CN114389835B

CN114389835B - IPv6 option explicit source address encryption security verification gateway and verification method

Info

Publication number: CN114389835B
Application number: CN202111453777.XA
Authority: CN
Inventors: 甄龙飞; 马克
Original assignee: Qinghai Normal University
Current assignee: Qinghai Normal University
Priority date: 2021-12-01
Filing date: 2021-12-01
Publication date: 2024-04-16
Anticipated expiration: 2041-12-01
Also published as: CN114389835A

Abstract

The invention discloses an IPv6 option explicit source address encryption security verification gateway, which comprises: the data probability acquisition module is used for carrying out probability acquisition on the transmission data to obtain a data packet and sending the data packet to the encryption function module; the encryption function module is used for encrypting and signing the source IPv6 address in the data packet, loading the ciphertext obtained by signing into a hop-by-hop option header in the data packet and sending the data packet carrying the source address verification information to the destination terminal; and the verification function module is used for verifying the source address information of the received data, the initialization creation of the dynamic verification table and the dynamic update. The invention also provides a verification method of the IPv6 option explicit source address encryption security verification gateway, which can encrypt the transmitted data and verify the transmitted data, thereby realizing the integration of encryption verification.

Description

IPv6 option explicit source address encryption security verification gateway and verification method

Technical Field

The invention belongs to the technical field of network security, and particularly relates to an IPv6 option explicit source address encryption security verification gateway and a verification method.

Background

In recent years, as the research in the field of source address verification is continuously in progress, targeted and detailed research on different network environments, multiple network applications and various network threats is gradually started, the defects of the traditional source address verification technology are overcome, the network defense capability is promoted to be more outstanding, and various network threats on the complex and changeable network environments can be resisted. Based on this, in view of the problem of storage overhead of the conventional verification technology, vijayalaksmi et al propose a novel enhanced packet marking algorithm that can be deployed directly at the victim end to provide backtracking of a single data packet, which is easy to apply and does not have the problem of storage overhead as it is not necessary to traverse the entire computer network or utilize out-of-band messages to identify the source of the attack; suresh et al solves the scalability problem of the DPM verification mechanism, designs a backtracking scheme based on deterministic multi-packet marking (DMPM), marks an untrusted data packet by using a global mark distribution server (MOD mark on demand), and effectively defends DDoS attacks; the Luning et al propose a hierarchical anti-anonymity alliance construction method (EAGLE) based on the outlet filtration, and overcome the problems that the expandability of the outlet filtration (efficiency filtration) and the inter-domain source address verification Method (MEF) based on the peer-to-peer filtration is poor, incremental deployment is difficult to adapt and the like; aiming at the problems of high expenditure, low forwarding efficiency and the like faced by source address and path verification in packet forwarding, wu Bo provides a source address and path efficient verification mechanism PPV based on random marking of data packets, designs a PPV verification mechanism according to the angle of data flow verification, avoids hop-by-hop and packet-by-packet verification of the traditional scheme by utilizing the security verification of random identification of the data packets, reduces the expenditure of additional communication and verification time delay of packet forwarding verification, and improves the efficiency of packet forwarding security verification.

According to the analysis, most source address verification technologies mostly adopt the technical principle of an encryption verification scheme, but the existing technology based on the encryption verification scheme mostly adopts an end verification mode, and a few technologies adopt a mixed mode of end/path verification. The network defense capability of the terminal verification mode is low in false positive and high in false negative due to the lack of verification on path transmission; the adoption of the full path transmission verification mode can cause the problems of increased calculation cost, increased communication cost, increased occupied bandwidth and network resource consumption, reduced deployment compatibility and the like.

Disclosure of Invention

Aiming at the problems, the invention aims to provide an IPv6 option explicit source address encryption security verification gateway and a verification method.

The technical scheme adopted by the invention is as follows:

an IPv6 option explicit source address encryption security verification gateway, the security verification gateway device comprising:

the data probability acquisition module is used for carrying out probability acquisition on the transmission data to obtain a data packet and sending the data packet to the encryption function module;

the encryption function module is used for encrypting and signing the source IPv6 address in the data packet, loading the ciphertext obtained by signing into a hop-by-hop option header in the data packet and sending the data packet carrying the source address verification information to the destination terminal;

And the verification function module is used for verifying the source address information of the received data, the initialization creation of the dynamic verification table and the dynamic update.

Preferably, the data probability acquisition module comprises

The data acquisition module is used for carrying out probability sampling on the data packet and providing data of marking information for the encryption function module;

the key node dynamic identification module is used for monitoring the flow state of each transmission node in the transmission path, calculating and identifying the key node by utilizing complex network indexes, then carrying out encryption signature by the encryption function module, and carrying out verification by the verification function module.

Preferably, the encryption function module includes:

the first SHA224 hash module is used for encrypting the message digest MAC of the 28Byte generated by the source IPv6 address and preparing for the next digital signature;

the ECDSA signature module is used for generating a ciphertext C from the message digest MAC through digital signature and providing source address verification information;

the first ECC key library is used for generating key pairs (Pk, sk) by using an ECC key generation algorithm, and the key pairs (Pk, sk) are stored in the key library so as to facilitate the ECDSA signature module to extract keys;

and the sending module is used for sending the data carrying the source address verification information to the destination end to complete the first step of source address verification.

Preferably, the verification function module includes:

the receiving module is used for receiving a data packet carrying source address verification information and creating a local dynamic verification table by utilizing neighbor SAG initialization;

the hop-by-hop header verification module is used for judging bit values of hop-by-hop header option type fields in the data packet and selecting a source address verification mode;

the data reading module is used for reading the received data packet and acquiring a source IPv6 address and ciphertext C information;

dynamic verification table: creating a dynamically updated verification table by taking the triplet as a rule table entry, wherein the triplet comprises source IPv6, subnet prefix and Pk;

the clock module is used for providing a time signal for the dynamic verification table, periodically updating the dynamic verification table and defaulting to 3h as a period;

the second SHA224 hash module is used for hashing the acquired source IPv6 address, calculating a message digest MAC' for verification, and is an input of the verification module;

the ECDSA signature verification module is used for verifying the ciphertext C and recovering an original message digest MAC for verification, and is the other input of the verification module;

the second ECC key library is used for generating key pairs (Pk, sk) by using an ECC key generation algorithm, finding out a corresponding public key Pk according to the key library, providing a public key for the ECDSA signing module and providing corresponding key information for the dynamic verification table;

And the verification module is used for verifying the authenticity of the data source.

Preferably, the verification process of the verification module includes:

when single data is verified, the MAC 'is obtained through the second SHA224 hash module and is compared with the MAC of the ECDSA signature verification module, and if the MAC' and the ECDSA signature verification module are equal, the data sources are real; otherwise, the data is fake data; when stream data is verified, the received data is read, wherein the received data comprises source IPv6, MAC, pk or subnet prefix and Pk which are matched with tuple information of the source IPv6, the subnet prefix and the Pk in a dynamic verification table, and if the tuples are matched, the data source is real; otherwise, the data is falsified.

An authentication method of an IPv6 option explicit source address encryption security authentication gateway comprises the following steps:

step 1: encryption stage

101: initializing, and generating a key pair (Pk, sk) by using an ECC key generation algorithm for digital signature call;

102: the source IPv6 address of the data packet is hashed by a first SHA224 hash module, and a message digest MAC is calculated and used as input of an ECDSA signature module;

103: the ECDSA signature module calls a key pair of a first ECC key library, and digitally signs a message digest MAC by using a private key Sk to obtain a ciphertext C;

104: loading the ciphertext C into a hop-by-hop option header in the data packet to obtain a data packet carrying source address verification information, and then transmitting the data packet;

Step 2: verification stage

201: initializing, wherein the dynamic verification table is used for initializing and creating a local dynamic verification table by sharing the verification tables of adjacent SAGs;

202: and judging the bit value of the option type field in the hop-by-hop option header, and adopting a proper source address verification mode to perform verification operation.

Preferably, in step 202, the judgment and verification process is as follows:

if the single data verification is adopted, acquiring a source IPv6 address and a ciphertext C through data received by a destination terminal, extracting a public key Pk by using a unified key bank in an encryption stage and a verification stage, checking the ciphertext C by using the public key Pk to obtain an original message digest MAC, carrying out SHA224 hash on the source IPv6 address to obtain a new message digest MAC ', comparing the MAC with the MAC', if the values are the same, obtaining the data from a real source, receiving or forwarding the data, and adding the data as a tuple into a dynamic verification table; otherwise, the data is forged and should be discarded;

if the stream data verification is adopted, acquiring a source IPv6 address and a ciphertext C through data received by a destination end, knowing a corresponding public key Pk through a key store, forming corresponding tuple sources IPv6 and Pk or a subnet prefix and Pk, searching and matching tuple information in a dynamic verification table, and if the tuple is matched, determining that the data source is real, and receiving or forwarding the data; if the tuple is not found or not matched, a single data verification mechanism is entered for re-verification, if the tuple is judged to be real data, the data is received or forwarded, otherwise, the tuple is forged, the data is discarded, and the original verification mode is restored.

The invention has the beneficial effects that:

1. the system can encrypt the transmitted data and verify the transmitted data, thereby realizing the integration of encryption and verification. The integrated security verification gateway has universal applicability, can be inserted into transmission equipment, and realizes secure transmission on source to destination ends and paths. The method not only verifies the source authenticity of the data packet, but also reduces the deployment cost, makes up the defects and the integrated verification in wide deployment, and effectively defends the network attack behavior of the source address spoofing counterfeiting type.

2. The invention is designed as a plug and play module which can be plugged into routers, switches and PC terminals, thereby having the characteristic of incremental deployment and better adaptability.

3. Compared with the traditional SAVA equipment, the invention only marks partial data, and performs signature verification at key nodes on a transmission path, thereby improving the data transmission efficiency, reducing the calculation overhead and reducing the occupation ratio of network bandwidth.

4. Compared with the traditional SAVA equipment, the verification gateway can defend most of data spoofing counterfeiting type attack behaviors, has stronger defending efficiency, and can also remedy defending defects of other safety equipment.

5. In terms of data transmission efficiency, the authentication gateway has better data transmission performance compared with SAVA equipment or other types of source address authentication technologies. Because the scheme is based on the probability mark signature verification principle of the data packet and verifies through the key nodes on the transmission path, the verification cost is reduced, and the data transmission efficiency is further improved. 6. The potential safety hazard of data verification by introducing a third party is avoided, namely the third party is broken, so that the encrypted information can be broken, the source address is forged to obtain the trust of the terminal, and the illegal purpose of attack penetration is achieved.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 illustrates a basic design framework for a SAEAv6 verification scheme;

FIG. 2 illustrates key node identification for a network transmission topology;

FIG. 3 illustrates hop-by-hop options data structure definitions;

FIG. 4 shows a single data authentication flow (router for example) for SAG insertion into a network device;

FIG. 5 illustrates a Security Authentication Gateway (SAG) modular structure;

FIG. 6 illustrates a security verification workflow;

FIG. 7 shows experimental network communication results;

figure 8 illustrates the defensive power of a security verification gateway deployment based on the SAEAv6 scheme.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments.

Thus, the following detailed description of the embodiments of the invention is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The invention provides an ECDSA hop-by-hop option explicit source address encryption verification (Source Address Encryption Authentication scheme, SAEAv 6) method of an IPv6 network and provides corresponding security verification gateway equipment.

Overview of SAEAv6 verification scheme

An overview of the problem description, adversary model and SAEAv6 authentication methods to be solved is given in terms of the encryption authentication based source address authentication method. The source verification scheme proposed by the present invention is implemented based on end-to-end and path verification, i.e. the data packet passes through the sender (i.e. the data source, S), reaches the destination (the data receiver, D) along the expected path l= < S, R1, R2, …, ri, …, rn, D >, where i, n represents the path length (without the data sender), and S, D, ri and Rn are network entities in the network transmission topology. Under unreliable communication channels, intermediate routers may discard, modify, or change the forwarding path of data packets due to an attack or failure.

1.1 description of the problem and assumption

Source address verification problem: because each network transmission node (such as a router, a switch and the like) in the internet network only stores and forwards the data packet by using the destination IP address in the data packet when transmitting the data packet, the data packet Wen Nayuan IP address and the authenticity of the payload in the packet are not checked in the transmission process and the data packet is continuously forwarded, thereby possibly causing an attacker to tamper with the forged data packet endogenous IP address to deceive the destination terminal and further implement illegal attack actions such as invasion, theft or damage to the destination terminal.

According to a routing switching protocol such as Border Gateway Protocol (BGP) or road routing protocol (pathlength), it can be assumed that the source S can learn the expected traversal path of the packet transmission and can perform path verification at the critical node deployment in the path.

1.2 enemy model building

Tampering and spoofing of data packets: falsify the information of the data packet and spoof the destination D, such as the source IP address, header or payload data, etc.

And (3) data packet injection: the malicious router falsifies the data packet and sends the data packet to the destination end D, and notices that the data packet replay attack is a special case of attack packet injection.

DDoS and DoS attacks: as part of both attacks, consider an attack that runs out of memory and computation on a terminal, router, etc.

1.3AEAv6 verification scheme

The SAEAv6 authentication scheme is mainly: firstly, verification information is added to the transmitted data packets at the transmitting end S in a probability marking mode, instead of marking all the data packets at the transmitting end S, so that the consumption of network resources is reduced and the calculation overhead of a verification scheme is reduced; secondly, dynamically identifying transmission nodes in a topology path of data packet transmission by introducing index concepts (such as degree, centrality, intermediacy and the like) of a complex network, identifying key nodes of the data packet on the transmission path, and taking the key nodes as check nodes for checking the authenticity of a data packet source address; and finally, carrying out source address path verification and end verification on the transmitted data packet by the check node and the destination end D, judging the true reliability of the source of the data packet, and further reducing the threat behavior of network spoofing attack.

Therefore, according to the above description, the design principle of the SAEAv6 verification scheme is very simple and easy to understand, and the detailed design concept is to enable the Hop-by-Hop Option (Hop-by-Hop Option) in the IPv6 message field as a transmission carrier of verification information, and to use the SHA224 wichecsa digital signature algorithm as a security verification mechanism, so as to perform the design according to the idea of data packet identity verification. The SAEAv6 authentication scheme may employ an end authentication mode or may complete an authentication operation on a data transmission path. Unlike the conventional source address verification scheme based on encryption verification, the source address verification scheme does not perform the source address verification mechanism hop by hop and packet by packet in a network transmission full-path mode, and only performs dynamic verification at key network nodes in a transmission path, so that verification overhead and occupation of network resources are reduced, and forwarding efficiency of network data is improved. The basic design framework is shown in fig. 1, and the corresponding (Pk, sk) in the diagram is searched and obtained in the key store.

And carrying out modularized design according to the SAEAv6 verification scheme to realize the security verification gateway. The signature and verification of the data packet address information are realized through the security verification gateway, and the operation of source address verification is completed, wherein SHA224 hash is used as a message digest algorithm of a source IPv6 address, and ECDSA is used as a digital signature mechanism of source address verification.

SAEAv6 verification scheme design

2.1 dynamic identification of Key nodes

The transmission path information of the network data can be obtained through a routing protocol, such as BGP and Pathlet routing, and a network transmission topology is established according to the routing information, such as fig. 2, assuming an IPv6 network transmission topology, an exact transmission path is obtained through the routing information, traffic states of all transmission nodes in the transmission path are monitored, and key node information of the network topology is identified for the nodes in the transmission path by adopting metering indexes of a complex network. Described below by way of example in fig. 2: in the figure, entity network topology, abstract node topology and critical path topology are sequentially arranged from top to bottom, the transmission topology of an upper entity network can be abstracted into a node topology diagram, the critical nodes are calculated and identified according to the node topology of a middle layer by using complex network indexes (such as degree, authority, intermediacy and centrality), a lowest critical node path diagram is obtained, a data packet can be transmitted according to a critical node path and can also be transmitted according to other paths, but the key point is that the data packet is subjected to source address verification of data in critical nodes (namely orange nodes marked in figure 2) in the path to judge the authenticity of the data source when transmitted according to the critical path or other transmission paths.

There are two possibilities for data transfer according to the description above: one is that the data packet is transmitted according to the key path and checked at each key node, so the data transmission is equivalent to the hop-by-hop packet-by-packet verification, and the transmission safety is extremely high; the other is that data is not transferred according to a critical path, but is transferred by a route offset according to the routing information, but the transmission path where the data is located must have a plurality of nodes as critical nodes, because the critical nodes occupy important positions in the network topology, no critical nodes are switched around no matter which paths are passed, for example, the source end S passes through paths < R1, R3, R4, R6, R8 and R10> to reach the destination end D, so that the authenticity of the datagram is feasible at the critical nodes.

2.2 verification of Carrier design

The verification carrier selection of the SAEAv6 scheme is crucial, and the feasibility, applicability and compatibility of the whole source address verification scheme are related. Through research on various source address verification technologies, the hop-by-hop option head is found to have better compatibility and universality than a new design protocol or a new data option head when the network protocol runs. Thus, according to the principle of encryption verification, it is decided to enable hop-by-hop option headers in IPv6 messages. The reason for selecting the hop-by-hop option header is three: (1) The hop-by-hop option header cannot be inserted or deleted randomly in the transmission process of the data packet, and can be checked or processed at any node along the transmission path of the data packet; (2) The data packet is checked from IPv6 header, hop-by-hop option header, target option header, route header and the like in turn in the transmission checking stage, so that the data packet has the characteristic of quick check; (3) Because the data packet examines the hop-by-hop option header in each hop route of the network transmission, the possibility is brought for locating the attack source position of the forged data packet. If a data packet is transmitted and passes through a plurality of transmission nodes, the data packet is detected to be deceptive, and the last hop route of the transmission node is necessarily forged, so that the possibility of tracing the source of an attack end is brought. In summary, the hop-by-hop option header can not only exert its advantageous characteristics, but also enable better compatibility on network protocols, without unnecessary collisions for other types of network protocols. Therefore, the verification scheme has wider applicability, universality and compatibility than other verification protocols.

The hop-by-hop option header consists of five fields of a next header, a header extension length, an option type, an option data length and an option data, and the functions of the option type and the option data can be defined according to the user requirements. In order to better match with the SAEAv6 verification scheme, according to the IPv6 address protocol standard, the field functions of the next header and the header extension length in the hop-by-hop option header are defined by the IPv6 protocol standard, and the field functions of the option type field, the option data length and the option data are defined by the verification scheme. Wherein the total length of the hop-by-hop option header is defined as 32 bytes, the hop-by-hop option header field is 4 bytes, and the remaining field functions are defined as follows. Fig. 3 shows the field structure of the hop-by-hop option header.

(1) The next header (1 Byte) is included in the option extension header of the IPv6 message, and is used to identify the next header type, such as a 0-hop-by-hop option header, a 43-route header, a 44-fragment header, a 60-destination option header, etc.

(2) The header extension length (1 Byte), identifies the field length containing the option type, the option data length, and the option data, and does not contain the next header field. 8Byte is a unit length and must be an integer multiple of 8 Byte. The field value defaults to 0.

(3) The option type field (1 Byte) mainly performs verification judgment, and the specific definition of each bit value of the option type is as follows:

(1) the first, second and third bits are defined by the RFC8200 standard and will not be described in detail. Wherein the first two bits are used to define actions when the option type cannot be identified, default to 00; the third bit is used to identify whether the packet can be changed during transmission, and defaults to 0.

(2) The fourth bit is used independently to determine whether the node where the data packet is located is a critical node. Wherein: 0-common node; 1-key node.

(3) The fifth bit is used independently to establish and update the dynamic verification table in the security verification gateway. Wherein:

0-periodically updating the verification table, adding new rule table items, deleting invalid rule table items, and updating the self verification table;

1-initializing to create a validation table. And initializing and creating a verification table through the neighbor security verification gateway, and if the neighbor security verification gateway does not have the verification table, creating a dynamic verification table according to a single data verification mechanism. And (3) injection: this bit is applied when the device is turned on or re-accessed, and is typically not used, chang Mo considers 0.

(4) The sixth and seventh bits are used in combination to determine which source address verification mode to use:

00-default verification is single data verification (fine granularity), data are verified one by one, and data which are successfully verified are added into a dynamic verification table as tuples;

01-stream data authentication (coarse granularity), consulting dynamic authentication table, providing (source IPv6, MAC, pk) or (subnet prefix, pk) arbitrary tuple authentication mode. If the tuples are matched, the verification is successful, and the data is received or forwarded; otherwise, entering a single data verification mechanism, and recovering the verification mode after finishing verification and adding the successfully verified data as a tuple into a dynamic verification table;

10-only inquiring and verifying with the < source IPv6, MAC and Pk > in the verification table, if the tuples are matched, directly passing the verification, if not, entering single data verification, adding the data which is successfully verified into the verification table as the tuples, and recovering the original verification mode. Is generally applicable to single data or small-scale streaming data;

11-only inquiring and verifying with the < subnet prefix, pk > in the verification table, and if the tuples are matched, receiving or forwarding the data through verification; otherwise, single data verification is entered, the data which is verified successfully is added into the verification table as a tuple, and the original verification mode is restored. Is often suitable for large-scale streaming data and provides a probabilistic verification mechanism.

(5) Eighth bit, reserve for use and reserve for other purposes.

(4) Option length (1 Byte), length of the identification option data, 28 bytes defined, and field value 28 (00011100).

(5) The option data is source address information, i.e., a payload, used to carry the SAEAv6 authentication scheme. Authentication information is provided for the destination, which includes ciphertext (28 Byte).

3. Security verification mechanism

The security verification of the internet network data generally adopts a hash algorithm, a symmetric encryption algorithm and an asymmetric encryption algorithm as encryption mechanisms of the security verification. The hash function comprises MD5, SHA, CRC and the like, and the MD5 and SHA series functions are commonly used as a message digest algorithm in the field of network information security, so that a value or a character string with any length can be hashed to generate a message digest with a fixed length, and the hash function has the characteristics of high hashing property and unidirectionality. MD5 and SHA-1 have been found to be weak and compromised by the cryptast, making them no longer advantageous for strong crashworthiness and compromising security. SHA-2 is therefore commonly used in the world network security field as a message digest algorithm in data encryption and authentication. The method is widely applied to data encryption and identity authentication, such as SSL, PGP, IPsec and other security protocols. The SHA-256 and the SHA-512 are relatively common hash functions, have the same function structure but different definition unit elements, use different offsets and execute different circulation times, and become the hash functions with high safety nowadays; and SHA-224 and SHA-384 are truncated versions of the two functions respectively inherit the advantages of strong security and the like. Therefore, because SHA-224 has the general security of SHA-256 and the generated digest has moderate length, the auxiliary digest algorithm using SHA-224 as the present source address verification scheme is particularly suitable.

Symmetric and asymmetric encryption algorithms use encryption mechanisms such as DES, AES, RC, RSA, DSA, ECC, etc. as a conventional source address verification technique. The traditional security verification scheme has the defect that when a symmetric encryption algorithm is adopted, for example, each pair of transceivers use a unique key each time when the symmetric encryption algorithm is adopted, so that the number of keys owned by the transceivers is increased in geometric progression, the key management is difficult, and the cost is high. In contrast to public key encryption algorithms, symmetric encryption algorithms can only provide encryption and authentication but lack signature functionality, resulting in a reduced range of applications. The integrity of the digital signature of the data is easy to verify by the public key encryption algorithm, and the digital signature has non-repudiation. This feature has certain advantages for network data source address verification and higher security than symmetric encryption algorithms. Therefore, the public key encryption algorithm is selected as the main encryption mechanism of the research, and the ECC elliptic curve encryption algorithm is determined and selected according to the comparison of the quality of the public key encryption algorithms in table 1.

Table 1 public Key encryption Algorithm Advance contrast

Since ECDSA is a digital signature mechanism based on the asymmetric private key encryption of the ECC elliptic encryption algorithm, the security is based on the difficulty of solving the discrete logarithm solution of the elliptic curve, so that the study on the response of ECDSA from the ECC elliptic encryption algorithm has two application modes: (1) public key encryption private key decryption when used in an encryption algorithm; (2) When used in a signature algorithm, the private key signature public key is verified, so ECDSA is realized based on an ECC signature algorithm. Compared with the most common RSA public key cryptosystem, the ECC encryption system has the advantages of long RSA key ciphertext, slow operation, low efficiency and low ciphertext security intensity below 1024 bits; the key ciphertext of the ECC is short, the operation is quick, the efficiency is high, the occupied memory is small, and the smaller key can be used to provide higher security intensity. In view of the above-described advantages of ECDSA, determining to use the brainp olp224r1 curve to perform the ECDSA signature mechanism may provide a 224-bit key security strength matching the 2048-bit key security strength of RSA.

According to the above, the SAEAv6 verification scheme selects a high-security SHA224 witkeDSA digital signature algorithm. In order to make the signature mechanism more suitable for the scheme, the SHA-224 auxiliary hash and the ECDSA signature mechanism based on the BRAIPOOLP 224r1 curve are adopted to be matched with each other to generate signature ciphertext with 28byte length, so that the problem of MTU communication caused by filling the ciphertext into a message header due to overlarge ciphertext is avoided, and the verification of data integrity is facilitated. The feasibility of the SAEAv6 verification scheme is supported, and the safety of the SAEAv6 verification scheme is guaranteed.

Based on the above study, the present invention provides an IPv6 option explicit source address encryption security verification gateway, the security verification gateway device is a logic function module designed based on SAEAv6 verification scheme as security verification gateway, it first identifies the node condition of local network deployment, then determines to take corresponding source address verification mode by judging the bit value of option type field in hop-by-hop option header, and then applies SHA224 witECDSA digital signature to perform signature verification to complete the source address verification operation of data packet. The SAG can be inserted into network transmission equipment to be used as a source address verification function module in the SAG to identify the authenticity of a data source address, has the advantages of integration, easiness in operation, strong compatibility, low cost and the like, can be widely deployed in various network environments, and has good universality and practicability. Fig. 4 shows an example of source address verification by a router at a critical node of the SAG insert network.

The security verification gateway device includes:

the encryption function module is used for encrypting and signing a source IPv6 address (namely a source address) in the data packet, loading a ciphertext obtained by signing into a hop-by-hop option header in the data packet, and sending the data packet carrying source address verification information to a destination terminal;

Data probability acquisition module

The data probability acquisition module performs probability sampling on the data packet and sends the data packet to the encryption function module to perform verification information marking on the data packet. The data triggering type data acquisition system comprises a data acquisition module and a key node dynamic identification module, wherein the data triggering type probability acquisition is carried out through the combination of the two modules, and data of marking information is provided for an encryption function module. And a data acquisition module: the data can be collected by means of software design or hardware integration, etc. Are widely used in the market at present; and the key node dynamic identification module monitors the flow state of each transmission node in the transmission path, calculates and identifies the key node by utilizing complex network indexes, then carries out encryption signature by the encryption function module and carries out verification by the verification function module. (Complex networks are a term of art on computer networks, and are also a field of computer network research, and are introduced to confirm the criticality and importance of a transmitting node using some metrics (e.g., degree, centrality, intermediacy, etc.) on complex networks.)

Encryption function module

The encryption function module encrypts and signs a source IPv6 address in the data packet, the ciphertext obtained through the signature is loaded into a hop-by-hop option header in the data packet, and the data packet carrying source address verification information is sent to the destination terminal. Compared with a complex verification function module, the system has the advantages of simple structure and single function, and only comprises four parts of an SHA224 hash module, an ECDSA signature module, an ECC key library and a sending module. The modules are designed as follows:

(1) First SHA224 hash module: the message digest MAC used to encrypt the source IPv6 address to generate 28Byte is prepared for the next digital signature.

(2) ECDSA signature module: ECDSA is implemented by an ECC-based signature algorithm, and the ECDSA signature principle is shown in table 1. The method generates ciphertext C from the message digest MAC through digital signature, and provides source address verification information.

Table 1 digital signature algorithm of ECDSA

(3) First ECC keystore: the key pair is generated by using an ECC key generation algorithm, and the key pair (Pk, sk) is stored in a key bank, so that the ECDSA signature module can conveniently extract the key, and the time is not wasted to temporarily generate the key.

(4) And a sending module: and sending data carrying source address verification information to a destination end to finish the first step of source address verification.

Verification function module

The verification function is an important function of the SAG. After the selection of the value of the field bit of the option type in the hop-by-hop option header of the received data is judged, the application of ECDSA to perform signature verification or search a dynamic verification table after the decision of adopting a proper source address verification mode, the source address verification along a transmission path and a source/destination end is completed, and the reliable transmission of the data stream is ensured. The method provides two verification mechanisms of stream data (coarse granularity) and single data (fine granularity), wherein the coarse granularity verification can carry out probabilistic verification, has high running speed and high safety, and is suitable for verifying large-scale stream data; the fine granularity verification can carry out finer verification, the running speed is reduced compared with the coarse granularity verification, but the security is extremely high, the service experience of a user cannot be reduced, and the method is suitable for verifying single data and small-scale stream data. The SAG verification function module consists of nine modules including a receiving module, a head-by-head verification module, a data reading module, a dynamic verification table, a second SHA224 hash module, a clock module, an ECDSA verification module, a second ECC key library and a verification module, and the nine modules with single functions are matched with each other to provide a complex source address verification function. The function design of each module is as follows:

(1) And a receiving module: for receiving data packets carrying source address verification information and creating a local dynamic verification table using neighbor SAG initialization.

(2) And the hop-by-hop header checking module: is a module for judging the bit value of the hop-by-hop header option type field in the data packet so as to select a proper source address verification mode.

(3) And a read data module: and reading the received data packet to obtain the source IPv6 address and the ciphertext C information.

(4) Dynamic verification table: creating a dynamically updated verification table by using the triplet (source IPv6, subnet prefix, pk) as a rule table entry is a key module for stream data verification. There are two situations for updating the validation table: firstly, when the equipment is started or re-accessed, the verification table of the neighbor SAG is automatically shared to initially create a local verification table; and secondly, adding the successful data which completes single data verification into a dynamic verification table as a tuple to be created for comparison of stream data verification. And the verification table is updated periodically through the clock module to efficiently finish stream data verification.

(5) And (3) a clock module: and providing a time signal for the dynamic verification table, and updating the dynamic verification table periodically, wherein the default time is 3 h. The manual setting can be performed according to the actual application scene.

(6) A second SHA224 hashing module: the obtained source IPv6 address is hashed, a message digest MAC 'is calculated for verification, and the message digest MAC' is input to a verification module.

(7) ECDSA signature verification module: and checking the ciphertext C to recover the original message digest MAC for verification, wherein the verification is the other input of the verification module. Table 2 shows the public key signature principle mechanism of ECDSA.

Table 2 signature verification algorithm for ECDSA

(8) Second ECC keystore: and generating a key pair by using the same ECC key generation algorithm as the encryption module to form a unified key library. And finding out a corresponding public key Pk according to the key library, providing a public key for the ECDSA signing module, and providing corresponding key information for the dynamic verification table.

(9) And (3) a verification module: is a module for comparing numerical values. When single data is verified, the MAC 'is obtained through the SHA224 hash module and compared with the MAC of the ECDSA signature verification module, and if the MAC' and the ECDSA signature verification module are equal, the data sources are real; otherwise, the data is falsified. When stream data is verified, reading (source IPv6, MAC, pk) or (subnet prefix, pk) through received data, and matching (source IPv6, subnet prefix, pk) tuple information in a dynamic verification table, wherein if the tuples are matched, the data source is real; otherwise, the data is falsified.

In addition, the invention also provides an ECDSA hop-by-hop option explicit source address encryption verification method of the IPv6 network, as shown in fig. 6, comprising the following steps:

step 1: encryption stage

step 2: verification stage

201: initializing, wherein the dynamic verification table is used for initializing and creating local dynamic verification by sharing the verification table of the adjacent SAG;

202: by judging the bit value of the option type field in the hop-by-hop option header, adopting a proper source address verification mode to carry out verification operation;

if the single data verification is adopted, acquiring a source IPv6 address and a ciphertext C through data received by a destination terminal, extracting a public key Pk by using a unified key bank in an encryption stage and a verification stage, checking the ciphertext C by using the public key Pk to obtain an original message digest MAC, carrying out SHA224 hash on the source IPv6 address to obtain a new message digest MAC ', comparing the MAC with the MAC', if the values are the same, correctly acquiring the data, receiving or forwarding the data, and adding the data as a tuple into a dynamic verification table; otherwise, the data is forged and should be discarded;

If it is determined that stream data verification is adopted, acquiring source IPv6 and ciphertext C through data received by a destination end, knowing a corresponding public key Pk through a key store, forming a corresponding tuple (source IPv6, pk) or (subnet prefix, pk), searching and matching the tuple information in a dynamic verification table, and if the tuple is matched, determining that the source of the data is real, and receiving or forwarding the data; if the tuple is not found or not matched, a single data verification mechanism is entered for re-verification, if the tuple is judged to be real data, the data is received or forwarded, otherwise, the tuple is forged, the data is discarded, and the original verification mode is restored. The method has the advantages that misjudgment and missed judgment phenomena can be reduced, and the accuracy of verifying the data source address is improved.

SAEAv6 protocol evaluation

4.1 experimental analysis

The pure IPv6 network built by using the IPv6 address and the RIP static routing protocol by using the Cisco Packet Tracer simulator has the communication condition shown in figure 7. According to the network topology diagram, the network is assumed to be gigabit bandwidth, the average transmission distance is 5km by using optical fiber connection, the SAG utilizes OpenSSL model simulation to measure the interactive signature of ECDSA through Java to verify the signature of ECDSA, the average processing time delay of signature verification is 11.3ms and 14.7ms, the obtained average processing time delay is reduced along with the improvement of computer performance, the time delay difference measured when Java and Python are used for simulation is large, larger errors can be generated according to the difference of algorithm programs and the computer performance, java simulation time delay is adopted for considering network load balance, relevant performance indexes are measured and calculated, and index data are analyzed.

Table 3 is experimental data of SAG simulating application in different bandwidth networks in an access domain scene, and it can be seen that the data transmission delay and transmission rate of SAG used in different bandwidths are slightly different from those of SAG not used, but the difference is very small, which means that the network speed will not generate great fluctuation when SAG is used in the network, so that the service experience of users using the network will not be reduced, so that SAG used alone from the two experimental data will not have obvious influence on the network speed, and too much bandwidth will not be occupied in data transmission.

Table 3 experimental data using SAG in access domain

Table 4 experimental data using SAG in three scenarios of SAVA

From the maximum transmission time in table 4 it is seen that the simulated IPv6 network is stable, the impact of other network factors on the performance index can be ignored, and the network delay for SAG use is at least about 47.88ms for different scenarios of the network. Network engineers can evaluate the quality of the existing network environment according to network delay, and usually consider that the IPv4 network delay range is 1-30ms, which indicates that the network speed is extremely fast and delay is hardly perceived; 31-50ms indicates that the network speed is fast without obvious delay; 51-100ms indicates that the network speed is slightly slow and has slight delay; 100ms indicates the network speed difference, and the phenomena of blocking, packet loss and wire-dropping exist. Although the above delay range is used to evaluate the IPv4 network, it is possible to abstract and predict the network speed condition of using the SAG in the IPv6 network environment according to the above delay range, and according to the delay result prediction, it is known that using the SAG in the IPv6 network does not affect the network speed and does not reduce the service experience of the network user, so that it is possible to estimate that the SAG has the applicability of the IPv6 network and can be used in any SAVA network scenario. The SAEAv6 authentication scheme has proven to be a viable solution for IPv6 networks.

4.2 validity analysis

According to the SAG deployment in three network scenes of the access domain, the AS domain and the AS domain, the network defense capability of single deployment and joint deployment can be obtained, the obtained benefits are further improved along with the increase of the number of deployments, and the deployment stimulus of 'who deploys and who benefits' is achieved. According to the network topology of fig. 7, assuming deployment in these three network scenarios, the network defenses obtained are different, and the detailed analysis is as follows:

scenario one access domain deployment: the SAG can be deployed in the access domain by adopting two modes of terminal deployment and key node deployment to improve the security of data transmission, the terminal deployment provides the defensive capability of the granularity of a host, and the other deployment mode provides the protection of an access layer. According to the data packet security verification mechanism of the SAEAv6 scheme, dynamic security protection can be carried out on single data and stream data, and the two protection effects are different. For example, the security protection capability of terminal data transmission can be enhanced when a single data verification mechanism is used, and an attacker cannot attack the signature verification mechanism of the SHA224 witnessed DSA because the ECDSA signature algorithm uses 224-bit keys, the security strength of which is far higher than that of RSA 1024-bit keys, and even if the attack needs at least 10 ²⁰ MIPS year; the stream data verification mechanism adopts a probabilistic filtering mechanism, the security defense efficiency of the probabilistic filtering mechanism is reduced compared with that of the former verification mode, but the probabilistic filtering mechanism has no great influence on the transmission rate of network data, so that the fake data packet is filtered under the condition of ensuring that the network speed is not reduced, and the source security of the data is verified.

Deployment in a scene two AS domain: SAG deployment can be carried out on the exit/entry routing nodes or the key nodes in the AS domain, so that the safety of network communication of all levels in the domain can be ensured, and the generation of attack behaviors caused by the fact that any node in the domain falsifies data and spoofs each node in the domain is prevented. The arrangement of the exit/entrance routing node provides the deception prevention of the inward traffic outside the AS domain, and ensures the safety of the inward and outward communication inside the AS domain; AS for deployment at critical nodes, inter-AS domain node data authentication is provided, providing domain-wide secure communications. The data access of all levels of networks in the AS domain is improved to a certain extent, so that the safety interaction of the data in the AS domain is ensured from inside to outside or from outside to inside.

Scene three AS inter-domain deployment: the security protection between AS domains depends on SAG deployed by a border router on the AS domains, the border router utilizes Border Gateway Protocol (BGP) to judge the AS domain source of data traffic, and judges whether the data is based on data transmitted between the AS domains, and then a network data verification mechanism between the AS domains is applied to ensure the data integrity and non-counterfeitability of the inter-AS domain communication and avoid network attack behavior of deception counterfeiting type. It should be noted that the data security verification mechanism provided between AS domains is mainly based on stream data security, and provides security data protection according to probability of network address prefix, and the defending efficiency is slightly reduced compared with the defending capability of access domain and AS domain, but the inter-domain data transmission rate is ensured to be within the standard range.

In summary, the security verification gateway (SAG) based on the SAEAv6 verification scheme is deployed correspondingly according to different network scenarios, so that the security defense efficiency in each network scenario can be improved again on the basis of the original network protection. In the above description, it can be seen that a bottom-up, inside-out security protection mechanism is provided, from access domain terminal authentication to AS domain data level authentication to AS domain inter-domain zone level authentication, from micro-to-macro, providing a systematic incremental deployment of network defense modes, the defense efficiency of which is shown in fig. 8. As can be seen from fig. 8, when large-scale deployment is performed on the network, the network defense efficiency is greatly improved along with the continuous expansion of the deployment scale, and the effectiveness of the network defense based on the SAEAv6 verification scheme is further shown.

4.3 Security analysis

SAG is designed based on SAEAv6 verification scheme, and according to the verification rule of SAEAv6 verification scheme, the integral security of SAEAv6 verification scheme can be known to be established on verification strategy and digital signature algorithm, and the SAG are combined to form extremely strong verification rule, and the verification rule dynamically verifies according to the data flow so as to form a comprehensive defense system. The method has stronger defense efficiency in the access domain and the AS domain, because a relatively strong defense rule can be formed between the access domain and the AS domain by being configured on each transmission node or being installed in an upstream router or a switch, the security efficiency in the AS domain is slightly lower than the application scene in the access domain and the AS domain, but the defense effect of a protection boundary can be achieved by only arranging the edge router between the AS domains, the cost is slightly larger but the service experience of network users is not reduced, and compared with the traditional security communication mode, the method has stronger defense efficiency and can reduce the probability of missed judgment and misjudgment. In other words, the configuration of SAG may reduce false positives, false negatives of network data authenticity identification.

The theoretical framework of the SAEAv6 scheme relies on the rules mechanism formed by the verification policy and the SHA224WithECDSA digital signature algorithm. The verification strategy is shown in the figure 3, has two strategies of single data verification and stream data verification, judges which verification mode is used according to the bit value change of the hop-by-hop options, further forms a strict dynamic verification strategy, and plays a certain defending effect on data source verification; the SHA224 wittedsA digital signature algorithm is a stronger and safer digital signature mechanism formed by adopting SHA224 hash and an ECDSA digital signature algorithm based on an ECC elliptic encryption algorithm, and the security of the ECDSA is established on the difficulty of solving an ECC elliptic curve discrete logarithm solution, has the characteristics of low operation complexity and high security, can provide higher security strength by using a smaller key, and the security of the two is greatly improved by re-fusing the two, compared with the existing source address verification algorithms such as HMAC-MD5, HMAC-SHA1, RSA, CGA and the like, the operation speed is high, the occupied memory is less, the time cost is low, and the security is higher. Therefore, the SHA224 witkeDSA digital signature algorithm is selected as a core security algorithm of the SAEAv6 verification scheme, and can provide higher, stronger and more effective defensive capability. Table 5 is a comparison table of the SAEAv6 authentication scheme with the conventional source address authentication technique, and it can be seen that the SAEAv6 authentication scheme has better security advantages than the conventional source address authentication technique.

TABLE 5 comparison of SAEAv6 technology with conventional technology

According to tables 3 and 4, the SAG has smaller difference in performance indexes such as transmission delay, transmission rate, delay and the like, does not affect the transmission rate of the network and the service experience of network users, is suitable for the IPv6 network, and further proves the feasibility of the SAEAv6 verification scheme. The security analysis of the SAEAv6 verification scheme shows that the security intensity is far higher than that of the 1024-bit RSA public key encryption system, and the SAEAv6 verification scheme has better advantages in deployment, cost and defense compared with the traditional source address verification technology according to the table 5. In summary, the SAEAv6 authentication scheme is a viable, efficient, and secure source address authentication scheme.

The foregoing is merely illustrative of the present invention and not restrictive, and other modifications and equivalents thereof may occur to those skilled in the art without departing from the spirit and scope of the present invention.

Claims

1. An IPv6 option explicit source address encryption security verification gateway, the security verification gateway device comprising:

the data probability acquisition module is used for carrying out probability sampling on the transmission data packet and sending the transmission data packet to the encryption function module;

the verification function module is used for verifying the source address information of the received data, the initialization creation of the dynamic verification table and the dynamic update;

the data probability acquisition module comprises:

the key node dynamic identification module is used for monitoring the flow state of each transmission node in the transmission path, calculating and identifying the key node by utilizing complex network indexes, then carrying out encryption signature by the encryption function module, and carrying out verification by the verification function module;

the encryption function module includes:

The sending module is used for sending data carrying source address verification information to the destination end to complete the first step of source address verification;

the verification function module includes:

2. The IPv6 option explicit source address encryption security verification gateway of claim 1, wherein the verification process of the verification module comprises:

3. ECDSA hop-by-hop option explicit source address encryption verification method for an IPv6 network applied to a security verification gateway as claimed in claim 1 or 2, comprising the steps of:

step 1: encryption stage

step 2: verification stage

4. The ECDSA hop-by-hop option explicit source address encryption authentication method for IPv6 networks according to claim 3, wherein the determining and authentication procedure in step 202 is as follows: