JP2012120154A - Method of controlling network node - Google Patents

Abstract

PROBLEM TO BE SOLVED: To clarify control authority provided to an end-user and assure it for the purpose of maintaining normal network operation while allowing the end-user to control a network node.SOLUTION: The present invention performs IP address verification in order to assure an end-user of limitation to control of traffic sent to him/her and rejecting those other than that. The IP address verification is a mechanism to verify that the end-user is the right owner of his/her IP address and does not masquerade as an owner of an IP address of another user. The end-user passes through the IP address verification, and executes setting of control content of the traffic sent to him/her with respect to a network node.

Description

  The present invention relates to a method for network node control in an IP (Internet Protocol) network.

  An Openflow switch has been proposed as a node that can be controlled from a remote location with a higher degree of freedom than conventional devices (see Non-Patent Document 1, for example). The Openflow switch has an interface that can access the forwarding table. Through this interface, it is possible to set a forwarding rule that is not limited to a conventional routing protocol or switching method.

  There is a controller for controlling the Openflow switch. One controller can also control a plurality of Openflow switches. Since the controller is installed and managed by a network administrator and is not assumed to be usable by an unspecified number of end users, an authentication mechanism for an unspecified number of end users is not included.

  As a technique for authenticating an authorized owner of an IP address, a technique using a routing mechanism and a technique for providing authentication information to the IP address itself have been proposed. These methods do not authenticate the legitimate owner of the public key, but authenticate the legitimate owner of the IP address.

  Return Routability (RR) using a routing mechanism is based on the reliability of IP routing. The IP routing can be delivered with high reliability to the IP address designated as the destination of the IP packet (see Non-Patent Document 2, for example). Therefore, it can be said that the end host that has received a certain IP packet is the owner of the IP address designated as the destination of the IP packet. When confirming that an IP address is an owner, an IP packet destined for that IP address may be transmitted, and reception of the IP packet from the IP address owner may be confirmed.

  The present invention improves this RR. The existing RR is vulnerable to a packet eavesdropping attack, and there is a problem that an attacker who eavesdrops on a packet related to the RR authentication procedure can spoof. The present invention can prevent a spoofing attack even if all packets related to the authentication procedure are intercepted.

  Cryptographically Generated Addresses (CGA) has been proposed as a method for providing authentication information to an IP address itself (see, for example, Non-Patent Document 3). This is a method using an address generated from a public key. Therefore, it is possible to authenticate the owner of the IP address in the framework of the public key method. However, CGA is a method that can be used only for IPv6 and cannot be applied to IPv4.

Openflow switch. http: // www. openflowswitch. org / RFC 3775. Mobility Support in IPv6 RFC 3972. Cryptographically Generated Addresses (CGA) RFC 2104. HMAC: Keyed-Hashing for Message Authentication

  In a conventional computer network, network nodes are controlled only by authorized network administrators, and end users who use the network cannot control the network nodes. Certainly, it is expected that normal network operation cannot be performed if network node control authority is easily given to end users.

  However, if the end user can take the initiative in controlling the network node, traffic control in accordance with the end user's request can be realized, and it is beneficial to allow the end user the authority to control the network node.

  Therefore, for the purpose of enabling the end user to control the network node while maintaining normal network operation, it is an issue to clarify and guarantee the control authority given to the end user.

  In the present invention, it is assumed that the present invention is different from an administrator who is regarded as equivalent to an unspecified number of end users in the current Internet and who is allowed to control a network node in advance. To do.

  The control authority given to the end user gives permission within a range that does not adversely affect other users. Specifically, an end user is granted permission only with control authority for traffic addressed to the end user. This prevents unauthorized control or erroneous control that affects traffic addressed to other users. Therefore, the end user sets the control contents for traffic destined for the own address in the network node.

  The present invention performs IP address authentication in order to guarantee that the end user is restricted to control the traffic addressed to the end user and rejects other traffic. IP address authentication is a mechanism for proving that an end user is a legitimate owner of his / her own IP address and is not pretending to be the owner of the IP address of another user. The end user sets the traffic control contents addressed to the network node through IP address authentication.

  Specifically, the network node control method of the present invention includes an authentication procedure for authenticating that a host address is not spoofed, and the network node for traffic transferred to the host based on an authentication result of the authentication procedure. And a setting procedure for performing the setting.

The network node control method of the present invention, in the authentication procedure, the host, the ID and prime p host, and RQ message transmission step of transmitting to the controller, the controller, using the secret information K _C where only the controller has value a first RRQ message transmission procedure for calculating y and a value K, and transmitting the value K and the IP address IP _{H of the} host to the authentication auxiliary server _; and the secret information KR that the authentication auxiliary server has only in the authentication auxiliary server, and A first RRS message transmission procedure for calculating a value z using the IP address IP _H , calculating a value K ^* using the value K and the value z, and transmitting the value K ^* to the controller; but the RS message transmission procedure for transmitting authentication assist server IP address IP _R and the value ^{K *} to the host, phosphorylase Used but the second RRQ message transmission procedure to calculate the value T by using the secret information x that only host has to sent to the IP address IP _R, authentication assist server, the value T and the value z A second RRS message transmission procedure in which the value T ^* is calculated and transmitted to the host, and the host uses the key K _{A and the} ID calculated using the value K ^* and the value z and the MAC (Message A CI message transmission procedure for calculating the Authentication Code) and transmitting the control content R and the value T ^* to the MAC and the network node to the controller in order. In the setting procedure, the controller sends the MAC to the MAC And the value T _A calculated using the value T ^* and the value y and the ID of the host that has received the MAC The MAC is calculated, and it is determined whether or not the received MAC and the calculated MAC match. If they match, the control content R is executed for traffic destined for the IP address IP _{H of the} host. The network node setting procedure for setting the network node may be included in order.

In the network node control method of the present invention, the value y is input with the secret information K _C possessed only by the controller, the host IP address IP _H , the host ID, and the sequence number S of the host that has controlled the network node. It is an integer value satisfying 1 ≦ y ≦ √p, and the value K is derived by K = α ^y mod p, and the value z is the secret information K _R possessed only by the authentication auxiliary server, the IP address IP _{H of the} host , The host ID, and the sequence number S of the host that has performed control on the network node, are input as integer values such that 1 ≦ z ≦ √p, and the value K ^* is K ^* = K ^z = α ^yz mod p guided by, the value T is guided by T = α ^x mod p, the value ^{T * is} guided by ^{T * = T z = α xz} mod p, the key _{K A} is Led by ^{_{A = (K *) z =}} α xyz mod p, the value _{T A may} be guided by ^{T A = (T *) y} = α xyz mod p.

In the network node control method of the present invention, in the authentication procedure, the host transmits an RQ message transmission procedure in which the host ID and the prime number p are transmitted to the authentication server, and the authentication auxiliary server encrypts using the prime number p and the prime number q. A key _KE is calculated, the encryption key _KE and the prime number q are transmitted to the host, and an integer M is calculated using the prime number p, the prime number q, and the prime number r, and the encryption key _KE , the integer number and RRS message transmission step of transmitting an IP address IP _H of M and the host controller, the controller calculates the key K using the secret information _{K C} and a random number nonce and the IP address IP _H, the key K and the cipher calculates the token T using the key K _E and the integer M, the RS message transmission step of transmitting the token T to the host, the host is Using serial token T and the encryption key K _E and the prime number q calculates a key K, calculating a MAC using the key K and the ID was calculated, the controller controls the content R of the calculated MAC and network nodes CI message transmission procedure to be transmitted to the controller, and in the setting procedure, the controller receives the MAC from the host, and uses the key K and the ID of the host that has received the MAC calculated in the RS message transmission procedure. The MAC is calculated, and it is determined whether or not the received MAC and the calculated MAC match. If they match, the control content R is executed for the traffic destined for the host IP address IP _H. You may have the network node setting procedure which sets a network node to do.

The network node control method of the present invention, serial encryption key _{K E is, 1 = GCD (K E,} Z) guided by said integer M is guided by the p × q × r, the token T is, K ^ {K _E } mod M, and the key K may be derived by K ^ {K _E K _D } mod M (mod N).

  In the network node control method according to the present invention, in the network node setting procedure, an effective time of the setting contents of the network node may be designated, and the network node may cancel the setting contents when the effective time elapses.

  Specifically, the network node control system of the present invention authenticates that there is no spoofing in the network node that controls the traffic and the address of the host that tries to set the network node, and traffic to the address of the host that has been successfully authenticated. A controller for setting the network node for the network, an authentication auxiliary server for assisting authentication of the controller, and a host for transmitting the setting contents of the network node for traffic to its own address to the controller.

In the network node control system of the present invention, the controller, using the secret information K _C where only self has to calculate the value y and the value K, and sends the IP address IP _H values K and host authentication assist server, The authentication auxiliary server IP address IP _R and the value K ^* are transmitted to the host, the MAC is received from the host, the value T _A calculated using the value T ^* and the value y, and the ID of the host that has received the MAC are used. The MAC is calculated, and it is determined whether or not the received MAC and the calculated MAC match. When they match, the control content R is executed for the traffic destined for the IP address IP _{H of the} host. The network node is set so that the host sends the host ID and prime number p to the controller, and calculates the value T using the secret information x possessed only by the host. IP address IP _R was sent to, the value ^{K *} and using the key _{K A} and ID of the host is calculated by using the value z is calculated MAC, control contents to the MAC and network nodes R and the value ^{T *} was sent to the controller, the authentication assist server calculates a value by using the value K and the value z to calculate the value z by using the secret information K _R and the IP address IP _H only self has K ^*, the value K ^* may be transmitted to the controller, value T ^* may be calculated using value T and value z, and transmitted to the host.

In the network node control system of the present invention, the controller calculates a key K using the secret information K _C and a random number nonce and IP address IP _H of the host, using the key K and the encryption key K _E and an integer M The token T is calculated, the token T is transmitted to the host, the MAC is received from the host, the MAC is calculated using the calculated key K and the host ID, and the received MAC is calculated. It is determined whether or not the MAC matches, and if they match, the network node is set to execute the control content R transmitted from the host for the traffic destined for the IP address IP _H of the host. and, the host sends its own ID and prime p to the authentication server, the token T and the encryption key K _E and the prime number q The key K is calculated, the MAC is calculated using the key K and its own ID, the calculated MAC and the control content R to the network node are transmitted to the controller, and the authentication auxiliary server An encryption key _KE is calculated using the prime number q, the encryption key _KE and the prime number q are transmitted to the host, an integer M is calculated using the prime number p, the prime number q, and the prime number r, and the encryption key The key K _E , the integer M, and the IP address IP _{H of the} host may be transmitted to the controller.

  In the network node control system according to the present invention, the host may specify an effective time of the setting contents of the network node, and the network node may cancel the setting contents when the effective time elapses.

  The above inventions can be combined as much as possible.

  According to the present invention, all the hosts connected to the network and the corresponding end users or systems can control the network node and perform traffic control.

  For example, an end system subjected to a DoS attack can actively block unauthorized traffic not only immediately before the end system but also at a network node closer to the attacker. In contrast, traffic congestion that cannot be prevented by conventional defense methods can be reduced or avoided. Further, even if improper control or erroneous control is performed, the influence is closed to the host that performed the control, so that safe control of the network node is realized without affecting other traffic. In the present invention, even if all messages related to network node control are intercepted, the messages cannot be forged. In addition, a message cannot be produced with the information given to the authentication auxiliary server, and even if the authentication auxiliary server is hijacked or impersonated, unauthorized control can be prevented.

Represents an overview of a network with separate controllers and network nodes. It is a schematic block diagram of the network node control system which concerns on this embodiment. An example of the simple model of embodiment of this invention is shown. 3 is a sequence diagram illustrating an example of Embodiment 1. FIG. 3 is a sequence diagram illustrating an example of Embodiment 1. FIG. 10 is a sequence diagram illustrating an example of Embodiment 2. FIG.

  Embodiments of the present invention will be described with reference to the accompanying drawings. The embodiments described below are examples of the present invention, and the present invention is not limited to the following embodiments. In the present specification and drawings, the same reference numerals denote the same components.

(Embodiment 1)
The present invention can be applied to a network configured by an Openflow switch. For example, it is assumed that there are domains managed by a plurality of organizations as shown in FIG. 1, each of which is composed of Openflow switches. In the network, it is assumed that IP level reachability is maintained by, for example, an existing IP routing protocol. The present invention can realize secure network node control across different organizations as shown in FIG.

  In the present invention, a network composed of network nodes 40 such as an Openflow switch that can be controlled remotely with a high degree of freedom is targeted. In the network, it is assumed that IP level reachability is maintained by, for example, an existing IP routing protocol. As shown in FIG. 2, the basic configuration of the present invention includes four components: a network node 40, a controller 30 that controls the network node 40, a host 10 that is used by an end user, and an authentication auxiliary server 20. The network node 40 and the controller 30 may be 1: 1 or N: M. Alternatively, the network node 40 and the controller 30 may be included in the same device. The authentication auxiliary server 20 is a server operated by an organization such as an Internet service provider (ISP). It is assumed that one or more authentication auxiliary servers 20 can exist in the entire network.

  The host 10 includes an IP address authentication function unit 11 and a control command transmission unit 12. The authentication auxiliary server 20 includes an authentication auxiliary function unit 21. The controller 30 includes an IP address authentication function unit 31, a control right transfer function unit 32, and a node control interface unit 33. The network node 40 includes a control interface unit 41 and a forwarding table 42.

Hereinafter, an embodiment of the present invention will be described according to the simplified model of FIG. There are two ISPs, ISP _A and ISP _B. Here, an end user in ISP _A performs network node control in ISP _B through host 10. The end user host 10 is not a specific computer, but includes all computing environments connected to a network such as a Web server, an application server, and a cloud environment. In addition, a lookup service 50 such as DNS exists and performs IP address resolution of the controller 30 and the authentication auxiliary server 20. When there are a plurality of authentication auxiliary servers 20, the lookup service 50 returns one IP address selected at random, a part of the IP address group, or all IP addresses. When the IP addresses of two or more authentication auxiliary servers 20 are returned from the lookup service 50, it is assumed that one of them is randomly selected and used. When the IP address of the controller 30 cannot be obtained by the lookup service 50, the host 10 transmits the marked packet so as to reach the subnetwork to which the network node 40 belongs, and the network node 40 transfers the marked packet to the controller 30. By setting so as to do so, the host 10 can transmit a packet that reaches the controller 30.

  The network node control according to the present invention is executed by generating a Message Authentication Code (MAC) indicating that it has been authenticated through the IP address authentication process, and transmitting a control message to the network node using the generated MAC.

The host 10 performs the following series of sequences in order to perform control once for one network node 40.
1) The IP address authentication function unit 11 of the host 10 transmits a REQ_TOKEN (hereinafter referred to as RQ) message to the controller 30.
2) After receiving the RQ message, the IP address authentication function unit 31 of the controller 30 inquires the lookup service 50 and acquires the IP address of the authentication auxiliary server 20. When the IP addresses of a plurality of authentication auxiliary servers 20 are acquired, one is selected and a REF_REQ_TOKEN (hereinafter referred to as RRQ) message is transmitted to the IP address.
3) The authentication assistant function unit 21 of the authentication assistant server 20 that has received the RRQ message returns a REF_RES_TOKEN (hereinafter referred to as RRS) message.
4) Upon receiving the RRS message, the IP address authentication function unit 31 of the controller 30 transmits a RES_TOKEN (hereinafter referred to as “RS”) message to the host 10.
5) The IP address authentication function unit 11 of the host 10 that has received the RS message transmits an RRQ message to the IP address of the authentication auxiliary server 20 written in the RS message.
6) Similar to the RRQ message from the controller 30, the authentication assistant function unit 21 of the authentication assistant server 20 returns the RRS message to the host 10 after receiving the RRQ message from the host 10.
7) The IP address authentication function unit 11 of the host 10 generates a MAC based on the information of the RS message from the controller 30 and the RRS message from the authentication auxiliary server 20, and the control command transmission unit 12 of the host 10 generates the generated MAC. A CFG_INSTALL (hereinafter referred to as CI) message is transmitted to the controller 30 along with the control contents.
8) Upon receiving the CI message, the control right delegation function unit 32 of the controller 30 verifies the MAC in the CI message, and if the validity is confirmed, the control right delegation function unit 32 passes the node control interface unit 33 to the control interface unit 41 of the network node 40. The control content is set. Otherwise, the control content is not set, and a CFG_ACK (hereinafter referred to as CA) message is transmitted to the host 10.

The sequence up to IP address authentication will be described in detail below with reference to FIGS.
1. The host 10 transmits an RQ message to the controller 30.
The RQ message has the following information generated by the host 10.
(1) (p, α): Pair of prime number and generator ■ ID: Sequence identifier p is a prime number and α is a generator in the set {α | 1 ≦ α ≦ p ⁻¹ }. The ID is a value that identifies a series of procedures from IP address authentication to node control.

2. After receiving the RQ message, the controller 30 transmits the RRQ message to the authentication auxiliary server 20.
The RRQ message has the following information.
■ p: value of prime number included in RQ message ■ K: value generated by controller 30 ■ ID: value of sequence identifier included in RQ message ■ S ^* : sequence value managed by controller 30

Ｋ_Ｃはコントローラ３０のみが持つ秘密情報である。ＩＰ_Ｈはホスト１０のＩＰアドレスであり、ＲＱメッセージのヘッダ情報に記載された送信元ＩＰアドレスである。コントローラ３０はネットワークノード４０に制御を実施したホスト１０ごとにシーケンス番号Ｓを管理する。ここで、Ｓ^＊はＳに１加えた値である。ホスト１０がはじめて制御を実施する場合は、Ｓ^＊に初期値を与える。初期値の与えかたは乱数を用いるか、０を入力してもよく限定しない。関数ｆ（）は、ＫＣ、ＩＰＨ、ＩＤ、Ｓ^＊を入力として、１≦ｙ≦√ｐの範囲の整数値ｙを返す関数である。 K is derived by the following calculation formula.

K _C is the secret information held by the only controller 30. IP _H is the IP address of the host 10 and is the source IP address described in the header information of the RQ message. The controller 30 manages the sequence number S for each host 10 that controls the network node 40. Here, S ^* is a value obtained by adding 1 to S. When the host 10 performs control for the first time, an initial value is given to S ^* . The initial value is not limited, but a random number may be used or 0 may be input. The function f () is a function that returns an integer value y in the range of 1 ≦ y ≦ √p with KC, IPH, ID, and S ^* as inputs.

3. The authentication assistant server 20 that has received the RRQ message transmits the RRS message to the controller 30.
The RRS message has the following information.
■ K ^* : Token value generated by authentication auxiliary server 20 with K as input ■ ID: Sequence identifier included in RRQ message ■ S ^* : Sequence value included in RRQ message

Ｋ_Ｒは認証補助サーバ２０のみが持つ秘密情報である。関数ｇ（）は、Ｋ_Ｒ、ＩＰ_Ｈ、ＩＤ、Ｓ^＊を入力として、１≦ｚ≦√ｐとなる整数値ｚを返す関数である。 The authentication auxiliary server 20 calculates K ^* by the following calculation formula.

K _R is the secret information held by the only authentication auxiliary server 20. The function g () is a function that returns an integer value z satisfying 1 ≦ z ≦ √p with K _R , IP _H , ID, and S ^* as inputs.

4). After receiving the RRS message, the controller 30 transmits the RS message to the host 10.
The RS message has the following information.
■ ^K *: token value contained in the RRS message ■ ID: RRS sequence identifier contained in the message ■ ^S *: the sequence value contained in the RRS message ■ IP _R: IP address of the IP address authentication assist server 20 of authentication assist server 20 IP _R is the source IP address included in the header of the RRS message.

5. After receiving the RS message, the host 10 transmits an RRQ message to the authentication auxiliary server 20.
The RRQ message has the following information.
■ p: a prime value placed on the RQ message ■ T: a value generated by the host 10 ■ ID: a sequence identifier placed on the RQ message ■ S ^* : a sequence value included in the RS message

ｘは、ホスト１０のみが持つ秘密情報であり、１≦ｘ≦√ｐを満たす整数値とする。 The host 10 calculates T by the following calculation formula.

x is secret information possessed only by the host 10 and is an integer value satisfying 1 ≦ x ≦ √p.

6). The authentication auxiliary server 20 transmits the RRS message to the host 10 after receiving the RRQ message.
The RRS message has the following information.
■ T ^* : Token value generated by authentication auxiliary server 20 using T as input ■ ID: Sequence identifier included in RRQ message ■ S ^* : Sequence value included in RRQ message

認証補助サーバ２０は、ＲＲＱメッセージの送信元がホスト１０またはコントローラ３０であれ区別しない。ＲＲＱメッセージを受信後、同様の処理を行い、ＲＲＱメッセージ送信元へＲＲＳメッセージを返信する。 The authentication auxiliary server 20 calculates T ^* by the following calculation formula.

The authentication auxiliary server 20 does not distinguish whether the source of the RRQ message is the host 10 or the controller 30. After receiving the RRQ message, the same processing is performed, and the RRS message is returned to the RRQ message transmission source.

  With the information obtained so far, the host 10 generates a MAC. Using the generated MAC, it is proved that the owner of the IP address is valid, and the network node 40 is controlled. Network node control is performed by the sequence shown in FIG.

7). The host 10 transmits a CI message to the controller 30.
The CI message has the following information.
■ T ^* : Token value included in RRS message ■ ID: Sequence identifier included in RQ message ■ S ^* : Sequence value included in RS and RRS message ■ MAC: MAC value generated by host 10 ■ R: Host 10 Control details to be set for the created network

  R is the control content to the network node 40. This is outside the scope of the present invention as a device dependency of the network node 40 and is not limited by the present invention. However, R is interpreted as control content for traffic destined for IPH, and the controller 30 sets the network node 40.

MAC, the key _{K A} and the ^{ID, S} *, produced by HMAC as inputs R.
K _A is obtained with the following formula.

8). After receiving the CI message, the controller 30 attempts to execute control on the network node 40 and transmits the result to the host 10 as a CA message.
The CA message has the following information.
■ E: Error code ■ ID: Sequence identifier included in the CI message ■ S ^* : Sequence value included in the CI message ■ D: Valid time of the setting contents R in the network node 40 ■ MAC: MAC value generated by the controller 30

  E is an error code indicating the cause of the error. The cause of the error is, for example, a case where the MAC verification has failed or the setting of the control content included in the CI message to the network node 40 has failed. If network node control is successful, E is 0.

  D represents the valid time of R set in the network node 40. The setting of the control content R is automatically deleted after the time D has elapsed after setting R in the network node 40. If the host 10 wants to continue setting R, it is necessary to execute a procedure for setting R again until the valid time D elapses.

The controller 30 obtains After receiving the CI message, the _{T A} by the following equation.

The controller 30, the key to _{T A,} ID, including the CI ^{message, S} *, as input R, calculates the MAC by HMAC (e.g., see Non-Patent Document 4.). The MAC calculated here is compared with the MAC included in the CI message. If they do not match, the IP address authentication fails, the setting is not performed to the network node 40, and a CA message is transmitted as an error. If they match, it is determined that the IP address authentication has succeeded, and the network node 40 is set to control R for traffic destined for the source IP address of the CI message.

At this time, the controller 30 is S ^*, and that it has a length greater than S controller 30 holds, the process proceeds if S ^{*> S,} and set the error code to E as an error otherwise Send CA message. If the setting is successful, E is set to 0. If the setting is unsuccessful, an error code is set in E and a CA message is transmitted.

  The controller 30 can freely set the value of the valid time D. The controller 30 holds a value for the valid time D for each setting content R in the CI message, and may increase the value beyond the valid time D if there is a similar R setting request. In this case, for example, a method of increasing by a binary index can be used.

  The controller 30 receiving the CI message similarly verifies the MAC, confirms the validity of the CI message, and confirms the message content.

(Embodiment 2)
In this embodiment, a procedure for obtaining a key K for generating a MAC will be described as an IP address authentication method different from that in the first embodiment. Similar to the first embodiment, description will be made based on FIGS. 2 and 3. FIG. 5 shows an exemplary sequence of the second embodiment. In this form,
1) The host 10 sends a REQ_TOKEN (hereinafter RQ) message to the authentication auxiliary server 20,
2) The authentication auxiliary server 20 that has received the RQ message transmits a REF_RES_TOKEN1 (hereinafter RRS1) message to the host 10, and
3) A REF_RES_TOKEN2 (hereinafter RRS2) message is transmitted to the controller 30.
4) The controller 30 sends a RES_TOKEN (hereinafter RS) message to the host 10,
5) The host 10 obtains a key for generating a MAC from the RRS1 message and the RS message.
Hereinafter, the above procedure will be described in detail.

1. The host 10 transmits an RQ message to the authentication auxiliary server 20.
The RQ message has the following information generated by the host 10.
■ p: prime number ■ IP _C : address of controller 30 ■ ID: sequence identifier

In order to guarantee the reception of the authentication assistant server 20, p and IP _C are encrypted with the public key of the authentication assistant server 20 and transmitted. The sequence identifier ID is used for the host 10 to perform IP address authentication and to uniquely specify a sequence from execution of setting to the network node 40 to response to the result from the controller 30 to the host 10.

2. The authentication auxiliary server 20 transmits the RRS1 message to the host 10.
The RRS1 message has the following information generated by the authentication auxiliary server 20.
■ K _E : Encryption key ■ q: Prime number (q ≠ p)

In order to ensure that _KE and q are transmitted from the authentication auxiliary server 20, they are encrypted with the secret key of the authentication auxiliary server 20 and transmitted. In the present invention, authentication assist server by RSA algorithm finds the _{K E.} That is, K _E satisfying 1 = GCD (K _E , Z) is obtained. At this time, Z = LCM ((p-1), (q-1)). GCD (x, y) and LCM (x, y) represent the greatest common divisor and least common multiple of x and y, respectively.

3. The authentication auxiliary server 20 transmits an RRS2 message to the controller 30.
The RRS2 message has the following information.
■ SC: Server certificate ■ M: Integer ■ K _E : Encryption key ■ IP _H : Host 10 address ■ ID: Sequence identifier

SC, M, K _E , and IP _H are transmitted after being encrypted with the secret key of the authentication auxiliary server 20 in order to guarantee transmission from the authentication auxiliary server 20. M is obtained by p × q × r. At this time, r is a prime number generated by the authentication assistant server 20, and is different from both p and q. K _E is the same as the value containing the above RRS1.

4). The controller 30 transmits an RS message to the host 10.
The RS message has the following values generated by the controller 30.
■ T: token ■ nonce: random number ■ ID: sequence identifier ■ S ^* : sequence value managed by the controller 30

The controller 30 manages the sequence number S for each host 10 that controls the network node 40. Here, S ^* is a value obtained by adding 1 to S. When the host 10 performs control for the first time, an initial value is given to S ^* . There is no limitation on how to provide the initial value. The controller 30 generates the key K after receiving the RRS2 message. The key K is used to generate a MAC (Message Authentication Code). The key K and token T are obtained by the following calculation.

K _C is the secret information of the controller 30, it can not know other than the controller 30. The random number nonce is a value generated by the controller 30. Function f () is a function to output a modified speed m from the secret information K _C and the random number nonce, also different for each controller, the function controller holds f () can not know in addition to the controller. H () is a function for obtaining a hash value, and “|” represents a combination.

5). The host 10 generates a key K for generating a MAC based on the RRS1 message and the RS message.

The host 10 obtains the key K by the following calculation.

K _D is a value satisfying K _D × K _E ≡1 (mod X), and at this time, X = LCM ((p−1), (q−1)). In the subsequent procedure, the host 10 transmits a CI message to the controller 30 and receives a CA message response, as in the first embodiment. At this time, the key K is used in generating the MAC.

  In the present invention, the host 10 and the authentication auxiliary server 20 issue a set of prime numbers for obtaining the key K, respectively, so that authentication with the approval of a third party called the authentication auxiliary server 20 is possible. However, for this purpose, the authentication auxiliary server 20 needs to be operated by a reliable organization. For this purpose, it is also possible to verify the public key of the authentication auxiliary server 20 using the PKI system.

Attacker asked the key K, in order to perform the impersonation, it is necessary to know p, q, and K _E. The prime number q, the encryption key _KE , and the integer M are only signed with the secret key of the authentication auxiliary server 20, and anyone can know them. However, it is practically impossible for an attacker to know the prime number p due to the nature of the discrete logarithm problem by newly introducing a prime number r to the conventional RSA algorithm.

10: Host 11: IP address authentication function unit 12: Control command transmission unit 20: Authentication auxiliary server 21: Authentication auxiliary function unit 30: Controller 31: IP address authentication function unit 32: Control right transfer function unit 33: Node control interface unit 40: Network node 41: Control interface unit 42: Forwarding table 50: Lookup service 100: Network

Claims (10)

An authentication procedure to authenticate that the host address is not spoofed,
A setting procedure for setting the network node for traffic transferred to the host based on an authentication result of the authentication procedure;
A network node control method comprising: In the authentication procedure,
An RQ message transmission procedure in which the host transmits the host ID and the prime number p to the controller;
Controller, a first RRQ message transmission procedure calculates the value y and the value K using the secret information K _C, and transmits the IP address IP _H of the values K and host authentication assistant server only controller has,
Authentication assist server calculates an authentication auxiliary server only to calculate the value z by using the secret information K _R and the IP address IP _H possessed by using the value K and the value z values K ^*, the value K ^A first RRS message transmission procedure for transmitting ^* to the controller;
An RS message transmission procedure in which the controller transmits the IP address IP _R of the authentication auxiliary server and the value K ^* to the host;
A second RRQ message transmission procedure in which the host calculates a value T using secret information x possessed only by the host and transmits the value T to the IP address IP _R ;
A second RRS message transmission procedure in which the authentication auxiliary server calculates a value T ^* using the value T and the value z and transmits the value T ^* to the host;
Host calculates a MAC (Message Authentication Code) using the key _{K A} and the ID is calculated using the value ^{K *} and the value z, the control content R and the value T to the MAC and network nodes CI message transmission procedure for transmitting ^* to the controller in order,
In the setting procedure,
The controller receives the MAC from the host, calculates the MAC using the value T _A calculated using the value T ^* and the value y, and the ID of the host that has received the MAC, and calculates the received MAC. It is determined whether or not the MAC matches, and if they match, a network node setting procedure for setting the network node to execute the control content R for traffic destined for the host IP address IP _H is performed. Have
The network node control method according to claim 1. The value y is an integer satisfying 1 ≦ y ≦ √p by inputting the secret information K _C possessed only by the controller, the host IP address IP _H , the host ID, and the sequence number S of the host that has controlled the network node. Number,
The value K is derived by K = α ^y mod p,
The value z is 1 ≦ z ≦ √p with the secret information K _R possessed only by the authentication auxiliary server, the host IP address IP _H , the host ID, and the sequence number S of the host controlling the network node as inputs. Is an integer value,
The value K ^* is derived by K ^* = K ^z = α ^yz mod p,
Said value T is derived by T = α ^x mod p,
The value T ^* is derived by T ^* = T ^z = α ^xz mod p,
The key K _A is derived by K _A = (K ^* ) ^z = α ^xyz mod p,
The value T _A is derived by T _A = (T ^* ) ^y = α ^xyz mod p,
The network node control method according to claim 2, wherein: In the authentication procedure,
An RQ message transmission procedure in which the host transmits the host ID and the prime number p to the authentication server;
Authentication assist server, using the prime number p and a prime number q to calculate the encryption key K _E, it sends the encryption key K _E and the prime number q to the host, using the prime number p and the prime number q and prime r RRS message transmission procedure for calculating the integer M and transmitting the encryption key K _E , the integer M and the IP address IP _{H of the} host to the controller;
The controller calculates the key K using the secret information K _{C, the} random number nonce and the IP address IP _H , calculates the token T using the key K, the encryption key _KE, and the integer M, and the token T RS message sending procedure for sending to the host;
The host calculates the key K using the token T, the encryption key _KE, and the prime number q, calculates the MAC using the calculated key K and the ID, and the control contents to the calculated MAC and network node CI message transmission procedure for transmitting R to the controller in order,
In the setting procedure,
The controller receives the MAC from the host, calculates the MAC using the key K calculated in the RS message transmission procedure and the ID of the host that received the MAC, and whether or not the received MAC matches the calculated MAC A network node setting procedure for setting the network node to execute the control content R for the traffic destined to the IP address IP _{H of the} host.
The network node control method according to claim 1. The encryption key _{K E is, 1 = GCD (K E,} Z) guided by,
The integer M is derived by p × q × r,
The token T is guided by K ^ {K _E } mod M,
The key K is derived by K ^ {K _E K _D } mod M (mod N).
The network node control method according to claim 4, wherein:   6. The network node setting procedure according to claim 2, wherein an effective time of the setting contents of the network node is designated, and the network node cancels the setting contents when the effective time elapses. The network node control method described. A network node that controls the traffic;
A controller that authenticates that there is no spoofing of the address of the host attempting to set the network node, and sets the network node for traffic to the address of the host that has been successfully authenticated;
An authentication auxiliary server for assisting authentication of the controller;
A host that transmits the setting contents of the network node for traffic to its own address to the controller;
A network node control system comprising: The controller uses the secret information K _C where only self has to calculate the value y and the value K, and sends the IP address IP _H values K and host authentication assist server, IP address IP _R and authentication assist server MAC is calculated by using the value T _A calculated by using the value T ^* and the value y and the ID of the host that has received the MAC, and transmitting the value K ^* to the host, receiving the MAC from the host, and receiving the MAC And the calculated MAC, the network node is set to execute the control content R for the traffic destined for the IP address IP _{H of the} host,
The host, the ID and prime p host sends to the controller calculates the value T by using the secret information x that only host has to sent to IP address IP _R, using the value K ^* and the value z using the key K _a and ID of the host is calculated by calculating a MAC, and sends the control contents R and the values of the corresponding MAC and network nodes T ^* to the controller Te,
The authentication assist server is configured to calculate the value z by using the secret information only self has K _R and the IP address IP _H using the values K and the value z is calculated the value K ^*, transmits the value K ^* to the controller Calculate the value T ^* using the value T and the value z and send it to the host.
The network node control system according to claim 7, wherein: Wherein the controller calculates a key K using the secret information K _C and a random number nonce and IP address IP _H of the host calculates the token T using the key K and the encryption key K _E and an integer M, the token T is transmitted to the host, the MAC is received from the host, the MAC is calculated using the calculated key K and the host ID, and whether or not the received MAC and the calculated MAC match. If the network node is determined to match, the network node is set to execute the control content R transmitted from the host for the traffic destined to the IP address IP _H of the host,
The host transmits its own ID and prime p to the authentication server, calculates a key K using the token T, the encryption key _KE, and the prime q, and uses the key K and its own ID. Calculate the MAC, and send the calculated MAC and control content R to the network node to the controller,
The authentication assist server, the prime number with p and prime q calculates a cryptographic key K _E, and transmits the encryption key K _E and the prime number q to the host, the prime number p and the prime number q and prime r To calculate the integer M, and send the encryption key K _E , the integer M and the IP address IP _{H of the} host to the controller.
The network node control system according to claim 7, wherein: The host specifies the valid time of the setting contents of the network node,
The network node control system according to any one of claims 7 to 9, wherein the network node cancels the setting contents when the valid time elapses.

Images