CN112203279B - 5G network boundary network element address protection method and device based on discrete address change - Google Patents
5G network boundary network element address protection method and device based on discrete address change Download PDFInfo
- Publication number
- CN112203279B CN112203279B CN202010910902.4A CN202010910902A CN112203279B CN 112203279 B CN112203279 B CN 112203279B CN 202010910902 A CN202010910902 A CN 202010910902A CN 112203279 B CN112203279 B CN 112203279B
- Authority
- CN
- China
- Prior art keywords
- address
- network element
- port number
- protection
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a 5G network boundary network element address protection method and a device based on discrete address change, wherein the method realizes the protection of network element addresses by processing HTTP signaling interacted between 5G core networks; firstly, in a cross-network element service discovery stage, processing a core network hNRF response of a visited place vNRF external service request, extracting a network element IP address and a port number in the response, performing discrete address conversion on the network element IP address and the port number, replacing the network element IP address and the port number into an hNRF response message, and forwarding the hNRF response message to a vNRF; when the user of the external network initiates a service request, the IP address and the port number of the network element in the external request message are replaced by the IP address and the port number of the network element before discrete address conversion, and the IP address and the port number of the network element in the response message of the network element in the network are replaced by the IP address and the port number of the network element after discrete address conversion. The invention can complete the protection of the network element IP address and the port number in the signaling under the condition of not influencing the normal signaling interaction.
Description
Technical Field
The invention belongs to the technical field of mobile communication network safety protection, and particularly relates to a 5G network boundary network element address protection method and device based on discrete address change, which aims at a 5G network boundary network element address protection scene.
Background
With the rapid development of communication technology, fifth generation communication systems gradually enter into practical deployment phases. The 5G is a network of 'everything interconnection', is tightly combined with industrial control, intelligent traffic and the like, and has more prominent importance in social life, industrial production and national safety. The 5G has richer application scenes, the network security threats are more complex and diversified, and new challenges are brought to the 5G network architecture.
Under the 5G network environment, service application is more diversified, and cross-network communication sessions become a common phenomenon. In the internet of everything era, the identities of users and devices are unknown, and various means are used to carry out illegal behaviors such as information stealing, fraud, attack and the like on mobile users, so that the security threat of mobile communication networks is becoming more complicated and diversified, and the credibility of the mobile communication networks is challenged greatly.
Aiming at the possible security threat existing between 5G core networks, 3GPP proposes a security edge protection proxy SEPP (Security edge protection proxy) network element functional entity (see standard TS23.501, https:// www.tech-overview. com/3m 23/tivv-3 GPP-23-501.html) for protecting the threat between two core networks. When the SEPP is deployed among networks, the SEPP has a topology hiding function (see standard TS33.501, https:// www.tech-invite. com/3m 33/tiv-3 gpp-33-501.html), so that after the opposite-end network analyzes according to FQND, the signaling message among the networks is directly routed to the SEPP. Although SEPP realizes the isolation of the entity address of the network element inside the core network between networks, the signaling content contains a large amount of internal network element address information (IPv4/IPv6), which reveals the real IP address inside the network to a certain extent and brings great threat to the security of the network element inside the core network.
Disclosure of Invention
The invention provides a method and a device for protecting 5G network boundary network element addresses based on discrete address change, aiming at the problems that SEPP contains a large amount of internal network element address information in signaling content, so that real IP addresses in a network are revealed to a certain extent, and huge threats are brought to the safety of internal network elements in a core network.
In order to achieve the purpose, the invention adopts the following technical scheme:
A5G network boundary network element address protection method based on discrete address change comprises the following steps:
step 1: constructing a real and protection address database, wherein the real and protection address database is used for storing the network element IP address type, the real network element IP address, the real port number and the corresponding protection network element IP address and the protection port number;
step 2: judging whether the real-time internetwork signaling has a relevant entity address field, and if not, directly forwarding the signaling to the intranet; if yes, extracting the current entity address field and judging whether the current entity address field is a request message, if not, skipping to the step 3, and if so, skipping to the step 4; the related entity address field comprises a network element IP address and a port number;
and step 3: inquiring whether the current network element IP address and port number exist in the real network element IP address and real port number in the database, if not, generating a corresponding protection network element IP address and protection port number in a jumping mode, storing the current network element IP address and port number and the protection network element IP address and protection port number which are generated correspondingly into the database, and replacing the network element IP address and port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number content; if the current network element IP address and the port number exist in the real network element IP address and the real port number, inquiring the corresponding protection network element IP address and the protection port number, and replacing the network element IP address and the port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number;
and 4, step 4: matching and searching the network element IP address and the port number in the current HTTP \2 message in the request message in the protection network element IP address and the protection port number of the database, finding out the corresponding real network element IP address and the real port number, and replacing the network element IP address and the port number in the HTTP \2 message with the corresponding real network element IP address and the real port number;
and 5: and (5) forwarding the HTTP \2 message processed in the step (4), replacing the IP address and port number contents of the network element in the current HTTP \2 message in the response message with the corresponding IP address and port number contents of the protection network element, and returning the contents to the external network.
Further, the step 3 comprises:
discrete address changes are made as follows:
wherein x represents the current network element IP address, y represents the current port number, and SeIP (x, y) represents the corresponding protection network element IP address and protection port number; rand _8(x) indicates that 4 8-bit addresses in IPv4 are discretely changed one by one when the current network element IP address is of an IPv4 type, any 8-bit address is randomly output by an integer between 0 and 255, and finally a 4 x 8-bit discrete IP address is formed; rand _16(x) indicates that when the current network element IP address is of an IPv6 type, 8 16-bit addresses in IPv6 are discretely changed one by one, any 16-bit address is randomly output by an integer from 0 to 65535, and finally an 8 x 16-bit discrete IP address is formed; rand16(y) indicates that an integer random output between 0 and 65535 is performed on the current port number as the corresponding guard port number.
A5G network boundary network element address protection device based on discrete address change comprises:
the real and protection address database construction module is used for constructing a real and protection address database, and the real and protection address database is used for storing the network element IP address type, the real network element IP address, the real port number and the corresponding protection network element IP address and protection port number;
the judging module is used for judging whether the real-time internetwork signaling has a relevant entity address field or not, and if not, the real-time internetwork signaling is directly forwarded to the intranet; if the address field exists, extracting the current entity address field and judging whether the current entity address field is a request message, if not, skipping to a first address replacement module, and if so, skipping to a second address replacement module; the relevant entity address field comprises a network element IP address and a port number;
the first address replacement module is used for inquiring whether the current network element IP address and port number exist in the real network element IP address and real port number in the database, if not, generating a corresponding protection network element IP address and protection port number in a jumping mode, storing the current network element IP address and port number and the correspondingly generated protection network element IP address and protection port number in the database, and replacing the network element IP address and port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number content; if the current network element IP address and the port number exist in the real network element IP address and the real port number, inquiring the corresponding protection network element IP address and the protection port number, and replacing the network element IP address and the port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number;
the second address replacing module is used for performing matching search of the IP address and the port number of the network element in the current HTTP \2 message in the request message in the IP address and the protection port number of the protection network element in the database, finding out the corresponding real IP address and the real port number of the network element, and replacing the content of the IP address and the port number of the network element in the HTTP \2 message with the corresponding real IP address and the real port number of the network element;
and the third address replacing module is used for forwarding the HTTP \2 message processed by the second address replacing module, replacing the network element IP address and port number content in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number content, and returning the protection network element IP address and protection port number content to the external network.
Further, the first address replacement module includes:
the discrete address change module is used for performing discrete address change according to the following modes:
wherein x represents the current network element IP address, y represents the current port number, and SeIP (x, y) represents the corresponding protection network element IP address and protection port number; rand _8(x) indicates that when the current network element IP address is of an IPv4 type, 4 8-bit addresses in IPv4 are discretely changed one by one, any 8-bit address is randomly output in an integer of 0-255, and finally a 4 x 8-bit discrete IP address is formed; rand _16(x) indicates that when the current network element IP address is of an IPv6 type, 8 16-bit addresses in IPv6 are discretely changed one by one, any 16-bit address is randomly output by an integer from 0 to 65535, and finally an 8 x 16-bit discrete IP address is formed; rand16(y) indicates that an integer random output between 0 and 65535 is performed on the current port number as the corresponding guard port number.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a method and a device for protecting 5G network boundary network element addresses based on discrete address change, aiming at the problems that SEPP contains a large amount of internal network element address information in signaling content, so that real IP addresses in a network are revealed to a certain extent, and huge threats are brought to the safety of internal network elements in a core network. In the invention, the discrete conversion processing is carried out on the signaling field of the leaked internal network element address from the signaling content, the discretely converted virtual network element IP address and virtual port number, namely the protection network element IP address and the protection port number, are displayed outwards, and the real network element IP address and the real port number, namely the real network element IP address and the real port number, are internally replaced. Under the condition of not influencing normal signaling interaction, the protection of the IP address and the port number of the network element in the signaling is finished.
Drawings
Fig. 1 is a basic flowchart of a method for protecting a 5G network boundary network element address based on discrete address change according to an embodiment of the present invention;
fig. 2 is an exemplary diagram of information related to a cell address in signaling of a method for protecting a cell address at a 5G network boundary based on discrete address change according to an embodiment of the present invention;
fig. 3 is a flowchart of a service discovery network element identifier protection method for a 5G network boundary network element address protection method based on discrete address change according to an embodiment of the present invention;
FIG. 4 is a network element identifier protection flowchart of a registration/PDU session flow of a 5G network boundary network element address protection method based on discrete address change according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a 5G network boundary network element address protection device based on discrete address change according to an embodiment of the present invention;
fig. 6 is a schematic deployment diagram of a 5G network boundary network element address protection device based on discrete address change according to an embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings:
the invention relates to a 5G network boundary network element address protection method based on discrete address change, which is characterized in that the network element IP address and the port number of a signaling are processed by the discrete address change through analyzing an internetwork signaling, so that the 5G network element address protection is realized; specifically, the process of processing a signaling flow entering in real time is shown in fig. 1, and includes:
step S101: constructing a real and protection address database, wherein the real and protection address database is used for storing the network element IP address type, the real network element IP address, the real port number and the corresponding protection network element IP address and the protection port number; specifically, the real and guard address database structure is shown in table 1.
TABLE 1 true and guard Address database
Step S102: judging whether the real-time internetwork signaling has a relevant entity address field, if not, directly forwarding the real-time internetwork signaling to an intranet (a protected 5G core network); if yes, extracting the current entity address field and judging whether the current entity address field is a request message (message initiated by an Http client), if not, jumping to the step S103, and if so, jumping to the step S104; the related entity address field comprises a network element IP address and a port number; specifically, the information related to the network element address in the signaling is shown in fig. 2.
Step S103: inquiring whether the current network element IP address and port number exist in the real network element IP address and real port number in the database, if not, generating a corresponding protection network element IP address and protection port number in a jumping mode, storing the current network element IP address and port number and the protection network element IP address and protection port number generated correspondingly into the database, and replacing the network element IP address and port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number (as shown in the response message processing in figure 3); if the current network element IP address and port number already exist in the real network element IP address and real port number, the protection network element IP address and protection port number corresponding to the current network element IP address and port number are queried, and the content of the network element IP address and port number in the current HTTP \2 message in the response message is replaced with the content of the corresponding protection network element IP address and protection port number (as shown in the response message processing in fig. 4).
Further, the step S103 includes:
discrete address changes are made as follows:
wherein x represents the current network element IP address, y represents the current port number, and SeIP (x, y) represents the corresponding protection network element IP address and protection port number; rand _8(x) indicates that when the current network element IP address is of an IPv4 type, 4 8-bit addresses in IPv4 are discretely changed one by one, any 8-bit address is randomly output by an integer between 0 and 255, and finally a 4 x 8-bit discrete IP address is formed (such as 192.168.123.234); rand _16(x) indicates that when the IP address of the current network element is of an IPv6 type, 8 16-bit addresses in IPv6 are discretely changed one by one, any one 16-bit address is randomly output in an integer from 0 to 65535, and finally an 8 × 16-bit discrete IP address is formed (for example, ABCD: EF01:2345:6789: ABCD: EF01:2345: 6789); rand16(y) indicates that an integer random output of 0 to 65535 is made for the current port number as the corresponding guard port number (e.g., 19216).
Specifically, an example of the discrete address change process is shown in table 2.
Table 2 example of address content hopping procedure
Step S104: matching and searching of the network element IP address and the port number in the current HTTP \2 message in the request message are carried out in the protection network element IP address and the protection port number of the database, the corresponding real network element IP address and the real port number are found, and the network element IP address and the port number in the HTTP \2 message are replaced by the corresponding real network element IP address and the real port number (as shown in the request message processing in figure 4).
Step S105: the HTTP \2 message processed in step S104 is forwarded, and then the content of the network element IP address and the port number in the current HTTP \2 message in the response message is replaced with the content of the corresponding protection network element IP address and the protection port number, and is returned to the external network (as shown in the response message processing in fig. 4).
In summary, the present invention provides a method and an apparatus for protecting 5G network boundary network element addresses based on discrete address change, aiming at the problem that SEPP includes a large amount of internal network element address information in signaling content, reveals real IP addresses in the network to a certain extent, and brings great threat to the security of internal network elements in a core network. In the invention, the discrete conversion processing is carried out on the signaling field of the leaked internal network element address from the signaling content, the discretely converted virtual network element IP address and virtual port number, namely the protection network element IP address and the protection port number, are displayed outwards, and the real network element IP address and the real port number, namely the real network element IP address and the real port number, are internally replaced. Under the condition of not influencing normal signaling interaction, the protection of the IP address and the port number of the network element in the signaling is finished.
It is worth pointing out that, in the present invention, both the request message and the response message are HTTP \2 messages.
On the basis of the above embodiments, as shown in fig. 5, the present invention further discloses a device for protecting a 5G network boundary network element address based on discrete address change, which includes:
a real and protection address database construction module 201, configured to construct a real and protection address database, where the real and protection address database is used to store a network element IP address type, a real network element IP address, a real port number, and a corresponding protection network element IP address and a protection port number.
A judging module 202, configured to judge whether a relevant entity address field exists in a real-time inter-network signaling, and if not, directly forward the relevant entity address field to an intranet; if the address field exists, extracting the current entity address field and judging whether the address field is a request message, if not, jumping to a first address replacing module 203, and if so, jumping to a second address replacing module 204; the related entity address field includes the network element IP address and port number.
A first address replacing module 203, configured to query the database whether a current network element IP address and port number exist in a real network element IP address and a real port number, and if not, generate a corresponding protection network element IP address and protection port number by hopping, store the current network element IP address and port number and the protection network element IP address and protection port number generated correspondingly in the database, and replace the network element IP address and protection port number in a current HTTP \2 message in a response message with contents of the protection network element IP address and protection port number corresponding to the port number; if the current network element IP address and the current port number exist in the real network element IP address and the real port number, the corresponding protection network element IP address and the protection port number are inquired, and the content of the network element IP address and the port number in the current HTTP \2 message in the response message is replaced by the content of the corresponding protection network element IP address and the protection port number.
The second address replacing module 204 is configured to perform matching lookup of the network element IP address and the port number in the current HTTP \2 message in the request message in the protection network element IP address and the protection port number of the database, find a corresponding real network element IP address and a real port number, and replace the content of the network element IP address and the port number in the HTTP \2 message with the corresponding real network element IP address and the real port number.
The third address replacing module 205 is configured to forward the HTTP \2 message processed by the second address replacing module 204, replace the content of the network element IP address and the port number in the current HTTP \2 message in the response message with the content of the corresponding protection network element IP address and the protection port number, and return the content to the external network.
Further, the first address replacement module 203 includes:
the discrete address change module is used for performing discrete address change according to the following modes:
wherein x represents the current network element IP address, y represents the current port number, and SeIP (x, y) represents the corresponding protection network element IP address and protection port number; rand _8(x) indicates that when the current network element IP address is of an IPv4 type, 4 8-bit addresses in IPv4 are discretely changed one by one, any 8-bit address is randomly output in an integer of 0-255, and finally a 4 x 8-bit discrete IP address is formed; rand _16(x) indicates that when the current network element IP address is of an IPv6 type, 8 16-bit addresses in IPv6 are discretely changed one by one, any 16-bit address is randomly output by an integer from 0 to 65535, and finally an 8 x 16-bit discrete IP address is formed; rand16(y) indicates that an integer random output between 0 and 65535 is performed on the current port number as the corresponding guard port number.
Specifically, when deployed, the network element address protection device may be connected in series between 5G border gateway devices SEPPs or embedded in an SEPP function as a protection function, and performs protection processing on an HTTP signaling request initiated by an external network, as shown in fig. 6.
The above shows only the preferred embodiments of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.
Claims (2)
1. A method for protecting 5G network boundary network element address based on discrete address change is characterized by comprising the following steps:
step 1: constructing a real and protection address database, wherein the real and protection address database is used for storing the network element IP address type, the real network element IP address, the real port number and the corresponding protection network element IP address and the protection port number;
step 2: judging whether the real-time internetwork signaling has a relevant entity address field, and if not, directly forwarding the signaling to the intranet; if yes, extracting the current entity address field and judging whether the current entity address field is a request message, if not, skipping to the step 3, and if so, skipping to the step 4; the related entity address field comprises a network element IP address and a port number;
and step 3: inquiring whether the current network element IP address and port number exist in the real network element IP address and real port number in the database, if not, generating a corresponding protection network element IP address and protection port number in a jumping mode, storing the current network element IP address and port number and the protection network element IP address and protection port number which are generated correspondingly into the database, and replacing the network element IP address and port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number content; if the current network element IP address and the port number exist in the real network element IP address and the real port number, inquiring the corresponding protection network element IP address and the protection port number, and replacing the network element IP address and the port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number;
and 4, step 4: matching and searching the network element IP address and the port number in the current HTTP \2 message in the request message in the protection network element IP address and the protection port number of the database, finding out the corresponding real network element IP address and the real port number, and replacing the network element IP address and the port number in the HTTP \2 message with the corresponding real network element IP address and the real port number;
and 5: forwarding the HTTP \2 message processed in the step 4, replacing the content of the network element IP address and the port number in the current HTTP \2 message in the response message with the content of the corresponding protection network element IP address and the protection port number, and returning the content to the external network;
the step 3 comprises the following steps:
the discrete address change is performed as follows:
wherein x represents the current network element IP address, y represents the current port number, and SeIP (x, y) represents the corresponding protection network element IP address and protection port number; rand _8(x) indicates that when the current network element IP address is of an IPv4 type, 4 8-bit addresses in IPv4 are discretely changed one by one, any 8-bit address is randomly output in an integer of 0-255, and finally a 4 x 8-bit discrete IP address is formed; rand _16(x) indicates that when the current network element IP address is of an IPv6 type, 8 16-bit addresses in IPv6 are discretely changed one by one, any 16-bit address is randomly output by an integer from 0 to 65535, and finally an 8 x 16-bit discrete IP address is formed; rand16(y) indicates that an integer random output between 0 and 65535 is performed on the current port number as the corresponding guard port number.
2. A5G network boundary network element address protection device based on discrete address change is characterized by comprising:
the real and protection address database construction module is used for constructing a real and protection address database, and the real and protection address database is used for storing the network element IP address type, the real network element IP address, the real port number and the corresponding protection network element IP address and protection port number;
the judging module is used for judging whether the real-time internetwork signaling has a relevant entity address field or not, and if not, the real-time internetwork signaling is directly forwarded to the intranet; if the address field exists, extracting the current entity address field and judging whether the current entity address field is a request message, if not, skipping to a first address replacement module, and if so, skipping to a second address replacement module; the related entity address field comprises a network element IP address and a port number;
the first address replacement module is used for inquiring whether the current network element IP address and port number exist in the real network element IP address and real port number in the database, if not, generating a corresponding protection network element IP address and protection port number in a jumping mode, storing the current network element IP address and port number and the correspondingly generated protection network element IP address and protection port number in the database, and replacing the network element IP address and port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number content; if the current network element IP address and the port number exist in the real network element IP address and the real port number, inquiring the corresponding protection network element IP address and the protection port number, and replacing the network element IP address and the port number in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number;
the second address replacing module is used for matching and searching the network element IP address and the port number in the current HTTP \2 message in the request message in the protection network element IP address and the protection port number of the database, finding the corresponding real network element IP address and the real port number, and replacing the network element IP address and the port number in the HTTP \2 message with the corresponding real network element IP address and the real port number;
the third address replacing module is used for forwarding the HTTP \2 message processed by the second address replacing module, replacing the network element IP address and port number content in the current HTTP \2 message in the response message with the corresponding protection network element IP address and protection port number content, and returning the protection network element IP address and protection port number content to the external network;
the first address replacement module includes:
the discrete address change module is used for performing discrete address change according to the following modes:
wherein, x represents the current IP address of the network element, y represents the current port number, and SeIP (x, y) represents the corresponding IP address and the corresponding port number of the protection network element; rand _8(x) indicates that 4 8-bit addresses in IPv4 are discretely changed one by one when the current network element IP address is of an IPv4 type, any 8-bit address is randomly output by an integer between 0 and 255, and finally a 4 x 8-bit discrete IP address is formed; rand _16(x) indicates that when the current network element IP address is of an IPv6 type, 8 16-bit addresses in IPv6 are discretely changed one by one, any 16-bit address is randomly output by an integer from 0 to 65535, and finally an 8 x 16-bit discrete IP address is formed; rand16(y) indicates that an integer random output between 0 and 65535 is performed on the current port number as the corresponding guard port number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010910902.4A CN112203279B (en) | 2020-09-02 | 2020-09-02 | 5G network boundary network element address protection method and device based on discrete address change |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010910902.4A CN112203279B (en) | 2020-09-02 | 2020-09-02 | 5G network boundary network element address protection method and device based on discrete address change |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112203279A CN112203279A (en) | 2021-01-08 |
CN112203279B true CN112203279B (en) | 2022-07-12 |
Family
ID=74005640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010910902.4A Active CN112203279B (en) | 2020-09-02 | 2020-09-02 | 5G network boundary network element address protection method and device based on discrete address change |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112203279B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113542219B (en) * | 2021-06-07 | 2023-02-14 | 中国人民解放军战略支援部队信息工程大学 | Method and system for realizing signaling access based on multi-mode network element proxy |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102870395A (en) * | 2010-02-08 | 2013-01-09 | 华为技术有限公司 | Method, apparatus and system for address distribution |
CN103402197A (en) * | 2013-07-12 | 2013-11-20 | 南京航空航天大学 | Hidden position and path protection method based on IPv6 (Internet Protocol Version 6) |
CN105991595A (en) * | 2015-02-15 | 2016-10-05 | 华为技术有限公司 | Network security protection method and device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9042549B2 (en) * | 2009-03-30 | 2015-05-26 | Qualcomm Incorporated | Apparatus and method for address privacy protection in receiver oriented channels |
US10917783B2 (en) * | 2012-01-13 | 2021-02-09 | Nokia Solutions And Networks Oy | Machine-type communication proxy function |
CN103236927B (en) * | 2013-04-16 | 2016-09-14 | 中国科学技术大学 | A kind of authentication method based on dynamic ID mark and system |
CN104753888A (en) * | 2013-12-31 | 2015-07-01 | 中兴通讯股份有限公司 | Message handling method and device |
CN105376733A (en) * | 2015-09-30 | 2016-03-02 | 联想(北京)有限公司 | Information processing method and electronic apparatus |
-
2020
- 2020-09-02 CN CN202010910902.4A patent/CN112203279B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102870395A (en) * | 2010-02-08 | 2013-01-09 | 华为技术有限公司 | Method, apparatus and system for address distribution |
CN103402197A (en) * | 2013-07-12 | 2013-11-20 | 南京航空航天大学 | Hidden position and path protection method based on IPv6 (Internet Protocol Version 6) |
CN105991595A (en) * | 2015-02-15 | 2016-10-05 | 华为技术有限公司 | Network security protection method and device |
Non-Patent Citations (2)
Title |
---|
IPv6网络安全威胁分析;张连成等;《信息通信技术》;20191215(第06期);全文 * |
新一代宽带移动通信系统安全威胁和安全需求分析;刘彩霞等;《信息工程大学学报》;20101015(第05期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112203279A (en) | 2021-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xylomenos et al. | A survey of information-centric networking research | |
AU2008224354B2 (en) | Security methods for use in a wireless communications system | |
Arnould et al. | A self-organizing content centric network model for hybrid vehicular ad-hoc networks | |
US8578468B1 (en) | Multi-factor client authentication | |
CN104506511A (en) | Moving target defense system and moving target defense method for SDN (self-defending network) | |
WO2007020548A3 (en) | Routing advertisement authentication in fast router discovery | |
WO2007092688B1 (en) | Method and apparatus for address creation and validation | |
CN110233834B (en) | Network system, method, device and equipment for intercepting attack message | |
CN101009706B (en) | Method for protecting application based on sip | |
Durand et al. | Resilient, crowd-sourced LPWAN infrastructure using blockchain | |
Burresi et al. | Meshchord: A location-aware, cross-layer specialization of chord for wireless mesh networks (concise contribution) | |
CN112203279B (en) | 5G network boundary network element address protection method and device based on discrete address change | |
Kantola | 6G network needs to support embedded trust | |
CN112217861B (en) | 5G network boundary network element identification protection method and device based on identification jump | |
CN106453421B (en) | The wisdom mark network of fusion LTE distorts the composite defense method of DoS attack to service | |
Groat et al. | IPv6: nowhere to run, nowhere to hide | |
CN112311776B (en) | System and method for preventing flooding attack of API gateway | |
KR101013274B1 (en) | Method and system for intercepting unusual call in wireless data communication environment | |
CN111131169B (en) | Switching network-oriented dynamic ID hiding method | |
CN115442328B (en) | Network address conversion method, device, gateway, medium and equipment | |
US20120215926A1 (en) | Mechanism for Quick Data Path Setup by Cloning Session Content | |
Hanna et al. | Performance Evaluation of Secure and Privacy-preserving DNS at the 5G Edge | |
Ranga et al. | Ant colony based IP traceback scheme | |
Xiaorong et al. | The research on mobile Ipv6 security features | |
Rafique et al. | Distributed Cluster Computing: An Analysis to Overcome the Limitations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |