 2014-12-12 | 2015-04-01 | 冶金自动化研究设计院 | Device for safely isolating and exchanging industrial control networks |
| CN106027463A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Data transmission method |
| CN108737414A (en) * | 2018-05-15 | 2018-11-02 | 河南职业技术学院 | A kind of internet data safe transmission method and its safe transmission device and its implementation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008037397A1 (en) * | 2006-09-28 | 2008-04-03 | Koninklijke Kpn N.V. | Method and system for selecting a data transmission rate |
-
2018
- 2018-12-05 CN CN201811480876.5A patent/CN109347885B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486336A (en) * | 2014-12-12 | 2015-04-01 | 冶金自动化研究设计院 | Device for safely isolating and exchanging industrial control networks |
| CN106027463A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Data transmission method |
| CN108737414A (en) * | 2018-05-15 | 2018-11-02 | 河南职业技术学院 | A kind of internet data safe transmission method and its safe transmission device and its implementation |
Non-Patent Citations (1)
| Title |
|---|
| A Module of the Public Safety Information;于复兴;索依娜;《IEEE》;20110417;第1-4页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109347885A (en) | 2019-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111314056B (en) | Heaven and earth integrated network anonymous access authentication method based on identity encryption system | |
| US8639929B2 (en) | Method, device and system for authenticating gateway, node and server | |
| US8726022B2 (en) | Method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely | |
| US7669230B2 (en) | Secure switching system for networks and method for securing switching | |
| US20100211780A1 (en) | Secure network communications | |
| CN102638468B (en) | The method of protection information transmission security, transmitting terminal, receiving terminal and system | |
| US20200351107A1 (en) | Secure authentication of remote equipment | |
| CN100571124C (en) | Prevent the method for Replay Attack and guarantee the unduplicated method of message SN | |
| CN105429945B (en) | A kind of method, apparatus and system of data transmission | |
| CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
| CN109729000B (en) | Instant messaging method and device | |
| US20100042844A1 (en) | Method, base station, relay station and relay communication system for implementing message authentication | |
| CN106888092A (en) | Information processing method and device | |
| CN115550069B (en) | Intelligent charging system of electric automobile and safety protection method thereof | |
| CN110602055A (en) | Long connection authentication method, device, server and storage medium | |
| CN110602111B (en) | Interface anti-brushing method and system based on long connection | |
| CN109347885B (en) | Authentication method of network authentication system | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| CN112242976B (en) | Identity authentication method and device | |
| CN114765805A (en) | Communication method, network equipment, base station and computer readable storage medium | |
| KR101502652B1 (en) | Method for exchanging secret key between wireless terminal and wire terminal | |
| CN107295015B (en) | Traffic signal machine communication method | |
| CN107395764B (en) | Method and system for data exchange between devices in different data domains | |
| CN111698096A (en) | NDN-based intelligent home network system and equipment automatic safe login method | |
| WO2023236925A1 (en) | Authentication method and communication device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yang Aimin Inventor after: Yu Fuxing Inventor after: Suo Yina Inventor after: Su Yaguang Inventor after: Zhao Quanming Inventor before: Yu Fuxing Inventor before: Suo Yina Inventor before: Yang Aimin Inventor before: Su Yaguang Inventor before: Zhao Quanming |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220211 Address after: 100087 3201-e02, 32nd floor, building 4, fangqunyuan Third District, Fengtai District, Beijing Patentee after: Zhongke Chenxiao (Beijing) Technology Co.,Ltd. Address before: 063009 Tangshan City Caofeidian District, Hebei Province, Tangshan Bay eco Town, Bohai Road, 21 Patentee before: NORTH CHINA University OF SCIENCE AND TECHNOLOGY |
|
| TR01 | Transfer of patent right |