CN114389835A

CN114389835A - IPv6 option explicit source address encryption security verification gateway and verification method

Info

Publication number: CN114389835A
Application number: CN202111453777.XA
Authority: CN
Inventors: 甄龙飞; 马克
Original assignee: Qinghai Normal University
Current assignee: Qinghai Normal University
Priority date: 2021-12-01
Filing date: 2021-12-01
Publication date: 2022-04-22
Anticipated expiration: 2041-12-01
Also published as: CN114389835B

Abstract

The invention discloses an IPv6 option explicit source address encryption security verification gateway, which comprises: the data probability acquisition module is used for carrying out probability acquisition on the transmission data to acquire a data packet and sending the data packet to the encryption function module; the encryption function module is used for encrypting and signing a source IPv6 address in the data packet, loading a ciphertext obtained through signing into a hop-by-hop option header in the data packet and sending the data packet carrying source address verification information to a destination end; and the verification function module is used for verifying the source address information of the received data, the initialization creation and the dynamic update of the dynamic verification table. The invention also provides a verification method of the IPv6 option explicit source address encryption security verification gateway, which can encrypt the transmitted data and verify the transmitted data, thereby realizing the integration of encryption and verification.

Description

IPv6 option explicit source address encryption security verification gateway and verification method

Technical Field

The invention belongs to the technical field of network security, and particularly relates to an IPv6 option explicit source address encryption security verification gateway and a verification method.

Background

In recent years, due to the continuous and deep research in the field of source address verification, the targeted and detailed research on different network environments, diversified network applications and diversified network threats is gradually carried out, and the defects of the traditional source address verification technology are overcome, so that the network defense capability is more prominent, and various network threats in complicated and changeable network environments can be resisted better. Based on this, to the storage overhead problem of the traditional verification technology, Vijayalakshmi et al propose a novel enhanced packet marking algorithm, which can be directly deployed at the victim end to provide backtracking of a single data packet, and since it is not necessary to traverse the entire computer network or identify the attack source using out-of-band messages, the marking algorithm is easy to apply and does not have the storage overhead problem; suresh et al solve the scalability problem existing in a DPM verification mechanism, design a backtracking scheme based on deterministic multi-packet marking (DMPM), and mark untrusted packets by using a global marker distribution server (MOD on-demand marking), thereby effectively defending DDoS attacks; shaning et al propose a hierarchical anti-anonymity alliance construction method (EAGLE) based on export filtering, overcome export filtering (Egress filtering) and problem such as being difficult to adapt to incremental deployment of poor expandability of inter-domain source address verification Method (MEF) based on peer-to-peer filtering; the Wu wave provides a source address and path efficient verification mechanism PPV based on data packet random marking aiming at the problems of high cost, low forwarding efficiency and the like of source address and path verification in packet forwarding, designs the PPV verification mechanism according to the angle of data flow verification, avoids hop-by-hop packet-by-packet verification of the traditional scheme by utilizing the safety verification of data packet random marking, reduces the cost of extra communication and verification time delay of the packet forwarding verification, and improves the efficiency of the packet forwarding safety verification.

According to the analysis, most source address verification technologies mostly adopt the technical principle of an encryption verification scheme, but the existing technologies based on the encryption verification scheme mostly adopt an end verification mode, and a few technologies adopt a mixed mode of end/path verification. The network defense capability of the terminal verification mode is low in false positive and high in false negative due to the fact that the terminal verification mode lacks verification on path transmission; the adoption of the full-path transmission verification mode causes the problems of increased calculation overhead, increased communication overhead, increased occupied bandwidth and network resource consumption, reduced deployment compatibility and the like.

Disclosure of Invention

In view of the above problems, the present invention provides an IPv6 option explicit source address encryption security authentication gateway and an authentication method.

The technical scheme adopted by the invention is as follows:

an IPv6 option explicit source address encryption security authentication gateway, the security authentication gateway apparatus comprising:

the data probability acquisition module is used for carrying out probability acquisition on the transmission data to acquire a data packet and sending the data packet to the encryption function module;

the encryption function module is used for encrypting and signing a source IPv6 address in the data packet, loading a ciphertext obtained through signing into a hop-by-hop option header in the data packet and sending the data packet carrying source address verification information to a destination end;

and the verification function module is used for verifying the source address information of the received data, the initialization creation and the dynamic update of the dynamic verification table.

Preferably, the data probability acquisition module comprises

The data acquisition module is used for carrying out probability sampling on the data packet and providing data of the marking information for the encryption function module;

and the key node dynamic identification module is used for monitoring the flow state of each transmission node in the transmission path, calculating and identifying the key node by using a complex network index, carrying out encryption signature by using the encryption function module, and carrying out verification by using the verification function module.

Preferably, the encryption function module includes:

the first SHA224 hash module is used for encrypting the source IPv6 address to generate a message digest MAC of 28 bytes and preparing for the next digital signature;

the ECDSA signature module is used for generating a ciphertext C by digitally signing the message digest MAC and providing source address verification information;

the first ECC key bank generates a key pair (Pk, Sk) by using an ECC key generation algorithm, and stores the key pair (Pk, Sk) in the key bank, so that the ECDSA signature module can extract the key conveniently;

and the sending module is used for sending the data carrying the verification information of the source address to the destination end to finish the first step of verification of the source address.

Preferably, the verification function module includes:

the receiving module is used for receiving a data packet carrying source address verification information and initializing and creating a local dynamic verification table by using a neighbor SAG;

the hop-by-hop header checking module is used for judging bit values of the hop-by-hop header option type fields in the data packet and selecting a source address verification mode;

the data reading module is used for reading the received data packet and acquiring a source IPv6 address and ciphertext C information;

dynamic verification table: creating a dynamically updated validation table by using triples as rule table entries, wherein the triples comprise a source IPv6, a subnet prefix and a Pk;

the clock module is used for providing a time signal for the dynamic verification table, periodically updating the dynamic verification table, and defaulting for 3h as a period;

the second SHA224 hashing module is used for hashing the acquired source IPv6 address to calculate a message digest MAC' for use in verification, and is an input of the verification module;

the ECDSA signature verification module is used for verifying the ciphertext C and recovering the original message digest MAC for verification, and is the other input of the verification module;

the second ECC key bank generates a key pair (Pk, Sk) by using an ECC key generation algorithm, finds out a corresponding public key Pk according to the key bank, provides a public key for the ECDSA signature verification module and provides corresponding key information for the dynamic verification table;

and the verification module is used for verifying the authenticity of the data source.

Preferably, the verification process of the verification module includes:

during single data verification, the MAC 'obtained by the second SHA224 Hash module is compared with the MAC of the ECDSA signature verification module, and if the MAC' and the MAC are equal, the data source is real; otherwise, the data is forged data; when stream data is verified, received data reading is carried out, wherein the received data reading comprises source IPv6, MAC, Pk or subnet prefix and Pk, the matching is carried out on tuple information of the source IPv6, the subnet prefix and the Pk in the dynamic verification table, and if the tuple information is matched, the data source is real; otherwise, it is forged data.

An authentication method for an IPv6 option explicit source address encryption security authentication gateway comprises the following steps:

step 1: encryption phase

101: initializing, and generating a key pair (Pk, Sk) by using an ECC key generation algorithm for calling a digital signature;

102: hashing a source IPv6 address of the data packet by using a first SHA224 hashing module, and calculating a message digest MAC as an input of an ECDSA signature module;

103: the ECDSA signature module calls a key pair of a first ECC key bank, and digitally signs the message digest MAC by using a private key Sk to obtain a ciphertext C;

104: loading the ciphertext C into a hop-by-hop option header in a data packet to obtain a data packet carrying source address verification information, and then sending the data packet;

step 2: verification phase

201: initializing, wherein the dynamic verification table initializes and creates a local dynamic verification table by sharing the verification tables of the adjacent SAGs;

202: and adopting a proper source address verification mode to carry out verification operation by judging the bit value of the option type field in the hop-by-hop option header.

Preferably, the determination and verification process in step 202 is as follows:

if single data verification is adopted, a source IPv6 address and a ciphertext C are obtained through data received by a destination terminal, a public key Pk can be extracted by using a unified key bank in an encryption stage and a verification stage, the ciphertext C is verified and signed by using the public key Pk to obtain an original message digest MAC, SHA224 hash is carried out by using a source IPv6 address to obtain a new message digest MAC ', the MAC and the MAC' are compared, if the numerical values are the same, the data source is real, the data is received or forwarded, and the data is added into a dynamic verification table as a tuple; otherwise, the data is forged data and should be discarded;

if the data verification is adopted, acquiring a source IPv6 address and a ciphertext C through data received by a destination, and knowing a corresponding public key Pk through a key bank to form a corresponding tuple source IPv6, Pk or subnet prefix and Pk, searching and matching by referring to tuple information in a dynamic verification table, and if the tuple is matched, determining that the data source is real, and receiving or forwarding the data; if the tuple is not found or is not matched, entering a single data verification mechanism for re-verification, if the tuple is judged to be real data, receiving or forwarding the data, otherwise, judging to be fake data, discarding the data, and recovering the original verification mode.

The invention has the beneficial effects that:

1. the system can encrypt the transmitted data and verify the transmitted data, thereby realizing the integration of encryption and verification. The integrated security verification gateway has universal applicability, can be inserted into transmission equipment, and realizes secure transmission from a source to a destination and on a path. The authenticity of the source of the data packet is verified, the deployment cost is reduced, the missing and integrated verification in wide deployment is made up, and the network attack behavior of the source address spoofing and counterfeiting type is effectively prevented.

2. The design of the invention is a plug-and-play module, and the module can be plugged into a router, a switch and a PC terminal, thereby having the characteristic of incremental deployment and better adaptability.

3. Compared with the traditional SAVA equipment, the invention only marks partial data, and performs signature verification at the key node on the transmission path, thereby improving the transmission efficiency of the data, reducing the calculation overhead and reducing the occupation rate of the network bandwidth.

4. Compared with the traditional SAVA equipment, the verification gateway can defend most of data spoofing and counterfeiting type attack behaviors, has stronger defense efficiency and can make up the defense defects of other security equipment.

5. Compared with the SAVA equipment or other types of source address verification technologies, the verification gateway has better data transmission performance in terms of data transmission efficiency. The scheme is based on the probability marking signature verification principle of the data packet and performs verification through key nodes on a transmission path, so that the verification overhead is reduced, and the transmission efficiency of data is improved. 6. The potential safety hazard that a third party is introduced to carry out data verification is avoided, namely, the encrypted information can be cracked by breaking the third party so as to forge the source end address to obtain the terminal trust, and the illegal purpose of attack penetration is achieved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 shows the basic design framework of the SAEAv6 authentication scheme;

FIG. 2 illustrates key node identification for a network transmission topology;

FIG. 3 illustrates a hop-by-hop options data structure definition;

FIG. 4 shows a single data validation flow (router for example) with the SAG plugged into the network device;

FIG. 5 shows a Security Authentication Gateway (SAG) modular structure;

FIG. 6 illustrates a security verification workflow;

FIG. 7 shows the results of experimental network connectivity;

fig. 8 shows the defense effectiveness of a security authentication gateway deployment based on the SAEAv6 scheme.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are a part of the embodiments of the present invention, but not all of the embodiments.

Thus, the following detailed description of the embodiments of the present invention is not intended to limit the scope of the invention as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The invention provides an ECDSA hop-by-hop option explicit Source Address Encryption verification (SAEAv 6) method of an IPv6 network and provides corresponding security verification gateway equipment.

Summary of SAEAv6 verification protocol

An overview of the problem description to be solved, the adversary model and the SAEAv6 authentication method is given according to the source address authentication method based on cryptographic authentication. The source verification scheme proposed by the present invention is implemented based on end-to-end and path verification, that is, a data packet passes through a sender (i.e., a data source end, S), and reaches a destination end (i.e., (a data receiver end, D)) along an expected path L ═ S, < S, R1, R2, …, Ri, …, Rn, D > in a router, where i, n represent path lengths (without the data sender), and S, D, Ri and Rn are network entities in a network transmission topology. Under unreliable communication paths, intermediate routers may drop, modify or change the forwarding path of packets due to attacks or failures.

1.1 problem description and assumptions

Source address verification problem: because each network transmission node (such as a router, a switch and the like) in the internet network only stores and forwards the data packet by using the destination IP address in the data packet when transmitting the data packet, the source IP address in the data packet and the authenticity of the payload in the packet are not checked in the transmission process and the data packet is continuously forwarded, an attacker possibly falsifies the source IP address in the forged data packet and cheats the destination terminal to further implement illegal attack behaviors, such as intrusion, stealing or destroying the destination terminal.

According to routing exchange protocols such as Border Gateway Protocol (BGP) or link routing protocol (pathrouting), it can be assumed that the source end S can obtain an expected traversal path for packet transmission, and can perform path verification in the deployment of a key node in the path.

1.2 enemy model building

Packet tampering and spoofing: spoofing the packet information and spoofing the destination D, such as the source IP address, header or payload data.

Data packet injection: the malicious router forges the data packet and sends it to the destination end D, noting that the packet replay attack is a special case of attack packet injection.

DDoS and DoS attacks: as part of both attacks, memory and computation-exhausted attacks on terminals, routers, etc. are considered.

1.3SAEAv6 authentication protocol

The SAEAv6 authentication scheme is mainly: firstly, verification information is added to a sent data packet in a probability marking mode at a sending end S, and all data packets of the sending end S are not marked, so that the consumption of network resources is reduced, and the calculation cost of a verification scheme is reduced; secondly, dynamically identifying transmission nodes in a topological path for transmitting the data packet by introducing index concepts (such as degree, centrality, intermediacy and the like) of the complex network, identifying key nodes of the data packet on the transmission path, and using the key nodes as check nodes for checking the authenticity of a source address of the data packet; and finally, performing source address path verification and end verification on the transmitted data packet through the check node and the destination end D, and judging the true reliability of the source of the data packet so as to reduce the threat behavior of network spoofing attack.

Therefore, according to the above description, the design principle of the SAEAv6 authentication scheme is simple and easy to understand, and the detailed design concept is to use the Hop-by-Hop Option (Hop-by-Hop Option) in the IPv6 message field as the transmission carrier of the authentication information, use the SHA224withECDSA digital signature algorithm as the security authentication mechanism, and design according to the concept of packet identity authentication. The SAEAv6 authentication scheme can adopt an end authentication mode and can complete an authentication operation on a transmission path of data. Different from the traditional source address verification scheme based on encryption verification, the verification scheme does not adopt a source address verification mechanism which carries out hop-by-hop and packet-by-packet in a network transmission full path mode, and only carries out dynamic verification at key network nodes in a transmission path, thereby reducing verification overhead and occupation of network resources and improving the forwarding efficiency of network data. The basic design framework is shown in fig. 1, where the corresponding (Pk, Sk) is searched and obtained in the keystore.

And the security authentication gateway is implemented by modular design according to the SAEAv6 authentication scheme. The signature and verification of the data packet address information are realized through the security verification gateway, and the operation of source address verification is completed, wherein SHA224 Hash is used as a message digest algorithm of a source IPv6 address, and ECDSA is used as a digital signature mechanism of source address verification.

Design of SAEAv6 validation protocol

2.1 dynamic identification of Key nodes

The transmission path information of the network data may be obtained through a routing protocol, such as BGP, Pathlet routing, and the like, and a network transmission topology is established according to the routing information, for example, fig. 2 assumes that the network transmission topology is an IPv6 network transmission topology, an exact transmission path is obtained through the routing information, a traffic state is monitored at each transmission node in the transmission path, and a measurement index of a complex network is used to identify key node information of the network topology for nodes in the transmission path. The following is described by way of example in fig. 2: the method comprises the steps that an entity network topology, an abstract node topology and a key path topology are sequentially arranged from top to bottom in a graph, a transmission topology of an upper entity network can be abstracted into a node topology graph, key nodes are calculated and identified by using complex network indexes (such as degree, authority, intermediacy and centrality) according to the node topology of a middle layer, a key node path graph of the lowest layer is obtained, a data packet can be transmitted according to a key node path and can also be transmitted according to other paths, but the key point is that the source address verification of data must be carried out on the key nodes (namely orange nodes marked in fig. 2) in the path when the data packet is transmitted according to the key path or other transmission paths so as to judge the authenticity of the data source.

There are two possibilities for data transmission according to the above description: one is that the data packet is transmitted according to the key path and is verified at each key node, so the data transmission is equivalent to hop-by-hop packet-by-packet verification, and the transmission security is extremely high; the other is that data is not transferred according to a critical path, but is transmitted by other paths according to route deviation of routing information, but the transmission path has a plurality of nodes which are critical nodes, because the critical nodes occupy important positions in the network topology, so that the critical nodes are not bypassed no matter which path is passed, for example, the source end S reaches the destination end D through the paths < R1, R3, R4, R6, R8, R10>, so that it is feasible to check the authenticity of the datagram at the critical nodes.

2.2 verification of vector design

The selection of the verification carrier of the SAEAv6 scheme is crucial, and is related to the feasibility, applicability and compatibility of the whole source address verification scheme. Through research on various source address verification technologies, the hop-by-hop option header has better compatibility and universality when a network protocol is operated than a newly designed protocol or a new data option header. Therefore, according to the principle of encryption verification, the hop-by-hop option header in the IPv6 message is decided to be enabled. The reason for selecting the hop-by-hop option header is three: (1) the hop-by-hop option header cannot be randomly inserted or deleted in the data packet transmission process, and can be checked or processed at any node along the data packet transmission path; (2) the data packet is checked in sequence from an IPv6 header, a hop-by-hop option header, a target option header, a routing header and the like in the transmission checking stage, so that the data packet has the characteristic of quick checking; (3) the data packet is inspected in each hop route transmitted by the network to check the hop-by-hop option header, so that the possibility of positioning the position of the attack source of the forged data packet is brought. If a data packet is deceived when being transmitted through a plurality of transmission nodes, the last-hop route of the transmission nodes is bound to forge the data packet, so that possibility is brought to tracing the source of an attack end. In summary, the hop-by-hop option header is selected to not only exert its advantageous characteristics but also enable it to have better compatibility in network protocols without unnecessary conflicts for other types of network protocols. Therefore, the authentication scheme has wider applicability, universality and compatibility than other authentication protocols.

The hop-by-hop option header consists of five fields of a next header, a header extension length, an option type, an option data length and option data, and the functions of the two fields of the option type and the option data can be defined according to the requirements of users. In order to better match the SAEAv6 authentication scheme, according to the IPv6 address protocol standard, the field functions of the next header and the header extension length in the hop-by-hop option header are defined by the IPv6 protocol standard, and the field functions of the option type field, the option data length and the option data are self-defined by the authentication scheme. Wherein the total length of the hop-by-hop option header is defined as 32 bytes, the hop-by-hop option header field length is 4 bytes, and the remaining field functions are defined as follows. Fig. 3 shows a field structure of a hop-by-hop option header.

(1) The next header (1Byte), the option extension header of the IPv6 message, contains this field to identify the next header type, such as a 0-hop-by-hop option header, a 43-route header, a 44-fragment header, a 60-destination option header, etc.

(2) A header extension length (1Byte) identifying a field length containing an option type, an option data length, and option data, and not containing a next header field. 8Byte is a unit length and must be an integer multiple of 8 Byte. This field value defaults to 0.

(3) An option type field (1Byte) mainly performs verification judgment, and the specific definition of each bit value of the option type is as follows:

the first, second and third bits are defined by the RFC8200 standard and will not be described in detail. Wherein the first and second bits are used for the action defined when the option type can not be identified, and the default is 00; the third bit is used to identify whether the packet can be modified during transmission, and is 0 by default.

And the fourth bit is used independently for judging whether the node where the data packet is located is a key node or not. Wherein: 0-common node; 1-key node.

The fifth bit is used independently to establish and update the dynamic verification table in the security verification gateway. Wherein:

0-regularly updating the verification table, adding a new rule table item, deleting an invalid rule table item, and updating the self verification table;

1-initialize the creation of the verification table. And initializing and creating a verification table through a neighbor security verification gateway, and creating a dynamic verification table according to a single data verification mechanism if the neighbor security verification gateway does not have the verification table. Note: this bit is applied when the device is turned on or re-accessed, and is normally not used, and is often considered 0 by default.

The sixth bit and the seventh bit are used in combination to judge which source address verification mode is used:

00-default verification is single data verification (fine granularity), data are verified one by one, and the successfully verified data are added into a dynamic verification table as tuples;

01-stream data validation (coarse granularity), query dynamic validation table, provide (source IPv6, MAC, Pk) or (subnet prefix, Pk) arbitrary tuple validation approach. If the tuples are matched, the verification is successful, and the data is received or forwarded; otherwise, entering a single data verification mechanism, and recovering the verification mode after completing verification and adding the successfully verified data as a tuple into the dynamic verification table;

10-only inquiring and verifying by < source IPv6, MAC, Pk > in the verification table, if the tuples are matched, directly passing the verification, if not, entering single data verification, adding the successfully verified data as the tuples into the verification table, and then recovering the original verification mode. Generally for single data or small-scale streaming data;

11-only inquiring and verifying by < subnet prefix, Pk > in the verification table, and if the tuples are matched, receiving or forwarding data through verification; otherwise, single data verification is carried out, the data which is successfully verified is used as a tuple to be added into the verification table, and then the original verification mode is recovered. Is often applicable to large-scale streaming data and provides a probabilistic authentication mechanism.

Fifthly, reserving for use and leaving for other use.

(4) Option length (1Byte), identifying the length of the option data, defines 28 bytes, and has a field value of 28 (00011100).

(5) The option data is source address information, i.e., payload, used to carry the SAEAv6 authentication scheme. The destination is provided with authentication information, which includes the ciphertext (28 Byte).

3. Security verification mechanism

The internet network data security verification generally adopts a hash algorithm, a symmetric encryption algorithm and an asymmetric encryption algorithm as an encryption mechanism of the security verification. The hash function includes MD5, SHA, CRC, etc., generally MD5 and SHA series functions are commonly used as message digest algorithms in the field of network information security, and can hash a value or a character string of any length to generate a message digest of a fixed length, which has the characteristics of high hash and unidirectionality. However, MD5 and SHA-1 have been found weak by cryptologists and broken down so that they no longer have a strong crash advantage, with much reduced security. SHA-2 is therefore often used in the world network security field as a message digest algorithm in data encryption and identity authentication. The method is widely applied to data encryption and identity authentication, such as SSL, PGP, IPsec and other security protocols. SHA-256 and SHA-512 are relatively common hash functions, and have the same function structure, but different defined unit cells, different offsets and different loop times, so that the hash functions with high safety are formed; and the SHA-224 and the SHA-384 are respectively truncated versions of the two functions and respectively inherit the advantages of strong security and the like. Therefore, the SHA-224 is suitable for the secondary digest algorithm of the original address verification scheme because the SHA-224 has the general security of the SHA-256 and the generated digest is moderate in length.

Symmetric and asymmetric encryption algorithms use encryption mechanisms such as DES, AES, RC4, RSA, DSA, ECC, etc. as conventional source address verification techniques. The traditional security verification scheme has the defect when a symmetric encryption algorithm is selected, for example, each pair of receiving and transmitting parties use a unique secret key each time the symmetric encryption algorithm is used, so that the number of secret keys owned by the receiving and transmitting parties is increased in a geometric series manner, the secret key management is difficult, and the cost is high. Compared with a public key encryption algorithm, the symmetric encryption algorithm can only provide encryption and authentication but lacks a signature function, so that the application range of the symmetric encryption algorithm is reduced. And the integrity of the digital signature of the data is easy to verify by a public key encryption algorithm, and the digital signature has non-repudiation. This feature has certain advantages for network data source address verification and is more secure than symmetric encryption algorithms. Therefore, the public key encryption algorithm is selected as the main encryption mechanism of the research, and the ECC elliptic curve encryption algorithm is determined and selected according to the comparison between the advantages and the disadvantages of various public key encryption algorithms in the table 1.

TABLE 1 comparison of advantages of public key encryption algorithms

Since the ECDSA is a digital signature mechanism based on asymmetric private key encryption of the ECC elliptic encryption algorithm, and the security of the ECDSA is established on the difficulty of solving discrete logarithm solution of an elliptic curve, the research on the ECDSA should be started from the ECC elliptic encryption algorithm, and the ECDSA has two application modes: (1) when the method is used for an encryption algorithm, the public key encrypts and decrypts the private key; (2) when the method is used for a signature algorithm, a private key is used for signature public key verification, so that the ECDSA is realized based on the ECC signature algorithm. Compared with the most common RSA public key cryptosystem, the ECC encryption system has the advantages that the RSA secret key cryptograph is long, the running is slow, the efficiency is low, and the cryptograph security strength below 1024 bits is low; the ECC has short cipher key ciphertext, fast operation, high efficiency, less memory occupation and capability of providing higher security strength by using a smaller cipher key. In view of the above advantages of ECDSA, it was decided to use the brasnpoolp 224r1 curve to perform ECDSA signature scheme, which provides a key security strength of 224 bits that matches the key security strength of 2048 bits of RSA.

Accordingly, the SAEAv6 authentication scheme employs a SHA224withECDSA digital signature algorithm with high security. In order to make the signature mechanism more suitable for the scheme, SHA-224 auxiliary hash and an ECDSA signature mechanism based on a BRAINPOOLP224r1 curve are adopted to be matched for use, a signature ciphertext with the length of 28 bytes can be generated, the generation of MTU communication problems caused by filling in a message header due to overlarge ciphertext is avoided, and the verification of data integrity is facilitated. The method supports the feasibility of the SAEAv6 verification scheme and ensures the safety of the SAEAv6 verification scheme.

Based on the research, the invention provides an IPv6 option explicit source address encryption security verification gateway, the security verification gateway device is a logic function module designed based on SAEAv6 verification scheme as the security verification gateway, firstly, the node condition deployed in a local network is identified, then, after determining to adopt a corresponding source address verification mode by judging the bit value of an option type field in a hop-by-hop option header, SHA224withECDSA digital signature is applied for signature verification, so as to complete the source address verification operation of a data packet. The SAG can be inserted into network transmission equipment and used as a source address verification function module in the network transmission equipment to identify the authenticity of a data source address, has the advantages of being integratable, easy to operate, strong in compatibility, low in cost and the like, can be widely deployed in various network environments, and has good universality and practicability. FIG. 4 shows an example of SAG insertion into a router at a network critical node for source address verification.

The security authentication gateway device includes:

the encryption function module is used for encrypting and signing a source IPv6 address (which indicates a source IPv6 address (namely a source address) in a data packet header) in the data packet, loading a ciphertext obtained through signing into a hop-by-hop option header in the data packet, and sending the data packet carrying source address verification information to a destination end;

Data probability acquisition module

The data probability acquisition module carries out probability sampling on the data packet and sends the data packet into the encryption function module to carry out verification information marking on the data packet. The system comprises a data acquisition module and a key node dynamic identification module, and data trigger type probability acquisition is carried out through the combination of the two modules, so that the data of the marking information is provided for the encryption function module. A data acquisition module: data can be collected through software design or hardware integration and the like. Is widely used in the market at present; and the key node dynamic identification module is used for monitoring the flow state of each transmission node in the transmission path, calculating and identifying the key node by using a complex network index, carrying out encryption signature by using the encryption function module and carrying out verification by using the verification function module. (Complex network is a term of art on computer networks and is also a field of computer network research, and is introduced to identify the criticality and importance of a transmission node by using some indexes (such as degree, centrality, intermediation, etc.) on the complex network.)

Encryption function module

The encryption function module encrypts and signs a source IPv6 address in the data packet, loads a ciphertext obtained through signing into a hop-by-hop option header in the data packet and sends the data packet carrying source address verification information to a destination end. Compared with a complex verification function module, the system has a simpler structure and a single function, and only comprises four parts, namely an SHA224 hash module, an ECDSA signature module, an ECC key bank and a sending module. Each module is designed as follows:

(1) the first SHA224 hashing module: the message digest MAC used to encrypt the source IPv6 address generation 28Byte is prepared for the next digital signature.

(2) ECDSA signature Module: the ECDSA is realized based on a signature algorithm of the ECC, and the ECDSA signature principle is shown in Table 1. The message digest MAC is digitally signed to generate a ciphertext C, and source address verification information is provided.

TABLE 1 digital signature Algorithm for ECDSA

(3) A first ECC keystore: and generating a key pair by using an ECC key generation algorithm, and storing the key pair (Pk, Sk) in a key bank, so that the ECDSA signature module can extract the key conveniently without wasting time to temporarily generate the key.

(4) A sending module: and sending the data carrying the verification information of the source address to a destination end to finish the first step of verification of the source address.

Verification function module

The validation function module is an important function module of the SAG. After a proper source address verification mode is determined to be adopted by judging the value of an item type field bit in a hop-by-hop option header of received data, ECDSA is applied to carry out signature verification or a dynamic verification table is searched, source address verification along a transmission path and a source/destination end is completed, and reliable transmission of data flow is guaranteed. The method provides two verification mechanisms of streaming data (coarse granularity) and single data (fine granularity), wherein the coarse granularity verification can be used for carrying out probabilistic verification, the running speed is high, the safety is high, and the method is suitable for verifying large-scale streaming data; the fine-grained verification can be carried out more finely, the operation speed is reduced by the coarse-grained verification, the safety is extremely high, the service experience of a user cannot be reduced, and the method is suitable for verifying single data and small-scale streaming data. The SAG verification function module consists of nine modules, namely a receiving module, a hop-by-hop header verification module, a data reading module, a dynamic verification table, a second SHA224 Hash module, a clock module, an ECDSA signature verification module, a second ECC key bank and a verification module, and the nine modules with single functions are matched with each other to provide a complex source address verification function. The functional design of each module is as follows:

(1) a receiving module: used to receive the data packet carrying the verification information of the source address and to create the local dynamic verification table by using the initialization of the neighbor SAG.

(2) A hop-by-hop header checking module: the method is a module for judging bit values of hop-by-hop header option type fields in a data packet so as to select a proper source address verification mode.

(3) A data reading module: and reading the received data packet to obtain the source IPv6 address and the ciphertext C information.

(4) Dynamic verification table: creating a dynamically updated verification table by using the triple (source IPv6, subnet prefix, Pk) as a rule table entry is a key module for stream data verification. There are two cases of updating the verification table: firstly, when the device is started or accessed again, the verification table of the neighbor SAG is automatically shared to initialize and create a local verification table; and secondly, the data which is successfully verified by the single data is used as a tuple to be added into a dynamic verification table for creating so as to be used for comparing the verification of the stream data. And the verification table is updated regularly through the clock module so as to efficiently finish the stream data verification.

(5) A clock module: and providing a time signal for the dynamic verification table, and updating the dynamic verification table periodically, wherein the default 3h is one period. The setting can be carried out manually according to the actual application scene.

(6) Second SHA224 hashing module: the obtained source IPv6 address is hashed to calculate a message digest MAC' for use in authentication, which is an input to the authentication module.

(7) ECDSA checks and signs module: and checking the ciphertext C to recover the original message digest MAC for verification, wherein the original message digest MAC is another input of the verification module. Table 2 shows the public key signature verification principle mechanism of ECDSA.

TABLE 2 signature verification algorithm for ECDSA

(8) A second ECC keystore: and generating a key pair by using the same ECC key generation algorithm as the encryption module to form a uniform key library. And finding out a corresponding public key Pk according to the key bank, providing a public key for the ECDSA signature verification module, and providing corresponding key information for the dynamic verification table.

(9) A verification module: is a module for comparing numerical values. During single data verification, the MAC 'obtained by the SHA224 Hash module is compared with the MAC of the ECDSA verification module, and if the MAC' and the MAC are equal, the data source is real; otherwise, it is forged data. When stream data is verified, matching is carried out on tuple information (source IPv6, MAC, Pk) or (subnet prefix, Pk) of received data reading and (source IPv6, subnet prefix, Pk) in a dynamic verification table, and if the tuples are matched, the data source is real; otherwise, it is forged data.

In addition, the present invention also provides an ECDSA hop-by-hop option explicit source address encryption verification method for an IPv6 network, as shown in fig. 6, including the following steps:

step 1: encryption phase

step 2: verification phase

201: initializing, by the dynamic verification table, initializing and creating local dynamic verification by sharing the verification table of the adjacent SAGs;

202: adopting a proper source address verification mode to carry out verification operation by judging the bit value of the option type field in the hop-by-hop option header;

if single data verification is adopted, a source IPv6 address and a ciphertext C are obtained through data received by a destination terminal, a public key Pk can be extracted by using a unified key bank in an encryption stage and a verification stage, the ciphertext C is verified and signed by using the public key Pk to obtain an original message digest MAC, SHA224 hash is carried out by using a source IPv6 address to obtain a new message digest MAC ', the MAC and the MAC' are compared, if the numerical values are the same, the data source is correct, the data is received or forwarded, and the data is added into a dynamic verification table as a tuple; otherwise, the data is forged data and should be discarded;

if the data verification is adopted, acquiring a source IPv6 and a ciphertext C through data received by a destination, knowing a corresponding public key Pk through a key bank to form a corresponding tuple (source IPv6, Pk) or (subnet prefix, Pk), searching and matching by referring to tuple information in a dynamic verification table, and if the tuple is matched, determining that the data source is real, and receiving or forwarding the data; if the tuple is not found or is not matched, entering a single data verification mechanism for re-verification, if the tuple is judged to be real data, receiving or forwarding the data, otherwise, judging to be fake data, discarding the data, and recovering the original verification mode. The method has the advantages of reducing the phenomena of misjudgment and missed judgment and improving the accuracy of verifying the data source address.

Assessment of SAEAv6 protocol

4.1 Experimental analysis

An IPv 6-only network built by applying a Cisco Packet tracker simulator and an RIP static routing protocol with an IPv6 address is shown in FIG. 7. According to a network topological graph, assuming that a network is giga bandwidth, optical fiber connection is used, the average transmission distance is 5km, SAG utilizes an OpenSSL model to simulate and measure the interactive signature of ECDSA and the average processing delay of signature verification through signature verification of the ECDSA by Java, the average processing delay is 11.3ms and 14.7ms, the obtained average processing delay is reduced along with the improvement of computer performance, the delay difference measured when simulation is carried out by using Java and Python is large, large errors can be generated according to different algorithm programs, the computer performance and the like, the simulation delay of Java is adopted for considering network load balance, relevant performance indexes are measured and calculated, and index data are analyzed.

Table 3 shows experimental data of SAG in an access domain scene, which simulates the application of SAG to networks with different bandwidths, and it can be seen that the data transmission delay and transmission rate of SAG used under different bandwidths are slightly different from those of SAG not used, but the difference is very small, which means that the network speed will not fluctuate greatly when SAG is used in the network, and therefore the service experience of the user using the network will not be reduced, so that the use of SAG alone from the two experimental data will not have an obvious effect on the network speed, and will not occupy too much bandwidth in data transmission.

Table 3 experimental data using SAG in access domain

TABLE 4 Experimental data Using SAG in three scenarios of SAVA

The simulated IPv6 network is stable according to the maximum transmission time in table 4, the influence of other network factors on the performance index can be ignored, and the network delay for using SAG in different scenarios of the network is at least about 47.88 ms. Network engineers can generally evaluate the quality degree of the existing network environment according to network delay, and the IPv4 network delay range is considered to be 1-30ms, which indicates that the network speed is extremely fast and delay is hardly perceived; 31-50ms indicates that the network is fast without significant delay; 51-100ms indicates that the network speed is slightly slow and slightly delayed; the network speed difference is shown in more than 100ms, and phenomena of blocking, packet loss and disconnection exist. Although the above delay range is used for evaluating the IPv4 network, the network speed condition of using SAG in the IPv6 network environment can be abstractly predicted according to the above delay range, and it can be predicted according to the delay result that the use of SAG in the IPv6 network will not affect the network speed and will not reduce the service experience of the network user, so that it can be presumed that SAG has applicability to IPv6 network and can be used in any network scenario of SAVA. Therefore, the SAEAv6 authentication scheme is proved to be applicable to the IPv6 network and is a feasible scheme.

4.2 effectiveness analysis

The SAG is deployed according to three network scenes, namely an access domain, an AS domain and an inter-AS domain, so that the network defense capability of independent deployment and joint deployment can be obtained, the income obtained along with the increase of the deployment quantity can be further improved, and the deployment incentive of who deploys and benefits is realized. According to the network topology of fig. 7, assuming that deployment is performed in the three network scenarios, the obtained network defense strengths are different, and the specific analysis is as follows:

scenario one access domain deployment: the SAG is deployed in the access domain, two modes of terminal deployment and key node deployment can be adopted to improve the security of data transmission, the terminal deployment provides host granularity defense capability, and the other deployment mode provides access layer protection. According to the data packet security verification mechanism of the SAEAv6 scheme, dynamic security protection can be performed on single data and streaming data, and the two types of protection effectiveness are different. For example, when a single data verification mechanism is used, the security protection capability of terminal data transmission can be enhanced, and an attacker cannot break the signature verification mechanism of SHA224withECDSA because the ECDSA signature algorithm uses 224-bit keys and the security strength of the signature verification algorithm is far higher than that of an RSA 1024-bit key, even if the breaking requires at least 10 bits of keys²⁰MIPS year; the stream data verification mechanism adopts a probabilistic filtering mechanism, and the security defense efficiency of the system is reduced compared with that of the former verification method, but the transmission rate of the network data is not greatly influenced because of the probability filtering mechanismTherefore, the forged data packets are filtered under the condition of ensuring that the network speed is not reduced, and the source safety of the data is verified.

Deployment in a scene two AS domain: SAG deployment can be carried out on the exit/entrance routing node or each key node in the AS domain, the security of network communication at each level in the domain can be ensured, and the generation of attack behaviors caused by the fact that any node in the domain forges data and then deceives each node in the domain is prevented. By the deployment of the exit/entrance routing nodes, the deception prevention of outward and inward flow of the AS domain is provided, and the safety of outward and inward communication in the AS domain is guaranteed; deployment at each key node provides data authentication between nodes within the AS domain, providing secure communication within the domain. The data access of each level of network in the AS domain improves the safety protection efficiency to a certain extent, thereby ensuring the safety interaction of the data in the AS domain from inside to outside or from outside to inside.

Scene three AS inter-domain deployment: the inter-AS security protection depends on SAG deployed by a border router on an AS domain, a Border Gateway Protocol (BGP) is utilized in the border router to judge an AS domain source of data traffic, whether the data is based on inter-AS transmission is judged, and then a network data verification mechanism between AS domains is applied to ensure data integrity and unforgeability of inter-AS communication and avoid network attack behaviors of deception and counterfeiting types. It should be noted that the data security verification mechanism provided between the AS domains is mainly based on stream data security, and provides security data protection according to the network address prefix probability, and the defense performance is slightly lower than the defense capability in the access domain and the AS domain, but ensures that the inter-domain data transmission rate is within the standard range.

In summary, the security verification gateway (SAG) based on the SAEAv6 verification scheme is deployed correspondingly according to different network scenarios, and the security defense efficiency in each network scenario can be improved again on the basis of the original network protection strength. In the above description, it can be seen that a bottom-up and inside-out security protection mechanism is provided, which is promoted from access domain terminal verification to data level verification in the AS domain to area level verification between the AS domains, and provides a systematic incremental deployment network defense mode from micro-level to macro-level, and the defense performance of the incremental deployment network defense mode is shown in fig. 8. It can be seen from fig. 8 that when large-scale deployment is performed on the network, the network defense performance will be greatly improved with the continuous expansion of the deployment scale, which further shows the effectiveness of the network defense based on the SAEAv6 verification scheme.

4.3 safety analysis

SAG is designed based on an SAEAv6 verification scheme, the overall security of SAEAv6 verification scheme can be known to be established on a verification strategy and a digital signature algorithm, the SAEAv6 verification scheme and the digital signature algorithm are combined to form a strong verification rule, and the verification rule carries out dynamic verification according to the size of data flow to form a comprehensive defense system. The method has stronger defense efficiency in an access domain and an AS domain, because a relatively strong defense rule can be formed between the access domain and the AS domain no matter the defense rule is configured on each transmission node or only installed in an upstream router or a switch, the safety efficiency in the AS domain is slightly lower than the application scenes in the access domain and the AS domain, but the defense effect of protecting a boundary can be achieved only by arranging an edge router between the AS domains, the cost is slightly higher, the service experience of a network user cannot be reduced, and compared with a traditional safety communication mode, the method has stronger defense efficiency and can reduce the probability of missed judgment and erroneous judgment. In other words, the configuration of SAG may reduce false positives, false negatives of network data authenticity identification.

The theoretical framework of the SAEAv6 approach relies on the verification policy and the rule mechanism formed by SHA224withECDSA digital signature algorithm. The verification strategy is as shown in fig. 3, and has two strategies of single data verification and stream data verification, and determines which verification mode is used according to the bit value change of the hop-by-hop option, so as to form a strict dynamic verification strategy, and have a certain defense effect on data source verification; the SHA224withECDSA digital signature algorithm adopts SHA224 Hash and an ECDSA digital signature algorithm based on an ECC elliptic encryption algorithm to form a stronger and safer digital signature mechanism, the security of the ECDSA is established on the difficulty of solving the discrete logarithm solution of an ECC elliptic curve, the ECDSA has the characteristics of low operation complexity and high security, a smaller key can provide higher security strength, the security is greatly improved by fusing the two, and compared with the existing source address verification algorithms such as HMAC-MD5, HMAC-SHA1, RSA, CGA and the like, the method has the advantages of high operation speed, less memory occupation, low time overhead and higher security. Therefore, the SHA224withECDSA digital signature algorithm is selected as the core security algorithm of the SAEAv6 verification scheme, and higher, stronger and more effective defense capability can be provided. Table 5 is a comparison table of the SAEAv6 authentication scheme and the conventional source address authentication technique, and it can be seen that the SAEAv6 authentication scheme has better security advantages than the conventional source address authentication technique.

TABLE 5 SAEAv6 comparison of the technology with conventional technology

According to the table 3 and the table 4, it can be known that the SAG has a small difference in performance indexes such as transmission delay, transmission rate, delay and the like, does not affect the transmission rate of the network and the service experience of the network user, is suitable for the IPv6 network, and further proves the feasibility of the SAEAv6 verification scheme. The security analysis of the SAEAv6 verification scheme shows that the security strength is much higher than that of a 1024-bit RSA public key encryption system, and the SAEAv6 verification scheme can be known to have better advantages in deployment, overhead and defense compared with the conventional source address verification technology according to table 5. In summary, the SAEAv6 authentication scheme is a feasible, effective and secure source address authentication scheme.

The above description is only for the purpose of illustrating the technical solutions of the present invention and not for the purpose of limiting the same, and other modifications or equivalent substitutions made by those skilled in the art to the technical solutions of the present invention should be covered within the scope of the claims of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims

1. An IPv6 option explicit source address encryption security authentication gateway, the security authentication gateway apparatus comprising:

2. The IPv6 option explicit source address encryption security authentication gateway as claimed in claim 1, wherein the data probability collection module comprises

3. The IPv6 option explicit source address encryption security authentication gateway of claim 1, wherein the encryption function module comprises:

4. The IPv6 option explicit source address encryption security authentication gateway of claim 1, wherein the authentication function module includes:

5. The IPv6 option explicit source address encryption security authentication gateway of claim 4, wherein the authentication process of the authentication module comprises:

6. An authentication method of an IPv6 option explicit source address encryption security authentication gateway according to any one of claims 1-5, comprising the steps of:

step 1: encryption phase

step 2: verification phase

7. The ECDSA hop-by-hop option explicit source address encryption verification method of IPv6 network as claimed in claim 6, wherein the determining and verifying process in step 202 is as follows: