CN112636919A - Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic - Google Patents

Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic Download PDF

Info

Publication number
CN112636919A
CN112636919A CN202011442806.8A CN202011442806A CN112636919A CN 112636919 A CN112636919 A CN 112636919A CN 202011442806 A CN202011442806 A CN 202011442806A CN 112636919 A CN112636919 A CN 112636919A
Authority
CN
China
Prior art keywords
key
logic
ban
nlsr
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011442806.8A
Other languages
Chinese (zh)
Other versions
CN112636919B (en
Inventor
费媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Industrial Control Safety Innovation Technology Co ltd
Shanghai Normal University
Original Assignee
Shanghai Industrial Control Safety Innovation Technology Co ltd
Shanghai Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Industrial Control Safety Innovation Technology Co ltd, Shanghai Normal University filed Critical Shanghai Industrial Control Safety Innovation Technology Co ltd
Priority to CN202011442806.8A priority Critical patent/CN112636919B/en
Publication of CN112636919A publication Critical patent/CN112636919A/en
Application granted granted Critical
Publication of CN112636919B publication Critical patent/CN112636919B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a safety analysis and verification method for an NLSR (non-line segment synchronous sequence) safety model of BAN-n logic, and relates to the technical field of intra-domain routing protocol safety of a named data network. The invention comprises the following steps: step A, analyzing an NLSR security model and providing BAN-n logic; b, extracting the transmitting and receiving process of the LSA data packet between nodes related to the NLSR security model, and performing depicting modeling by using BAN-n logic; step C, verifying the data security target and the key security target by using an inference rule of BAN-n logic; step D, extracting the receiving and transmitting process of the LSA data packet between nodes related to the safety model with the invader NLSR, and performing depicting modeling by applying BAN-n logic; and step E, verifying the forged data intrusion target and the forged key intrusion target by using the inference rule of BAN-n logic. The BAN-n logic can verify that an intruder cannot realize intrusion by using forged keys and forged data in an NLSR security model.

Description

Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic
Technical Field
The invention relates to the technical field of routing protocol security models in named data network domains, in particular to a BAN-n logic NLSR security model security analysis and verification method.
Technical Field
With the increasing growth of internet users, users pay more and more attention to information content, and the IP network structure with an end-to-end communication mechanism supports this weakness. Therefore, an Information Centric Networking (ICN) has been proposed, which focuses on the dissemination and distribution of Information content. Named Data Networking (NDN) is a network framework for future internet revolutionary that originates from the ICN architecture. Named data networks avoid carrying IP addresses by tagging packets with names. The requester needs Data and sends a corresponding Interest Packet (Interest Packet), and a Data Packet (Data Packet) is returned when the node with the Data is reached. The interest packet is routed according to the content carried by the interest packet, and the data packet is returned along the path sent by the interest packet.
NLSR (Named-data Link State Routing Protocol) is an intra-domain Routing Protocol for Named data networks. NLSR uses a Link State Advertisement (LSA) to complete the construction of the network topology. Each router has a Link State Data Base (LSDB) for storing LSAs. If the router detects the change of the surrounding network topology or the local name prefix is modified, a new LSA is generated and propagated to the whole network.
Each NDN packet includes a Content Name (Content Name), a Signature (Signature), Data (Data), and the like. It is authenticated by a digital signature and there is a Key Locator (Key Locator) in the signature information that can indicate the name of the signing Key. To ensure the validity of an LSA with a valid signature, the NLSR protocol builds a five-layer security model based on a Trust Anchor (Trust Anchor) (as shown in fig. 1). At the top level, there is a Root node (Root), i.e. a Trust Anchor (Trust Anchor), which is used to send certificates to sites (Site); each site has one or more operators (operators) and each Operator manages a Router (Router) that belongs to the same site. Each router may generate an NLSR routing process to generate LSAs. This hierarchical trust model can build a string of validation LSA keys. LSAs must be signed by a valid NLSR process. While a valid NLSR key must be signed by the corresponding router key. While the router key must be signed by the operator key of the station to which it belongs. The operator key for each site must be signed by the site key, which must be signed by the root node key. And finally, the self-signature of the key of the root node is completed.
The security model belongs to the category of security protocols and provides security guarantee. If the design is wrong, better safety service cannot be provided, and the analysis and verification of the safety are particularly important. Therefore, it is extremely suitable to model and analyze the security model using a formalization method. In 1987, needleham and Schroeder first proposed a formal analysis of security protocols. Most formalization tools are then based on state detection techniques. With the introduction of BAN logic in 1989, formalized analysis of security protocols has provided a distinct approach. The modal logic system is composed of propositions and inference rules, and is an inference based on knowledge and belief.
The inference rules of common BAN logic are shown in the following table
Figure BDA0002823042670000021
As mentioned above, the inference rules of BAN logic are simple and easy to use, and have been applied by some well-known security protocol analysis.
Disclosure of Invention
The invention aims to overcome the defects and shortcomings in the prior art and provides a method for analyzing and verifying the safety of an NLSR safety model of BAN-n logic.
The method is characterized in that an NLSR security model is analyzed, because the security model relates to key verification, a related logic symbol component of the key verification needs to be introduced, and meanwhile, the related logic symbol component is introduced for describing a Content part and a Signature part in a Data packet. On the basis, a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule are set, namely based on an NLSR security model and a formalization, BAN-n logic is provided and applied to the NLSR security model to verify a data security target and a key security target of the NLSR security model. And applying the BAN-n logic to an NLSR security model of an intruder, and verifying aiming at a forged data intrusion target and a forged key intrusion target.
The technical scheme of the invention is as follows: the BAN-n logic is proposed and applied to an NLSR security model, and security analysis and verification are carried out on the logic, wherein the logic comprises the following steps:
1. and analyzing the NLSR security model and providing BAN-n logic.
2. Extracting the NLSR security model relates to the transmitting and receiving process of LSA data packets between nodes, and is characterized by using BAN-n logic.
3. And verifying the data security target and the key security target by using an inference rule in the BAN-n logic.
4. Extracting an NLSR security model with an intruder relates to the transceiving process of LSA data packets between nodes, and is characterized by using BAN-n logic.
5. And verifying the forged data intrusion target and the forged key intrusion target by using an inference rule in the BAN-n logic.
As described above, by applying security analysis and verification in the NLSR security model through BAN-n logic, it is possible to verify that an intruder cannot realize intrusion with forged keys and forged data.
Drawings
FIG. 1 is a five-layer security model constructed based on a Trust Anchor (Trust Anchor) in the existing NLSR protocol;
