WO2009067905A1 - Procédé, système et dispositif pour prévenir une attaque hostile - Google Patents

Procédé, système et dispositif pour prévenir une attaque hostile Download PDF

Info

Publication number
WO2009067905A1
WO2009067905A1 PCT/CN2008/072984 CN2008072984W WO2009067905A1 WO 2009067905 A1 WO2009067905 A1 WO 2009067905A1 CN 2008072984 W CN2008072984 W CN 2008072984W WO 2009067905 A1 WO2009067905 A1 WO 2009067905A1
Authority
WO
WIPO (PCT)
Prior art keywords
credential
binding update
update message
proxy binding
aaa server
Prior art date
Application number
PCT/CN2008/072984
Other languages
English (en)
Chinese (zh)
Inventor
Jing Chen
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009067905A1 publication Critical patent/WO2009067905A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, system and apparatus for preventing malicious attacks during MIP (Mobile IP) registration.
  • MIP Mobile IP
  • MIP Mobile IP, Mobile IP
  • Mobile IP Mobile IP
  • Mobile IP Mobile IP
  • Node mobile node
  • home network address home address
  • the MN sends a binding update message to the Home Agent (HA), and binds its care-of address to the home address;
  • HA broadcasts its reachability to the home address, thereby receiving all packets sent to the MN.
  • the HA forwards all data packets sent to the MN to the MN according to the binding relationship between the home address and the care-of address.
  • the data packets sent by the MN are routed to other nodes of the network according to the normal routing method.
  • the binding update message (BU) and the binding acknowledgement (BA) in the MIP message need to provide security protection to prevent the attacker from forging the BU message or the BA message to incorrectly update the care-of address and home address on the HA.
  • the binding relationship is used to route the MN's data packet to the wrong node to implement a denial of service attack and eavesdropping attack on the user.
  • MIP can be divided into MIPv4 and MIPv6 according to the version of the protocol.
  • the initiators of the binding update message can be divided into host-based CMIP (Client MIP) and network-based PMIP (Proxy MIP).
  • CMIP Compute resource
  • PMIP Packet MIP
  • the advantage of PMIP is that the MN does not need to implement the MIP protocol, and all MIP operations are done on the network side.
  • PMIPv6 The working principle of PMIPv6 is described as follows:
  • MAG mobile access gateway
  • LMA Local Mobility Agent
  • the LMA collects all packets sent to the MN and forwards them to the MAG.
  • the MAG then forwards the packet to the picture.
  • IP security protocols between MAG and LMA are used to secure PBU and PBA messages.
  • a malicious MAG can send a PBU message on behalf of the user, so that the user's data will flow to the malicious MAG, and the malicious MAG can obtain the user's data.
  • a malicious MAG can send a PBU message on behalf of a user to change the binding information of the user, so that a denial of service attack against the user can be implemented.
  • the malicious MAG uses the user's PBU message to register with the MIP, thereby obtaining the service and recording the fee on the user.
  • Embodiments of the present invention provide methods, systems, and corresponding apparatus for preventing malicious attacks to solve the problems of the prior art mentioned above.
  • a method for preventing malicious attacks which includes the following steps:
  • the mobile access gateway obtains a credential for protecting the binding update message
  • the mobile access gateway sends a binding update message that is protected by the credential to the local mobility anchor point;
  • the local mobility anchor verifies the binding update message.
  • a method of preventing malicious attacks including the following steps:
  • the start point of the segment of the PMIP tunnel obtains a credential for protecting the binding update message of the PMIP tunnel; the starting point of the PMIP tunnel sends a binding update message that is protected by the credential to the end of the PMIP tunnel;
  • the end of the PMIP tunnel verifies the binding update message.
  • a system for preventing malicious attacks is also provided, the system comprising a starting point of a PMIP tunnel and an end point of a PMIP tunnel; a starting point of the PMIP tunnel obtaining a credential for protecting a binding update message of the segment PMIP tunnel, to the PMIP tunnel The end point sends a binding update message that is protected by the credential;
  • the end of the PMIP tunnel verifies the binding update message.
  • a starting point device for a PMIP tunnel comprising:
  • a credential obtaining unit configured to obtain a credential of a binding update message that protects the PMIP tunnel, and provide the credential to the message sending unit;
  • the message sending unit is configured to send a binding update message that is protected by the credential to the end point of the PMIP tunnel.
  • a terminal device for a PMIP tunnel is also provided, the device comprising:
  • a message receiving unit configured to receive a binding update message that is protected by a credential sent by a starting point of the PMIP tunnel; and a verification unit: configured to verify the binding update message.
  • a home AAA server which includes:
  • a message receiving unit a request message for receiving an end point of the PMIP tunnel and requesting verification of the MN-AAA authentication extension;
  • Verification unit used to verify the MN-AAA authentication extension
  • Message sending unit Used to send a verification success message after the verification is successful.
  • a home AAA server which includes:
  • a message receiving unit configured to receive a request message for obtaining a credential sent by an end point of the PMIP tunnel, and trigger a message sending unit;
  • Message sending unit Used to send the credential required to verify the binding update message to the end point of the PMIP tunnel.
  • the binding update message is protected by the credential, and the binding update message is verified so that only the mobile access gateway currently serving the mobile node can proxy the mobile node to send the binding. Update the message to avoid problems caused by malicious MAG attacks.
  • Embodiment 1 is a flowchart of a method for preventing malicious attacks in Embodiment 1 of the present invention
  • Embodiment 2 is a flowchart of a method for preventing malicious attacks in Embodiment 2 of the present invention
  • Embodiment 3 is a flowchart of a method for preventing malicious attacks in Embodiment 3 of the present invention
  • Embodiment 4 is a flowchart of a method for preventing malicious attacks in Embodiment 4 of the present invention.
  • 5 is a flowchart of a method for preventing malicious attacks in Embodiment 5 of the present invention
  • 6 is a schematic diagram of a system for preventing malicious attacks in Embodiment 6 of the present invention
  • FIG. 7 is a schematic diagram of a starting point device of a PMIP tunnel in Embodiment 7 of the present invention.
  • Embodiment 8 is a schematic diagram of an end device of a PMIP tunnel in Embodiment 8 of the present invention.
  • FIG. 9 is a schematic diagram of a hometown AAA server according to Embodiment 9 of the present invention.
  • FIG. 10 is a schematic diagram of a hometown AAA server according to an embodiment of the present invention. detailed description
  • the method for preventing a malicious attack includes: acquiring a credential for protecting a proxy binding update message; and sending, to a local mobility anchor, a proxy binding update message that is protected by using the credential; The local mobility anchor verifies the proxy binding update response returned after the proxy binding update message.
  • a first embodiment of the present invention provides a method for preventing a malicious attack. As shown in FIG. 1, the method includes:
  • Step 101 The MN and the MAG perform access authentication, and the access authentication process requires the participation of a home AAA server (HAAA). There may also be a proxy AAA server between MAG and HAAA.
  • HAAA home AAA server
  • proxy AAA server between MAG and HAAA.
  • Step 102 After the access authentication succeeds, the HAAA generates a credential used by the MAG, and sends the credential to the MAG. Step 102 can be completed after step 101, or can be implemented as a specific step in step 101.
  • the credentials in this embodiment may be various, for example, a key calculated by HAAA or the like.
  • Step 103 The MAG sends a PBU message to the LMA, where the PBU message is protected by using the above-mentioned trust.
  • Step 104 The LMA interacts with the HAAA to verify the PBU.
  • Step 105 After the verification is successful, return a PBA message to the MAG.
  • HAAA will generate a new credential for the new MAG, so that the old MAG cannot use its saved credential, because, if the old MAG Send a PBU message protected with the old credential, the PBU will be rejected, and HAAA will not pass the verification.
  • the proxy MN sends the binding update message. This makes it impossible for a malicious MAG to modify the address binding relationship of the MN in the LMA to avoid the problems caused by malicious MAG attacks.
  • a second embodiment of the present invention provides a method for preventing a malicious attack. As shown in FIG. 2, the method includes:
  • Step 201 Draw P MAG, HAAA Execute EAP AKA (Extensible Authentication Protocol-
  • the authentication process performs access authentication.
  • Step 202 After completing the authentication of the MN, the HAAA and the MN share the key Ks.
  • HSS Home Subscriber Server
  • HAAA saves Ks.
  • Step 203 HAAA uses Ks to derive the key K.
  • the parameters of the derivation key ⁇ may include a MAG identity (MAG ID), a MN identity (MN ID), and the like.
  • the HAAA obtains the key K as a credential.
  • the method is a way for the HAAA to generate a credential.
  • the embodiment of the present invention does not exclude that the HAAA can generate a credential by other means.
  • Step 204 HAAA sends the key K to the MAG.
  • the key K can be carried in the EAP authentication success message.
  • the communication between HAAA and MAG can be secured by security mechanisms such as IPsec.
  • Step 205 The MAG saves the key K, and sends an EAP authentication success message to the MA.
  • Step 206 The MAG proxy MN sends a proxy binding update message PBU.
  • the PBU is protected with a credential, key K.
  • the specific protection method is that the PBU carries the MN-AAA authentication extension calculated by using the key K.
  • Step 207 The LMA requests the HAAA to verify the MN-AAA authentication extension, that is, to verify the PBU message.
  • Step 208 HAAA verifies the authentication extension. Specifically, if HAAA holds the key K, then the key ⁇ is used to verify the MN-AAA authentication extension; if HAAA does not save the key K, then HAAA uses Ks to derive K, and then verifies the MN-AAA authentication extension.
  • Step 209 After the verification succeeds, the HAAA sends a verification success message to the LMA.
  • Step 210 The LMA sends a PB A message to the MAG.
  • each subsequent MAG needs to carry the MN-AAA authentication extension, and the LMA interacts with the HAAA to verify the PBU. As shown in step 211 to step 215 in FIG. 2, this These steps are the same as the aforementioned steps 206 to 210.
  • the MN may perform the re-authentication process, the HAAA obtains a new CK and/or IK, and then updates the Ks; or the MN does not perform the re-authentication process, and the HAAA senses the MAG replacement and uses the old CK and / or IK, and derive new Ks based on other input parameters (such as MAG ID, etc.).
  • HAAA generates a new key K (ie, a credential) for the new MAG based on the new Ks, so that the old MAG cannot use its saved key K. Since the PBU message protected with the old key cannot be verified, its binding update request will be rejected.
  • step 216 to step 225 of FIG. 2 after the MN replaces the MAG that provides the service, the MN performs a re-authentication process to prevent malicious attacks. It can be seen that steps 216 to 225 are substantially the same as steps 201 to 210 described above.
  • the MAG may carry the timestamp in the PBU message in the foregoing step 206, step 211, and step 221.
  • the key K and the MAG may be bound by a method of associating the key K with the MAG ID.
  • HAAA finds the key K it not only searches according to the identity of the MN, but also searches according to the MAG ID.
  • MAG1 leaks its stored key K to MAG2 the PBU message sent by MAG2 will not be verified because the corresponding key K cannot be found.
  • the MAG ID is used as a parameter for calculating K. If MAG1 leaks its stored key K to MAG2, and the PBU message sent by MAG2 is protected by key K, HAAA finds Ks according to the identity of MN, and then uses Ks and MAG2 to calculate key K'. Because the calculation of K and K' uses different MAG IDs, the two keys are different, and the PBU message sent by MAG2 cannot pass the verification.
  • a third embodiment of the present invention provides a method for preventing a malicious attack. As shown in FIG. 3, the method includes:
  • Step 301 The MN, the MAG, and the HAAA perform an EAP AKA authentication process to perform access authentication.
  • IK, where CK and IK are the keys in the authentication vector and are sent by the HSS to HAAA. MN calculates CK and IK using UMTS USIM; or Ks is the key derived by HAAA based on CK and/or IK, such as Ks KDF (CK
  • Step 303 HAAA uses Ks to derive the key K.
  • the parameters of the derivation key ⁇ can include the MAG identity (MAG)
  • MN ID MN identity
  • MN ID MN identity
  • the HAAA obtains the key K as a credential.
  • the method is a way for the HAAA to generate a credential.
  • the embodiment of the present invention does not exclude that the HAAA can generate a credential by other means.
  • Step 304 HAAA sends the key K to the MAG.
  • the key K can be carried in the EAP authentication success message.
  • the communication between HAAA and MAG can be secured by security mechanisms such as IPsec.
  • Step 305 The MAG saves the key K, and sends an EAP authentication success message to the UI.
  • Step 306 The MAG proxy sends a proxy binding update message PBU.
  • the PBU is protected with a credential, key K.
  • the specific protection method is that the PBU carries the MN-AAA authentication extension calculated by using the key K.
  • Step 307 The LMA requests the HAAA to verify the MN-AAA authentication extension, that is, to verify the PBU message.
  • Step 308 HAAA verifies the authentication extension. Specifically, if HAAA holds the key K, then the key ⁇ is used to verify the MN-AAA authentication extension; if HAAA does not save the key K, then HAAA uses Ks to derive K, and then verifies the MN-AAA authentication extension. After the verification is successful, HAAA generates the verification key Kp. ⁇ can be generated based on Ks or K. The parameters for generating Kp may include nonce (time random number) generated by HAAA, nonce generated by MAG, and the like.
  • Step 309 After the verification succeeds, the HAAA sends a verification success message to the LMA. Kp is also sent to the LMA. It should be noted that Kp can be carried in the verification success message or sent to the LMA through other messages.
  • HAAA sends the parameters required by the MAG to generate Kp to the MAG via the LMA.
  • the MAG calculates Kp in the same way as HAAA. This step is not limited to execution at a certain point in time.
  • the MN-HA authentication extension or the FA-HA authentication extension can be calculated by using the verification key Kp.
  • the LMA uses Kp to verify the MN-HA or FA-HA authentication extension.
  • the MN-HA authentication extension is calculated and verified by the verification key Kp. In this way, the subsequent PBU message can be verified on the LMA, and the HAAA participation is required to verify the PBU message every time, thereby saving network resources.
  • the verification key Kp can have a lifetime, and when the lifetime reaches, the LMA needs to delete the Kp. This can make Kp Will not be used indefinitely.
  • the LMA instructs the MAG to send a PBU message carrying the MN-AAA authentication extension, and then the MAG and the LMA, HAAA perform the steps of steps 306 to 310 to verify the PBU message, and cause the LMA to obtain the verification key. Kp.
  • the MN may perform the re-authentication process, the HAAA obtains the new CK and/or IK, and then updates the Ks; or the MN does not perform the re-authentication process, and the HAAA senses the MAG replacement and uses the old CK and / or IK, and derive new Ks based on other input parameters (such as MAG ID, etc.).
  • HAAA generates a new key K (ie, a credential) for the new MAG based on the new Ks.
  • a new Kp is also generated.
  • HAAA sends the generated new Kp to the LMA; the parameters required by the MAG to generate a new Kp are sent to the new MAG via the LMA.
  • the LMA needs to delete the old Kp.
  • the LMA can delete the old Kp after sending the PBA message, or delete the old ⁇ immediately after receiving the new Kp.
  • the old MAG cannot use its saved key K, nor can it generate a new ⁇ . Therefore its binding update request will be rejected.
  • it is a method to prevent malicious attacks after replacing the MAG that provides services. In the process shown in Figure 3, after the MN replaces the MAG, the access authentication is performed again, and the LMA deletes the old Kp after sending the PBA message.
  • the MAG may carry a timestamp in the PBU message in the foregoing step 306, step 311, and step 319.
  • a fourth embodiment of the present invention provides a method for preventing a malicious attack. As shown in FIG. 4, the method includes:
  • Step 401 The MN, the MAG, and the HAAA perform an EAP AKA authentication process to perform access authentication.
  • Step 402 After completing the authentication of the MN, the HAAA and the MN share the key Ks.
  • IK, where CK and IK are the keys in the authentication vector and are sent by the HSS to HAAA. MN uses UMTS USIM to calculate CK and IK; or Ks is the key that HAAA derives from CK and / or IK, such as Ks KDF (CK
  • Step 403 HAAA uses Ks to derive the key K.
  • the parameters of the derivation key ⁇ may include a MAG identity (MAG ID), a MN identity (MN ID), and the like.
  • the HAAA uses the obtained key K as a credential.
  • This method is a way to generate a credential.
  • the embodiment of the present invention does not exclude that the credential can be generated by other means.
  • Step 404 ⁇ Send the key ⁇ to the MAG.
  • the key K can be carried in the EAP authentication success message.
  • the communication between HAAA and MAG can be secured by security mechanisms such as IPsec.
  • Step 405 The MAG saves the key K, and sends an EAP authentication success message to the ⁇ .
  • Step 406 The MAG proxy MN sends a proxy binding update message PBU, and the PBU is protected by the credential, that is, the key K.
  • the specific protection method is that the MAG uses the key K to calculate the MN-HA authentication extension or the FA-HA authentication extension.
  • Step 407 The LMA requests the HAAA to use the key K for verifying the PBU message.
  • Step 408 If HAAA does not save the key ⁇ , then HAAA generates a key ⁇ . This step is optional.
  • Step 410 After the verification succeeds, the LMA sends a PBA message to the MAG.
  • the key K can be used to calculate the MN-HA authentication extension or the FA-HA authentication extension.
  • the LMA uses K to verify the MN-HA or FA-HA authentication extension.
  • the MAG calculates the MN-HA authentication extension using the key K and performs verification. In this way, the subsequent PBU message can be verified on the LMA, and the HAAA participation is required to verify the PBU message every time, thereby saving network resources.
  • the MN may perform the re-authentication process, the HAAA obtains a new CK and/or IK, and then updates the Ks; or the MN does not perform the re-authentication process, and the HAAA senses the MAG replacement and uses the old CK and / or IK, and derive new Ks based on other input parameters (such as MAG ID, etc.). HAAA generates a new key K (ie, a credential) for the new MAG based on the new Ks.
  • K ie, a credential
  • the HAAA When the HAAA receives the message of the request key K sent by the new MAG, it sends a new key K to the LMA; if the key K is not saved on the HAAA, a new key is generated, and a new key K is sent to the LMA. .
  • the LMA needs to delete the old K.
  • the LMA can delete the old K after sending the PBA message, or delete the old one immediately after receiving the new one.
  • the old MAG cannot use the saved key K, so Its binding update request will be rejected.
  • it is a method for preventing malicious attacks after replacing the MAG that serves the service. In the process shown in Figure 4, after the MN replaces the MAG, the access authentication is re-established, and the LMA deletes the old K after sending the PBA message.
  • the MAG may carry a timestamp in the PBU message in the foregoing step 406, step 411, and step 419.
  • MAG1 will If the stored key K is leaked to the MAG2, the PBU message sent by the MAG2 will fail to pass the verification because the corresponding key cannot be found.
  • the above embodiments describe methods for preventing malicious attacks under a single PMIP tunnel.
  • the method for preventing a malicious attack may include: obtaining, by a starting point of a segment of a PMIP tunnel, a credential for protecting a proxy binding update message of the segment of the PMIP tunnel; starting point of the PMIP tunnel to the PMIP tunnel of the segment
  • the endpoint sends a proxy binding update message protected with the credential; the origin of the PMIP tunnel receives a proxy binding update response returned by the endpoint of the PMIP tunnel after verifying the proxy binding update message.
  • Embodiment 5 of the present invention describes a method for preventing malicious attacks under two PMIP tunnels. As shown in Figure 5, it includes:
  • Step 501 The MN, the MAG, and the HAAA perform an EAP AKA authentication process to perform access authentication.
  • Step 502 After completing the authentication of the MN, the HAAA and the MN share the key Ks.
  • IK, where CK and IK are the keys in the authentication vector and are sent by the HSS to HAAA. MN uses UMTS USIM to calculate CK and IK; or Ks is the key that HAAA derives from CK and / or IK, such as Ks KDF (CK
  • Step 503 HAAA uses Ks to derive the key K.
  • the parameters of the derivation key ⁇ may include a MAG identity (MAG ID), a MN identity (MN ID), and the like.
  • the HAAA obtains the key K as a credential.
  • the method is a way for the HAAA to generate a credential.
  • the embodiment of the present invention does not exclude that the HAAA can generate a credential by other means.
  • Step 504 HAAA sends the key K to the MAG.
  • the key K can be carried in the EAP authentication success message.
  • the communication between HAAA and MAG can be secured by security mechanisms such as IPsec.
  • Step 505 The MAG saves the key K, and sends an EAP authentication success message to MA.
  • Step 506 The MAG proxy MN sends a proxy binding update message PBU.
  • the PBU is protected with a credential, key K.
  • the specific protection method is that the PBU carries the MN-AAA authentication extension calculated by using the key K.
  • Step 507 The LMA requests the HAAA to verify the MN-AAA authentication extension, that is, to verify the PBU message.
  • Step 509 After the verification succeeds, the HAAA sends a verification success message to the LMA.
  • the verification key Kp and the second credential K' are also sent to the LMA.
  • verification key Kp and the second credential K' may be carried in the verification success message and sent to the LMA, or may be sent to the LMA in other messages, and Kp and K' may not be sent in the same message.
  • Step 510 The LMA sends a PBU message to the second local mobility anchor LMA'. This message is protected by the second credential K' obtained by the LMA.
  • the specific protection method is that the PBU carries the MN-AAA authentication extension calculated by using the second credential K'.
  • Step 511 The LMA' requests the HAAA to verify the MN-AAA authentication extension, that is, to verify the PBU message.
  • Step 512 HAAA verifies the authentication extension. Specifically, if HAAA saves the second credential K', then the second credential K' is used to verify the ⁇ - ⁇ authentication extension; if HAAA does not save the second credential ⁇ ', then HAAA uses Ks to derive ⁇ ' , then verify the MN-AAA authentication extension. After the verification is successful, HAAA generates a second verification key Kp'. Kp' can be generated based on Ks or K'. The parameters for generating Kp' may include nonce generated by HAAA, nonce generated by LMA, and the like.
  • Step 513 After the verification succeeds, the HAAA sends a verification success message to the LMA'. Kp' was also sent to LMA'. It should be noted that Kp' can be carried to the LMA' in the verification success message, or can be sent to the LMA' in other messages.
  • Step 514 The LMA' replies to the PBA message to the LMA.
  • Step 515 The LMA replies to the PBA message to the MAG.
  • the HAAA sends the parameters required by the MAG to generate the verification key Kp to the MAG via the LMA, and sends the parameters required by the LMA to generate the second verification key Kp' to the LMA via the second local mobility anchor LMA'.
  • the MAG calculates Kp in the same way as HAAA, and the LMA calculates Kp' in the same way as HAAA.
  • the MN-HA authentication extension or the FA-HA authentication extension can be calculated by using the verification key Kp.
  • the LMA uses Kp to verify the MN-HA authentication extension or FA-HA authentication extension.
  • the MN-HA authentication extension or the FA-HA authentication extension can be calculated using the second verification key Kp'.
  • LMA' uses Kp' to verify the MN-HA authentication extension or FA-HA authentication extension. As shown in step 516 of FIG. 5, the subsequent verification process is generally indicated.
  • the verification key Kp and the second verification key ⁇ ' may have a lifetime, and when the lifetime reaches, the LMA or LMA' needs to delete the ⁇ or ⁇ '. This can make ⁇ or ⁇ ' not be used indefinitely.
  • the LMA instructs the MAG to send a PBU message carrying the MN-AAA authentication extension, and then the LMA and HAAA interact to verify the PBU message.
  • the LMA' instructs the LMA to send a PBU message carrying the ⁇ - ⁇ authentication extension, and then the LMA' and HAAA interact to verify the PBU message.
  • HAAA updates Ks after the MN changes its MAG to provide services.
  • HAAA generates a new key K (ie, a credential) for the new MAG based on the new Ks.
  • K ie, a credential
  • HAAA verifies the PBU message sent by the new MAG, a new Kp is also generated.
  • HAAA sends the generated new Kp to the LMA; the parameters required by the MAG to generate a new Kp are sent to the new MAG via the LMA.
  • the LMA needs to delete the old Kp.
  • the LMA can delete the old Kp after sending the PBA message, or delete the old Kp immediately after receiving the new Kp.
  • the PBU message between the LMA and the LMA' may continue to be protected using the original Kp', or the steps as in steps 510 to 514 may be re-executed to make
  • the LMA and LMA' can derive a new ⁇ ' based on the new key Ks; if the LMA is also replaced, the steps of steps 510 to 514 are performed to obtain a new Kp'.
  • the old MAG or LMA cannot use its saved credential K or second credential ⁇ ', so its binding update request will be rejected.
  • step 5 of Figure 5 to step 523 it is a method to prevent malicious attacks after replacing the MAG that serves it.
  • the access authentication is performed again, the LMA is not replaced, and the LMA deletes the old Kp after sending the PBA message.
  • the MAG or the LMA may carry the timestamp in the PBU message of the foregoing step 506, step 510, and step 518.
  • the fifth embodiment described above describes a method for preventing malicious attacks under two PMIP tunnels.
  • HAAA verifies the PBU message sent by the start point A of a PMIP tunnel, and then sends its own trust to the destination B of the PMIP tunnel.
  • the end point B of this PMIP tunnel is the starting point of the next PMIP tunnel, and B protects the PBU message with the credentials it owns.
  • the HAAA sends the credential used by the starting point of the next PMIP tunnel to the starting point of the next PMIP tunnel. In this way, only the node currently serving the MN can obtain the associated credentials, thereby preventing the node that is currently not serving the MN from sending an illegal PBU message.
  • the home AAA server can associate the credentials of any segment of the PMIP tunnel with the identity of the starting point of the segment of the PMIP tunnel. If the end point of a PMIP tunnel holds the verification key or credential of the PMIP tunnel, then the The endpoint of the segment PMIP tunnel may be associated with the identity of the authentication key or credential with the origin of the segment of the PMIP tunnel.
  • the fifth embodiment is based on the third embodiment to illustrate a method for preventing malicious attacks under multiple PMIP tunnels.
  • Embodiment 2 and Embodiment 4 may also be extended in a similar manner to protect PBU messages under multiple PMIP tunnels.
  • the protection modes of the second embodiment, the third embodiment and the fourth embodiment can be applied to any one of the multiple PMIP tunnels.
  • the protection of the first heavy PMIP tunnel can be protected by the method of the third embodiment
  • the protection of the second heavy PMIP tunnel can be protected by the method of the second embodiment.
  • some other possible scenarios are described below:
  • the MAG may also obtain a credential from the MN. For example, after the access authentication succeeds, the MN generates a credential by using the Ks shared with the HAAA and sends the credential to the MAG. HAAA generates the same credential to verify the PBU message sent by the MAG.
  • a simple credential is the identity of the MAG currently serving the MN, ie the MAG ID.
  • HAAA does not need to generate the key K as the credential used by the MAG.
  • the HAAA can record the MAG ID that is currently serving the MN.
  • the LMA interacts with the HAAA to verify whether the MAG that sends the PBU message is the MAG that currently serves the MN. If yes, the credentials are verified; if not, the binding update is rejected.
  • the process in which the HAAA sends the key K to the MAG may be initiated by the HAAA mentioned in the foregoing embodiment, or may be other methods.
  • the HAAA records the identity of the MAG that is currently serving the MN.
  • the MAG can send a request to the HAAA to obtain the key K.
  • the HAAA checks whether the MAG is valid and sends the key K to the MAG. In the case of multiple PMIP tunnels, other LMAs can obtain K', and even LMA's can get K'' in this way.
  • Embodiment 6 of the present invention provides a system for preventing malicious attacks, as shown in FIG.
  • the system includes a starting point 601 of the PMIP tunnel and an ending point 602 of the PMIP tunnel;
  • the start point 601 of the PMIP tunnel obtains a credential for protecting the PBU message of the PMIP tunnel, and sends a PBU message protected by the credential to the end point 602 of the PMIP tunnel;
  • the end point 602 of the PMIP tunnel verifies the PBU message.
  • the system may also include a home AAA server 603, the end point 602 of the PMIP tunnel may pass through the hometown
  • the AAA server 603 interacts to verify the PBU message.
  • the origin 601 of the PMIP tunnel can obtain a credential from the home AAA server 603, at which point the credential is generated by the home AAA server 603 and sent to the origin 601 of the PMIP tunnel; the origin 601 of the PMIP tunnel can also obtain a credential from the mobile node. At this time, the credential is generated by the mobile node and sent to the starting point 601 of the PMIP tunnel; in the case of a single PMIP tunnel, the starting point 601 of the PMIP tunnel can also be used as its own identity.
  • the home AAA server 603 can actively send the credential to the starting point 601 of the PMIP tunnel, or can send the credential according to the request of the starting point 601 of the PMIP tunnel.
  • the PBU message can carry a timestamp.
  • the protection of the PBU message by using the credential may be: calculating the MN-AAA authentication extension by using the credential, and carrying the authentication extension in the PBU message.
  • the destination 602 of the PMIP tunnel may request the home AAA server 603 to verify the MN-AAA authentication extension; the home AAA server 603 uses the credentials to verify the MN-AAA authentication extension; after successful authentication, the home AAA The server 603 sends a verification success message.
  • the home AAA server 603 can also associate the credential with the identity of the origin 601 of the PMIP tunnel.
  • the home AAA server 603 can also generate an authentication key; the verification key is sent to the end point 602 of the PMIP tunnel, and the parameters required to generate the authentication key are sent to the starting point 601 of the PMIP tunnel.
  • the destination 602 of the PMIP tunnel can be associated with the identity of the originating key 601 of the PMIP tunnel.
  • the protection of the PBU message by using the credential may be: calculating the MN-HA authentication extension or the FA-HA authentication extension by using the credential, and carrying the authentication extension in the PBU message.
  • the destination 602 of the PMIP tunnel may request the home AAA server 603 for a credential for verifying the PBU message; the home AAA server 603 sends the credential to the end point 602 of the PMIP tunnel; Endpoint 602 verifies the PBU message with the credentials. If the home AAA server 603 does not save the credential, the home AAA server 603 generates the credential before sending the credential to the end point 602 of the PMIP tunnel.
  • the destination 602 of the PMIP tunnel can be associated with the identity of the origin 601 of the PMIP tunnel.
  • Embodiment 7 of the present invention provides a starting point device for a PMIP tunnel, as shown in FIG. 7:
  • the device includes a credential obtaining unit 701 and a message sending unit 702;
  • the credential obtaining unit 701 is configured to obtain a credential of the binding update message that protects the PMIP tunnel, and provide the credential to the message sending unit 702;
  • the message sending unit 702 is configured to send a binding update message protected by the credential to the end point of the PMIP tunnel.
  • Embodiment 8 of the present invention provides a terminal device for a PMIP tunnel, as shown in FIG.
  • the device includes a message receiving unit 801 and a verification unit 802;
  • the message receiving unit 801 is configured to receive a binding update message that is protected by a credential sent by a starting point of the PMIP tunnel;
  • the verification unit 802 is configured to verify the binding update message.
  • Embodiment 9 of the present invention provides a home AAA server, as shown in FIG.
  • the home AAA server includes a message receiving unit 901, a verification unit 902, and a message sending unit 903;
  • the message receiving unit 901 is configured to receive a request message for requesting verification of the MN-AAA authentication extension sent by the end point of the PMIP tunnel;
  • the verification unit 902 is configured to verify the MN-AAA authentication extension
  • the message sending unit 903 is configured to send a verification success message after the verification is successful.
  • the above-mentioned home AAA server provided in this embodiment can verify the MN-AAA authentication extension sent by the end point of the PMIP tunnel, so that the end point of the PMIP tunnel can complete the verification of the PBU message, and ensure that only the current mobile node is served.
  • the mobile access gateway can proxy the mobile node to send a binding update message, thereby avoiding the problems caused by malicious MAG attacks.
  • Embodiment 10 of the present invention provides another home AAA server, as shown in FIG.
  • the home AAA server includes a message receiving unit 1001 and a message sending unit 1002;
  • the message receiving unit 1001 is configured to receive a request message for obtaining a credential sent by an end point of the PMIP tunnel, and trigger the message sending unit 1002;
  • the message sending unit 1002 is configured to send a credential required to verify the binding update message to the end point of the PMIP tunnel.
  • the above-mentioned home AAA server provided in this embodiment can provide a credential to the end point of the PMIP tunnel, so that the
  • the end point of the PMIP tunnel can complete the verification of the PBU message, ensuring that only the mobile access gateway currently serving the mobile node can proxy the mobile node to send a binding update message, thereby avoiding the problem caused by the malicious MAG attack.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé, un système et un dispositif pour prévenir une attaque hostile. Le procédé comprend les étapes suivantes: obtenir une certification servant à protéger un message de mise à jour de liaison à un serveur mandataire; envoyer le message de mise à jour de liaison à un serveur mandataire, qui est protégé par la certification, à une ancre mobile locale; recevoir un accusé de réception de liaison au serveur mandataire retourné par l'ancre mobile locale après que celle-ci ait authentifié le message de mise à jour de liaison au serveur mandataire. Le système comprend: un point d'origine de tunnel PMIP et un point d'extrémité de tunnel PMIP; le point d'origine du tunnel PMIP obtient la certification, qui sert à protéger le message de mise à jour de liaison au serveur mandataire du tunnel PMIP, et envoie ensuite ledit message protégé par la certification au point d'extrémité du tunnel PMIP; le point d'extrémité du tunnel PMIP authentifie ledit message. L'invention permet d'éviter les problèmes causés par une attaque hostile de MAG, par la mise en œuvre des étapes consistant à: obtenir une certification, protéger le message de mise à jour de liaison à un serveur mandataire à l'aide de la certification et authentifier le message de mise à jour de liaison au serveur mandataire.
PCT/CN2008/072984 2007-11-08 2008-11-07 Procédé, système et dispositif pour prévenir une attaque hostile WO2009067905A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710124445.0 2007-11-08
CNA2007101244450A CN101431756A (zh) 2007-11-08 2007-11-08 防止恶意攻击的方法、系统和装置

Publications (1)

Publication Number Publication Date
WO2009067905A1 true WO2009067905A1 (fr) 2009-06-04

Family

ID=40646864

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072984 WO2009067905A1 (fr) 2007-11-08 2008-11-07 Procédé, système et dispositif pour prévenir une attaque hostile

Country Status (2)

Country Link
CN (1) CN101431756A (fr)
WO (1) WO2009067905A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040036118A (ko) * 2002-10-23 2004-04-30 한국전자통신연구원 이동 노드와 홈 다이아메터 서버간의 aaa 비밀키재발급 방법
CN1758651A (zh) * 2004-09-07 2006-04-12 三星电子株式会社 使用转交地址(coa)绑定协议来认证地址所有权
WO2006118342A1 (fr) * 2005-04-28 2006-11-09 Matsushita Electric Industrial Co., Ltd. Systeme, methodes et appareil associes pour fixer des mises a jour de liaison a portee predeterminee
US20070113075A1 (en) * 2005-11-10 2007-05-17 Ntt Docomo, Inc. Secure route optimization for mobile network using multi-key crytographically generated addresses
CN1989754A (zh) * 2004-07-23 2007-06-27 思科技术公司 用于在IPv6网络中实现路由优化和位置私密性的方法和设备
CN101170806A (zh) * 2006-10-27 2008-04-30 华为技术有限公司 代理移动ip的安全机制建立方法、安全系统及相关设备

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040036118A (ko) * 2002-10-23 2004-04-30 한국전자통신연구원 이동 노드와 홈 다이아메터 서버간의 aaa 비밀키재발급 방법
CN1989754A (zh) * 2004-07-23 2007-06-27 思科技术公司 用于在IPv6网络中实现路由优化和位置私密性的方法和设备
CN1758651A (zh) * 2004-09-07 2006-04-12 三星电子株式会社 使用转交地址(coa)绑定协议来认证地址所有权
WO2006118342A1 (fr) * 2005-04-28 2006-11-09 Matsushita Electric Industrial Co., Ltd. Systeme, methodes et appareil associes pour fixer des mises a jour de liaison a portee predeterminee
US20070113075A1 (en) * 2005-11-10 2007-05-17 Ntt Docomo, Inc. Secure route optimization for mobile network using multi-key crytographically generated addresses
CN101170806A (zh) * 2006-10-27 2008-04-30 华为技术有限公司 代理移动ip的安全机制建立方法、安全系统及相关设备

Also Published As

Publication number Publication date
CN101431756A (zh) 2009-05-13

Similar Documents

Publication Publication Date Title
JP4913909B2 (ja) モバイルipネットワークにおけるルート最適化
Arkko et al. Enhanced route optimization for mobile IPv6
US8918522B2 (en) Re-establishment of a security association
JP4291272B2 (ja) ホームエージェントと共に移動ノードのホームアドレスを登録する方法
JP5238029B2 (ja) 通信ネットワーク間でのローミングの方法および装置
JP4585002B2 (ja) 高速ネットワーク接続機構
JP4477003B2 (ja) 通信システムにおける位置プライバシー
Chuang et al. SPAM: A secure password authentication mechanism for seamless handover in proxy mobile IPv6 networks
JP2010506520A (ja) MobileIPのルート最適化のための方法及び装置
JP5102372B2 (ja) 通信ネットワークにおいて使用する方法および装置
WO2008040178A1 (fr) Procédé et dispositif de mise à jour d'association entre un noeud mobile et un noeud correspondant
Lee et al. HOTA: Handover optimized ticket-based authentication in network-based mobility management
JP2007036641A (ja) ホームエージェント装置、及び通信システム
US8447981B2 (en) Method and system for generating and distributing mobile IP security key after re-authentication
WO2007082427A1 (fr) Procédé, système et appareil d'optimisation de chemin dans un protocole ipv6 mobile
WO2008052470A1 (fr) Procédé d'établissement de mécanisme de sécurité d'appareil ip mobile, système de sécurité et dispositif correspondant
Qiu et al. A pmipv6-based secured mobility scheme for 6lowpan
WO2009067905A1 (fr) Procédé, système et dispositif pour prévenir une attaque hostile
Zubair et al. DMAM: distributed mobility and authentication mechanism in next generation networks
ZHANG et al. AAA authentication for network mobility
Elshakankiry Securing home and correspondent registrations in mobile IPv6 networks
Zhang Interworking security in heterogeneous wireless IP networks
Kim et al. Secure and low latency handoff scheme for proxy mobile ipv6
KR101266931B1 (ko) Aaa 프로토콜을 기반으로 하는 통합 보안인증 체계의 구축을 통한 보안인증 방법
Park et al. Optimized cryptographic binding protocol using MIPv6 over IEEE 802.16 e

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08855611

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08855611

Country of ref document: EP

Kind code of ref document: A1