FR2878671A1 - METHOD FOR AUTHENTICATING DISCOVERY OF NEIGHBORHOOD IN THE IP NETWORK ENVIRONMENT FROM A CANDIDATE TERMINAL TO NETWORK ACCESS - Google Patents

Abstract

The invention relates to a method for authenticating IP network neighborhood discovery of a terminal (T). A respective private cryptographic value (CVp, CVc) each value (CVc) of a daughter DNS zone that can be authenticated by the value (CVp) of the parent DNS zone is allocated (A) to each parent DNS zone. On a first access request from a terminal (T) to the IP network, a routing authorization registration procedure is started (B) from the access router (RA) of the child access area. issuing by the DNS server of the parent DNS zone a routing certificate (Cert (RA)) and launching (C) from the access router (RA) an authentication procedure of the routing certificate A (Cert (RA) ), depending on the private cryptographic value allocated to the parent DNS zone. Application to secure fixed or mobile terminal connections on the IP or Internet network.

Description

2878671 1

  The invention relates to a method for authenticating the neighborhood discovery of the IP network environment of a terminal candidate for network access.

  When a terminal, mobile or fixed, connects to an IP network, in particular the Internet, the latter is brought to enter into communication with the network equipment for routinely routing the digital data carrier of the transaction.

  In current IP networks, managed by the IPv6 protocol, this protocol makes it possible to manage the mobility of nomadic terminals that can connect to them.

  When, in particular, a mobile or fixed terminal changes its point of attachment, the latter, as part of the aforementioned protocol, implements a network discovery procedure on the local link, a procedure designated by the neighborhood discovery procedure. the environment, called "Neighbor Discovery" in English.

  The above procedure is the subject of the IETF Recommendation referenced RFC 2461 Neighbor Discovery for IP Version 6 (lPv6) edited by T. Narten, E. Nordmark and W. Simpson, December 1998.

  The aforementioned procedure applies equally to any nomadic terminal, still referred to as a mobile node, visiting a visiting network as to fixed terminals which connect to this network.

  It allows in particular the terminal, mobile or fixed, candidate for access, hereinafter designated candidate terminal, to collect information, such as network prefix on the local link, available router address or others, which will allow it to auto -configure to automatically execute the connection.

  For this purpose, the candidate terminal decodes the network prefix type information, contained in the announcement messages sent in the access network to which access is requested. It also stores the IP address of the sending router, network access router RA, and thus updates its communication paths to maintain the IP sessions in progress, by taking this new route.

  The above procedure, as currently established, is not secure. In particular, no authorization verification procedure 2878671 2 routers, including the access router, to perform their routing function is provided.

  In fact, it is by no means possible, at present, for the above-mentioned candidate terminal to discover with certainty which network equipment, in particular routers, are authorized to route the data on the access network. that is, receiving and forwarding to the appropriate network node the data packets of the terminals that the visiting network hosts.

  The user of the candidate terminal can not, under any circumstances, be protected from malicious or hacker devices that are in particular likely to be connected to the network of visits, in order to usurp the quality of legitimate or authorized equipment and to divert the data traffic, to allow the theft of information or to modify the data traffic.

  In order to overcome the aforementioned drawback, by checking the authorization and the legitimacy of the access router, a development recommended by the IETF working group called Securing Neighbor Discovery was the subject of a text of Standardization called SEND, for SEcure Neighbor Discovery, referenced draft-ietf-send-ndopt-06, draft IETF, published by J. Arkko, J. Kempf, B. Sommerfeld, B. Zill and P. Nikander.

  The aforementioned development attempts to secure these exchanges using a key management infrastructure (PKI).

  In particular, the above-mentioned standardization text introduces the use of X 509 certificates and specifies that the access router sends the candidate terminal a certificate that proves that the prospective access router is allowed to route the data packets for a prefix. given network.

  For the candidate terminal itself to be able to verify this certificate, it is however necessary for the access router to transmit to the latter a chain of certificates.

  The validation of the routing authorization granted to the prospective access router 30 via a chain of certificates poses the following delicate technical problems in many cases.

  - The network routers must all be configured with a key pair and a certificate from at least one CA.

  2878671 3 - In the general case, the candidate terminal does not know the root certificate of the chain of certificates constituting a chain of trust, sent by the access router, which makes the proposed solution inoperative. In order for the candidate terminal to validly verify the aforementioned chain of trust, it appears necessary that it has all the root certificates of all the network operators, such as telecommunications operators, access providers, public or private hot spots. or others. In particular, in the case of mobile candidate terminals, the possibilities of connectivity are too great because of the diversity of the types of networks and the operators actors encountered during a connection for the aforementioned mobile candidate terminal to be able to store all the possible root certificates. One solution to the aforementioned major constraint could be to have all network operators adopt the same certification authority. Such a solution is highly unlikely.

  Finally, if the candidate terminal has only one active connection interface but does not have the root certificate, all the data packets pass through the unauthenticated router whose candidate terminal can not validly request verification, because the results can be modified or altered by this router if it is a malicious router.

  In the absence of verification of the aforementioned chain of trust, the candidate terminal has no certainty as to the authenticity and legitimacy of the routing function exerted by the prospective router.

  The present invention aims to overcome the disadvantages of the techniques and developments of the prior art.

  In particular, an object of the present invention is the implementation of an authentication method for verifying the legitimacy of a device, such as a router, to perform the data packet routing functions from the domain name infrastructure associated with the IP network, in the absence - introduction of any modification of the candidate terminal; - constraint, for each of the routers, to have a certificate from a certification authority.

  Another object of the present invention is also the implementation of a method for authenticating or verifying the legitimacy of a device, such as a router, by taking advantage of the DNS architecture of the servers 2878671 4 DNS managing the DNS zones of the IP network, allowing to certify and verify the authorization of the routers on the access networks.

  Another object of the present invention is also the communication, real or virtual, by a prospective access router, of the chain of trust represented by the routing authorization issued to this prospective access router, to any candidate terminal for acceptance.

  Another object of the present invention is finally the implementation of a method of authentication or verification of the legitimacy of a device, such as a router, by taking advantage of the DNS architecture of the DNS servers managing the DNS zones of IP networks, allowing any prospective access router to register for authentication with any DNS server with which it is hierarchically submitted.

  The method for authenticating the neighborhood discovery of the IP network environment of a candidate terminal for network access, which is the subject of the present invention, applies to any IP network managed by a plurality of DNS zones formed by a server. DNS root and by intermediate DNS servers, each DNS zone being associated with one of the DNS servers, these zones and DNS servers being configured according to a tree of parent DNS zones and girls DNS zones between a root DNS zone and a zone DNS access girl, from which this candidate terminal performs this access by connecting to the IP network.

  In addition, each DNS zone, parent respectively daughter, is allocated a specific private cryptographic value, each private cryptographic value allocated to a daughter DNS zone being capable of being authenticated via the private cryptographic value associated with the DNS zone. parent immediately superior to this tree structure.

  It is remarkable that, on the first access request to the IP network by connecting a candidate terminal to a router in the access girl DNS zone, this router constituting an access router, it also consists in launching from the access router to at least one of the DNS servers of a DNS zone, a routing authorization registration procedure is used to generate and transmit to the access router a certificate of authorization of routing issued by the parent DNS zone server and consisting of a signature value of parameters specific to this access router, this signature value being obtained from the private cryptographic value allocated to the parent DNS zone, then, to launch via the access router a routing authorization certificate authentication procedure by verifying the signature value according to the private cryptographic value allocated to the parent DNS zone.

  Preferably, the specific private cryptographic value is constituted by a secret key held by the parent DNS zone and the DNS server associated with it, this secret key being used to electronically sign the DNS resource information and obtain the signature value of the DNS resources. DNS resource information, and by a public key associated with this secret and freely available key, this public key being used to electronically verify the signature value of the DNS resources.

  The method that is the subject of the present invention finds application in the securing of transactions or protocols for exchanging data in an IP network for any type of terminal accessing, on connection, to such networks.

  It will be better understood from reading the description and from the following drawings, in which: FIG. 1 represents, by way of illustration, a flowchart of the essential steps for implementing the method which is the subject of the present invention; ; FIG. 2a represents, by way of illustration, a graphical representation of the step of allocating to each DNS zone, parent or daughter, a specific private cryptographic value, represented in FIG. 1; FIG. 2b represents, by way of illustration, a detailed flowchart of the steps for implementing the routing registration procedure represented in FIG. 1; FIG. 2c represents, by way of illustration, a detailed flowchart of the steps for implementing the authentication procedure of the routing authorization certificate represented in FIG. 1; FIG. 2d represents, by way of illustration, a public key authentication process associated with the private key held by each DNS server; FIG. 3 represents, by way of illustration, a flowchart of the essential steps of preferential implementation of the method which is the subject of the invention in an optimized version of the point of view of the volume of traffic necessary for the implementation of the latter on the IP network visited; FIG. 4a represents, by way of illustration, a particular network configuration and an elementary data structure of authentication request declaration of a routing DNS resource, in accordance with the method that is the subject of the present invention; FIG. 4b represents, by way of illustration, a declaration data structure of a routing DNS resource stored in memory of a DNS server comprising elementary data structures for defining a given DNS zone, in particular a structure basic DNS authentication request declaration data set as shown in FIG. 4a; FIG. 5 represents, by way of illustration, a flowchart of a preferential, nonlimiting internal protocol for verifying the routing authorization certificate implemented by a candidate terminal, in accordance with the subject of the present invention.

  A more detailed description of the method for authenticating the neighborhood discovery of the IP network environment of a terminal candidate for network access, in accordance with the subject of the present invention, will now be given in connection with FIG. the following figures.

  In general, with reference to FIG. 2a, it is recalled that the IP network is managed by a plurality of DNS zones formed by a root DNS server and by intermediate DNS servers, each DNS zone being associated with one of the DNS servers. The set of DNS zones and DNS servers is noted (1) n [Z DNS, SDNS DNS zones and DNS servers are configured according to a tree of parent DNS zones and girls DNS zones between a root DNS zone and a zone DNS access girl of the candidate terminal, the candidate terminal T executing this access by connection to the IP network. The connection to the IP network of the candidate terminal T is carried out via a router R. Referring to FIG. 2a, it is indicated that the DNS servers are noted by way of simplification So for the root server and S1, k for any hierarchical rank server I represented for convenience of representation in FIG. 2a on the same line, the index k representing a DNS server identifier under the authority of a DNS server denoted SI-1, k.

  Thus, any DNS zone Z1-1, k, associated with a DNS server denoted SI.1, k, is a parent DNS zone, ZDNSp, of a daughter DNS zone, ZDNSc, associated with a DNS server denoted SI, k.

  The preceding notation is valid regardless of the hierarchical rank of the DNS server considered and the DNS zone associated with the latter.

  In addition, at each parent DNS zone respectively ZDNSP zone respectively ZDNSC, is allocated, A, a specific private cryptographic value, denoted CVp for the specific private cryptographic value allocated to any DNS zone and to any parent DNS server, respectively denoted CVc. for any specific private cryptographic value allocated to any child server associated with a child DNS zone.

  Thus, in relation with FIGS. 1 and 2a, it is indicated that: CVp = CVI 1, k CVc = CVI, kE According to a remarkable aspect of the method that is the subject of the present invention, each private cryptographic value allocated to a daughter DNS zone is susceptible to be authenticated via the private cryptographic value CVp associated with the parent DNS zone immediately higher than the tree structure.

  This allocation operation carried out in step A is represented by the symbolic relation (2) (ZDNSp ZDNSc) (CVp, CVc) -4cvp (CVc) = true In the previous relation, it is indicated that the equality 91cvp (CVc ) = true means the successful authentication operation of each private cryptographic value allocated to a child DNS zone through the private cryptographic value associated with the next higher parent DNS zone of the tree structure.

  The aforementioned authentication process represented by the previous equality can advantageously be implemented from any signature process, eg signature verification of the daughter cryptographic value CVc by means of an authentication algorithm. signature, signature verification set by the private CVp cryptographic value associated with the DNS zone and the parent DNS server.

  Because of the allocation of each specific private cryptographic value, each of the DNS servers of the tree structure represented in FIG. 2a, according to a particularly remarkable aspect of the method that is the subject of the present invention, thus constitutes a network of confidence allowing, in particular to actually or implicitly reconstruct a chain of trust in controlling the routing of the data packets by successive checks of the different DNS zones via the parent and child DNS servers, as will be described later in the description.

  Of course, the allocation to each parent DNS zone respectively daughter of a specific private cryptographic value is performed only once per network configuration, subject to a cryptographic value change process intended to enhance the network security, as well as it will be described later in the description, to ensure a high level of immunity to any malicious attack for example.

  Given the aforementioned elements, the method which is the subject of the present invention then consists, on first access request to the IP network for connection of a candidate terminal T to a router R of the access girl DNS zone, this daughter DNS zone. access can of course be totally any of the DNS zones defined by the tree represented in FIG. 2a, consists in launching from the router R constituting a prospective access router RA, because of the attempt to connect the terminal T to the latter, to launch via the access router RA to at least one of the DNS servers of a parent DNS zone a routing authorization registration procedure represented in step B of FIG. generating and transmitting to the access router RA a routing authorization certificate issued by the parent DNS zone server.

  According to a particularly remarkable aspect of the method that is the subject of the present invention, the routing authorization certificate consists of a signature value of parameters specific to the access router RA. The signature value is obtained from the private cryptographic value allocated to the parent DNS zone.

  In FIG. 1 in step B thereof, the connection request sent by the candidate terminal to the router R is denoted a_r (T) and the signature operation for issuing the routing authorization certificate is noted by the relation (3) Cert (RA) = Scvp (RAP) In this relation, - RAP designates the parameters specific to the access router RA; Scvp designates the actual signature operation of these parameters; - Cert (RA) denotes the routing authorization certificate obtained by the aforementioned signature operation.

  The operation of step B is then followed by a step C consisting in launching, from the access router RA, a procedure for authenticating the routing authorization certificate by verifying the aforementioned signature value in function. the private cryptographic value CVp allocated to the parent DNS zone.

  The authentication operation of the routing authorization certificate is represented by the symbolic relation (4) Yl (Cert (RA)) = 'V (Scvp (RAP)) In the previous relation: -' V (Scvp ( RAP)) designates the verification operation of the aforementioned signature value; -A (Cert (RA)) denotes the authentication operation of the routing authorization certificate.

  It is understood, in particular, that, upon successful authentication of the aforementioned routing authorization certificate, the connection of the terminal T to the access router RA can be validated safely, as will be described later in the description.

  A more detailed description of the routing registration and authentication procedures of the routing authorization certificate of steps B and C of FIG. 1 will now be given in connection with FIGS. 2b, 2c and 2d.

  With reference to FIG. 2b, it is indicated that the routing authorization registration procedure may consist, at least advantageously, of transmitting in a step B1 to the DNS server of the parent zone an authorization registration request. routing system comprising at least one DNS resource information field associating at least one IP address representative of the IP address of the access router RA and a network path reference to the aforementioned RA access router.

  In step BI, the transmission operation of the authorization registration request is represented by the symbolic relation (5) ar_r (RAP) s 1, k 1-1, k RAP = RA _ @ IP, PATH _ RA In the above relation, it is indicated that: - RA1, k designates the anticipated access router that has received the access request from the terminal T, the anticipated access router RA being deemed to be in a DNS zone access girl with which is associated a DNS server noted S ,, k in relation to Figure 2a; - ar r (RAP) means the routing authorization registration request as such; - S, _1, k denotes the DNS server of the parent zone Z1_1, k according to the representation of Figure 2a.

  In general, it is indicated that the parameters specific to the router RAP may comprise, as mentioned in the preceding symbolic relation, the IP address representative of the IP address of the access router, address noted RA_ @ IP, and the network path reference to this access router RA, this reference being noted for convenience PATH_RA.

  With respect to the network path reference to the access router RA, it is indicated that this path reference may advantageously consist in the collection of all the access router access addresses RA connected to each other. network and allowing the latter to perform its legitimate routing function, as will be described later in the

description.

  Step BI is then followed by a step B2 of electronically signing DNA resource information from the private cryptographic value allocated to the parent DNS zone to generate a signature value of the aforementioned DNS resource information.

  The electronic signature step performed in step B2 is represented by the symbolic relation (6) SCVI_1 (RA _ @ IP, PA TH RA)) SV (RAP) (s1_1 = SKSI-1, k In the symbolic relation preceding: SV (RAP) designates the signature value of the DNS resource information, according to the value assigned to it according to the preceding relation (5); Scv1_1 denotes the actual operation of the electronic signature of the resource information DNS above from the private cryptographic value CV1_1 allocated to the parent DNS zone associated with the parent DNS server of hierarchical position 1-1.

  Finally, step B2 is then followed by a step B3 of transmitting the signature value of the aforementioned DNS resource information to the aforementioned access router RA mentioned above.

  This operation is represented in FIG. 2b by the symbolic relation (7) SI-1, k SV (RAP)> RA In the previous relation, S1_1, k denotes the parent DNS server associated with the parent DNS zone holding the cryptographic value CV1.1 which allowed the execution of the signature operation in step B2 described above.

  With reference to FIG. 2c, it is indicated that the authentication procedure of the routing authorization certificate of step C of FIG. 1 may advantageously consist of transmitting at least one step C1 via the access router to the candidate terminal T the DNS resource information noted RAP and, of course, the signature value of the DNS resource information, the aforementioned signature value being denoted SV (RAP), all of this information constituting in fact the certificate of routing authorization.

  The transmission operation of step C1 is represented by the symbolic relation (8) RAP, SV (RAP)) T

RA

  Cert (RA) = (RAP, SV (RAP)) The aforesaid step C1 is then followed by a step C2 of electronically checking the signature value of the DNS resources according to the private cryptographic value allocated to the parent DNS zone. .

  In FIG. 2c, the signature verification operation of step C2 is represented by the symbolic relation (9) -V (cv1-1) (SV (RAP)) 07 (cv1) = PI-1, k) In the previous relationship, 17 (cv14) (SV (RAP)) refers to the signature verification operation of the signature value SV (RAP) based on the cryptographic value CV1_1 used to execute the signature operation on the step B2 of Figure 2b.

  More specifically, it is indicated that the signature operation executed in step B2 of FIG. 2b previously mentioned is carried out directly from the private cryptographic value CV1_1 while the signature verification operation carried out at the end of FIG. Step C2 is performed according to this private cryptographic value, as will be described later in the description.

  In particular, it is indicated that the previously mentioned private cryptographic value can be used for the signature verification or signature verification operations previously described in the description as part of a symmetric encryption-decryption process, for example.

  In this hypothesis, however, it is indicated that the use of a symmetric encryption-decryption process implies a management of the transmission of the decryption encryption keys, that is to say of the relatively heavy private cryptographic value mentioned above. key management process requiring in particular the transmission of key values in encrypted form.

  In order to avoid a key management process that is too cumbersome and requires the development of a suitable key management protocol, the method that is the subject of the present invention can instead be implemented, in a preferred embodiment, by means of a private cryptographic value specific and constituted by a secret key held by the parent DNS zone and the DNS server associated therewith. In the aforementioned case, the implementation of step B2 of FIG. 2b, the private cryptographic value CVI.1 is then constituted by a secret key KS1_1, k, this secret key being held in a secure zone of the parent DNS server. and used to electronically sign the DNS resource information to obtain the signature value of the DNS resource information. In this embodiment, the signature operation of step B2 is denoted Scv1_1 = SKSI-1, k.

  The private cryptographic value is also constituted by a public key associated with the aforementioned secret key and freely available. The public key associated with the previously mentioned secret key is denoted KP1_1, k and is used to electronically verify the signature value of the DNS resources. The secret and public keys allocated to each DNS server and associated with each DNS zone may, in a particularly advantageous manner, correspond to the secret and public keys allocated to these servers as part of the RFC 3008 (IETF) recommendation "Domain Name System Security Signing Authority "(DNSsec), B. Wellington, 2000.

  In step C2 of FIG. 2c, the signature verification operation as a function of the previously mentioned private cryptographic value is then denoted by V (CVI-1) _'VKPI-1, k.

  This public key is then advantageously used to electronically verify the signature value of the aforementioned DNS resources.

  The implementation of a private cryptographic value constituted by a secret key to which is associated a public key thus makes it possible to reduce the process of management of the cryptographic values mentioned above and in particular public keys, which, by definition, are available freely and can of course be freely transmitted. The key management process is thus greatly simplified since it is then substantially limited to a time change program of the secret keys allocated to each of the DNS servers associated with each parent DNS zone or corresponding daughter.

  The implementation of the method that is the subject of the invention with the aid of respectively public secret sets allocated respectively associated with each of the DNS servers and the tree structure represented in FIG. 2a, is then particularly advantageous insofar as each DNS zone and, finally, each DNS server is thus characterized in the trusted network thus constituted only by its only public key, it being understood that each DNS server holds the corresponding secret key.

  In particular, signature signature verification or execution operations performed for the implementation of the method that is the subject of the present invention can then be performed from a signature verification or signature verification process executed by means of the RSA algorithms. for example, Rivest Shamir and Adleman algorithms or via the DSA algorithm for Digital Signature Algorithm. The aforementioned algorithms are software-driven algorithms known in the state of the art which, for this reason, will not be described in detail.

  In particular, the implementation of the method that is the subject of the present invention by means of a signature-verification process of signature from asymmetric keys, secret keys and public keys, appears particularly advantageous insofar as, prior to each operation signature verification, as represented in FIG. 2d, by means of the public key associated with the private key associated with each daughter or parent DNS zone, a procedure for authentication of the public key by a signature request of this public key to the means of the parent private key, to the DNS server managing the parent DNS zone and holding the parent private key, and then checking by the candidate terminal T of the signed value of this public key by means of the parent public key, can, in a manner advantageous, to be realized.

  Such a process is described in connection with FIG. 2d where C21 denotes the transmission of a request for verifying the public key, a request denoted by v key_r (KP1_1, k), that is to say the signature request of the public key KP1_1, k transmitted to the DNS server S1.1, k for signature in step C22 of Figure 2d by means of the private key parent KS1_1, k. This operation is denoted by the symbolic relation (10) SKSI-1, k (KPI-1, k) - SV (KPI-1, k) In the previous relation: - SV (KP1_1, k) designates the signature value of the public key KP1_1, k; SKSI.1, k (KP1_1, k) designates the operation of signing the aforementioned public key by means of private key KSI-1, k.

  The operation C22 can then be followed, after transmission of the aforementioned signature value to the candidate terminal, of a C23 operation for verifying the signature value of this public key by means of the parent public key, this verification operation being executed by the candidate terminal T which, of course, holds the aforementioned public key.

  This operation is represented in step C23 of FIG. 2d by the symbolic relation (11) VKPI-1, k (SV (KPI-1, k)). Generally speaking, it is indicated that the method which is the subject of this The invention can be implemented, on first connection and access attempt of a candidate terminal T, by the prospective access router RA, which then transmits the DNS resource information to the corresponding parent DNS server as previously described. in the description. In particular, it is indicated that the routing authorization registration request can be made once and for all when the router is inserted on the network. When a terminal subsequently connects to this router, the latter simply transmits a request for access to these registration data by

example.

  However, the implementation of the method that is the subject of the present invention is not limited to the implementation example mentioned above. Indeed, the authentication process can be directly implemented from the candidate terminal T, the signature operation of the DNS resources of the prospective access router RA can then be executed on the initiative of the terminal T, the router simply passing the DNS resource information specific to it to the DNS server associated with the access girl DNS zone. The method that is the subject of the invention can then be implemented from the latter and from the DNS server associated with it.

  In particular, it will be understood that the public key authentication process as described in connection with FIG. 2d can then be implemented with respect to the parent DNS server of the parent DNS zone associated with the zone. DNS matching access girl.

  More specifically, it is indicated that in all cases the relationship or chain of trust is established between the candidate terminal T and any intermediate DNS server, where appropriate the root server, because of the issuance of the certificate of authorization of routing, which constitutes an authorization by any intermediary parent DNS server, including, where appropriate, the root server, for any access router R likely to constitute a prospective access router RA among a set of routers intended to exercise their routing function. Any prospective access router is then able to obtain from any intermediate DNS server or from the root DNS server a routing authorization certificate, which is then authenticated under the authority of the root DNS server by the candidate terminal T. A more detailed description of the method that is the subject of the present invention in a preferred embodiment for carrying out an optimized implementation in terms of data flow on the visited IP network will now be described with reference to FIG.

  The method which is the subject of the present invention, in the embodiment shown in FIG. 3, appears to be of the greatest interest, in particular because of the variability of the networks visited, when, in particular, the access requests are issued by a user. mobile terminal or by a fixed or mobile terminal connected to a mobile network for example, the network configuration can be changed regularly and unpredictably in the latter case in particular.

  As represented in FIG. 3 above, in the preferential implementation mode mentioned, the method that is the subject of the invention consists in transmitting from the access router to a parent DNS server a single request for registration of routing authorization. . The above-mentioned step corresponds to step BI of FIG. 2b, the corresponding operation being represented by the symbolic relation (5), it being however specified that the single request is denoted uar_r (RAP).

  The aforementioned step B21 is then followed by a step B22 of transmitting, from the parent DNS server to any hierarchically higher parent parent DNS server to the parent DNS server mentioned above, up to the root parent DNS server, for example, successive communication requests. the public key and the separate signature value of this public key by means of the secret key associated with and respectively held by each of the hierarchically superior intermediate parent DNS servers.

  FIG. 3 shows, by way of nonlimiting example, the successive transmission operations of the communication requests of the public key, the request designated ukp_r (É) between any DNS server of an access girl DNS zone, denoted S, _1, k, and any hierarchically higher intermediate parent server of rank m and noted for this reason Sm, k, this successive communication request being followed by a response noted aukp_r (KPm, k; SV (KPm, k) ). The communication request transmission operations of the public key and the separate signature value of this public response key allowing the communication of these values are represented by the symbolic relation (12) ukp_r (E)> sm, k S aukp (kPm, k; SV (KPm, k) s l-1, km, k A test step B222 is then executed on the count variable of rank m, the transmission of key communication requests being continued by the user. intermediate of the test B222 for comparing the count value m to the value 0 by negative comparison continued by the step of decrementation m = m 1 in step B223 and return, of course, to the call of the operation communication request and communication response of the public key value and the signature value of this public key for the hierarchically superior DNS server, represented by the decrementation m = m 1, up to the root DNS server So , as conventionally shown in FIG. 2a.

  It is understood, in particular, that in the aforementioned symbolic relation KPm, k represents the public key associated with the DNS server whose hierarchical position corresponds to the count variable m and SV (KPm, k) denotes the signature value of this public key using the private key of the aforementioned DNS server.

  On positive response to test B222, the root DNS server having been reached and the public key value and the signature value of this public key associated with the aforementioned root server having been obtained, a process B23 is proceeded to said aggregation, in a single message, the value of the public keys received and the public key of the parent DNS server and the corresponding signature values SV (KPn ,, k). Remember that the concept of parent DNS server is the DNS server that manages the RA access router.

  The aggregation operation consists, for example, in an operation of constituting a list of the received public key values, this operation being represented symbolically by the relation (13) m = 1 UM (KPm k) m = 0 In the previous relation, it is indicated that the unique message is denoted by UM (KPm, k) mm = 10 1 The aggregation can indeed be constituted by the form = in the form of a list, for example of the value of the received public keys above and the signature values of these public keys.

  The operation B23 is followed by a operation B24 consisting in calculating the signature value of the DNS resource information by means of the secret key associated with the parent DNS zone and of course with the parent DNS server SI -1, kÉ The operation The aforementioned signature corresponds to that performed in step B2 of FIG. 2b from the secret key KSI _ 1, k associated with the DNS server S1 k.

  The aforementioned step B24 can then be followed by a step B25 substantially corresponding to the step B3 of FIG. 2b previously described.

  The above-mentioned step B25 consists in transmitting to the candidate terminal T the value of the aggregated public keys via the unique message UM (E), the separate signature value of each of the aggregated public keys, these 2878671 19 = 1 -values with signature [SV (KPm, k)] mm 0 and, of course, the signature value of the DNS resource information, SV (RAP).

  In this situation, the previously mentioned signature values constitute the routing authorization certificate made available to the candidate terminal T. The operation performed in step B25 is represented by the symbolic relation (14) UM (0). [SV (KPm, k) m = 1, SV (RAP)] / RA 51-1, k In step B25 it is indicated that the aforesaid transmission is performed to the candidate terminal T via the access router felt RA.

  After reception of the routing certificate by the candidate terminal T, that is to say following the aforementioned step B25, the candidate terminal T then carries out a verification of each of the signature values separated from each public key communicated, to step C21.

  The operation is carried out by a test step represented symbolically by the relation (15) [KPm, k (SV (KPm, k)] m-1-1 = true In the previous relation: ['VKpm, k ( SV (KPm, k)] m = 1-1 m _ o = true? Designates the successive verification of the true value of each signature value SV of the public key KPm, k for m = 1-1 to m = 0 of each of the intermediate DNS servers up to the So root DNS server, including the parent DNS server previously mentioned in the description.

  On verifying at the true value of each of the separate signature values of each public key, the value of the public key associated with the parent DNS zone and the parent server S1.1, k, as well as implicitly the value of the secret key owned by the parent DNS server, as well as of course any intermediate public key to the public key associated with the root DNS server are authenticated under the authority of the latter. T

  It is of course understood that the So root DNS server is of course invested, by definition, with the maximum confidence for any candidate terminal performing an access attempt. This trust is of course justified inasmuch as it is almost certain that the root DNS server is a general network management server which, as such, has the strongest protections and the maximum guarantee of legitimacy and security. integrity of the performance of its functions.

  It is also understood that the root DNS server makes it possible, of course, to authenticate all the branches of the trusted network represented in FIG. 2a, and in particular any router managed by the intermediary DNS servers previously described in the description. As all the meshes of the aforementioned network are thus secured, any chain of trust involving any path from the routing branches managed by the corresponding intermediate DNS servers is therefore authenticated under the authority of the root DNS server.

  Of course, this makes it possible to restore the authentication trust chain of the access router RA presenti from the only public key parameter of the parent DNS server Sp_i, k for the benefit of the candidate terminal.

  On positive response to the test C21, in particular all the keys that have been authenticated, in steps C22, C23, the value of the public key KP, _i, k, is authenticated. The terminal T having this authenticated key can then perform the operation of electronic verification of the signature value of the DNS resources, conducted from the only authenticated public key. This operation is carried out in step C24 of FIG. 3, which corresponds globally to the actual execution of the authentication of the Cert certificate (RA) represented in FIG. 1.

  On the contrary, on a negative response to the test C21, one of the keys for example not having been authenticated by verification of the signature value of the latter, a return to the step BI can be executed for communication or new communication of this key. Of course, security in number of communication requests for a parent DNS server of a given hierarchical rank can be introduced in order to limit the corresponding attempts.

  In general, it is indicated that the DNS servers conforming to the subject of the present invention are BIND type servers, such servers comprising software modules and being the most commonly used for the deployment of DNS architectures on the network. IP, especially on the Internet. Such DNS servers and corresponding software have tools that meet the DNSsec recommendation to regulate security module developments for DNS architectures.

  In the aforementioned DNS servers, the configuration of the latter is performed from routing DNS resource declaration data structures stored in the memory areas of the DNS server.

  These data structures, files, comprise elementary data structures for defining a given DNS domain according to the representation of the table below.

BOARD

  domaine.com. SOA domain.com. SIG SOA domain.com. SIG AXFR ...

  domaine.com. NS domain.com. SIG NS domain.com. KEY domain.com. SIG KEY domain.com. NXT a.domain.com. SOA AXFR NS KEY SIG domain.com. SIG NXT a.domain.com. At a.domain.com. SIG A ...

  a.domaine.com. NXT d.domain.com. At SIG a.domain.com. SIG NXT The aforementioned elementary data structures are the subject of the standardization according to the above-mentioned DNSsec standard.

  Referring to Figure 4a, it is indicated that the access router RA presenti can address any DNS server with which it has a relationship of trust. The relationship of trust means a frequent relationship by successive transactions and verification of the public key value by authentication of the public key associated with the aforementioned DNS server, as shown in connection with FIG. 2d for example. 20 25

  To execute the routing record operation, the RA server may transmit a request using a RR type DNS field for "Resource Record" in English which contains the list of prefix network prefixes 2, ie the value PATH_RA of Figure 2b for example, network prefixes for which it is authorized to legitimately perform its function of routing data packets. The DNS server S1_l, k signs the corresponding DNS resource information and sends back to the router RA the signature of this information using a RR SIG field with or without the public key value, depending on whether the access router knows or not. the value of the latter.

  The routing authorization notification is saved in a specified DNS zone. Depending on the DNS server k, it may be registered in a pre-existing zone or in a specific zone in which the server registers all the routing permissions.

  Assuming that the RA router registers with the DNS zone associated with the DNS server of the domain, designated domain.com on the above table in this example, the DNS zone file on the domain name server, domain.com above, that is to say the server S1_1, k is in the form and format given in the table previously introduced. After registering the new prefixes broadcast by the router RA2, according to a remarkable aspect of the method that is the subject of the invention, the authentication request declaration of a registered routing DNS resource for executing this declaration on a DNS server such as the server S1_1, k of FIG. 4a comprises a basic data structure comprising a first data field representative of the IP address of the routing DNS resource, address @ IP2 in FIG. 4a and FIG. 4b, FI field, a second field coding the type of registration required for this DNS resource, that is to say the type arbitrarily designated by PX in field F2 of Figure 4b encoding the type of record, type designating a registration request of routing authorization for the DNS resource at the address specified in the FI field, and a third field, F3 field, representative of the network access address information of the auto routing DNS resource routing the data packets by the routing function legitimately performed by the routing DNS resource, that is to say the router RA2. The address information is designated prefix 2 in Figure 4a and Figure 4b.

  Thus, with reference to FIG. 4b, it will be understood that the declaration data structure of a routing DNS resource stored in the memory zone of a DNS server indicated in the aforementioned table naturally includes the elementary data definition structures. of the aforementioned DNS domain, as well as specific elementary data structures comprising at least the request authentication request elementary declaration data structure of a DNS resource according to FIG. 4b. This data structure is represented in the aforementioned figure, which of course contains the elementary data structure of the DNS routing resource authentication request declaration of FIG. 4a.

  Finally, with reference to the same FIG. 4b, it is indicated that the aforementioned data structure further comprises specific elementary data structures comprising at least one elementary data structure of address and a data structure of junction of definitions of the DNS zones. , these data structures characterized by their field F2 corresponding to the SIG field, respectively NXT for the aforementioned junction data structure.

  A more detailed description of the functions and successive steps implemented by a program product recorded on a storage medium for execution, by a terminal candidate for an IP network access, of an authentication of the neighborhood discovery of the network environment IP of this candidate terminal, when connecting the latter to this network, will now be described in connection with Figure 5, when the authentication of the neighborhood discovery is implemented in accordance with the method of the present invention described above in conjunction with Figures 1 to 4b above.

  Upon reception by the candidate terminal T of the DNS resource information noted RAP and the signature value of the latter noted SV (RAP) in step 100 of FIG. 5, the program product comprises at least one sub-module. SPI program discriminating the knowledge by the candidate terminal of the public key of the DNS zone and the parent DNS server that has executed the calculation operation of the signature value of these DNS resources. This operation of discriminating knowledge of the aforementioned public key is represented by a test 101 satisfying the relation (16) 2878671 24 KPm, kE0? The aforementioned test amounts to verifying, for example, the existence of a non-empty value for the public key KPm, k, with m = I 1, according to the conventions previously mentioned in the description for the parent DNS server SI-1, On discrimination of the lack of knowledge of the aforementioned public key, that is to say in positive response to test 101 mentioned above, a module SP2 subprogram is called, which ensures the transmission to the parent DNS server previously cited of a communication request message of any public key accompanied by a signature value of this public key by means of the secret key held by the parent DNS server. The aforementioned step 102 is a step similar to step B22 of FIG. 3, the public key communication request messages ukp_r (É) and the response to this public key communication request aukp_r (É) being able to present the same form as in the case of the implementation of step B22 of Figure 3 above.

  Following reception of the public key and the signature value of this corresponding public key, an SP3 program module makes it possible to check the signature value of any public key received in the previous step 102, including the public key associated with the access girl DNS zone due to the fact that the protocol is driven by the terminal T. In step 103 of FIG. 5, the verification operation of the signature value is noted according to the same relationship as that indicated previously in the description in step C21 of FIG. 3. For the verification or authentication of the public key KPI, k associated with the DNS zone of the access server S1, k, a procedure similar to that previously described in the description in connection with FIG. 2d can be executed, it being specified that the public key KP1_1, k has been authenticated, either on particular knowledge of the value of this public key and sufficient confidence the candidate terminal in negative response to test 101 previously described. The public key KPI, k can then be authenticated from the secret key KS1_1, k of the DNS server associated with the corresponding access girl DNS zone, as described above with FIG. 2d.

  In any case, on a negative response to the test 101 of FIG. 5 or on a positive response to this same test, but after execution of the subroutine modules SP2 and SP3, step 102 and test 103, in step 104, Authenticated public keys KP, _1, k and KP ,, k are available as shown in FIG. 5.

  The terminal T further comprises a subroutine module SP4 for verifying the signature value of the DNS resources with the public key associated with the parent DNS server and the parent DNS zone, S1_1, k. The subroutine module SP4 makes it possible to carry out a signature verification operation represented symbolically by the same relation as the relation of the step C23 of FIG. 2d, for example.

  On positive response to the test 105 mentioned above, step 106 is provided with an authenticated Cert (RA) certificate.

  The terminal T then has a subroutine module SP5 confirmation of the access router RA as the default access router for the connection and access of the candidate terminal T to the IP network.

  In step 107 of FIG. 5, the confirmation relation of the access router selected RA as the default access router is represented by the symbolic relation T E-y RA defect.

  On the contrary, on a negative response to the test 105, the subprogram module SP4 allows the call of a display module SP6 on the candidate terminal T of a warning message WM informing the user of the terminal candidate T risks due to the non-compliance of the transmission of data to the security criteria of the transaction.

Claims (12)

  A method for authenticating the neighborhood discovery of the IP network environment of a candidate terminal for network access, said IP network being managed by a plurality of DNS zones formed by a root DNS server and by intermediate DNS servers , each DNS zone being associated with one of the DNS servers, said DNS zones and said DNS servers being configured according to a tree of parent DNS zones and girls DNS zones between a root DNS zone and a DNS access girl zone, from which said candidate terminal executes this access by connection to the IP network, each DNS zone, parent daughter respectively being allocated a specific private cryptographic value, each private cryptographic value allocated to a daughter DNS zone being able to be authenticated by the intermediate of the private cryptographic value associated with the immediately higher parent DNS zone of said tree structure, erected in that, on request for access to the IP network by connecting a candidate terminal to a router of said access girl DNS zone, said router constituting an access router, said method consists at least of: - launching from said access router, to at least one of the DNS servers of a parent DNS zone, a routing authorization registration procedure from a routing authorization registration request, allowing generating and transmitting to said access router a routing authorization certificate issued by said parent DNS zone server and consisting of a signature value of parameters specific to said access router, said signature value being obtained from the private cryptographic value allocated to said parent DNS zone; launching via the access router a procedure for authenticating said routing authorization certificate by verifying said signature value as a function of the private cryptographic value allocated to said parent DNS zone.   2. Method according to claim 1, characterized in that said routing authorization registration procedure consists at least of: transmitting to the DNS server of the parent area a routing authorization registration request, comprising at least a DNS resource information field associating at least one IP address representative of the IP address of said access router and a network path reference to that access router; - electronically signing the DNS resource information from the private cryptographic value allocated to said parent DNS zone to generate a signature value of the DNS resource information; transmitting said signature value of the DNS resource information to said access router.   3. Method according to one of claims 1 or 2, characterized in that said routing authorization certificate authentication procedure consists at least of: - transmitting via said access router to said candidate terminal the DNS resource information and the signature value of the DNS resource information constituting the routing authorization certificate; - electronically verify the signature value of the DNS resources, according to the private cryptographic value allocated to said parent DNS zone.   4. Method according to one of claims 1 to 3, characterized in that said specific private cryptographic value is constituted by: a secret key held by the parent DNS zone and the DNS server associated with it, said secret key being used to electronically sign the DNS resource information and obtain the signature value of the DNS resource information; a public key associated with said secret and freely available key, said public key being used to electronically check the signature value of the DNS resources.   5. Method according to claim 4, characterized in that it further comprises, prior to each signature verification operation, by means of the public key associated with the private key associated with each daughter or parent DNS zone, a procedure authentication of said public key by signing this public key request by means of the parent private key, with the DNS server managing the parent DNS zone and holding said parent private key, and then checking the signed value of this public key by means of said parent public key by said candidate terminal.   6. Method according to one of claims 4 or 5, characterized in that for implementation optimized in terms of data flow on the IP network visited, it consists in: a) transmitting said access router to a DNS server parenting a single request for registration of routing authorization; b) transmitting from said parent DNS server to any intermediate parent DNS server, hierarchically higher than said parent DNS server, to the root parent DNS server, successive requests for communication of the public key and the separate signature value of this public key, by means of the secret key associated with respectively held by each of the hierarchically superior intermediate parent DNS servers; and at said parent DNS server, after successive receipt of said public keys and their signature value; c) aggregating in a single message the value of said received public keys and the public key of said parent DNS server and the corresponding public key signature values; d) calculating the signature value of the DNS resource information by means of the secret key associated with said parent DNS zone and said parent DNS server; e) transmitting to said candidate terminal the value of said aggregated public keys, the separate signature value of each of the aggregated public keys and the signature value of the DNS resource information, said signature values constituting said routing authorization certificate.   7. Method according to claim 6, characterized in that on checking to the true value of each of the separate signature values of each of the public keys, the value of the public key associated with said server and said parent DNS zone, the value of the secret key held by said parent DNS server is authenticated, under the authority of the root DNS server, thereby restoring the authentication trust chain of said access router from the only public key parameter of said parent DNS server for the benefit of said candidate terminal.   8. Method according to claim 7, characterized in that, following the authentication of the public key associated with said server and said parent DNS zone and the value of the secret key held by said server and the parent DNS zone, the The electronic verification operation of the signature value of the DNS resources is conducted from said only authenticated public key.   A basic routing authorization registration request data structure of a registered routing DNS resource for executing this declaration on a DNS server, characterized in that it comprises: a first data field representative of the IP address of said routing DNS resource; a second field encoding the type of registration required for this DNS resource; a third representative field of network access address information of said routing DNS resource, allowing routing of the data packets by the routing function legitimately performed by said routing DNS resource.   10. A declaration data structure of a routing DNS resource registered with a DNS server, comprising elementary data structures for defining a given DNS domain, characterized in that it furthermore comprises data structures. specific elementary elements comprising at least one elementary data structure according to claim 9.   The data structure according to claim 10, characterized in that said specific elementary data structures further comprise at least one address data structure and a DNS zone definition junction data structure.   12. Program product comprising program code instructions, recorded on a computer readable medium, for execution by a candidate terminal for IP network access of an authentication of the neighborhood discovery of the IP network environment of this candidate terminal when the latter is connected to this network, according to the method according to one of claims 1 to 8, characterized in that, on reception by said candidate terminal of the DNS resource information and the signature value of these DNS resources, said program product comprises at least: computer-readable programming means for performing the step of discriminating the knowledge, by said candidate terminal, of the public key of the DNS zone and the parent DNS server which performed the calculation operation of the signature value of these DNS resources; and, on discrimination of the lack of knowledge of said public key; -E computer readable programming means for performing the step of transmitting, to the parent DNS server, a communication request message of any public key, accompanied by a signature value of this public key, by means of the secret key held by said parent DNS server; and, upon receipt of said public key and said signature value of said public key, - É computer readable programming means for performing the step of verifying said signature value of any public key, including the key public associated with said access girl DNS zone; and, upon checking respectively prior knowledge of the true value of said signature value of this public key, - É computer readable programming means for performing the step of verifying the signature value of these DNS resources with the key public associated with said parent DNS server and said parent DNS zone; and, upon verifying the true value of the signature value of these DNS resources, the routing authorization certificate being authenticated, - É computer readable programming means for performing the step of confirming said access router as default access router for connection and access of said candidate terminal to said IP network; otherwise, on failure to verify the true value of the signature value of these DNS resources, the routing authorization certificate not being authenticated, - computer readable programming means for performing the display step, on the candidate terminal, a warning message informing the user of the latter risks due to the non-compliance of the transmission of data to the security criteria of the transaction, when said program runs on a computer.