FIG. 2 is a flow chart of the NLSR security model security analysis and verification method of BAN-n logic of the present invention;
FIG. 3 is a diagram of the LSA data packet transceiving process between nodes under the NLSR security model according to the embodiment of the present invention;
fig. 4 is a diagram illustrating the process of transmitting and receiving LSA packets between nodes in the NLSR security model with intruders according to the embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the figures and examples.
The analysis object is "a Secure Link State Routing Protocol for NDN" published in IEEE Access journal by l.wang et al, which proposes a Secure Link State Routing Protocol NLSR naming data network NDN and constructs a five-layer hierarchical trust model for the security of the Protocol (as shown in fig. 1).
The method comprises the following specific steps (as shown in the attached figure 2):
step A, analyzing the NLSR security model, and improving the NLSR security model into: BAN-n logic, including BAN-n logic symbol construction and semantic description thereof, and inference rules of BAN-n logic.
The BAN-n logical symbols include four logical symbols as follows:
p | approximately equals K represents that the key verification is carried out on the key K by the main body P;
Figure BDA0002823042670000041
representation by private key K-1The message formed by the encrypted formula X is the Content part in the Data packet;
({X}K)sthe message formed by the formula X encrypted by the key K is represented as a Signature part in the Data packet;
(K)cthe message composed of the key K is represented as a Content part in the Data packet;
the inference rules of the BAN-n logic are four:
the method comprises a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule;
message meaning rule (MM1)
Figure BDA0002823042670000051
Meaning that P receives a message if P believes K is the public key of Q
Figure BDA0002823042670000058
And P carries on the key verification to the key K, P believes Q has sent the message X;
jurisdiction validation rules (JV)
Figure BDA0002823042670000052
Means that if P and Q have performed key verification on key K, and P receives key K, P believes Q has jurisdiction over X;
key validation rule (KV1)
Figure BDA0002823042670000053
Indicating that for key k belongs to the VK set, if P receives { k }KP believes K is the public key of Q, and P receives (K)cIf so, the key verification is carried out on the key k by the P;
key validation rule (KV2)
Figure BDA0002823042670000054
Meaning that for key k belonging to a DK set, if P performs key verification on the keys in all VK sets, while a certain key k exists in the VK set2Make P satisfy reception
Figure BDA0002823042670000059
And P believes that k is the public key of Q, then P carries out key verification on the key k;
rule of received message (SEE3)
Figure BDA0002823042670000055
Indicates if P receives the message
Figure BDA00028230426700000510
Then P receives the message
Figure BDA00028230426700000511
Rule of received message (SEE4)
Figure BDA0002823042670000056
Indicates if P receives the message ({ X }K)sIf P receives the message
Figure BDA00028230426700000512
Rule of received message (SEE5)
Figure BDA0002823042670000057
Indicating if P received the message (K)cThen P receives message X.
B, extracting the transceiving process of the LSA data packet between nodes in the NLSR security model, providing related symbols related to the NLSR security model, and defining a used formula and a used secret key; and reserving a content part and a signature part in the transceiving message, giving a data key set DK and a verification key set VK of the NLSR security model, and modeling the NLSR security model by using BAN-n logic.
And C, extracting two security targets needing verification, wherein one is a data security target, namely, a reader is ensured to receive data, the reader believes that the neighbor node believes the data is true, meanwhile, the reader believes that the data is true, the other is a key security target, namely, the reader is ensured to receive all keys, the reader believes that the neighbor believes that all keys are true, and meanwhile, the reader believes that all keys are true. The two security targets are expressed in an idealized way by using BAN-n logic, and are verified by using the inference rule of the BAN-n logic.
And D, extracting the transceiving process of the LSA data packet between the nodes in the NLSR security model with the invader, and modeling the LSA data packet by using improved BAN-n logic.
And E, extracting two intrusion targets needing verification, wherein one is a forged data intrusion target, namely, a reader is ensured to receive forged data, the reader believes that the forged data is true, the other is a forged key intrusion target, namely, the reader is ensured to receive a forged NLSR key, the reader believes that the neighbor believes that the forged NLSR key is true, and the reader believes that the forged NLSR key is true. The two intrusion targets are expressed in an idealized way by using BAN-n logic, and the two intrusion targets are verified by using the inference rule of the BAN-n logic.
(1) Improving BAN logic to obtain BAN-n logic
An embodiment, an improvement to BAN logic, whose symbolic building blocks and their semantic descriptions are given in table 1.
TABLE 1 symbolic building blocks of BAN logic and semantic descriptions thereof
Figure BDA0002823042670000061
The NLSR security model is analyzed, because the security model relates to key verification, a related logic symbol component of the key verification needs to be introduced, and meanwhile, the related logic symbol component is also introduced for describing a Content part and a Signature part in a Data packet. On the basis, a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule are set. By analyzing NLSR, BAN-n logic, as in Table 2.
TABLE 2 BAN-n logical notation building blocks and semantic descriptions thereof
Figure BDA0002823042670000073
Common BAN logic, as in table 3.
TABLE 3 inference rules of BAN logic
Figure BDA0002823042670000071
By analyzing the NLSR, the inference rule of BAN-n logic is as shown in Table 4.
TABLE 4 inference rules for BAN-n logic
Figure BDA0002823042670000072
Figure BDA0002823042670000081
(2) Modeling NLSR security model using BAN-n logic
Through the analysis of the NLSR security model, the LSA packet transceiving process of the current routing node Router and the Neighbor routing node Neighbor is extracted (as shown in fig. 3).
Meanwhile, symbols related to the security model and a description thereof will be given as shown in table 5.
TABLE 5 notation involved in NLSR Security model
Figure BDA0002823042670000082
The LSA packet transceiving process between nodes in fig. 3 can be written as the following 12 messages:
message 1.Router- > Neighbor: nameData
Message 2.Neighbor- > Router:
Figure BDA0002823042670000091
Figure BDA0002823042670000092
message 3.Router- > Neighbor:
Figure BDA0002823042670000093
message 4.Neighbor- > Router:
Figure BDA0002823042670000094
keyNLSR
message 5 Router- > Neighbor:
Figure BDA0002823042670000095
message 6.Neighbor- > Router:
Figure BDA0002823042670000096
keyrouter
message 7 Router- > Neighbor:
Figure BDA0002823042670000097
Message 8.Neighbor- > Router:
Figure BDA0002823042670000098
keyoperator
message 9, Router- > Neighbor:
Figure BDA0002823042670000099
message 10.Neighbor- > Router:
Figure BDA00028230426700000910
keysite
message 11, Router- > Neighbor:
Figure BDA00028230426700000911
message 12.Neighbor- > Router:
Figure BDA00028230426700000912
keyroot
firstly, Router sends the name of the Data packet corresponding to the LSA to Neighbor node Neighbor, where the Interest packet of the LSA includes the name (message 1);
the Neighbor node Neighbor then sends an LSA packet to the node Router, including a data name portion, a data portion, and a signature portion.
The data name part includes a nameDataThe content part comprises keyNLSRObtained by encrypting private key data
Figure BDA00028230426700000913
The signature part comprises
Figure BDA00028230426700000914
Figure BDA00028230426700000915
(message 2).
Secondly, the node Router sends the name of Neighbor node Neighbor to the node Router
Figure BDA0002823042670000101
Interest package of, i.e. request keyNLSR(message 3). Then, the Neighbor node Neighbor replies to the node Router with a data key with a corresponding nameNLSRData packet (message 4). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA0002823042670000102
Interest package of, i.e. request keyrouter(message 5).
Then, the Neighbor node Neighbor replies a key with data and corresponding name to the node RouterrouterData packet (message 6). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA0002823042670000103
Interest package of, i.e. request keyoperator(message 7). The Neighbor node Neighbor replies a key with data and corresponding name to the node RouteroperatorThe data packet (message 8). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA0002823042670000104
Interest package of, i.e. request keysite(message 9). Neighbor node Neighbor attaches keysiteIs sent to the node Router (message 10).
The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA0002823042670000105
Interest packages, i.e. request keysrootThe key (message 11).
Finally, the Neighbor node Neighbor carries data to the node Router as keyrootThe data packet (message 12).
The method comprises the following steps of defining a formula X and a key K to be used based on an NLSR (non line sequence request) security model scene, wherein the formula X is a Data key set DK, a verification key set VK and Data, and the key K is the Data key set DK and the verification key set VK and is defined as follows:
X∈DK∪VK∪{Data}
K∈DK∪VK
to give an idealisation of the NLSR security model reduction, only all packets are idealised (i.e. message 2, message 4, message 6, message 8, message 10 and message 12) and only the content part and signature part thereof are retained, since both are involved in encryption and decryption, so that the following idealised results can be obtained using the improved BAN logic.
The LSA packet for message 2 is idealized to obtain:
M1.1:
Figure BDA0002823042670000111
M1.2:
Figure BDA0002823042670000112
M1.3:
Figure BDA0002823042670000113
M1.4:
Figure BDA0002823042670000114
M1.5:
Figure BDA0002823042670000115
M1.6:
Figure BDA0002823042670000116
the data packets carrying the keys of the message 4, the message 6, the message 8, the message 10 and the message 12 are idealized to obtain:
M2:RΔ(keyNLSR)c
M3:RΔ(keyrouter)c
M4:RΔ(keyoperator)c
M5:RΔ(keysite)c
M6:RΔ(keyroot)c
an initialization hypothesis definition is first given to the underlying information of the data key according to a known security model.
Define DK ═ { key ═ keyNLSR},VK={keyrouter,keyoperater,keysite,keyroot}。
The simultaneous definition hypothesis sets are as follows:
A1:
Figure BDA0002823042670000117
wherein key is formed by DK and VK
A2: r Δ key → R | ≡ key, where key ∈ DK ≡ VK
A3: n | ≈ key, where key ∈ DK $
A4:RΔData→R|≡#Data
A5:
Figure BDA0002823042670000125
(3) Data security objective and key security objective of verification model
Meanwhile, aiming at a formal model of the NLSR security model, two security targets needing verification are extracted, wherein one security target is a data security target, namely, a reader is ensured to receive data, the reader believes that the data is true by a neighbor node, meanwhile, the reader believes that the data is true, the other security target is a key security target, namely, the reader is ensured to receive all keys, the reader believes that all keys are true by the neighbor node, and meanwhile, the reader believes that all keys are true.
Using BAN-n logic, to idealise the expression of data security objectives, verification is required:
G1:RΔData
G2:R|≡N|≡Data
G3:R|≡Data
the BAN-n logic is used for idealized expression of a data security target, and the KEY belongs to the KEY and needs to be verified:
G4:RΔkey
G5:R|≡N|≡key
G6:R|≡key
the certification process comprises the following steps:
applying the SEE rule SEE3 to message M1.1 yields:
S1:
Figure BDA0002823042670000121
applying the SEE rule SEE4 to messages M1.2-M1.5 results in:
S2:
Figure BDA0002823042670000122
S3:
Figure BDA0002823042670000123
S4:
Figure BDA0002823042670000124
S5:
Figure BDA0002823042670000131
S6:
Figure BDA0002823042670000132
applying the SEE rule SEE5 to the messages M2-M6 results in:
S7:RΔkeyNLSR
S8:RΔkeyrouter
S9:RΔkeyoperator
S10:RΔkeysite
S11:RΔkeyroot
the separation rule (MP) is applied to S7-S11 and hypothesis A1 to obtain:
S12:
Figure BDA0002823042670000133
S13:
Figure BDA0002823042670000134
S14:
Figure BDA0002823042670000135
S15:
Figure BDA0002823042670000136
S16:
Figure BDA0002823042670000137
applying the validation key rule KV1 to S3, S14 and message M3 yields:
S17:R|≈keyrouter
applying the validation key rule KV1 to S4, S15 and message M4 yields:
S18:R|≈keyoperator
applying the validation key rule KV1 to S5, S16 and message M5 yields:
S19:R|≈keysite
applying the validation key rule KV1 to S6, S16 and message M6 results in:
S20:R|≈keyroot
applying the validation key rule KV2 to S17-S20, S2 and S12 yields:
S21:R|≈keyNLSR
applying the SEE rule SEE2 to S1 and S12 may result in:
S22:RΔData
applying the separation rule (MP) to S22 and hypothesis A4 yields:
S23:R|≡#Data
applying the message meaning rule MM1 to S12, S1, and S21 yields:
S24:R|≡N|~Data
applying the temporary value verification rule NV to S23 and S24 yields:
S25:R|≡N|≡Data
applying jurisdictional rule J to assumptions A5 and S25 yields:
S26:R|≡Data
applying the separation rule (MP) to S7-S11 and hypothesis A2 yields:
S27:R|≡#keyNLSR
S28:R|≡#keyrouter
S29:R|≡#keyoperator
S30:R|≡#keysite
S31:R|≡#keyroot
applying the jurisdictional validation rule JV to assumptions A4, S17-S21, and S7-S11 yields:
S32:
Figure BDA0002823042670000141
S33:
Figure BDA0002823042670000142
S34:
Figure BDA0002823042670000143
S35:
Figure BDA0002823042670000151
S36:
Figure BDA0002823042670000152
applying the message meaning rule MM1 to S2, S13, and S17 yields:
S37:R|≡N|~keyNLSR
applying the message meaning rule MM1 to S3, S14, and S18 yields:
S38:R|≡N|~keyrouter
applying the message meaning rule MM1 to S4, S15, and S19 yields:
S39:R|≡N|~keyoperator
applying the message meaning rule MM1 to S5, S16, and S20 yields:
S40:R|≡N|~keysite
applying the message meaning rule MM1 to S6, S16, and S20 yields:
S41:R|≡N|~keyroot
applying the temporary value verification rule NV to S27-S31 and S37-S41 may result in:
S42:R|≡N|≡keyNLSR
S43:R|≡N|≡keyrouter
S44:R|≡N|≡keyoperator
S45:R|≡N|≡keysite
S46:R|≡N|≡keyroot
applying jurisdictional rule J to S32-S36 and S42-S46 yields:
S47:R|≡keyNLSR
S48:R|≡keyrouter
S49:R|≡keyoperator
S50:R|≡keysite
S51:R|≡keyroot
s22, S25, and S26 correspond to data security targets G1, G2, and G3, respectively, and thus the data security targets are verified. S7-S11, S42-S46, and S47-S51 correspond to key security targets G4, G5, and G6, respectively, and thus the key security targets are authenticated.
(4) Modeling NLSR security model (with intruder) using BAN-n logic
Through the analysis of the security model with the Intruder, only the situation that the Intruder owner forges the message in the first four steps is considered, the Intruder owner communicates with the node Router in the first four steps, and the node Router mistakenly considers that the owner is the Neighbor node Neighbor, and the LSA packet transceiving processes of the current node Router and the Neighbor node Neighbor are extracted, as shown in fig. 4.
The LSA packet transceiving process between nodes in fig. 4 can be written as the following 12 messages:
message 1'. Router- > neighbor (Intruder): nameData
Message 2'. neighbor (inturuder) - > Router:
Figure BDA0002823042670000161
Figure BDA0002823042670000162
message 3'. Router- > neighbor (Intruder):
Figure BDA0002823042670000163
message 4'. neighbor (inturuder) - > Router:
Figure BDA0002823042670000164
keyNLSR_fake
message 5 Router- > Neighbor:
Figure BDA0002823042670000165
message 6.Neighbor- > Router:
Figure BDA0002823042670000166
keyrouter
message 7, Router- > Neighbor:
Figure BDA0002823042670000167
message 8.Neighbor- > Router:
Figure BDA0002823042670000168
keyoperator
message 9, Router- > Neighbor:
Figure BDA0002823042670000171
message 10.Neighbor- > Router:
Figure BDA0002823042670000172
keysite
message 11, Router- > Neighbor:
Figure BDA0002823042670000173
message 12.Neighbor- > Router:
Figure BDA0002823042670000174
keyroot
firstly, Router sends an Interest packet of the LSA to a neighbor node counterfeited by Inturder, wherein the Interest packet comprises the name (message 1') of a Data packet corresponding to the LSA; the Inturder impersonation Neighbor node Neighbor sends an LSA data packet to the node Router, wherein the LSA data packet comprises a data name part, a data part, a signature part and a signature information part. The data name part includes a nameDataThe data portion includes a private key
Figure BDA0002823042670000175
The signature part comprises
Figure BDA0002823042670000176
The signature information part comprises
Figure BDA0002823042670000177
(message 2'); secondly, the node Router sends the name of Neighbor node Neighbor impersonated by Intuder
Figure BDA0002823042670000178
Interest package of, i.e. request key keyNLSR_fake(message 3'). Then, Intuder impersonation Neighbor node Neighbor replies to node Router with data key with corresponding nameNLSR_fakeData packet (message 4'). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA0002823042670000179
Interest package of, i.e. request keyrouter(message 5). Then, the Neighbor node Neighbor replies a key with data and corresponding name to the node RouterrouterData packet (message 6). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA00028230426700001710
Interest package of, i.e. request keyoperator(message 7). The Neighbor node Neighbor replies a key with data and corresponding name to the node RouteroperatorThe data packet (message 8). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA00028230426700001711
Interest package of, i.e. request keysite(message 9). Neighbor node Neighbor attaches keysiteIs sent to the node Router (message 10). The node Router sends the name of the Neighbor node Neighbor to the node Neighbor
Figure BDA00028230426700001712
Interest packages, i.e. request keysrootThe key (message 11). Finally, the Neighbor node Neighbor carries data to the node Router as keyrootThe data packet (message 12).
Based on the NLSR security model scene with the invader, the formula X and the key K are defined again, wherein the formula X is a Data key set DK, a verification key set VK, forged Data _ fake and a forged NLSR keyNLSR_fakeThe key K is a data key set DK, a verification key set VK and a forged NLSR keyNLSR_fakeThe definition is as follows:
X∈DK∪VK∪{Data_fake,keyNLSR_fake}
K∈DK∪VK∪{Data_fake}
to give an idealization of the NLSR security model reduction with intruders, we only idealize all packets (i.e. message 2', message 4, message 6, message 8, message 10 and message 12) and keep only the content part and signature part thereof, since both are involved in encryption and decryption, so that the following idealization results can be obtained using the improved BAN logic.
The LSA packet for message 2 is idealized to obtain:
M1.1′:
Figure BDA0002823042670000181
M1.2:
Figure BDA0002823042670000182
M1.3:
Figure BDA0002823042670000183
M1.4:
Figure BDA0002823042670000184
M1.5:
Figure BDA0002823042670000185
M1.6:
Figure BDA0002823042670000186
the data packets carrying the keys for message 4', message 6, message 8, message 10 and message 12 are idealized to obtain:
M2′:RΔ(keyNLSR_fake)c
M3:RΔ(keyrouter)c
M4:RΔ(keyoperator)c
M5:RΔ(keysite)c
M6:RΔ(keyroot)c
(5) forged data invasion target and forged key invasion target of verification model
Meanwhile, aiming at the formalized model of the NLSR security model with the invader, the forged data invasion target and the forged key invasion target are continuously verified.
Using BAN-n logic, the intrusion target of spurious data that needs to be verified is as follows:
G7:RΔData_fake
G8:R|≡N|≡Data_fake
G9:R|≡Data_fake
using BAN-n logic, the forged key intrusion target needed to complete authentication is as follows:
G10:RΔkeyNLSR_fake
G11:R|≡N|≡keyNLSR_fake
G12:R|≡keyNLSR_fake
the certification process comprises the following steps:
applying the SEE rule SEE3 to message M1.1 yields:
S1′:
Figure BDA0002823042670000191
applying the SEE rule SEE4 to messages M1.2-M1.5 results in:
S2′:
Figure BDA0002823042670000192
S3:
Figure BDA0002823042670000201
S4:
Figure BDA0002823042670000202
S5:
Figure BDA0002823042670000203
S6:
Figure BDA0002823042670000204
applying the SEE rule SEE5 to the messages M2-M6 results in:
S7′:RΔkeyNLSR_fake
S8:RΔkeyrouter
S9:RΔkeyoperator
S10:RΔkeysite
S11:RΔkeyroot
the separation rule (MP) is applied to the messages S7' -S11 and hypothesis a1 to obtain:
S12′:
Figure BDA0002823042670000205
S13:
Figure BDA0002823042670000206
S14:
Figure BDA0002823042670000207
S15:
Figure BDA0002823042670000208
S16:
Figure BDA0002823042670000209
applying the validation key rule KV1 to S3, S14 and message M3 yields:
S17:R|≈keyrouter
applying the validation key rule KV1 to S4, S15 and message M4 yields:
S18:R|≈keyoperator
applying the validation key rule KV1 to S5, S16 and message M5 yields:
S19:R|≈keysite
applying the validation key rule KV1 to S6, S16 and message M6 yields:
S20:R|≈keyroot
because of absence of
Figure BDA0002823042670000211
S21' cannot be obtained using the validation key rule KV 2: r | ≈ keyNLSR_fake
Applying the SEE rule SEE1 to S1 and S12 may result in:
S22:RΔData_fake
applying the separation rule (MP) to S22 and hypothesis A4 yields:
S23:R|≡#Data_fake
meanwhile, since there is no S21 ', the inability to apply the message meaning rule MM1 to S1, S12 and S21' results in:
S24′:R|≡N|~Data_fake
at the same time, the application of the temporary value verification rule NV to S23 and S24' does not result:
S25′:R|≡N|≡Data_fake
nor can jurisdictional rule J be applied to assumptions a5 and S25' to yield:
S26′:R|≡Data_fake
since only S22 corresponding to the forged data intrusion target G7 can be obtained, S25 'and S26' corresponding to the forged data intrusion targets G8 and G9 cannot be obtained. Thus, the proof of the intrusion of the forged data into the target cannot be completed, i.e., the intruder cannot successfully spoof the reader with the forged data.
Applying the separation rule (MP) to S7' -S11 and hypothesis A1 yields:
S27′:R|≡#keyNLSR_fake
S28:R|≡#keyrouter
S29:R|≡#keyoperator
S30:R|≡#keysite
S31:R|≡#keyroot
since there is no S21': r | ≈ keyNLSR_fakeTherefore, applying the jurisdictional validation rule JV to assumptions a4, S21 ', and S7 ' does not yield S32 ':
Figure BDA0002823042670000221
meanwhile, since there is no S21 ', the inability to apply the message meaning rule MM1 to S2, S13 and S21' results in:
S37′:R|≡N|~keyNLSR_fake
further, without S37 ', the inability to apply the temporary value verification rule NV to S27 ' and S37 ' results in:
S42′:R|≡N|≡keyNLSR_fake
also, without S37 'and S42', the inability to apply jurisdictional rule J to S37 'and S42' results in:
S47′:R|≡keyNLSR_fake
since only S7 corresponding to the forged key intrusion target G10 can be obtained, S42 'and S47' corresponding to the forged data intrusion targets G11 and G12 cannot be obtained. Thus, the proof of the fake key to intrude into the target cannot be completed, i.e. the intruder cannot successfully spoof the reader with the fake key.
In conclusion, the application of the BAN-n logic to the NLSR security model completes the security analysis and verification of the NLSR security model. The model has simple and clear reasoning rules of BAN logic, is convenient to use, can be verified to ensure a data security target and a key security target, and can ensure that an intruder cannot finish intrusion by using forged keys and forged data under the condition that the intruder exists, namely, the intruder with the forged data and the intruder with the forged keys are verified. The BAN-n logic can be applied to more protocols related to named data networks, has expansibility, is favorable for improving the robustness of the protocols in real life when the protocols are specifically realized, and protects navigation for personal privacy safety.

Claims (6)

  1. The method for analyzing and verifying the safety of the NLSR safety model of the BAN-n logic is characterized by comprising the following steps of:
    a, analyzing an NLSR security model, and improving BAN logic into BAN-n logic;
    b, summarizing and analyzing the NLSR security model, extracting the transmitting and receiving process of LSA data packets among nodes in the security model, and modeling the process by using BAN-n logic to obtain a formal model of the NLSR security model;
    c, describing a data security target and a key security target by using the BAN-n logic, and verifying by using an inference rule of the BAN-n logic;
    d, extracting a named data network NLSR security model with an intruder for summarizing and analyzing, extracting a transmitting and receiving process of an LSA data packet between nodes in the security model, and modeling the process by using BAN-n logic so as to obtain a formal model of the NLSR security model;
    and E, depicting a forged data intrusion target and a forged key intrusion target by using the BAN-n logic, and verifying by using an inference rule of the BAN-n logic.
  2. 2. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein the step a. BAN-n logic symbol construction and semantic description and inference rules defining BAN-n logic.
  3. 3. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein the step B further comprises:
    B1. giving relevant symbols related to the NLSR security model;
    B2. reserving a content part and a signature part in the transceiving message;
    B3. and (3) giving a data key set DK and a verification key set VK of the NLSR security model, and modeling the NLSR security model by using BAN-n logic.
  4. 4. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein the step c.
    C1. Two security targets that need to be verified are extracted:
    one is a data security target, namely, the reader is guaranteed to receive the data, the reader believes that the neighbor node believes the data is true, and meanwhile, the reader believes that the data is true;
    the other is a key security target, namely, the reader is ensured to receive all keys, the reader believes that all keys are true by the neighbor, and meanwhile, the reader believes that all keys are true;
    C2. the two security targets are expressed idealistically using BAN-n logic and verified using inference rules of the BAN-n logic.
  5. 5. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein step E, further comprises:
    E1. two kinds of intrusion targets needing to be verified are extracted, wherein one is a forged data intrusion target, namely, a reader is ensured to receive forged data, the reader believes that the forged data is true by a neighbor node, and meanwhile, the reader believes that the forged data is true;
    the other is a fake key intrusion target, namely, a reader is guaranteed to receive a fake NLSR key, the reader believes that the fake NLSR key is true by a neighbor, and meanwhile, the reader believes that the fake NLSR key is true.
    E2. The two intrusion targets are expressed in an idealized mode by using BAN-n logic, and the two intrusion targets are verified by using inference rules of the BAN-n logic.
  6. 6. The NLSR security model security analysis and verification method of BAN-n logic of claim 2, wherein the BAN-n logic notation comprises the following:
    p | approximately equals K represents that the key verification is carried out on the key K by the main body P;
    Figure FDA0002823042660000021
    representation by private key K-1The message formed by the encrypted formula X is the Content part in the Data packet;
    ({X}K)sthe message formed by the formula X encrypted by the key K is represented as a Signature part in the Data packet;
    (K)cthe message composed of the key K is represented as a Content part in the Data packet;
    the BAN-n logic rules are as follows:
    the method comprises a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule;
    message meaning rule (MM1)
    Figure FDA0002823042660000031
    Meaning that P receives a message if P believes K is the public key of Q
    Figure FDA0002823042660000039
    And P carries on the key verification to the key K, P believes Q has sent the message X;
    jurisdiction validation rules (JV)
    Figure FDA0002823042660000032
    Means that if P and Q have performed key verification on key K, and P receives key K, P believes Q has jurisdiction over X;
    key validation rule (KV1)
    Figure FDA0002823042660000033
    Indicating that for key k belongs to the VK set, if P receives { k }KP believes K is the public key of Q, and P receives (K)cThen P performs a key verification on key k,
    key validation rule (KV2)
    Figure FDA0002823042660000035
    Meaning that for key k belonging to a DK set, if P performs key verification on the keys in all VK sets, while a certain key k exists in the VK set2Make P satisfy reception
    Figure FDA00028230426600000310
    And P believes that k is the public key of Q, then P carries out key verification on the key k;
    rule of received message (SEE3)
    Figure FDA0002823042660000036
    Indicates if P receives the message
    Figure FDA00028230426600000311
    Then P receives the message
    Figure FDA00028230426600000312
    Rule of received message (SEE4)
    Figure FDA0002823042660000037
    Indicates if P receives the message ({ X }K)sIf P receives the message
    Figure FDA00028230426600000313
    Rule of received message (SEE5)
    Figure FDA0002823042660000038
    Indicating if P received the message (K)cThen P receives message X.
CN202011442806.8A 2020-12-08 2020-12-08 Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic Active CN112636919B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011442806.8A CN112636919B (en) 2020-12-08 2020-12-08 Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011442806.8A CN112636919B (en) 2020-12-08 2020-12-08 Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic

Publications (2)

Publication Number Publication Date
CN112636919A true CN112636919A (en) 2021-04-09
CN112636919B CN112636919B (en) 2022-10-18

Family

ID=75309547

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011442806.8A Active CN112636919B (en) 2020-12-08 2020-12-08 Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic

Country Status (1)

Country Link
CN (1) CN112636919B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299752A (en) * 2008-06-26 2008-11-05 上海交通大学 Method for establishing cipher protocol security based on trustful greenness
WO2012069919A1 (en) * 2010-11-24 2012-05-31 Alcatel Lucent A method, device and system for verifying communication sessions
US20150052352A1 (en) * 2013-06-23 2015-02-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes
CN105049420A (en) * 2015-06-23 2015-11-11 天津大学 Security protocol formal verification method using expanded UML model as framework
CN106209768A (en) * 2016-06-20 2016-12-07 广东工业大学 A kind of extendible RFID mutual authentication method
CN107147498A (en) * 2017-05-15 2017-09-08 吉林大学 A kind of strong anonymous RFID authentication protocols based on Hash functions and Dynamic-shared key
CN107396350A (en) * 2017-07-12 2017-11-24 西安电子科技大学 SDN inter-module method for security protection based on the SDN 5G network architectures
CN111756704A (en) * 2020-05-27 2020-10-09 西南大学 Password protocol verification method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299752A (en) * 2008-06-26 2008-11-05 上海交通大学 Method for establishing cipher protocol security based on trustful greenness
WO2012069919A1 (en) * 2010-11-24 2012-05-31 Alcatel Lucent A method, device and system for verifying communication sessions
US20150052352A1 (en) * 2013-06-23 2015-02-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes
CN105049420A (en) * 2015-06-23 2015-11-11 天津大学 Security protocol formal verification method using expanded UML model as framework
CN106209768A (en) * 2016-06-20 2016-12-07 广东工业大学 A kind of extendible RFID mutual authentication method
CN107147498A (en) * 2017-05-15 2017-09-08 吉林大学 A kind of strong anonymous RFID authentication protocols based on Hash functions and Dynamic-shared key
CN107396350A (en) * 2017-07-12 2017-11-24 西安电子科技大学 SDN inter-module method for security protection based on the SDN 5G network architectures
CN111756704A (en) * 2020-05-27 2020-10-09 西南大学 Password protocol verification method

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
FEI, Y: "Security Analysis of the Access Control Solution of NDN Using BAN Logic", 《MOBILE NETWORKS & APPLICATIONS》, 24 June 2020 (2020-06-24) *
于金刚等: "一种改进的NSSK认证协议及其实现方法", 《小型微型计算机系统》, no. 03, 15 March 2018 (2018-03-15) *
张兆心等: "基于BAN逻辑的SIP网络认证协议安全性研究", 《高技术通讯》 *
张兆心等: "基于BAN逻辑的SIP网络认证协议安全性研究", 《高技术通讯》, no. 11, 25 November 2010 (2010-11-25) *
杜金辉等: "NS对称密钥认证协议安全性分析", 《微计算机信息》, no. 12, 25 April 2008 (2008-04-25) *
王正才等: "BAN逻辑的可靠性分析与改进", 《计算机工程》, no. 17, 5 September 2012 (2012-09-05) *

Also Published As

Publication number Publication date
CN112636919B (en) 2022-10-18

Similar Documents

Publication Publication Date Title
EP1643691B1 (en) Remote access vpn mediation method and mediation device
US5511122A (en) Intermediate network authentication
CN110086821A (en) The authentication method of electric power things-internet gateway and the access of electric power internet-of-things terminal based on block chain
CN1969526B (en) Securing home agent to mobile node communication with HA-MN key
CN111586025B (en) SDN-based SDP security group implementation method and security system
CN107231336A (en) A kind of access control method, device and the gateway device of LAN Intranet resource
US20030147537A1 (en) Secure key distribution protocol in AAA for mobile IP
US20040250072A1 (en) Network connectable device and method for its installation and configuration
CN110401637B (en) Name-based trust method in named data network
KR20040105259A (en) Method for authenticating a user to a service of a service provider
US20140181967A1 (en) Providing-replay protection in systems using group security associations
CN111726368B (en) SRv 6-based inter-domain source address verification method
US11558399B2 (en) Network transmission path verification
CN1984077A (en) Access control for mobile equipment to IP communication network
US20180115520A1 (en) Dark virtual private networks and secure services
CN108833113B (en) Authentication method and system for enhancing communication safety based on fog calculation
CN109698791A (en) A kind of anonymous cut-in method based on dynamic route
CN114389835A (en) IPv6 option explicit source address encryption security verification gateway and verification method
CN115580488A (en) Vehicle-mounted network message authentication method based on block chain and physical unclonable function
EP1370046B1 (en) Method based on border gateway protocol message for controlling messages security protection
US20090097416A1 (en) Method and System for Addressing and Routing in Coded Communications Relationships
CN112636919B (en) Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic
Sadhu et al. Performance analysis of ring oscillator PUF for robust security in smart transportation
Estrin et al. Security issues in policy routing
US20230077053A1 (en) Authentication using a decentralized and/or hybrid dencentralized secure crypographic key storage method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant