WO2015188659A1 - 一种通信协议测试方法及其被测设备和测试平台 - Google Patents
一种通信协议测试方法及其被测设备和测试平台 Download PDFInfo
- Publication number
- WO2015188659A1 WO2015188659A1 PCT/CN2015/076825 CN2015076825W WO2015188659A1 WO 2015188659 A1 WO2015188659 A1 WO 2015188659A1 CN 2015076825 W CN2015076825 W CN 2015076825W WO 2015188659 A1 WO2015188659 A1 WO 2015188659A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- data
- test
- communication protocol
- encapsulation format
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Definitions
- the invention belongs to the field of communication protocol testing, and in particular relates to a communication protocol testing method and a device under test thereof and a testing platform.
- Network communication protocol is a set of specifications to ensure the operation of the network.
- the network faces more and more threats, including the disclosure of confidential data, the destruction of data integrity, identity camouflage and denial of service supply, etc. .
- researchers have introduced network security protocols to address the network threats faced by specific network communication protocols from the protocol level. Some of them are considered in the evolution and design process of network communication protocols.
- the network security communication protocol is naturally embedded in the network communication protocol as an integral part of the content.
- test for the network security protocol generally adopts the method of packet capture analysis.
- the test platform first captures and transmits the data packet when each related device including the device under test performs the network security protocol, and then performs the captured data packet. analysis.
- This test method fails to pay full attention to and utilize some common features of some current network security protocols.
- Each network security protocol test platform developed is only for a specific network security protocol. The development of different test systems for testing different network security protocols reduces the development efficiency and increases the development cost.
- the present invention provides a communication protocol testing method, which can be used to detect the compliance of a device under test to perform a communication protocol, or the correctness of a cryptographic algorithm involved in a executed communication protocol, Consistency, etc.
- the method relates to a test platform, a device under test, and a reference device, which are used to detect the execution of the device under test when the communication protocol between the device under test and the reference device is executed,
- the device under test and the reference device perform a communication protocol, and the message sent and/or received by the device under test when the communication protocol is executed is referred to as a first message, and the first message is encapsulated by using a data encapsulation format of the communication protocol. ;
- the device under test encapsulates part or all of the data in the first message and/or data known by the device under test according to a unified data encapsulation format to generate a second message; the test platform acquires the first And a second message; the part or all of the data in the first message, including data obtained by the device under test to parse the received first message according to the communication protocol, and/or a first message sent by the device under test configuration Data used;
- the second message obtained by the test platform is parsed according to the unified data encapsulation format to obtain part or all of the data of the second message;
- the invention also provides a device under test comprising:
- a communication protocol execution module configured to perform a communication protocol with the reference device, the message sent and/or received during the execution of the communication protocol is a first message, and the first message is encapsulated by using a data encapsulation format of the communication protocol;
- a parsing module configured to parse the received first message according to the communication protocol to obtain data
- Encapsulating module configured to know part or all of the data in the first message and/or the device under test Data is encapsulated according to a unified data encapsulation format to generate a second message, some or all of the data in the first message includes data obtained by the parsing module parsing the received first message and/or constructing the first message Data used at the time;
- a sending module configured to send the second message to the testing platform.
- test platform including:
- An acquiring module configured to acquire a second message sent by the device under test
- a parsing module configured to parse the obtained second message according to a unified data encapsulation format to obtain part or all of the data of the second message
- a testing module configured to execute a test item according to part or all of the data of the second message obtained by parsing
- an output module configured to output the test result completed by the test module.
- the present invention encapsulates, by the device under test, part or all of the data in the first message and/or data known by the device under test according to a unified data encapsulation format to generate a second message;
- the test platform obtains the second message, and parses the obtained second message according to the unified data encapsulation format to obtain part or all of the data of the second message;
- Part or all of the data of the second message executes a test item and outputs a test result to complete the test. Therefore, when the execution of the device under test with the common characteristic communication protocol, especially the network security protocol, is performed between detecting the device under test and the reference device, the development workload of the test system is greatly reduced, and the test system is improved. Reusability saves development costs and improves development efficiency.
- the communication protocol with common features is transparent to the test platform, and the test platform only needs to parse the obtained data according to a unified data encapsulation format, and does not need to follow each network.
- the data encapsulation definition format of the security protocol is parsed, thereby improving the execution efficiency of the test platform.
- the test platform does not need data capture and does not require tools for data capture, thereby reducing the complexity of the test.
- FIG. 1 is a schematic diagram of a test system according to an embodiment of the present invention.
- FIG. 2 is a flow chart of a method according to an embodiment of the present invention.
- FIG. 3 is a network topology diagram of a communication protocol performed by a device under test according to another embodiment of the present invention.
- FIG. 4 is a structural diagram of a test system according to another embodiment of the present invention.
- FIG. 5 is a structural diagram of another test system according to another embodiment of the present invention.
- FIG. 6 is a schematic diagram of another test system according to an embodiment of the present invention.
- FIG. 7 is a schematic structural diagram of a device under test according to the present invention.
- the communication protocol testing method provided by the invention can realize the universal testing of the communication protocol having some common features, especially the network security protocol, thereby reducing the development cost and improving the reusability of the test.
- a unified data encapsulation format, Package Format B is defined for communication protocols having common characteristics.
- the method relates to the test system diagram as described in FIG. 1 , that is, the test platform, the device under test, and the reference device, and the method is used for detecting the execution condition of the device under test when the communication protocol is executed between the device under test and the reference device.
- the device under test and the reference device perform a communication protocol, and the message sent and/or received by the device under test when the communication protocol is executed is referred to as a first message, and the first message uses a data encapsulation format specified by the communication protocol.
- A is packaged.
- the package format A1 in FIG. 1 when the network security protocol 1 is executed between the device under test 1 and the reference device 1 , the message of the interaction is the encapsulation format of the first message.
- the package format An indicates the device under test and the reference.
- the message of the interaction is the encapsulation format of the first message, where the device under test 1 and the device under test n may be the same device, and the reference device 1 and the reference device n may also be The same device.
- the first message includes an interaction message in the process of establishing a secure connection between the device under test and the reference device, or an interaction message in the process of performing data security communication, such as a message exchanged by the RFC 5246 TLS handshake protocol, GB 15629.11 -2003/Amd.1-2006WAPI WAI protocol interaction messages, etc.
- Both the device under test and the test platform described in the method support a unified data encapsulation format Package Format B.
- the device under test and the reference device perform a communication protocol, and the message sent and/or received by the device under test when the communication protocol is executed is referred to as a first message, and the first message uses a data encapsulation format of the communication protocol.
- the device under test encapsulates part or all of the data in the first message and/or data known by the device under test according to a unified data encapsulation format to generate a second message;
- the second message part or all of the data in the first message, including data obtained by the device under test to parse the received first message according to the communication protocol, and/or the configuration of the device under test The data used in a message;
- the test platform executes a test item according to the parsed part or all of the data of the second message, and outputs a test result to complete the test.
- the definition of the payload is to facilitate the secondary encapsulation of the data of the communication messages of different communication protocols, and also to facilitate the data analysis of the test platform, which is convenient for the test items.
- the payload contains definitions of data elements, each of which is clearly defined and easy to implement.
- each data element corresponds to a field in the payload, and the length and meaning of each field are clarified.
- the payload is defined as: Field 1, Field 2, Cascade to Field n, there is a strict sequence between the fields.
- the length of each field in field 1, field 2, field 3, ... field n ie length 1, length 2, length 3, length n
- the specific meaning of each field should be clarified. Second)).
- the data elements in the unified data encapsulation format defines the original message.
- the original message specifically refers to the first message, that is, the second message includes the first message as the original message data element, so that the test platform can test the data.
- the original message specifically refers to the third message described later, that is, the following
- the fourth message includes the third message as the original message data element; in some cases, the test platform may compare the first message carried in the second message with the third message in the fourth message Some data in the message to determine the authenticity of the test data.
- the original message specifically refers to the fifth message described later, that is, the sixth message includes the fifth message as the original message data element; in some cases, the test platform can compare the The first message carried in the second message and some of the data in the fifth message carried in the sixth message are used to determine the authenticity of the test data.
- the header in the unified data encapsulation format contains some common information, and the header is optional. As shown in Table 3, the header of the unified data encapsulation format can be used to identify version information and length information of the unified data encapsulation format, including the version and length fields.
- the version field in Table 3 is used to identify the version information of the unified package
- the length field in Table 3 is used to identify the length information of the payload, which is generally expressed by the number of octets. In other embodiments, the number of groups may not be eight bits.
- a device role field In order to further extend the identification capability of the header, it is also possible to add at least one of a device role field, a transceiving identifier field, a vendor identification field, a protocol type field, a packet sequence number field, a fragment sequence number field, a fragment identification field, and other extension fields. Fields, each field requires the length and meaning of the field, and such fields are optional.
- a device role field that identifies the role of the device in the communication system
- Vendor identification field to distinguish different vendors
- Protocol type field that identifies different network security protocols
- a packet sequence number field which identifies a packet sequence number corresponding to the message
- the fragment sequence number field identifies the fragment sequence number after the message fragmentation
- the fragment identification field identifies whether there is a subsequent fragmentation
- the unit length and element value corresponding to each element type should be clearly defined in the unified data encapsulation format. Unify the element types to ensure that the element types are not duplicated.
- the element type For example, if the element type is 1, the destination IP address is identified. When the element type is 2, the source IP address is identified. After a clear definition, each network security protocol compliance product knows that the destination IP address needs to be encapsulated in TLV format, the element type is 1; the source IP address is encapsulated in TLV format, and the element type is 2; For the test platform, when the parsing, the data element with the element type 1 is known to be the destination IP address, and the data element with the parsing element type 2 is the source IP address.
- An element type can correspond to a specific field, such as a local random number, a peer random number, a local digital certificate, a peer digital certificate, and the like. This method requires that each field requires an element type, each field is encapsulated in TLV format, the field definition is clear, but the package is longer.
- An element type can also correspond to all the fields required by a test item, and further define the fields required for the test item according to the way of field cascading.
- the symmetric cryptographic algorithm encrypts the test data corresponding to an element type
- the symmetric cryptographic algorithm test data further includes a symmetric cryptographic algorithm identification field, an encryption key field, an initialization vector IV field, a plaintext data field, and a ciphertext data field.
- one element type corresponds to one field; for some more, the fields corresponding to some specific test items are combined to use one element.
- Type as for IP address, MAC address, protocol class Types and other fields each use an element type separately; for the symmetric cryptographic algorithm, the data associated with the test data is combined using one element type, and the field associated with the signature algorithm test data is combined with an element type.
- the unified data encapsulation format is not specifically limited in the embodiment of the present invention, and the unified data encapsulation format can be obtained by those skilled in the art in combination with the above description.
- the second message sent by the test platform in S100 can be transmitted online through a USB interface, an RJ45 network port, or the like, or can be exported and imported through an xml or a customized text file.
- the data known by the device under test in S100 refers to some related data that may need to be submitted to the test platform according to the unified data encapsulation format requirement, and the data is sent or received by the device under test, that is, the first message is not included. , but is known for the device under test.
- the device under test also has some data that cannot be provided to the test platform even for testing, such as the private key of the device under test.
- the device under test should be able to support external import of public and private key pairs (public and private keys in public key cryptography), or directly import digital certificates directly.
- the device under test has an external import public or private key pair or an externally imported digital certificate. The purpose is to make the device under test do not need to provide private key information during testing, but these information testing platforms are available.
- External import of public or private key pairs or import of digital certificates can be in the form of custom text files.
- the test platform parses the obtained second message according to the unified data encapsulation format to obtain part or all of the data of the second message;
- the test platform may start parsing every time a message in the second message is obtained, or may start parsing after obtaining multiple messages in the second message.
- the parsing may also be to parse the meaning of each data field and the corresponding value according to the definition of the unified data encapsulation format; or analyze the meaning of the fields related to the test items according to the configuration of the test item and correspondingly The value of the situation.
- the test platform executes a test item according to the parsed part or all of the data of the second message, and outputs a test result to complete the test.
- the test platform corresponds to one or more test items, and may have a test for a cryptographic algorithm. There can also be tests for network security protocols.
- Test items for the cryptographic algorithm such as: SM2 signature algorithm test item, SM2 key exchange test item, SM2 public key encryption test item, GCM-SM4 public key encryption test item, SM3 hash algorithm test item, GCM-AES-128, etc. .
- Test items for network security protocols such as: TAEP data encapsulation test, EAP data encapsulation test item, port access control test item, and the like.
- the test report output after the test platform completes the test may describe which test items are carried out, whether each test passes or fails or not; and may also include details of each test in the test report according to requirements. . These details include the value of some of the data fields used for this test or the corresponding case of the first message.
- the test system includes a reference device and a second reference device, wherein the second reference device is also called For auxiliary equipment.
- the auxiliary equipment is mainly for preventing the tested equipment from providing false or tampered data to the test platform, that is, the auxiliary device participates in the communication process of the tested device during testing, and the auxiliary device synchronously provides relevant data to the test platform for checking the device under test.
- the auxiliary device synchronously provides relevant data to the test platform for checking the device under test.
- Provide the authenticity of the data In other words, the authenticity of the data provided by the device under test is ensured by the test platform by comparing the data provided by the auxiliary device with the data associated with the data provided by the device under test. specifically is:
- the auxiliary device participates in an execution process of a communication protocol; a message sent and/or received during execution of the communication protocol by the auxiliary device is referred to as a third message; and the third message is encapsulated using a data encapsulation format of the communication protocol ;
- the auxiliary device encapsulates part or all of the data in the third message and/or data known by the auxiliary device according to the unified data encapsulation format to generate a fourth message; the test platform acquires the first a fourth message; some or all of the data in the third message, including data that is parsed by the third message received by the auxiliary device when the communication protocol is executed according to the communication protocol, and/or the auxiliary device performs the Constructing the data used by the third message issued during the communication protocol;
- the test platform will obtain the fourth message according to the unified data encapsulation format. Parsing to obtain part or all of the data of the fourth message, and using the obtained partial or full data of the fourth message to assist the testing process.
- the part or all of the data-assisted testing process of the fourth message is specifically: the data of the second message that is parsed by the test platform and parsed by the test platform by the test platform The corresponding data in the comparison is made and the comparison result is obtained.
- a specific network security protocol a random number or a certificate of the device under test exists in both the second message and the fourth message, and the random number and the certificate according to the network security protocol are The second message and the fourth message should be consistent.
- test platform acquires the random number or certificate in the second message and the random number or certificate in the fourth message, whether the comparison is consistent, if consistent, It indicates that the second message sent by the device under test is true; if it is inconsistent, it indicates that the second message sent by the device under test is false.
- the auxiliary device transmits the fourth message to the test platform by using a USB interface or an RJ45 network port or the like, or is imported to the test platform by using an XML file or a customized text file.
- the third message and the fourth message are respectively short for a type of message, and are not limited to a specific message.
- Both the auxiliary device and the reference device in the above embodiments may be integrated into the test platform.
- the present invention will detail the test process for a series of network security protocol topology diagrams.
- the network security protocol has three device roles, including the requester REQ, the authentication access controller AAC, and the authentication server AS. Specifically, the REQ interacts with the AAC, and the AS and AAC performs message interaction.
- the network security protocol based on this topology is GB 15629.11-2003/Amd.1-2006 WAPI protocol. .
- test process of the example includes:
- the message sent and/or received by the REQ when performing the WAPI protocol message interaction is the first message; the first message is encapsulated by using the WAPI protocol; the REQ performs part or all of the data of the first message according to the unified data encapsulation format Package Format B. And the data that is known by the REQ is encapsulated to generate a second message, and the second message is sent to the test platform by way of online transmission such as RJ45 network port or file export; the first message is Part or all of the data includes the data used by the REQ to parse the message received when the WAPI protocol is executed according to the WAPI protocol and/or the data used by the REQ to construct the issued message when the WAIP protocol is executed.
- the test platform parses the second message and the fourth message according to the unified data encapsulation format Package Format B, and obtains part or all of the data and the fourth message of the second message. Part or all of the data. And part or all of the data of the fourth message that is parsed is used to assist the testing process, specifically, the second data obtained by the testing platform and parsed by the testing platform.
- the corresponding data in the data of the message such as the random number of the REQ, the random number of the AAC, etc., are compared, and the comparison result is obtained to determine the accuracy of the information submitted by the REQ to the measured data, and at the same time, the second of the parsed Part or all of the data of the message executes the test item and outputs the test result to complete the test.
- the foregoing comparison specifically refers to the random number including the REQ and the random number of the AAC in the first message according to the WAPI protocol; the third message also includes the random number of the REQ, the random number of the AAC, and the random number of the REQ in the first message.
- the random number of the AAC should be the same as the random number of the REQ in the third message and the random number of the AAC.
- the random number of the REQ and the random number of the AAC are included in the test.
- the random number of REQ and the random of AAC in the second message and the fourth message The values of the numbers should be the same respectively.
- the values of the two sets of data can be compared during the test. If the values are different, the test data provided by REQ is incorrect. If the values are the same, the REQ provides the same. The measured data is correct and can be used to execute test items and output test results to complete the test.
- the testing process of the embodiment includes:
- the REQ, the AAC, and the AS perform the communication protocol message exchange; the AAC sends and/or receives the message when the communication protocol message is exchanged as the first message; the first message is encapsulated by using the tested communication protocol;
- the unified data encapsulation format Package Format B encapsulates part or all of the data of the first message and/or data of the existing message of the AAC to generate a second message; the test platform is transmitted online through an RJ45 network port or the like. Obtaining the second message in a manner of file exporting;
- the message sent and/or received by the AS when performing the communication protocol protocol message interaction is a third message; the third message is encapsulated by using the tested communication protocol; the AS will share some or all of the data in the third message and/or
- the AS-known data is encapsulated according to the unified data encapsulation format Package Format B to generate a fourth message; the test platform obtains the fourth message by means of an online transmission method such as an RJ45 network port or a file export manner;
- the second message and the fourth message obtained by the test platform are parsed according to the unified data encapsulation format Package Format B, to obtain part or all of the data of the second message and part of the fourth message. Or all data. And part or all of the data of the fourth message that is parsed is used to assist the testing process, specifically, the second data obtained by the testing platform and parsed by the testing platform Corresponding data in the data of the message is compared, and the comparison result is obtained to determine AAC and compare the parsed data to determine the accuracy of AAC submitting the measured data information, and at the same time, the parsed Part or all of the data of the second message executes the test item and outputs the test result to complete the test.
- test platform needs to obtain the auxiliary test data from the reference device in addition to the test data obtained from the device under test.
- the corresponding test topology is shown in Figure 6.
- the testing process of this embodiment includes:
- the device under test and the reference device perform a specific communication protocol message interaction
- the message sent and/or received when the device under test performs a specific communication protocol message interaction is the first message; the first message is encapsulated using the specific communication protocol, corresponding to the Package Format A in FIG. 1; the device under test Encapsulating part or all of the data of the first message and/or data known by the device under test according to the unified data encapsulation format Package Format B to generate a second message; the test platform is transmitted online through an RJ45 network port or the like Obtaining the second message in a manner of file exporting; part or all of the data of the first message includes data that the device under test parses the first message received when the specific communication protocol is executed according to the specific communication protocol, and/or Or the data used by the device under test to construct the first message issued when the specific communication protocol is executed.
- the message sent and/or received by the reference device when performing the specific communication protocol message interaction is a fifth message; the fifth message is encapsulated using the specific communication protocol, corresponding to the Package Format A in FIG. 1; the reference device is in accordance with The unified data encapsulation format Package Format B encapsulates part or all of the data of the fifth message and/or data known by the reference device to generate a sixth message; the test platform is transmitted online through an RJ45 network port or the like.
- the sixth message is obtained by way of file exporting; part or all of the data of the fifth message includes data obtained by the reference device parsing the fifth message received when the specific communication protocol is executed according to the specific communication protocol. And/or data used by the reference device to construct the fifth message issued when the particular communication protocol is executed.
- the test platform obtains the second message and the sixth message, and parses according to the unified data encapsulation format Package Format B, to obtain part or all of the data of the second message and the sixth message. Some or all of the data.
- the part or all of the data of the sixth message obtained by the parsing is used to assist the testing process, and specifically, the second data obtained by parsing the sixth message and the second parsing of the test platform by the testing platform.
- Corresponding data in the data of the message such as the random number of the device under test, the random number of the reference device, etc., and obtain the comparison result to determine the accuracy of the device under test to submit the measured data, and at the same time, after parsing
- the second message Part or all of the data is executed and the test results are output to complete the test.
- an embodiment of the present invention further provides a device under test and a test platform. Since the principle of solving the problem between the device under test and the test platform is similar to the test method described above, the repeated description is not repeated.
- the device under test provided by the embodiment of the present invention, as shown in FIG. 7, includes:
- a communication protocol execution module configured to perform a communication protocol with the reference device, the message sent and/or received during the execution of the communication protocol is a first message, and the first message is encapsulated by using a data encapsulation format of the communication protocol;
- a parsing module configured to parse the received first message according to the communication protocol to obtain data
- An encapsulating module configured to encapsulate part or all of the data in the first message and/or data known by the device under test according to a unified data encapsulation format to generate a second message, part or all of the first message Data is parsed by the parsing module for the data obtained by the received first message and/or for constructing the data used when the first message is sent;
- a sending module configured to send the second message to the testing platform.
- the unified data encapsulation format used in the encapsulation module is a data encapsulation format supported by the test platform, and the unified data encapsulation format is used when testing for multiple different communication protocols.
- the test platform provided by the embodiment of the present invention, as shown in FIG. 8, includes:
- An acquiring module configured to acquire a second message sent by the device under test
- a testing module configured to execute a test item according to part or all of the data of the second message obtained by parsing
- the obtaining module is further configured to acquire a fourth message sent by the auxiliary device;
- the parsing module is further configured to parse the obtained fourth message according to a unified data encapsulation format to obtain part or all of the data of the fourth message;
- the test module is further configured to assist the test process by part or all of the data of the fourth message obtained by the parsing.
- the obtaining module is further configured to acquire a sixth message sent by the reference device;
- the parsing module is further configured to parse the obtained sixth message according to a unified data encapsulation format to obtain part or all of the data of the sixth message;
- the test module is further configured to use a part or all of the data of the sixth message obtained by the parsing to assist the testing process;
- the test module is configured to use part or all of the data of the sixth message obtained by the parsing to assist the test process, where the test module parses the data of the sixth message obtained by the parsing module
- the parsing module parses the corresponding data in the data of the second message that is parsed, and obtains a comparison result.
Abstract
Description
头部 | 有效负载 |
Claims (20)
- 一种通信协议测试方法,涉及测试平台、被测设备以及基准设备,该方法用于检测被测设备与基准设备之间执行通信协议时被测设备的执行情况,其特征在于:所述被测设备和基准设备执行通信协议,执行所述通信协议时被测设备发出和/或接收的消息称为第一消息,所述第一消息使用所述通信协议的数据封装格式进行封装;所述被测设备将所述第一消息中部分或全部数据和/或所述被测设备已知的数据根据统一的数据封装格式进行封装以产生第二消息;所述测试平台获取所述第二消息;所述第一消息中部分或全部数据,包括所述被测设备将接收的第一消息按照所述通信协议进行解析所得的数据和/或所述被测设备构造发出的第一消息所用的数据;所述测试平台将获得的所述第二消息按照所述统一的数据封装格式进行解析以获取所述第二消息的部分或全部数据;所述测试平台依据解析得到的所述第二消息的部分或全部数据执行测试项并输出测试结果,完成测试。
- 根据权利要求1所述的通信协议测试方法,其特征在于,所述方法还涉及辅助设备,所述辅助设备参与通信协议的执行过程,执行通信协议过程中所述辅助设备发出和/或接收的消息称为第三消息,所述第三消息使用所述通信协议的数据封装格式进行封装;所述辅助设备将所述第三消息中部分或全部数据和/或所述辅助设备已知的数据根据所述统一的数据封装格式进行封装以产生第四消息;所述测试平台获取所述第四消息;所述第三消息中部分或全部数据,包括所述辅助设备将接收的第三消息按照所述通信协议解析所得的数据和/或所述辅助设备构造发出的第三消息所用的数据;所述测试平台将获得的所述第四消息按照所述统一的数据封装格式进行解析,以获取所述第四消息的部分或全部数据,并利用得到的所述第四消息的 部分或全部数据辅助测试过程;所述测试平台利用所述第四消息的部分或全部数据辅助测试过程具体为:所述测试平台将解析得到的所述第四消息的数据中与所述测试平台解析得到的所述第二消息的数据中的相应数据进行比对,并获取比对结果。
- 根据权利要求1所述的通信协议测试方法,其特征在于,所述基准设备和被测设备执行通信协议时,所述基准设备发出和/或接收的消息称为第五消息,所述第五消息使用所述通信协议的数据封装格式进行封装;所述基准设备将所述第五消息中部分或全部数据和/或所述基准设备已知的数据根据所述统一的数据封装格式进行封装以产生第六消息;所述测试平台获取所述第六消息;所述第五消息中部分或全部数据,包括所述基准设备将接收的第五消息按照所述通信协议解析所得的数据和/或所述基准设备构造发出的第五消息所用的数据;所述测试平台将获得的所述第六消息按照所述统一的数据封装格式进行解析,以获取所述第六消息的部分或全部数据,并利用得到的所述第六消息的部分或全部数据辅助测试过程;所述测试平台利用所述第六消息的部分或全部数据辅助测试过程具体为:所述测试平台将解析得到的所述第六消息的数据中与所述测试平台解析得到的所述第二消息的数据中的相应数据进行比对,并获取比对结果。
- 根据权利要求1-3任一所述的通信协议测试方法,其特征在于,所述统一的数据封装格式是一种所述测试平台支持的数据封装格式,针对多个不同通信协议开展测试时可使用该统一的数据封装格式。
- 根据权利要求4所述的通信协议测试方法,其特征在于,所述统一的数据封装格式包括有效负载:所述有效负载包含对数据元素的定义;所述有效负载中包含的每个数据元素都使用包括元素类型、元素长度以及元素信息三个字段的数据元素封装格式进行封装;所述元素类型标识一个具体的数据;或者,所述元素类型标识一个测试项所需的所有数据。
- 根据权利要求5所述的通信协议测试方法,其特征在于,所述有效负载中定义的数据元素中还包含原始消息,所述原始消息是所述第一消息或所述第三消息。
- 根据权利要求5或6所述的通信协议测试方法,其特征在于,所述统一的数据封装格式还包括头部,所述头部包括所述统一的数据封装格式的版本字段以及长度字段;所述头部还包括设备角色字段、收发标识字段、厂商标识字段、协议类型字段、分组序号字段、分片序号字段、分片标识字段以及扩展字段中的一个或者多个字段。
- 根据权利要求1所述的通信协议测试方法,其特征在于,所述测试平台获取所述第二消息的部分或全部数据具体是通过将所述第二消息中的一条消息的数据根据所述统一的数据封装格式进行解析,或者是通过将所述第二消息中的多条消息的数据根据所述统一的数据封装格式进行解析获得。
- 根据权利要求1所述的通信协议测试方法,其特征在于,所述测试平台获取所述第二消息具体为:所述被测设备将所述第二消息在线传输至所述测试平台,或者通过文件导出的方式导入到所述测试平台。
- 根据权利要求2所述的通信协议测试方法,其特征在于,所述测试平台获取所述第四消息,具体为所述辅助设备将所述第四消息在线传输至所述测试平台,或者通过文件导出的方式导入至所述测试平台。
- 根据权利要求3所述的通信协议测试方法,其特征在于,所述测试平台获取所述第六消息,具体为所述基准设备将所述第六消息在线传输至所述测试平台,或者通过文件导出的方式导入至所述测试平台。
- 根据权利要求1所述的通信协议测试方法,其特征在于,所述基准设备集成于所述测试平台。
- 根据权利要求2所述的通信协议测试方法,其特征在于,所述辅助设备集成于所述测试平台。
- 一种如权利要求1所述的被测设备,其特征在于,包括:通信协议执行模块,用于和基准设备执行通信协议,执行所述通信协议过程中发出和/或接收的消息为第一消息,所述第一消息使用所述通信协议的数据封装格式进行封装;解析模块,用于将所述接收的第一消息按照所述通信协议进行解析以获取数据;封装模块,用于将第一消息中部分或全部数据和/或所述被测设备已知的数据根据统一的数据封装格式进行封装,以生成第二消息,所述第一消息中部分或全部数据包括所述解析模块解析接收的第一消息所得的数据和/或构造所述发出第一消息时所用的数据;发送模块,用于将所述第二消息发送至测试平台。
- 根据权利要求14所述的被测设备,其特征在于,所述封装模块中使用的统一的数据封装格式是一种测试平台支持的数据封装格式,针对多个不同通信协议开展测试时都使用该统一的数据封装格式。
- 一种如权利要求1所述的测试平台,其特征在于,包括:获取模块,用于获取被测设备生成的第二消息;解析模块,用于将获得的所述第二消息按照统一的数据封装格式进行解析以获取所述第二消息的部分或全部数据;测试模块,用于依据解析得到的所述第二消息的部分或全部数据执行测试项;输出模块,用于将所述测试模块完成的测试结果进行输出。
- 一种如权利要求16所述的测试平台,其特征在于,所述获取模块还用于获取辅助设备发送的第四消息;所述解析模块还用于将获取的所述第四消息按照统一的数据封装格式进行解析以获取所述第四消息的部分或全部数据;所述测试模块还用于利用解析得到的所述第四消息的部分或全部数据辅助测试过程。
- 一种如权利要求17所述的测试平台,其特征在于,所述测试模块用于利用解析得到的所述第四消息的部分或全部数据辅助测试过程具体是:所述测试模块将所述解析模块解析得到的所述第四消息的数据中与所述解析模块解析得到的所述第二消息的数据中的相应数据进行比对,并获取比对结果。
- 一种如权利要求16所述的测试平台,其特征在于,所述获取模块还用于获取基准设备发送的第六消息;所述解析模块还用于将获得的所述第六消息按照统一的数据封装格式进行解析以获取所述第六消息的部分或全部数据;所述测试模块还用于利用解析得到的所述第六消息的部分或全部数据辅助测试过程。
- 一种如权利要求19所述的测试平台,其特征在于,所述测试模块用于利用解析得到的所述第六消息的部分或全部数据辅助测试过程具体是:所述测试模块将所述解析模块解析得到的所述第六消息的数据中与所述解析模块解析得到的所述第二消息的数据中的相应数据进行比对,并获取比对结果。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016567036A JP6342521B2 (ja) | 2014-06-10 | 2015-04-17 | 通信プロトコル試験方法及びその被試験デバイス、並びに試験プラットフォーム |
KR1020167034816A KR101907770B1 (ko) | 2014-06-10 | 2015-04-17 | 통신 프로토콜 테스팅 방법과 테스트된 디바이스 및 그 테스팅 플랫폼 |
US15/309,861 US10243829B2 (en) | 2014-06-10 | 2015-04-17 | Communication protocol testing method, and tested device and testing platform thereof |
EP15807391.6A EP3157195B1 (en) | 2014-06-10 | 2015-04-17 | Communication protocol testing method, and tested device and testing platform thereof |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410255349.X | 2014-06-10 | ||
CN201410255349.XA CN104009889B (zh) | 2014-06-10 | 2014-06-10 | 一种通信协议测试方法及其被测设备和测试平台 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015188659A1 true WO2015188659A1 (zh) | 2015-12-17 |
Family
ID=51370385
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/076825 WO2015188659A1 (zh) | 2014-06-10 | 2015-04-17 | 一种通信协议测试方法及其被测设备和测试平台 |
Country Status (6)
Country | Link |
---|---|
US (1) | US10243829B2 (zh) |
EP (1) | EP3157195B1 (zh) |
JP (1) | JP6342521B2 (zh) |
KR (1) | KR101907770B1 (zh) |
CN (1) | CN104009889B (zh) |
WO (1) | WO2015188659A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112835792A (zh) * | 2021-01-27 | 2021-05-25 | 湖南快乐阳光互动娱乐传媒有限公司 | 一种压力测试系统及方法 |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104009889B (zh) * | 2014-06-10 | 2017-04-26 | 西安西电捷通无线网络通信股份有限公司 | 一种通信协议测试方法及其被测设备和测试平台 |
CN104955091B (zh) * | 2015-04-29 | 2016-10-19 | 努比亚技术有限公司 | 测试的方法及装置 |
CN108255725B (zh) * | 2018-01-18 | 2021-02-19 | 银联商务股份有限公司 | 测试方法及装置 |
CN110298328B (zh) * | 2019-07-03 | 2021-08-20 | 中国工商银行股份有限公司 | 测试数据形成方法、测试数据形成装置、电子设备和介质 |
CN112445659B (zh) * | 2019-08-27 | 2023-07-21 | 烽火通信科技股份有限公司 | 一种多协议高速serdes测试实现方法及系统 |
CN112543068B (zh) * | 2019-09-23 | 2022-06-10 | 华为机器有限公司 | 测试方法、装置及系统 |
CN112346425B (zh) * | 2020-11-20 | 2024-01-16 | 宜宾市极米光电有限公司 | 工厂自动化测试方法、系统、投影设备及存储介质 |
US11516320B2 (en) * | 2020-12-23 | 2022-11-29 | Itron, Inc. | Frame compatibility across network protocol versions |
CN114760039A (zh) * | 2020-12-26 | 2022-07-15 | 西安西电捷通无线网络通信股份有限公司 | 一种身份鉴别方法和装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6832184B1 (en) * | 2000-03-02 | 2004-12-14 | International Business Machines Corporation | Intelligent work station simulation—generalized LAN frame generation simulation structure |
CN103378994A (zh) * | 2012-04-19 | 2013-10-30 | 北京动力源科技股份有限公司 | 一种通信设备的测试方法及终端 |
CN104009889A (zh) * | 2014-06-10 | 2014-08-27 | 西安西电捷通无线网络通信股份有限公司 | 一种通信协议测试方法及其被测设备和测试平台 |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0832649A (ja) * | 1994-07-19 | 1996-02-02 | Fujitsu Ltd | 通信試験装置 |
US6373822B1 (en) * | 1999-01-08 | 2002-04-16 | Cisco Technology, Inc. | Data network protocol conformance test system |
US6732182B1 (en) * | 2000-05-17 | 2004-05-04 | Worldcom, Inc. | Method for generating packet loss report by a data coordinator in a multicast data transmission network utilizing a group shortest path tree |
US6668282B1 (en) * | 2000-08-02 | 2003-12-23 | International Business Machines Corporation | System and method to monitor and determine if an active IPSec tunnel has become disabled |
US20030172177A1 (en) * | 2001-12-06 | 2003-09-11 | Kersley Ian P. | System and method for verifying a device |
CN100370764C (zh) * | 2004-11-16 | 2008-02-20 | 华为技术有限公司 | 协议测试的装置及其实现协议测试的方法 |
US8072992B2 (en) * | 2005-08-30 | 2011-12-06 | Bae Systems Information And Electronic Systems Integration Inc. | Interfacing real and virtual networks in hardware-in-the-loop (HITL) simulations |
JP2007195070A (ja) * | 2006-01-20 | 2007-08-02 | Matsushita Electric Ind Co Ltd | 暗号装置および暗号システム |
CN100369446C (zh) * | 2006-02-28 | 2008-02-13 | 西安西电捷通无线网络通信有限公司 | 接入点的安全接入协议符合性测试方法及其系统 |
CN100448239C (zh) * | 2006-02-28 | 2008-12-31 | 西安西电捷通无线网络通信有限公司 | 鉴别服务实体的安全接入协议符合性测试的方法及其系统 |
CN100496052C (zh) * | 2006-02-28 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | 网络终端的安全接入协议符合性测试的方法及系统 |
US7801050B2 (en) * | 2006-12-12 | 2010-09-21 | Cisco Technology, Inc. | Remote testing of an electronic device via network connection |
JP4823156B2 (ja) * | 2007-07-02 | 2011-11-24 | アラクサラネットワークス株式会社 | リモートトラフィック監視方法 |
JP5131213B2 (ja) * | 2009-01-27 | 2013-01-30 | 日産自動車株式会社 | ゲートウェイ装置及びその診断方法 |
US8705395B2 (en) | 2010-06-15 | 2014-04-22 | Jds Uniphase Corporation | Method for time aware inline remote mirroring |
CN102098668B (zh) * | 2010-12-20 | 2012-11-07 | 西安西电捷通无线网络通信股份有限公司 | 一种wapi设备协议中实现健壮性的负面测试的检测系统及其检测方法 |
CN102098702B (zh) * | 2011-01-30 | 2014-07-16 | 大唐移动通信设备有限公司 | 性能测试系统、方法和设备 |
US9141506B2 (en) * | 2012-02-15 | 2015-09-22 | Jds Uniphase Corporation | Method and system for network monitoring using signature packets |
US9160653B2 (en) * | 2012-06-07 | 2015-10-13 | International Business Machines Corporation | Dynamic redirection of network traffic within a system under test |
US9219667B2 (en) * | 2013-03-14 | 2015-12-22 | Ixia | Methods, systems, and computer readable media for selectively processing packets using time to live (TTL) information |
CN103442383B (zh) | 2013-09-17 | 2016-05-25 | 西安西电捷通无线网络通信股份有限公司 | 一种鉴别服务器的测试方法及系统 |
-
2014
- 2014-06-10 CN CN201410255349.XA patent/CN104009889B/zh active Active
-
2015
- 2015-04-17 KR KR1020167034816A patent/KR101907770B1/ko active IP Right Grant
- 2015-04-17 EP EP15807391.6A patent/EP3157195B1/en active Active
- 2015-04-17 WO PCT/CN2015/076825 patent/WO2015188659A1/zh active Application Filing
- 2015-04-17 JP JP2016567036A patent/JP6342521B2/ja active Active
- 2015-04-17 US US15/309,861 patent/US10243829B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6832184B1 (en) * | 2000-03-02 | 2004-12-14 | International Business Machines Corporation | Intelligent work station simulation—generalized LAN frame generation simulation structure |
CN103378994A (zh) * | 2012-04-19 | 2013-10-30 | 北京动力源科技股份有限公司 | 一种通信设备的测试方法及终端 |
CN104009889A (zh) * | 2014-06-10 | 2014-08-27 | 西安西电捷通无线网络通信股份有限公司 | 一种通信协议测试方法及其被测设备和测试平台 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112835792A (zh) * | 2021-01-27 | 2021-05-25 | 湖南快乐阳光互动娱乐传媒有限公司 | 一种压力测试系统及方法 |
Also Published As
Publication number | Publication date |
---|---|
US20170272353A1 (en) | 2017-09-21 |
EP3157195A4 (en) | 2017-04-19 |
JP6342521B2 (ja) | 2018-06-13 |
US10243829B2 (en) | 2019-03-26 |
EP3157195B1 (en) | 2018-07-18 |
JP2017520963A (ja) | 2017-07-27 |
CN104009889A (zh) | 2014-08-27 |
KR101907770B1 (ko) | 2018-10-12 |
CN104009889B (zh) | 2017-04-26 |
KR20170005848A (ko) | 2017-01-16 |
EP3157195A1 (en) | 2017-04-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015188659A1 (zh) | 一种通信协议测试方法及其被测设备和测试平台 | |
CN103118027B (zh) | 基于国密算法建立tls通道的方法 | |
US11164674B2 (en) | Multimodal cryptographic data communications in a remote patient monitoring environment | |
CN103338215B (zh) | 基于国密算法建立tls通道的方法 | |
US9621545B2 (en) | System and method for connecting client devices to a network | |
US8555069B2 (en) | Fast-reconnection of negotiable authentication network clients | |
WO2017106793A1 (en) | Systems and methods for secure multi-party communications using a proxy | |
Kim et al. | Security and performance considerations in ros 2: A balancing act | |
CN107924437A (zh) | 用于使得能够实现凭证的安全供应的方法以及相关无线装置和服务器 | |
CN102970676B (zh) | 一种对原始数据进行处理的方法、物联网系统及终端 | |
WO2018120938A1 (zh) | 密钥离线传输方法、终端和存储介质 | |
TW201537937A (zh) | 統一身份認證平臺及認證方法 | |
CN105610872A (zh) | 物联网终端加密方法和物联网终端加密装置 | |
KR102128244B1 (ko) | Ssl/tls 기반의 네트워크 보안 장치 및 방법 | |
CN110198538A (zh) | 一种获得设备标识的方法及装置 | |
CN114830572A (zh) | 一种数据传输方法、装置、设备、系统及存储介质 | |
US20100070770A1 (en) | Systems and methods, apparatus, and computer readable media for intercepting and modifying hmac signed messages | |
WO2023036348A1 (zh) | 一种加密通信方法、装置、设备及介质 | |
US10972912B1 (en) | Dynamic establishment of trust between locally connected devices | |
JP2014147039A (ja) | 暗号通信装置、代行サーバ、暗号通信システム、暗号通信装置プログラム及び代行サーバプログラム | |
CN115766119A (zh) | 通信方法、装置、通信系统及存储介质 | |
CN112738751B (zh) | 无线传感器接入鉴权方法、装置及系统 | |
CN111049798B (zh) | 一种信息处理方法、装置和计算机可读存储介质 | |
CN112468983B (zh) | 一种低功耗的电力物联网智能设备接入认证方法及其辅助装置 | |
WO2016045307A1 (zh) | Ike认证方法、ike发起终端、ike响应终端及ike认证系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15807391 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016567036 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15309861 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2015807391 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015807391 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20167034816 Country of ref document: KR Kind code of ref document: A |