CN111262701A - Replay attack detection method, system, equipment and storage medium - Google Patents
Replay attack detection method, system, equipment and storage medium Download PDFInfo
- Publication number
- CN111262701A CN111262701A CN202010024384.6A CN202010024384A CN111262701A CN 111262701 A CN111262701 A CN 111262701A CN 202010024384 A CN202010024384 A CN 202010024384A CN 111262701 A CN111262701 A CN 111262701A
- Authority
- CN
- China
- Prior art keywords
- client
- timestamp
- digital signature
- replay attack
- latest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention discloses a replay attack detection method, which comprises the following steps: receiving a data packet which is sent by a client and comprises a first digital signature, a client current timestamp and a client identification code; the first digital signature is generated by a client identification code, a client current time stamp and a client password through an encryption algorithm; extracting a client current timestamp and a client identification code in the data packet; generating a second digital signature by using the extracted client current timestamp, the client identification code and the pre-stored password; the pre-stored password is a preset password which is the same as the client password; when the first digital signature and the second digital signature are not the same, it is determined that a replay attack has occurred. The invention also discloses a replay attack detection system, a replay attack detection device and a computer storage medium. By adopting the embodiment of the invention, the problem that the server without the timestamp can not detect replay attack can be effectively solved, and the network security of the server without the timestamp can be enhanced.
Description
Technical Field
The present invention relates to the field of communications network technologies, and in particular, to a replay attack detection method, system, device, and storage medium.
Background
Replay attacks (replay attacks) refer to an attacker sending a packet which is received by a target host to achieve the purpose of deceiving a system, and are mainly used for an identity authentication process to destroy the correctness of authentication. It is a type of attack that repeats an effective data transmission, either continuously maliciously or fraudulently, and replay attacks can be performed by the originator or by an adversary that intercepts and retransmits the data.
In the existing replay attack detection method, because of the superiority of the timestamp, the current mainstream replay attack prevention method is basically completed based on the timestamp of the server and the timestamp of the client. There are three current ways to detect replay attacks: the first is based on a timestamp scheme, which risks the attacker modifying the timestamp to bypass the anti-replay mechanism, causing the replay attack to take effect; the second is a scheme based on nonces, which consumes more and more server memory space as time goes on, so that the time consumption for verifying whether the nonces exist on the server is longer and longer, and the performance of the server is seriously influenced; the third is based on a scheme combining the timestamp and the nonce, which can effectively avoid the defects of the two schemes, and store the nonce in a specified time, so that the memory consumption is reduced, and meanwhile, the replay attack in a short time can be prevented.
However, the above three ways must be implemented depending on the timestamps of the server and the client. For a server without a timestamp, replay attacks cannot be accurately detected, and thus network security of the server cannot be guaranteed.
Disclosure of Invention
The embodiment of the invention aims to provide a replay attack detection method, a system, equipment and a storage medium, which can effectively solve the problem that a server without a timestamp cannot detect replay attacks and strengthen the network security of the server without the timestamp.
In order to achieve the above object, an embodiment of the present invention provides a replay attack detection method, including:
receiving a data packet which is sent by a client and comprises a first digital signature, a client current timestamp and a client identification code; wherein the first digital signature is generated by the client identification code, the client current timestamp and a client password through an encryption algorithm;
extracting the client current timestamp and the client identification code in the data packet;
generating a second digital signature by using the extracted client current timestamp, the client identification code and a pre-stored password; the pre-stored password is a preset password which is the same as the client password;
and when the first digital signature and the second digital signature are not the same, judging that a replay attack occurs.
Compared with the prior art, the replay attack detection method disclosed by the embodiment of the invention comprises the steps of firstly, receiving a data packet containing a first digital signature, a client current timestamp and a client identification code, and extracting the client current timestamp and the client identification code from the data packet; then, generating a second digital signature by using the client current timestamp and the client identification code extracted from the data packet and a pre-stored password; and finally, determining whether the current network is subjected to replay attack by judging whether the first digital signature is the same as the second digital signature, and when the first digital signature is different from the second digital signature, indicating that the data in the data packet is tampered, and at the moment, confirming that the current network is subjected to replay attack, so that the problem that the server without the timestamp cannot detect the replay attack can be effectively solved, and the network security of the server without the timestamp can be enhanced.
As an improvement of the above, the method further comprises:
when the first digital signature and the second digital signature are the same, judging whether the current timestamp of the client is greater than the latest timestamp prestored in a timestamp list;
if so, taking the current timestamp of the client as the latest timestamp and writing the latest timestamp into the timestamp list; if not, judging that a replay attack occurs or the request of the client side is overtime.
As an improvement of the above scheme, after the writing of the current client timestamp as the latest timestamp into the timestamp list, the method further includes:
judging whether the difference value between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold value or not;
if so, deleting the client timestamp with the difference value with the latest timestamp larger than the preset time threshold value from the timestamp list; if not, keeping the client time stamp of which the difference value with the latest time stamp is less than or equal to the preset time threshold.
As an improvement of the above scheme, the timestamp list includes a plurality of client timestamps corresponding to the client identification codes, and each of the client timestamps is sorted according to a preset sequence.
As an improvement of the above, the second digital signature is generated by an encryption algorithm.
In order to achieve the above object, an embodiment of the present invention further provides a replay attack detection system, including:
the data packet receiving module is used for receiving a data packet which is sent by the client and comprises a first digital signature, a current timestamp of the client and a client identification code; wherein the first digital signature is generated by the client identification code, the client current timestamp and a client password through an encryption algorithm;
the data extraction module is used for extracting the client current timestamp and the client identification code in the data packet;
the digital signature generation module is used for generating a second digital signature by using the extracted client current timestamp, the client identification code and the pre-stored password; the pre-stored password is a preset password which is the same as the client password;
the first judging module is used for judging whether the first digital signature and the second digital signature are the same or not;
and the first detection module is used for judging that replay attack occurs when the first digital signature is different from the second digital signature.
Compared with the prior art, the replay attack detection system disclosed by the embodiment of the invention comprises the following steps that firstly, a data packet receiving module receives a data packet containing a first digital signature, a client current timestamp and a client identification code, and a data extracting module extracts the client current timestamp and the client identification code from the data packet; then, the digital signature generation module generates a second digital signature by using the client current timestamp and the client identification code extracted from the data packet and a pre-stored password; and finally, the first judgment module judges whether the first digital signature is the same as the second digital signature or not so as to enable the first detection module to determine whether the current network is subjected to replay attack or not, when the first digital signature is different from the second digital signature, the data in the data packet is tampered, the current network can be confirmed to be subjected to replay attack, the problem that the server without the timestamp cannot detect the replay attack can be effectively solved, and the network security of the server without the timestamp is enhanced.
As an improvement of the above, the replay attack detection system further includes:
the second judging module is used for judging whether the current timestamp of the client is greater than the latest timestamp prestored in the timestamp list when the first digital signature and the second digital signature are the same;
a timestamp updating module, configured to, when the client current timestamp is greater than the latest timestamp, write the client current timestamp serving as the latest timestamp into the timestamp list;
and the second detection module is used for judging that replay attack occurs or the request of the client side is overtime when the current timestamp of the client side is less than or equal to the latest timestamp.
As an improvement of the above, the replay attack detection system further includes:
a third judging module, configured to judge whether a difference between the latest timestamp and a timestamp of any client in the timestamp list is greater than a preset time threshold;
and the timestamp deleting module is used for deleting the client timestamp with the difference value between the latest timestamp and the client timestamp in the timestamp list larger than the preset time threshold when the difference value between the latest timestamp and any client timestamp in the timestamp list is larger than the preset time threshold.
To achieve the above object, an embodiment of the present invention further provides a replay attack detection device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the replay attack detection method according to any one of the above embodiments when executing the computer program.
In order to achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, a device in which the computer-readable storage medium is located is controlled to execute the replay attack detection method according to any one of the above embodiments.
Drawings
Fig. 1 is a flowchart of a replay attack detection method according to an embodiment of the present invention;
FIG. 2 is a flow chart of another replay attack detection method provided by an embodiment of the present invention;
FIG. 3 is a flow chart of updating a list of timestamps provided by an embodiment of the present invention;
fig. 4 is a block diagram of a replay attack detection system according to an embodiment of the present invention;
fig. 5 is a block diagram of a replay attack detection device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a replay attack detection method according to an embodiment of the present invention; the replay attack detection method comprises the following steps:
s1, receiving a data packet which is sent by the client and comprises a first digital signature, a current timestamp of the client and a client identification code; wherein the first digital signature is generated by the client identification code, the client current timestamp and a client password through an encryption algorithm;
s2, extracting the current time stamp and the identification code of the client in the data packet;
s3, generating a second digital signature by using the extracted client current timestamp, the client identification code and a pre-stored password; the pre-stored password is a preset password which is the same as the client password;
and S4, when the first digital signature and the second digital signature are not the same, judging that the replay attack occurs.
It should be noted that the replay attack detection method described in the embodiment of the present invention is implemented by a server, and the server performs network communication with a plurality of clients. The client generates a first digital signature with fixed length by taking the client identification code, the current timestamp of the client and the client password as input. For example, the client uses an encryption algorithm to generate the first digital signature, for example, the encryption algorithm is a hash algorithm, an Md5 algorithm, or another encryption algorithm, and specifically, the calculation processes of the hash algorithm and the Md5 algorithm may refer to the prior art and are not described herein again. And when the client side sends a verification request to the server, packaging the first digital signature, the current timestamp of the client side and the client side identification code into a data packet, and sending the data packet to the server.
Specifically, after receiving a data packet sent by the client, the server extracts the client current timestamp and the client identification code in the data packet, then generates a second digital signature with a fixed length from the extracted client current timestamp, the client identification code and a pre-stored password in a database, and generates the second digital signature by using an encryption algorithm (hash algorithm, Md5 algorithm or other encryption algorithms). Finally, the server determines whether the current network is under replay attack by determining whether the first digital signature and the second digital signature are the same. When the first digital signature and the second digital signature are the same, the client request is considered to belong to a normal request, the current network is not attacked by replay, and the process is continued; when the first digital signature is different from the second digital signature, the content in the data packet sent by the client is confirmed to be tampered, the current network can be judged to have replay attack, the server rejects the request of the client, the client verifies that the request process is finished, and meanwhile corresponding measures are taken to deal with the situation that replay attack has occurred.
Preferably, the method further comprises:
s5, when the first digital signature and the second digital signature are the same, judging whether the current timestamp of the client is larger than the latest timestamp prestored in a timestamp list;
s6, if yes, writing the current timestamp of the client into the timestamp list as the latest timestamp; if not, judging that a replay attack occurs or the request of the client side is overtime.
Specifically, when the server determines that the first digital signature and the second digital signature are the same, the server further performs verification, and at this time, the server compares the client current timestamp T1 with the latest timestamp Tnew prestored in the timestamp list. When T1 is greater than Tnew, the client request is considered to belong to a normal request, the current network is not attacked by replay, and the process continues; when T1 is less than or equal to Tnew, a replay attack occurs or the client request times out, at which point the server rejects the client request, the client authentication request flow ends, and in order to prevent user information leakage, corresponding measures are taken to cope with the situation where a replay attack occurs or the client request times out. Whether the current network has replay attack can be accurately detected through double verification, and the network security is improved.
Further, the process of the above steps S1-S6 can refer to fig. 2.
Preferably, the timestamp list includes a plurality of timestamp storage spaces, and the timestamp storage spaces are memory spaces opened up for each client, are specially used for storing the client timestamps when the client authentication requests pass, and are in one-to-one correspondence with the client identification codes. Preferably, each of the client timestamps is sorted according to a preset order, for example, sorted according to an update time, and the latest timestamp is arranged at the last in the timestamp list.
When the client passes the verification, the Tnew is compared with the T1, when the T1 is less than or equal to the Tnew, the client request which currently initiates the verification can be considered to be overtime (because the Tnew is the latest moment in the server record, and T1 which is smaller than the Tnew can be basically considered to be an older moment which obviously overtime), and the request is rejected; when T1 is greater than Tnew, the current request is considered as a fresh request, and the current timestamp of the client, the current verification of which is initiated by the client, is saved through the timestamp storage space.
It should be noted that, the server cannot acquire the current time because it does not have the timestamp, and even cannot compare the time with the time of the client. In order to solve the problem, in the embodiment of the present invention, a timestamp list dynamic aging mechanism is designed for the server, and the mechanism enables the server to obtain the latest time Tnew after the client passes the verification, and also prevents the timestamp from occupying a large amount of memory of the server through the dynamic aging mechanism.
At this time, after the current timestamp of the client is written into the timestamp list as the latest timestamp, the method further includes:
s7, judging whether the difference value between the latest timestamp and any client timestamp in the timestamp list is larger than a preset time threshold value or not;
s8, if yes, deleting the client timestamp with the difference value with the latest timestamp larger than the preset time threshold value in the timestamp list; if not, keeping the client time stamp of which the difference value with the latest time stamp is less than or equal to the preset time threshold.
Further, the process of the above steps S7-S8 can refer to fig. 3.
The timestamp list takes a client identification code as an index, stores the client current timestamp of the client passing the verification request as a value, and sequentially stores the timestamp list according to the time sequence of the timestamps, the newer the timestamps are, the later the sequence is, the timestamp corresponding to the latest moment is Tnew, and the Tnew can be continuously refreshed by the latest client timestamp passing the verification along with the passing of the client verification request.
After the client passes the first verification, the server opens up a timestamp storage space for each client device according to the client identification code in the data packet for storing the timestamp passed by the client verification, and initializes the client device, wherein the initial value of the initialization is 0, the timestamp storage space is retrieved and valued through the client identification code, that is, each client corresponds to a timestamp storage space for storing the current timestamp of the client passed by the verification. The server stores the current time stamps of the clients passing the verification in sequence from front to back, and the last time stamp is Tnew, wherein the Tnew is continuously refreshed by the latest time stamp of the client passing the verification along with the passing of more and more client verification requests.
And respectively calculating the time difference between the Tnew and all the client-side timestamps stored in the server memory, and if the difference is greater than a preset time threshold t0, deleting the corresponding older timestamp and releasing the memory space occupied by the timestamp. t0 can be set manually according to specific needs, and can be a day, a week or even a month. Through the preset threshold value of t0, dynamic aging of the timestamp stored by the server can be realized, all timestamps with the time difference exceeding t0 with the latest time are deleted and the occupied memory is released, and the memory space of the aging timestamp can be released timely through the dynamic aging mechanism, so that the memory space is saved, and the time complexity of the sequencing process of the timestamp list is simplified.
The replay attack detection method provided by the embodiment of the invention stores the client time stamps which pass the verification and realizes the updating synchronization, so that the server maintains a list of the time stamps which pass the verification of the client. Firstly, a double insurance mechanism is added to the whole system in a mode of verifying the digital signature and then in a mode of comparing the timestamp of the verification request with the timestamp of the latest moment stored by the server. Whether the system belongs to the replay attack or not is judged through the double verification mechanism, and the accuracy and the stability of the system for preventing the replay attack are improved. In addition, the memory space occupied by the aging timestamp can be timely released through the dynamic aging mechanism, so that the consumption of the memory space of the server system is greatly reduced, the timestamp list is simplified, and the time complexity in the sequencing process according to the time stamp sequence is also greatly reduced.
Referring to fig. 4, fig. 4 is a block diagram of a replay attack detection system 100 according to an embodiment of the present invention; the replay attack detection system 100 includes:
the data packet receiving module 101 is configured to receive a data packet which is sent by a client and includes a first digital signature, a client current timestamp, and a client identification code; wherein the first digital signature is generated by the client identification code, the client current timestamp and a client password through an encryption algorithm;
a data extraction module 102, configured to extract the client current timestamp and the client identification code in the data packet;
the digital signature generation module 103 is configured to generate a second digital signature from the extracted client current timestamp, the client identification code, and a pre-stored password; the pre-stored password is a preset password which is the same as the client password;
a first determining module 104, configured to determine whether the first digital signature and the second digital signature are the same;
a first detection module 105, configured to determine that a replay attack occurs when the first digital signature and the second digital signature are not the same;
a second determining module 106, configured to determine whether the current timestamp of the client is greater than a latest timestamp prestored in a timestamp list when the first digital signature and the second digital signature are the same;
a timestamp updating module 107, configured to, when the client current timestamp is greater than the latest timestamp, write the client current timestamp as the latest timestamp into the timestamp list;
a second detection module 108, configured to determine that a replay attack occurs or the client request is overtime when the current timestamp of the client is less than or equal to the latest timestamp;
a third determining module 109, configured to determine whether a difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold;
a timestamp deleting module 110, configured to delete, from the timestamp list, a client timestamp whose difference from the latest timestamp is greater than a preset time threshold when a difference between the latest timestamp and any client timestamp in the timestamp list is greater than the preset time threshold.
Preferably, the timestamp list includes a plurality of client timestamps corresponding to the client identification codes, and each of the client timestamps is sorted according to a preset sequence. The second digital signature is generated by an encryption algorithm.
It should be noted that the replay attack detection system 100 according to the embodiment of the present invention may be a server, and the server is in network communication with a plurality of clients. The client generates a first digital signature with fixed length by taking the client identification code, the current timestamp of the client and the client password as input. Illustratively, the client generates the first digital signature using a cryptographic algorithm. And when the client side sends a verification request to the server, packaging the first digital signature, the current timestamp of the client side and the client side identification code into a data packet, and sending the data packet to the server.
The working process of the replay attack detection system 100 according to the embodiment of the present invention may refer to the working process of the replay attack detection method according to the above embodiment, and is not described herein again.
The replay attack detection system 100 provided by the embodiment of the present invention stores the time stamp of the client that passes the verification and realizes the update synchronization, so that the server maintains a list of the time stamps that the client passes the verification. Firstly, a double insurance mechanism is added to the whole system in a mode of verifying the digital signature and then in a mode of comparing the timestamp of the verification request with the timestamp of the latest moment stored by the server. Whether the system belongs to the replay attack or not is judged through the double verification mechanism, and the accuracy and the stability of the system for preventing the replay attack are improved. In addition, the memory space occupied by the aging timestamp can be timely released through the dynamic aging mechanism, so that the consumption of the memory space of the server system is greatly reduced, the timestamp list is simplified, and the time complexity in the sequencing process according to the time stamp sequence is also greatly reduced.
Referring to fig. 5, fig. 5 is a block diagram illustrating a replay attack detecting apparatus 200 according to an embodiment of the present invention; the replay attack detecting device 200 of this embodiment includes: a processor 201, a memory 202 and a computer program stored in said memory 202 and executable on said processor 201. The processor 201, when executing the computer program, implements the steps in the above-described replay attack detection method embodiment, such as steps S1 to S4 shown in fig. 1. Alternatively, the processor 201, when executing the computer program, implements the functions of each module/unit in the above device embodiments, for example, the data packet receiving module 101.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory 202 and executed by the processor 201 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the replay attack detection device 200. For example, the computer program may be divided into a data packet receiving module 101, a data extracting module 102, a digital signature generating module 103, a first determining module 104, a first detecting module 105, a second determining module 106, a timestamp updating module 107, a second detecting module 108, a third determining module 109, and a timestamp deleting module 110, and specific functions of each module refer to a specific working process of the replay attack detection system 100 described in the foregoing embodiment, which is not described herein again.
The replay attack detection device 200 may be a computing device such as a desktop computer, a notebook, a palm computer, and a cloud server. The replay attack detection device 200 may include, but is not limited to, a processor 201, a memory 202. Those skilled in the art will appreciate that the schematic diagram is merely an example of the replay attack detection device 200 and does not constitute a limitation of the replay attack detection device 200 and may include more or less components than those shown, or combine certain components, or different components, for example, the replay attack detection device 200 may also include input-output devices, network access devices, buses, etc.
The Processor 201 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. The general purpose processor may be a microprocessor or the processor 201 may be any conventional processor or the like, and the processor 201 is a control center of the replay attack detection apparatus 200, and various interfaces and lines are used to connect various parts of the entire replay attack detection apparatus 200.
The memory 202 may be used for storing the computer programs and/or modules, and the processor 201 may implement various functions of the replay attack detection apparatus 200 by executing or executing the computer programs and/or modules stored in the memory 202 and calling data stored in the memory 202. The memory 202 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 202 may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
Wherein, the module/unit integrated with the replay attack detecting apparatus 200 may be stored in a computer readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by the processor 201, the steps of the method embodiments described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (10)
1. A replay attack detection method, comprising:
receiving a data packet which is sent by a client and comprises a first digital signature, a client current timestamp and a client identification code; wherein the first digital signature is generated by the client identification code, the client current timestamp and a client password through an encryption algorithm;
extracting the client current timestamp and the client identification code in the data packet;
generating a second digital signature by using the extracted client current timestamp, the client identification code and a pre-stored password; the pre-stored password is a preset password which is the same as the client password;
and when the first digital signature and the second digital signature are not the same, judging that a replay attack occurs.
2. A replay attack detection method according to claim 1, characterised in that the method further comprises:
when the first digital signature and the second digital signature are the same, judging whether the current timestamp of the client is greater than the latest timestamp prestored in a timestamp list;
if so, taking the current timestamp of the client as the latest timestamp and writing the latest timestamp into the timestamp list; if not, judging that a replay attack occurs or the request of the client side is overtime.
3. A replay attack detection method according to claim 2, wherein after the writing of the client current time stamp as the latest time stamp into the time stamp list, further comprising:
judging whether the difference value between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold value or not;
if so, deleting the client timestamp with the difference value with the latest timestamp larger than the preset time threshold value from the timestamp list; if not, keeping the client time stamp of which the difference value with the latest time stamp is less than or equal to the preset time threshold.
4. The replay attack detection method of claim 2, wherein the time stamp list includes a plurality of client time stamps corresponding to the client identification codes, each of the client time stamps being sorted in a preset order.
5. A replay attack detection method according to claim 1, characterised in that the second digital signature is generated by means of a cryptographic algorithm.
6. A replay attack detection system, comprising:
the data packet receiving module is used for receiving a data packet which is sent by the client and comprises a first digital signature, a current timestamp of the client and a client identification code; wherein the first digital signature is generated by the client identification code, the client current timestamp and a client password through an encryption algorithm;
the data extraction module is used for extracting the client current timestamp and the client identification code in the data packet;
the digital signature generation module is used for generating a second digital signature by using the extracted client current timestamp, the client identification code and the pre-stored password; the pre-stored password is a preset password which is the same as the client password;
the first judging module is used for judging whether the first digital signature and the second digital signature are the same or not;
and the first detection module is used for judging that replay attack occurs when the first digital signature is different from the second digital signature.
7. The replay attack detection system according to claim 6, wherein the replay attack detection system further comprises:
the second judging module is used for judging whether the current timestamp of the client is greater than the latest timestamp prestored in the timestamp list when the first digital signature and the second digital signature are the same;
a timestamp updating module, configured to, when the client current timestamp is greater than the latest timestamp, write the client current timestamp serving as the latest timestamp into the timestamp list;
and the second detection module is used for judging that replay attack occurs or the request of the client side is overtime when the current timestamp of the client side is less than or equal to the latest timestamp.
8. The replay attack detection system according to claim 7, wherein the replay attack detection system further comprises:
a third judging module, configured to judge whether a difference between the latest timestamp and a timestamp of any client in the timestamp list is greater than a preset time threshold;
and the timestamp deleting module is used for deleting the client timestamp with the difference value between the latest timestamp and the client timestamp in the timestamp list larger than the preset time threshold when the difference value between the latest timestamp and any client timestamp in the timestamp list is larger than the preset time threshold.
9. A replay attack detection device comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the replay attack detection method according to any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the replay attack detection method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010024384.6A CN111262701B (en) | 2020-01-10 | 2020-01-10 | Replay attack detection method, system, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010024384.6A CN111262701B (en) | 2020-01-10 | 2020-01-10 | Replay attack detection method, system, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111262701A true CN111262701A (en) | 2020-06-09 |
| CN111262701B CN111262701B (en) | 2023-05-23 |
Family
ID=70953953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010024384.6A Active CN111262701B (en) | 2020-01-10 | 2020-01-10 | Replay attack detection method, system, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111262701B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111813857A (en) * | 2020-07-02 | 2020-10-23 | 珑门汽车科技(上海)有限公司 | Detection data management system and method based on block chain technology |
| CN112019548A (en) * | 2020-08-28 | 2020-12-01 | 重庆可兰达科技有限公司 | User-defined interface signature method, server and system for preventing malicious attacks |
| CN112257047A (en) * | 2020-11-17 | 2021-01-22 | 珠海大横琴科技发展有限公司 | Safety control method, device, equipment and medium for data sharing platform |
| CN112615883A (en) * | 2020-12-28 | 2021-04-06 | 北京威努特技术有限公司 | Attack detection method and device, electronic equipment and storage medium |
| CN112711759A (en) * | 2020-12-28 | 2021-04-27 | 山东鲁能软件技术有限公司 | Method and system for preventing replay attack vulnerability security protection |
| CN113382011A (en) * | 2021-06-18 | 2021-09-10 | 金陵科技学院 | Method for preventing replay attack by API interface |
| CN113612795A (en) * | 2021-08-18 | 2021-11-05 | 广州科语机器人有限公司 | Replay attack judgment method, Internet of things equipment, electronic equipment and storage medium |
| CN114124374A (en) * | 2021-11-10 | 2022-03-01 | 郭胜群 | Communication anti-replay method and system |
| CN114499995A (en) * | 2021-12-30 | 2022-05-13 | 中国电信股份有限公司 | Method, device and system for preventing replay attack |
| CN114640524A (en) * | 2022-03-18 | 2022-06-17 | 中国建设银行股份有限公司 | Method, apparatus, device and medium for processing transaction replay attack |
| CN115065503A (en) * | 2022-05-11 | 2022-09-16 | 浪潮云信息技术股份公司 | Method for preventing replay attack of API gateway |
| CN115150176A (en) * | 2022-07-07 | 2022-10-04 | 北京达佳互联信息技术有限公司 | Replay attack prevention method and device, electronic equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090187983A1 (en) * | 2007-09-07 | 2009-07-23 | Board Of Trustees Of The University Of Illinois | Method and system for distributed, localized authentication in the framework of 802.11 |
| CN102023926A (en) * | 2010-12-08 | 2011-04-20 | 杭州华三通信技术有限公司 | Method and device for data overtime aging processing |
| CN102916968A (en) * | 2012-10-29 | 2013-02-06 | 北京天诚盛业科技有限公司 | Identity authentication method, identity authentication server and identity authentication device |
| CN103067258A (en) * | 2012-12-14 | 2013-04-24 | 北京思特奇信息技术股份有限公司 | Message overtime detection processing method |
| CN103139200A (en) * | 2013-01-06 | 2013-06-05 | 深圳市元征科技股份有限公司 | Single sign-on method of web service |
| CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
| CN106534196A (en) * | 2016-12-22 | 2017-03-22 | 国云科技股份有限公司 | Identity verification method for resisting password-guessing replay attack |
| CN106790238A (en) * | 2017-01-19 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | It is a kind of to forge CSRF defence authentication method and device across station request |
| CN108306739A (en) * | 2018-01-22 | 2018-07-20 | 武汉斗鱼网络科技有限公司 | A kind of method, server and computer equipment for detecting subscriber identity information |
| CN109698806A (en) * | 2017-10-20 | 2019-04-30 | 福建省天奕网络科技有限公司 | A kind of user data method of calibration and system |
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
-
2020
- 2020-01-10 CN CN202010024384.6A patent/CN111262701B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090187983A1 (en) * | 2007-09-07 | 2009-07-23 | Board Of Trustees Of The University Of Illinois | Method and system for distributed, localized authentication in the framework of 802.11 |
| CN102023926A (en) * | 2010-12-08 | 2011-04-20 | 杭州华三通信技术有限公司 | Method and device for data overtime aging processing |
| CN102916968A (en) * | 2012-10-29 | 2013-02-06 | 北京天诚盛业科技有限公司 | Identity authentication method, identity authentication server and identity authentication device |
| CN103067258A (en) * | 2012-12-14 | 2013-04-24 | 北京思特奇信息技术股份有限公司 | Message overtime detection processing method |
| CN103139200A (en) * | 2013-01-06 | 2013-06-05 | 深圳市元征科技股份有限公司 | Single sign-on method of web service |
| CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
| CN106534196A (en) * | 2016-12-22 | 2017-03-22 | 国云科技股份有限公司 | Identity verification method for resisting password-guessing replay attack |
| CN106790238A (en) * | 2017-01-19 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | It is a kind of to forge CSRF defence authentication method and device across station request |
| CN109698806A (en) * | 2017-10-20 | 2019-04-30 | 福建省天奕网络科技有限公司 | A kind of user data method of calibration and system |
| CN108306739A (en) * | 2018-01-22 | 2018-07-20 | 武汉斗鱼网络科技有限公司 | A kind of method, server and computer equipment for detecting subscriber identity information |
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
Non-Patent Citations (2)
| Title |
|---|
| ZAHOOR AHMED ALIZAI等: "Improved IoT Device Authentication Scheme Using Device Capability and Digital Signatures", 《2018 INTERNATIONAL CONFERENCE ON APPLIED AND ENGINEERING MATHEMATICS (ICAEM)》 * |
| 钟声等: "基于时间戳的密码身份认证方案", 《计算机应用》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111813857A (en) * | 2020-07-02 | 2020-10-23 | 珑门汽车科技(上海)有限公司 | Detection data management system and method based on block chain technology |
| CN112019548A (en) * | 2020-08-28 | 2020-12-01 | 重庆可兰达科技有限公司 | User-defined interface signature method, server and system for preventing malicious attacks |
| CN112257047A (en) * | 2020-11-17 | 2021-01-22 | 珠海大横琴科技发展有限公司 | Safety control method, device, equipment and medium for data sharing platform |
| CN112615883B (en) * | 2020-12-28 | 2023-04-07 | 北京威努特技术有限公司 | Attack detection method and device, electronic equipment and storage medium |
| CN112615883A (en) * | 2020-12-28 | 2021-04-06 | 北京威努特技术有限公司 | Attack detection method and device, electronic equipment and storage medium |
| CN112711759A (en) * | 2020-12-28 | 2021-04-27 | 山东鲁能软件技术有限公司 | Method and system for preventing replay attack vulnerability security protection |
| CN113382011A (en) * | 2021-06-18 | 2021-09-10 | 金陵科技学院 | Method for preventing replay attack by API interface |
| CN113612795A (en) * | 2021-08-18 | 2021-11-05 | 广州科语机器人有限公司 | Replay attack judgment method, Internet of things equipment, electronic equipment and storage medium |
| CN114124374A (en) * | 2021-11-10 | 2022-03-01 | 郭胜群 | Communication anti-replay method and system |
| CN114499995A (en) * | 2021-12-30 | 2022-05-13 | 中国电信股份有限公司 | Method, device and system for preventing replay attack |
| CN114640524A (en) * | 2022-03-18 | 2022-06-17 | 中国建设银行股份有限公司 | Method, apparatus, device and medium for processing transaction replay attack |
| CN114640524B (en) * | 2022-03-18 | 2024-04-30 | 中国建设银行股份有限公司 | Method, apparatus, device and medium for processing transaction replay attack |
| CN115065503A (en) * | 2022-05-11 | 2022-09-16 | 浪潮云信息技术股份公司 | Method for preventing replay attack of API gateway |
| CN115150176A (en) * | 2022-07-07 | 2022-10-04 | 北京达佳互联信息技术有限公司 | Replay attack prevention method and device, electronic equipment and storage medium |
| CN115150176B (en) * | 2022-07-07 | 2023-10-17 | 北京达佳互联信息技术有限公司 | Replay attack prevention method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111262701B (en) | 2023-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111262701B (en) | Replay attack detection method, system, equipment and storage medium | |
| US11270306B2 (en) | Asset management method and apparatus, and electronic device | |
| US10885207B2 (en) | Method, apparatus, and electronic device for blockchain-based recordkeeping | |
| CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
| CN111723383B (en) | Data storage and verification method and device | |
| US20190332765A1 (en) | File processing method and system, and data processing method | |
| EP3824403A1 (en) | Method, apparatus, and electronic device for blockchain-based recordkeeping | |
| US10432622B2 (en) | Securing biometric data through template distribution | |
| CN109447809B (en) | Video active identification method combined with block chain | |
| CN109379360B (en) | Auditing method, electronic device and computer-readable storage medium | |
| CN108833133B (en) | Network configuration management method and device based on cloud computing network and storage medium | |
| US11558531B2 (en) | Systems and methods for authenticating an image | |
| WO2022206482A1 (en) | Blockchain editing method and blockchain node | |
| CN107092838A (en) | A kind of safety access control method of hard disk and a kind of hard disk | |
| CN114238874A (en) | Digital signature verification method and device, computer equipment and storage medium | |
| US20190306153A1 (en) | Adaptive risk-based password syncronization | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| KR20180009271A (en) | Apparatus and method for protecting file from encryption | |
| CN110555682B (en) | Multi-channel implementation method based on alliance chain | |
| CN111177674A (en) | Device verification method and device | |
| CN110032834B (en) | System authorization control method, terminal equipment and storage medium | |
| CN115935414A (en) | Block chain based data verification method and device, electronic equipment and storage medium | |
| CN112231754B (en) | Method, system and storage medium for monitoring configuration information of power edge computing node | |
| CN111008389B (en) | Data processing method and device based on file system in satellite | |
| CN115099799A (en) | Transaction processing method and system for digital RMB |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |