CN112636919A - Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic - Google Patents
Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic Download PDFInfo
- Publication number
- CN112636919A CN112636919A CN202011442806.8A CN202011442806A CN112636919A CN 112636919 A CN112636919 A CN 112636919A CN 202011442806 A CN202011442806 A CN 202011442806A CN 112636919 A CN112636919 A CN 112636919A
- Authority
- CN
- China
- Prior art keywords
- key
- logic
- ban
- nlsr
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a safety analysis and verification method for an NLSR (non-line segment synchronous sequence) safety model of BAN-n logic, and relates to the technical field of intra-domain routing protocol safety of a named data network. The invention comprises the following steps: step A, analyzing an NLSR security model and providing BAN-n logic; b, extracting the transmitting and receiving process of the LSA data packet between nodes related to the NLSR security model, and performing depicting modeling by using BAN-n logic; step C, verifying the data security target and the key security target by using an inference rule of BAN-n logic; step D, extracting the receiving and transmitting process of the LSA data packet between nodes related to the safety model with the invader NLSR, and performing depicting modeling by applying BAN-n logic; and step E, verifying the forged data intrusion target and the forged key intrusion target by using the inference rule of BAN-n logic. The BAN-n logic can verify that an intruder cannot realize intrusion by using forged keys and forged data in an NLSR security model.
Description
Technical Field
The invention relates to the technical field of routing protocol security models in named data network domains, in particular to a BAN-n logic NLSR security model security analysis and verification method.
Technical Field
With the increasing growth of internet users, users pay more and more attention to information content, and the IP network structure with an end-to-end communication mechanism supports this weakness. Therefore, an Information Centric Networking (ICN) has been proposed, which focuses on the dissemination and distribution of Information content. Named Data Networking (NDN) is a network framework for future internet revolutionary that originates from the ICN architecture. Named data networks avoid carrying IP addresses by tagging packets with names. The requester needs Data and sends a corresponding Interest Packet (Interest Packet), and a Data Packet (Data Packet) is returned when the node with the Data is reached. The interest packet is routed according to the content carried by the interest packet, and the data packet is returned along the path sent by the interest packet.
NLSR (Named-data Link State Routing Protocol) is an intra-domain Routing Protocol for Named data networks. NLSR uses a Link State Advertisement (LSA) to complete the construction of the network topology. Each router has a Link State Data Base (LSDB) for storing LSAs. If the router detects the change of the surrounding network topology or the local name prefix is modified, a new LSA is generated and propagated to the whole network.
Each NDN packet includes a Content Name (Content Name), a Signature (Signature), Data (Data), and the like. It is authenticated by a digital signature and there is a Key Locator (Key Locator) in the signature information that can indicate the name of the signing Key. To ensure the validity of an LSA with a valid signature, the NLSR protocol builds a five-layer security model based on a Trust Anchor (Trust Anchor) (as shown in fig. 1). At the top level, there is a Root node (Root), i.e. a Trust Anchor (Trust Anchor), which is used to send certificates to sites (Site); each site has one or more operators (operators) and each Operator manages a Router (Router) that belongs to the same site. Each router may generate an NLSR routing process to generate LSAs. This hierarchical trust model can build a string of validation LSA keys. LSAs must be signed by a valid NLSR process. While a valid NLSR key must be signed by the corresponding router key. While the router key must be signed by the operator key of the station to which it belongs. The operator key for each site must be signed by the site key, which must be signed by the root node key. And finally, the self-signature of the key of the root node is completed.
The security model belongs to the category of security protocols and provides security guarantee. If the design is wrong, better safety service cannot be provided, and the analysis and verification of the safety are particularly important. Therefore, it is extremely suitable to model and analyze the security model using a formalization method. In 1987, needleham and Schroeder first proposed a formal analysis of security protocols. Most formalization tools are then based on state detection techniques. With the introduction of BAN logic in 1989, formalized analysis of security protocols has provided a distinct approach. The modal logic system is composed of propositions and inference rules, and is an inference based on knowledge and belief.
The inference rules of common BAN logic are shown in the following table
As mentioned above, the inference rules of BAN logic are simple and easy to use, and have been applied by some well-known security protocol analysis.
Disclosure of Invention
The invention aims to overcome the defects and shortcomings in the prior art and provides a method for analyzing and verifying the safety of an NLSR safety model of BAN-n logic.
The method is characterized in that an NLSR security model is analyzed, because the security model relates to key verification, a related logic symbol component of the key verification needs to be introduced, and meanwhile, the related logic symbol component is introduced for describing a Content part and a Signature part in a Data packet. On the basis, a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule are set, namely based on an NLSR security model and a formalization, BAN-n logic is provided and applied to the NLSR security model to verify a data security target and a key security target of the NLSR security model. And applying the BAN-n logic to an NLSR security model of an intruder, and verifying aiming at a forged data intrusion target and a forged key intrusion target.
The technical scheme of the invention is as follows: the BAN-n logic is proposed and applied to an NLSR security model, and security analysis and verification are carried out on the logic, wherein the logic comprises the following steps:
1. and analyzing the NLSR security model and providing BAN-n logic.
2. Extracting the NLSR security model relates to the transmitting and receiving process of LSA data packets between nodes, and is characterized by using BAN-n logic.
3. And verifying the data security target and the key security target by using an inference rule in the BAN-n logic.
4. Extracting an NLSR security model with an intruder relates to the transceiving process of LSA data packets between nodes, and is characterized by using BAN-n logic.
5. And verifying the forged data intrusion target and the forged key intrusion target by using an inference rule in the BAN-n logic.
As described above, by applying security analysis and verification in the NLSR security model through BAN-n logic, it is possible to verify that an intruder cannot realize intrusion with forged keys and forged data.
Drawings
FIG. 1 is a five-layer security model constructed based on a Trust Anchor (Trust Anchor) in the existing NLSR protocol;
FIG. 2 is a flow chart of the NLSR security model security analysis and verification method of BAN-n logic of the present invention;
FIG. 3 is a diagram of the LSA data packet transceiving process between nodes under the NLSR security model according to the embodiment of the present invention;
fig. 4 is a diagram illustrating the process of transmitting and receiving LSA packets between nodes in the NLSR security model with intruders according to the embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the figures and examples.
The analysis object is "a Secure Link State Routing Protocol for NDN" published in IEEE Access journal by l.wang et al, which proposes a Secure Link State Routing Protocol NLSR naming data network NDN and constructs a five-layer hierarchical trust model for the security of the Protocol (as shown in fig. 1).
The method comprises the following specific steps (as shown in the attached figure 2):
step A, analyzing the NLSR security model, and improving the NLSR security model into: BAN-n logic, including BAN-n logic symbol construction and semantic description thereof, and inference rules of BAN-n logic.
The BAN-n logical symbols include four logical symbols as follows:
p | approximately equals K represents that the key verification is carried out on the key K by the main body P;
representation by private key K-1The message formed by the encrypted formula X is the Content part in the Data packet;
({X}K)sthe message formed by the formula X encrypted by the key K is represented as a Signature part in the Data packet;
(K)cthe message composed of the key K is represented as a Content part in the Data packet;
the inference rules of the BAN-n logic are four:
the method comprises a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule;
message meaning rule (MM1)Meaning that P receives a message if P believes K is the public key of QAnd P carries on the key verification to the key K, P believes Q has sent the message X;
jurisdiction validation rules (JV)Means that if P and Q have performed key verification on key K, and P receives key K, P believes Q has jurisdiction over X;
key validation rule (KV1)Indicating that for key k belongs to the VK set, if P receives { k }KP believes K is the public key of Q, and P receives (K)cIf so, the key verification is carried out on the key k by the P;
key validation rule (KV2)Meaning that for key k belonging to a DK set, if P performs key verification on the keys in all VK sets, while a certain key k exists in the VK set2Make P satisfy receptionAnd P believes that k is the public key of Q, then P carries out key verification on the key k;
Rule of received message (SEE4)Indicates if P receives the message ({ X }K)sIf P receives the message
B, extracting the transceiving process of the LSA data packet between nodes in the NLSR security model, providing related symbols related to the NLSR security model, and defining a used formula and a used secret key; and reserving a content part and a signature part in the transceiving message, giving a data key set DK and a verification key set VK of the NLSR security model, and modeling the NLSR security model by using BAN-n logic.
And C, extracting two security targets needing verification, wherein one is a data security target, namely, a reader is ensured to receive data, the reader believes that the neighbor node believes the data is true, meanwhile, the reader believes that the data is true, the other is a key security target, namely, the reader is ensured to receive all keys, the reader believes that the neighbor believes that all keys are true, and meanwhile, the reader believes that all keys are true. The two security targets are expressed in an idealized way by using BAN-n logic, and are verified by using the inference rule of the BAN-n logic.
And D, extracting the transceiving process of the LSA data packet between the nodes in the NLSR security model with the invader, and modeling the LSA data packet by using improved BAN-n logic.
And E, extracting two intrusion targets needing verification, wherein one is a forged data intrusion target, namely, a reader is ensured to receive forged data, the reader believes that the forged data is true, the other is a forged key intrusion target, namely, the reader is ensured to receive a forged NLSR key, the reader believes that the neighbor believes that the forged NLSR key is true, and the reader believes that the forged NLSR key is true. The two intrusion targets are expressed in an idealized way by using BAN-n logic, and the two intrusion targets are verified by using the inference rule of the BAN-n logic.
(1) Improving BAN logic to obtain BAN-n logic
An embodiment, an improvement to BAN logic, whose symbolic building blocks and their semantic descriptions are given in table 1.
TABLE 1 symbolic building blocks of BAN logic and semantic descriptions thereof
The NLSR security model is analyzed, because the security model relates to key verification, a related logic symbol component of the key verification needs to be introduced, and meanwhile, the related logic symbol component is also introduced for describing a Content part and a Signature part in a Data packet. On the basis, a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule are set. By analyzing NLSR, BAN-n logic, as in Table 2.
TABLE 2 BAN-n logical notation building blocks and semantic descriptions thereof
Common BAN logic, as in table 3.
TABLE 3 inference rules of BAN logic
By analyzing the NLSR, the inference rule of BAN-n logic is as shown in Table 4.
TABLE 4 inference rules for BAN-n logic
(2) Modeling NLSR security model using BAN-n logic
Through the analysis of the NLSR security model, the LSA packet transceiving process of the current routing node Router and the Neighbor routing node Neighbor is extracted (as shown in fig. 3).
Meanwhile, symbols related to the security model and a description thereof will be given as shown in table 5.
TABLE 5 notation involved in NLSR Security model
The LSA packet transceiving process between nodes in fig. 3 can be written as the following 12 messages:
message 1.Router- > Neighbor: nameData
Message 2.Neighbor- > Router:
firstly, Router sends the name of the Data packet corresponding to the LSA to Neighbor node Neighbor, where the Interest packet of the LSA includes the name (message 1);
the Neighbor node Neighbor then sends an LSA packet to the node Router, including a data name portion, a data portion, and a signature portion.
The data name part includes a nameDataThe content part comprises keyNLSRObtained by encrypting private key dataThe signature part comprises (message 2).
Secondly, the node Router sends the name of Neighbor node Neighbor to the node RouterInterest package of, i.e. request keyNLSR(message 3). Then, the Neighbor node Neighbor replies to the node Router with a data key with a corresponding nameNLSRData packet (message 4). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest package of, i.e. request keyrouter(message 5).
Then, the Neighbor node Neighbor replies a key with data and corresponding name to the node RouterrouterData packet (message 6). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest package of, i.e. request keyoperator(message 7). The Neighbor node Neighbor replies a key with data and corresponding name to the node RouteroperatorThe data packet (message 8). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest package of, i.e. request keysite(message 9). Neighbor node Neighbor attaches keysiteIs sent to the node Router (message 10).
The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest packages, i.e. request keysrootThe key (message 11).
Finally, the Neighbor node Neighbor carries data to the node Router as keyrootThe data packet (message 12).
The method comprises the following steps of defining a formula X and a key K to be used based on an NLSR (non line sequence request) security model scene, wherein the formula X is a Data key set DK, a verification key set VK and Data, and the key K is the Data key set DK and the verification key set VK and is defined as follows:
X∈DK∪VK∪{Data}
K∈DK∪VK
to give an idealisation of the NLSR security model reduction, only all packets are idealised (i.e. message 2, message 4, message 6, message 8, message 10 and message 12) and only the content part and signature part thereof are retained, since both are involved in encryption and decryption, so that the following idealised results can be obtained using the improved BAN logic.
The LSA packet for message 2 is idealized to obtain:
the data packets carrying the keys of the message 4, the message 6, the message 8, the message 10 and the message 12 are idealized to obtain:
M2:RΔ(keyNLSR)c
M3:RΔ(keyrouter)c
M4:RΔ(keyoperator)c
M5:RΔ(keysite)c
M6:RΔ(keyroot)c
an initialization hypothesis definition is first given to the underlying information of the data key according to a known security model.
Define DK ═ { key ═ keyNLSR},VK={keyrouter,keyoperater,keysite,keyroot}。
The simultaneous definition hypothesis sets are as follows:
A2: r Δ key → R | ≡ key, where key ∈ DK ≡ VK
A3: n | ≈ key, where key ∈ DK $
A4:RΔData→R|≡#Data
(3) Data security objective and key security objective of verification model
Meanwhile, aiming at a formal model of the NLSR security model, two security targets needing verification are extracted, wherein one security target is a data security target, namely, a reader is ensured to receive data, the reader believes that the data is true by a neighbor node, meanwhile, the reader believes that the data is true, the other security target is a key security target, namely, the reader is ensured to receive all keys, the reader believes that all keys are true by the neighbor node, and meanwhile, the reader believes that all keys are true.
Using BAN-n logic, to idealise the expression of data security objectives, verification is required:
G1:RΔData
G2:R|≡N|≡Data
G3:R|≡Data
the BAN-n logic is used for idealized expression of a data security target, and the KEY belongs to the KEY and needs to be verified:
G4:RΔkey
G5:R|≡N|≡key
G6:R|≡key
the certification process comprises the following steps:
applying the SEE rule SEE3 to message M1.1 yields:
applying the SEE rule SEE4 to messages M1.2-M1.5 results in:
applying the SEE rule SEE5 to the messages M2-M6 results in:
S7:RΔkeyNLSR
S8:RΔkeyrouter
S9:RΔkeyoperator
S10:RΔkeysite
S11:RΔkeyroot
the separation rule (MP) is applied to S7-S11 and hypothesis A1 to obtain:
applying the validation key rule KV1 to S3, S14 and message M3 yields:
S17:R|≈keyrouter
applying the validation key rule KV1 to S4, S15 and message M4 yields:
S18:R|≈keyoperator
applying the validation key rule KV1 to S5, S16 and message M5 yields:
S19:R|≈keysite
applying the validation key rule KV1 to S6, S16 and message M6 results in:
S20:R|≈keyroot
applying the validation key rule KV2 to S17-S20, S2 and S12 yields:
S21:R|≈keyNLSR
applying the SEE rule SEE2 to S1 and S12 may result in:
S22:RΔData
applying the separation rule (MP) to S22 and hypothesis A4 yields:
S23:R|≡#Data
applying the message meaning rule MM1 to S12, S1, and S21 yields:
S24:R|≡N|~Data
applying the temporary value verification rule NV to S23 and S24 yields:
S25:R|≡N|≡Data
applying jurisdictional rule J to assumptions A5 and S25 yields:
S26:R|≡Data
applying the separation rule (MP) to S7-S11 and hypothesis A2 yields:
S27:R|≡#keyNLSR
S28:R|≡#keyrouter
S29:R|≡#keyoperator
S30:R|≡#keysite
S31:R|≡#keyroot
applying the jurisdictional validation rule JV to assumptions A4, S17-S21, and S7-S11 yields:
applying the message meaning rule MM1 to S2, S13, and S17 yields:
S37:R|≡N|~keyNLSR
applying the message meaning rule MM1 to S3, S14, and S18 yields:
S38:R|≡N|~keyrouter
applying the message meaning rule MM1 to S4, S15, and S19 yields:
S39:R|≡N|~keyoperator
applying the message meaning rule MM1 to S5, S16, and S20 yields:
S40:R|≡N|~keysite
applying the message meaning rule MM1 to S6, S16, and S20 yields:
S41:R|≡N|~keyroot
applying the temporary value verification rule NV to S27-S31 and S37-S41 may result in:
S42:R|≡N|≡keyNLSR
S43:R|≡N|≡keyrouter
S44:R|≡N|≡keyoperator
S45:R|≡N|≡keysite
S46:R|≡N|≡keyroot
applying jurisdictional rule J to S32-S36 and S42-S46 yields:
S47:R|≡keyNLSR
S48:R|≡keyrouter
S49:R|≡keyoperator
S50:R|≡keysite
S51:R|≡keyroot
s22, S25, and S26 correspond to data security targets G1, G2, and G3, respectively, and thus the data security targets are verified. S7-S11, S42-S46, and S47-S51 correspond to key security targets G4, G5, and G6, respectively, and thus the key security targets are authenticated.
(4) Modeling NLSR security model (with intruder) using BAN-n logic
Through the analysis of the security model with the Intruder, only the situation that the Intruder owner forges the message in the first four steps is considered, the Intruder owner communicates with the node Router in the first four steps, and the node Router mistakenly considers that the owner is the Neighbor node Neighbor, and the LSA packet transceiving processes of the current node Router and the Neighbor node Neighbor are extracted, as shown in fig. 4.
The LSA packet transceiving process between nodes in fig. 4 can be written as the following 12 messages:
message 1'. Router- > neighbor (Intruder): nameData
Message 2'. neighbor (inturuder) - > Router:
firstly, Router sends an Interest packet of the LSA to a neighbor node counterfeited by Inturder, wherein the Interest packet comprises the name (message 1') of a Data packet corresponding to the LSA; the Inturder impersonation Neighbor node Neighbor sends an LSA data packet to the node Router, wherein the LSA data packet comprises a data name part, a data part, a signature part and a signature information part. The data name part includes a nameDataThe data portion includes a private keyThe signature part comprisesThe signature information part comprises(message 2'); secondly, the node Router sends the name of Neighbor node Neighbor impersonated by IntuderInterest package of, i.e. request key keyNLSR_fake(message 3'). Then, Intuder impersonation Neighbor node Neighbor replies to node Router with data key with corresponding nameNLSR_fakeData packet (message 4'). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest package of, i.e. request keyrouter(message 5). Then, the Neighbor node Neighbor replies a key with data and corresponding name to the node RouterrouterData packet (message 6). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest package of, i.e. request keyoperator(message 7). The Neighbor node Neighbor replies a key with data and corresponding name to the node RouteroperatorThe data packet (message 8). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest package of, i.e. request keysite(message 9). Neighbor node Neighbor attaches keysiteIs sent to the node Router (message 10). The node Router sends the name of the Neighbor node Neighbor to the node NeighborInterest packages, i.e. request keysrootThe key (message 11). Finally, the Neighbor node Neighbor carries data to the node Router as keyrootThe data packet (message 12).
Based on the NLSR security model scene with the invader, the formula X and the key K are defined again, wherein the formula X is a Data key set DK, a verification key set VK, forged Data _ fake and a forged NLSR keyNLSR_fakeThe key K is a data key set DK, a verification key set VK and a forged NLSR keyNLSR_fakeThe definition is as follows:
X∈DK∪VK∪{Data_fake,keyNLSR_fake}
K∈DK∪VK∪{Data_fake}
to give an idealization of the NLSR security model reduction with intruders, we only idealize all packets (i.e. message 2', message 4, message 6, message 8, message 10 and message 12) and keep only the content part and signature part thereof, since both are involved in encryption and decryption, so that the following idealization results can be obtained using the improved BAN logic.
The LSA packet for message 2 is idealized to obtain:
the data packets carrying the keys for message 4', message 6, message 8, message 10 and message 12 are idealized to obtain:
M2′:RΔ(keyNLSR_fake)c
M3:RΔ(keyrouter)c
M4:RΔ(keyoperator)c
M5:RΔ(keysite)c
M6:RΔ(keyroot)c
(5) forged data invasion target and forged key invasion target of verification model
Meanwhile, aiming at the formalized model of the NLSR security model with the invader, the forged data invasion target and the forged key invasion target are continuously verified.
Using BAN-n logic, the intrusion target of spurious data that needs to be verified is as follows:
G7:RΔData_fake
G8:R|≡N|≡Data_fake
G9:R|≡Data_fake
using BAN-n logic, the forged key intrusion target needed to complete authentication is as follows:
G10:RΔkeyNLSR_fake
G11:R|≡N|≡keyNLSR_fake
G12:R|≡keyNLSR_fake
the certification process comprises the following steps:
applying the SEE rule SEE3 to message M1.1 yields:
applying the SEE rule SEE4 to messages M1.2-M1.5 results in:
applying the SEE rule SEE5 to the messages M2-M6 results in:
S7′:RΔkeyNLSR_fake
S8:RΔkeyrouter
S9:RΔkeyoperator
S10:RΔkeysite
S11:RΔkeyroot
the separation rule (MP) is applied to the messages S7' -S11 and hypothesis a1 to obtain:
applying the validation key rule KV1 to S3, S14 and message M3 yields:
S17:R|≈keyrouter
applying the validation key rule KV1 to S4, S15 and message M4 yields:
S18:R|≈keyoperator
applying the validation key rule KV1 to S5, S16 and message M5 yields:
S19:R|≈keysite
applying the validation key rule KV1 to S6, S16 and message M6 yields:
S20:R|≈keyroot
because of absence ofS21' cannot be obtained using the validation key rule KV 2: r | ≈ keyNLSR_fake。
Applying the SEE rule SEE1 to S1 and S12 may result in:
S22:RΔData_fake
applying the separation rule (MP) to S22 and hypothesis A4 yields:
S23:R|≡#Data_fake
meanwhile, since there is no S21 ', the inability to apply the message meaning rule MM1 to S1, S12 and S21' results in:
S24′:R|≡N|~Data_fake
at the same time, the application of the temporary value verification rule NV to S23 and S24' does not result:
S25′:R|≡N|≡Data_fake
nor can jurisdictional rule J be applied to assumptions a5 and S25' to yield:
S26′:R|≡Data_fake
since only S22 corresponding to the forged data intrusion target G7 can be obtained, S25 'and S26' corresponding to the forged data intrusion targets G8 and G9 cannot be obtained. Thus, the proof of the intrusion of the forged data into the target cannot be completed, i.e., the intruder cannot successfully spoof the reader with the forged data.
Applying the separation rule (MP) to S7' -S11 and hypothesis A1 yields:
S27′:R|≡#keyNLSR_fake
S28:R|≡#keyrouter
S29:R|≡#keyoperator
S30:R|≡#keysite
S31:R|≡#keyroot
since there is no S21': r | ≈ keyNLSR_fakeTherefore, applying the jurisdictional validation rule JV to assumptions a4, S21 ', and S7 ' does not yield S32 ':
meanwhile, since there is no S21 ', the inability to apply the message meaning rule MM1 to S2, S13 and S21' results in:
S37′:R|≡N|~keyNLSR_fake
further, without S37 ', the inability to apply the temporary value verification rule NV to S27 ' and S37 ' results in:
S42′:R|≡N|≡keyNLSR_fake
also, without S37 'and S42', the inability to apply jurisdictional rule J to S37 'and S42' results in:
S47′:R|≡keyNLSR_fake
since only S7 corresponding to the forged key intrusion target G10 can be obtained, S42 'and S47' corresponding to the forged data intrusion targets G11 and G12 cannot be obtained. Thus, the proof of the fake key to intrude into the target cannot be completed, i.e. the intruder cannot successfully spoof the reader with the fake key.
In conclusion, the application of the BAN-n logic to the NLSR security model completes the security analysis and verification of the NLSR security model. The model has simple and clear reasoning rules of BAN logic, is convenient to use, can be verified to ensure a data security target and a key security target, and can ensure that an intruder cannot finish intrusion by using forged keys and forged data under the condition that the intruder exists, namely, the intruder with the forged data and the intruder with the forged keys are verified. The BAN-n logic can be applied to more protocols related to named data networks, has expansibility, is favorable for improving the robustness of the protocols in real life when the protocols are specifically realized, and protects navigation for personal privacy safety.
Claims (6)
- The method for analyzing and verifying the safety of the NLSR safety model of the BAN-n logic is characterized by comprising the following steps of:a, analyzing an NLSR security model, and improving BAN logic into BAN-n logic;b, summarizing and analyzing the NLSR security model, extracting the transmitting and receiving process of LSA data packets among nodes in the security model, and modeling the process by using BAN-n logic to obtain a formal model of the NLSR security model;c, describing a data security target and a key security target by using the BAN-n logic, and verifying by using an inference rule of the BAN-n logic;d, extracting a named data network NLSR security model with an intruder for summarizing and analyzing, extracting a transmitting and receiving process of an LSA data packet between nodes in the security model, and modeling the process by using BAN-n logic so as to obtain a formal model of the NLSR security model;and E, depicting a forged data intrusion target and a forged key intrusion target by using the BAN-n logic, and verifying by using an inference rule of the BAN-n logic.
- 2. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein the step a. BAN-n logic symbol construction and semantic description and inference rules defining BAN-n logic.
- 3. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein the step B further comprises:B1. giving relevant symbols related to the NLSR security model;B2. reserving a content part and a signature part in the transceiving message;B3. and (3) giving a data key set DK and a verification key set VK of the NLSR security model, and modeling the NLSR security model by using BAN-n logic.
- 4. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein the step c.C1. Two security targets that need to be verified are extracted:one is a data security target, namely, the reader is guaranteed to receive the data, the reader believes that the neighbor node believes the data is true, and meanwhile, the reader believes that the data is true;the other is a key security target, namely, the reader is ensured to receive all keys, the reader believes that all keys are true by the neighbor, and meanwhile, the reader believes that all keys are true;C2. the two security targets are expressed idealistically using BAN-n logic and verified using inference rules of the BAN-n logic.
- 5. The NLSR security model security analysis and verification method of BAN-n logic of claim 1, wherein step E, further comprises:E1. two kinds of intrusion targets needing to be verified are extracted, wherein one is a forged data intrusion target, namely, a reader is ensured to receive forged data, the reader believes that the forged data is true by a neighbor node, and meanwhile, the reader believes that the forged data is true;the other is a fake key intrusion target, namely, a reader is guaranteed to receive a fake NLSR key, the reader believes that the fake NLSR key is true by a neighbor, and meanwhile, the reader believes that the fake NLSR key is true.E2. The two intrusion targets are expressed in an idealized mode by using BAN-n logic, and the two intrusion targets are verified by using inference rules of the BAN-n logic.
- 6. The NLSR security model security analysis and verification method of BAN-n logic of claim 2, wherein the BAN-n logic notation comprises the following:p | approximately equals K represents that the key verification is carried out on the key K by the main body P;representation by private key K-1The message formed by the encrypted formula X is the Content part in the Data packet;({X}K)sthe message formed by the formula X encrypted by the key K is represented as a Signature part in the Data packet;(K)cthe message composed of the key K is represented as a Content part in the Data packet;the BAN-n logic rules are as follows:the method comprises a message meaning rule, a jurisdiction verification rule, a key verification rule and a message receiving rule;message meaning rule (MM1)Meaning that P receives a message if P believes K is the public key of QAnd P carries on the key verification to the key K, P believes Q has sent the message X;jurisdiction validation rules (JV)Means that if P and Q have performed key verification on key K, and P receives key K, P believes Q has jurisdiction over X;key validation rule (KV1)Indicating that for key k belongs to the VK set, if P receives { k }KP believes K is the public key of Q, and P receives (K)cThen P performs a key verification on key k,key validation rule (KV2)Meaning that for key k belonging to a DK set, if P performs key verification on the keys in all VK sets, while a certain key k exists in the VK set2Make P satisfy receptionAnd P believes that k is the public key of Q, then P carries out key verification on the key k;Rule of received message (SEE4)Indicates if P receives the message ({ X }K)sIf P receives the message
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011442806.8A CN112636919B (en) | 2020-12-08 | 2020-12-08 | Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011442806.8A CN112636919B (en) | 2020-12-08 | 2020-12-08 | Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112636919A true CN112636919A (en) | 2021-04-09 |
CN112636919B CN112636919B (en) | 2022-10-18 |
Family
ID=75309547
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011442806.8A Active CN112636919B (en) | 2020-12-08 | 2020-12-08 | Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112636919B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101299752A (en) * | 2008-06-26 | 2008-11-05 | 上海交通大学 | Method for establishing cipher protocol security based on trustful greenness |
WO2012069919A1 (en) * | 2010-11-24 | 2012-05-31 | Alcatel Lucent | A method, device and system for verifying communication sessions |
US20150052352A1 (en) * | 2013-06-23 | 2015-02-19 | Shlomi Dolev | Certificating vehicle public key with vehicle attributes |
CN105049420A (en) * | 2015-06-23 | 2015-11-11 | 天津大学 | Security protocol formal verification method using expanded UML model as framework |
CN106209768A (en) * | 2016-06-20 | 2016-12-07 | 广东工业大学 | A kind of extendible RFID mutual authentication method |
CN107147498A (en) * | 2017-05-15 | 2017-09-08 | 吉林大学 | A kind of strong anonymous RFID authentication protocols based on Hash functions and Dynamic-shared key |
CN107396350A (en) * | 2017-07-12 | 2017-11-24 | 西安电子科技大学 | SDN inter-module method for security protection based on the SDN 5G network architectures |
CN111756704A (en) * | 2020-05-27 | 2020-10-09 | 西南大学 | Password protocol verification method |
-
2020
- 2020-12-08 CN CN202011442806.8A patent/CN112636919B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101299752A (en) * | 2008-06-26 | 2008-11-05 | 上海交通大学 | Method for establishing cipher protocol security based on trustful greenness |
WO2012069919A1 (en) * | 2010-11-24 | 2012-05-31 | Alcatel Lucent | A method, device and system for verifying communication sessions |
US20150052352A1 (en) * | 2013-06-23 | 2015-02-19 | Shlomi Dolev | Certificating vehicle public key with vehicle attributes |
CN105049420A (en) * | 2015-06-23 | 2015-11-11 | 天津大学 | Security protocol formal verification method using expanded UML model as framework |
CN106209768A (en) * | 2016-06-20 | 2016-12-07 | 广东工业大学 | A kind of extendible RFID mutual authentication method |
CN107147498A (en) * | 2017-05-15 | 2017-09-08 | 吉林大学 | A kind of strong anonymous RFID authentication protocols based on Hash functions and Dynamic-shared key |
CN107396350A (en) * | 2017-07-12 | 2017-11-24 | 西安电子科技大学 | SDN inter-module method for security protection based on the SDN 5G network architectures |
CN111756704A (en) * | 2020-05-27 | 2020-10-09 | 西南大学 | Password protocol verification method |
Non-Patent Citations (6)
Title |
---|
FEI, Y: "Security Analysis of the Access Control Solution of NDN Using BAN Logic", 《MOBILE NETWORKS & APPLICATIONS》, 24 June 2020 (2020-06-24) * |
于金刚等: "一种改进的NSSK认证协议及其实现方法", 《小型微型计算机系统》, no. 03, 15 March 2018 (2018-03-15) * |
张兆心等: "基于BAN逻辑的SIP网络认证协议安全性研究", 《高技术通讯》 * |
张兆心等: "基于BAN逻辑的SIP网络认证协议安全性研究", 《高技术通讯》, no. 11, 25 November 2010 (2010-11-25) * |
杜金辉等: "NS对称密钥认证协议安全性分析", 《微计算机信息》, no. 12, 25 April 2008 (2008-04-25) * |
王正才等: "BAN逻辑的可靠性分析与改进", 《计算机工程》, no. 17, 5 September 2012 (2012-09-05) * |
Also Published As
Publication number | Publication date |
---|---|
CN112636919B (en) | 2022-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1643691B1 (en) | Remote access vpn mediation method and mediation device | |
US5511122A (en) | Intermediate network authentication | |
CN110086821A (en) | The authentication method of electric power things-internet gateway and the access of electric power internet-of-things terminal based on block chain | |
CN1969526B (en) | Securing home agent to mobile node communication with HA-MN key | |
CN111586025B (en) | SDN-based SDP security group implementation method and security system | |
CN107231336A (en) | A kind of access control method, device and the gateway device of LAN Intranet resource | |
US20030147537A1 (en) | Secure key distribution protocol in AAA for mobile IP | |
US20040250072A1 (en) | Network connectable device and method for its installation and configuration | |
CN110401637B (en) | Name-based trust method in named data network | |
KR20040105259A (en) | Method for authenticating a user to a service of a service provider | |
US20140181967A1 (en) | Providing-replay protection in systems using group security associations | |
CN111726368B (en) | SRv 6-based inter-domain source address verification method | |
US11558399B2 (en) | Network transmission path verification | |
CN1984077A (en) | Access control for mobile equipment to IP communication network | |
US20180115520A1 (en) | Dark virtual private networks and secure services | |
CN108833113B (en) | Authentication method and system for enhancing communication safety based on fog calculation | |
CN109698791A (en) | A kind of anonymous cut-in method based on dynamic route | |
CN114389835A (en) | IPv6 option explicit source address encryption security verification gateway and verification method | |
CN115580488A (en) | Vehicle-mounted network message authentication method based on block chain and physical unclonable function | |
EP1370046B1 (en) | Method based on border gateway protocol message for controlling messages security protection | |
US20090097416A1 (en) | Method and System for Addressing and Routing in Coded Communications Relationships | |
CN112636919B (en) | Safety analysis and verification method for NLSR (non-line-scanning) safety model of BAN-n logic | |
Sadhu et al. | Performance analysis of ring oscillator PUF for robust security in smart transportation | |
Estrin et al. | Security issues in policy routing | |
US20230077053A1 (en) | Authentication using a decentralized and/or hybrid dencentralized secure crypographic key storage method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |