CN113923668B - Method, device, chip and readable storage medium for identifying network attack behavior - Google Patents
Method, device, chip and readable storage medium for identifying network attack behavior Download PDFInfo
- Publication number
- CN113923668B CN113923668B CN202111183144.1A CN202111183144A CN113923668B CN 113923668 B CN113923668 B CN 113923668B CN 202111183144 A CN202111183144 A CN 202111183144A CN 113923668 B CN113923668 B CN 113923668B
- Authority
- CN
- China
- Prior art keywords
- information
- public key
- communication device
- communication
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 69
- 230000006854 communication Effects 0.000 claims abstract description 339
- 238000004891 communication Methods 0.000 claims abstract description 335
- 230000006399 behavior Effects 0.000 claims description 53
- 238000012545 processing Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 238000013507 mapping Methods 0.000 description 5
- 239000000284 extract Substances 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
技术领域technical field
本申请涉及网络安全领域,并且,更具体地,涉及识别网络攻击行为的方法、装置、芯片及可读存储介质。The present application relates to the field of network security, and, more specifically, to a method, device, chip and readable storage medium for identifying network attack behavior.
背景技术Background technique
随着因特网规模以及用户数量的逐年增加,各种网络方式层出不穷,不断改变着人们的生活方式。然而,由于网络的开放性以及匿名性,网络安全问题也日益突出。因此,现有的通信双方在通过网络进行通信前,为了保证传输信息的安全性,通信双方会首先确定出用于加密传输信息的公共密钥。As the scale of the Internet and the number of users increase year by year, various network methods emerge in an endless stream, constantly changing people's lifestyles. However, due to the openness and anonymity of the network, network security issues are becoming increasingly prominent. Therefore, before the existing communication parties communicate through the network, in order to ensure the security of the transmitted information, the communication parties will first determine the public key used to encrypt the transmitted information.
目前,一种常用的通信双方确定公共密钥的方法为迪菲赫尔曼(也称为DiffieHellman)算法。具体地,通信端A和通信端B首先协商出一个整数g和一个大素数p;然后,通信端A产生一个很大的整数a(1<a<p-1),并计算公开密钥X,通信端B产生一个很大的整数b(1<b<p-1),并计算公开密钥Y,其中,X=gamod(p),Y=gbmod(p)。At present, a commonly used method for the communication parties to determine the public key is the Diffie Hellman (also called Diffie Hellman) algorithm. Specifically, communication terminal A and communication terminal B first negotiate an integer g and a large prime number p; then, communication terminal A generates a large integer a (1<a<p-1), and calculates the public key X, and communication terminal B generates a large integer b (1<b<p-1), and calculates the public key Y, where X=g a mod(p), Y=g b mod(p).
通信端A将与自身的用户标识具有映射关系的X通过网络发送至通信端B,通信端B将与自身的用户标识具有映射关系的Y通过网络发送至通信端A。通信端A获得通信端B发送的Y时,确定通信端A与通信端B的公共密钥为KAB=gaY,通信端B获得通信端A发送的X时,确定通信端B与通信端A的公共密钥为KBA=gbX。因为gaY=gabmod(p)且gbX=gabmod(p),因此KAB=KBA,即通信端A和通信端B之间商定得到同一公共密钥KAB。Communication terminal A sends X that has a mapping relationship with its own user ID to communication terminal B through the network, and communication terminal B sends Y that has a mapping relationship with its own user ID to communication terminal A through the network. When the communication terminal A obtains the Y sent by the communication terminal B, it determines that the public key of the communication terminal A and the communication terminal B is K AB = ga Y, and when the communication terminal B obtains the X sent by the communication terminal A, it determines that the public key of the communication terminal B and the communication terminal A is K BA =g b X. Since g a Y = g ab mod(p) and g b X = g ab mod(p), K AB = K BA , that is, the same public key K AB is obtained through negotiation between communication terminal A and communication terminal B.
在后续通信端A与通信端B的通信过程中,通信端A和通信端B可以分别使用该公共密钥KAB对需要进行传输的信息进行加密,以保障信息的安全性。In the subsequent communication process between communication terminal A and communication terminal B, communication terminal A and communication terminal B can respectively use the public key K AB to encrypt the information to be transmitted, so as to ensure the security of the information.
但是,上述传输信息的方法仍然存在安全性问题,具体原因如下。通信端A和通信端B之间可能会存在可以监听到通信端A与通信端B之间的通信信息的攻击者C。攻击者C监听到p和g之后,产生一个很大的整数c(1<c<p-1),并构造出一个公开密钥Z,Z=gcmod(p)。同时,为了冒充通信端A的身份,攻击者C将从窃取的报文中提取出通信端A的用户标识,并建立通信端A的用户标识与Z之间的映射关系以及将该映射关系发送给通信端B。However, the above-mentioned method of transmitting information still has security problems, and the specific reasons are as follows. There may be an attacker C between the communication terminal A and the communication terminal B who can monitor the communication information between the communication terminal A and the communication terminal B. Attacker C listens to p and g, generates a large integer c (1<c<p-1), and constructs a public key Z, Z=g c mod (p). At the same time, in order to impersonate the identity of the communication terminal A, the attacker C will extract the user ID of the communication terminal A from the stolen message, establish a mapping relationship between the user identification of the communication terminal A and Z, and send the mapping relationship to the communication terminal B.
通信端B在接收到Z后,会误以为该公开密钥Z为通信端A的公开密钥,并确定出公共密钥为KBC=gbZ,此时,通信端B实际上向攻击者C发送与通信端B的用户标识具有映射关系的Y且Y=gbmod(p)。攻击者C接收到Y之后,能够基于Y获知通信端B确定的与通信端A的公共密钥为KCB=gcY。因为gcY=gc·gbmod(p)=gbcmod(p)且gbZ=gb·gcmod(p)=gbcmod(p),因此KBC=KCB。也就是说,通信端B会将实际上和攻击者C之间商定得到的公共密钥KBC误以为是通信端B和通信端A之间商定得到公共密钥。此时,在后续通信端B与通信端A的通信过程中,通信端B实际上将与通信端A之间的通信信息发送给了攻击者C,从而存在安全性问题。After the communication terminal B receives Z, it will mistakenly think that the public key Z is the public key of the communication terminal A, and determine the public key as K BC = g b Z. At this time, the communication terminal B actually sends Y which has a mapping relationship with the user identification of the communication terminal B to the attacker C and Y = g b mod (p). After the attacker C receives Y, he can learn based on Y that the public key determined by the communication terminal B with the communication terminal A is K CB =g c Y . Since gc Y= gc · gb mod(p)= gbc mod(p) and gbZ = gb · gc mod(p)= gbc mod(p), K BC =K CB . That is to say, the communication terminal B will mistake the public key K BC negotiated with the attacker C for the public key K BC negotiated between the communication terminal B and the communication terminal A. At this time, in the subsequent communication process between communication terminal B and communication terminal A, communication terminal B actually sends the communication information with communication terminal A to attacker C, so there is a security problem.
经分析发现,上述存在网络攻击行为的原因是通信双方没有经过身份确认的过程。因此,在现有技术中,为了能够抵抗上述网络攻击行为,引入了数字证书技术。在该技术中,通信双方在通信时,通过数字证书来进行身份认证,只有在身份认证通过后,通信双方才进行通信。After analysis, it was found that the reason for the above-mentioned network attack behavior was that the two parties in the communication did not go through the identity verification process. Therefore, in the prior art, in order to be able to resist the above-mentioned network attacks, a digital certificate technology is introduced. In this technology, the two communicating parties use digital certificates for identity authentication when communicating, and only after the identity authentication passes, the communicating parties communicate.
但是,通过使用数字证书技术来抵抗网络攻击行为时,通信双方都需要为得到数字证书而支付很高的服务费,增加了运行成本。However, when using digital certificate technology to resist network attacks, both communication parties need to pay high service fees for obtaining digital certificates, which increases operating costs.
因此,在没有数字证书的情况下如何识别网络攻击行为以提高网络通信安全称为亟待解决的技术问题。Therefore, how to identify network attacks to improve network communication security without digital certificates is a technical problem that needs to be solved urgently.
发明内容Contents of the invention
本申请提供一种识别网络攻击行为的方法、装置、芯片及可读存储介质,在没有数字证书的情况下能够识别网络攻击行为,从而提高网络通信安全。The present application provides a method, device, chip and readable storage medium for identifying network attack behavior, which can identify network attack behavior without a digital certificate, thereby improving network communication security.
第一方面,本申请实施例提供一种识别网络攻击行为的方法,应用于通信设备,该方法包括:接收第一信息,所述第一信息包括第一公开密钥信息和与第一公开密钥信息对应的第一通信设备标识信息;接收第二信息,第二信息包括第二公开密钥信息和与第二公开密钥信息对应的第二通信设备标识信息;第一公开密钥信息指示的第一公开密钥与第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与第二通信设备标识信息指示的第二通信设备不同的情况下,确定第一通信设备与第二通信设备之间的通信存在网络攻击行为。In a first aspect, an embodiment of the present application provides a method for identifying network attack behavior, which is applied to a communication device. The method includes: receiving first information, the first information including first public key information and first communication device identification information corresponding to the first public key information; receiving second information, the second information includes second public key information and second communication device identification information corresponding to the second public key information; the first public key indicated by the first public key information is the same as the second public key indicated by the second public key information, and the first communication device indicated by the first communication device identification information is different from the second communication device indicated by the second communication device identification information. , determining that there is a network attack behavior in the communication between the first communication device and the second communication device.
本申请实施例提供的识别网络攻击行为的方法中,如果通信设备确定出网络中存在第一公开密钥信息与第二公开密钥信息相同,但第一公开密钥信息对应的第一通信设备标识信息指示的第一通信设备与第二公开密钥信息对应的第二通信设备标识信息指示的第二通信设备不同的情况下,就可以确定出第一通信设备与第二通信设备之间的通信存在网络攻击行为。In the method for identifying network attack behavior provided by the embodiment of the present application, if the communication device determines that the first public key information is the same as the second public key information in the network, but the first communication device indicated by the first communication device identification information corresponding to the first public key information is different from the second communication device indicated by the second communication device identification information corresponding to the second public key information, it can be determined that there is a network attack behavior in the communication between the first communication device and the second communication device.
可以理解的是,相比现有技术,本实施例提供的识别网络攻击行为的方法,不需要第一通信设备与第二通信设备分别获得数字证书,从而不需要支付很高的服务费,可以在识别网络攻击行为的方法的同时还能够降低成本。It can be understood that, compared with the prior art, the method for identifying network attack behavior provided by this embodiment does not require the first communication device and the second communication device to obtain digital certificates separately, so that high service fees do not need to be paid, and the method for identifying network attack behavior can also reduce costs.
结合第一方面,在一种可能的实现方式中,所述方法还包括:若接收使用第一公开密钥或第二公开密钥加密的第三信息,不转发第三信息。With reference to the first aspect, in a possible implementation manner, the method further includes: not forwarding the third information if the third information encrypted using the first public key or the second public key is received.
该实现方式中,在能够识别出第一通信设备与第二通信设备之间的通信存在网络攻击行为的基础上,还不转发使用第一公开密钥或第二公开密钥加密的第三信息,从而进一步提升了第一通信设备与第二通信设备进行通信时的安全性。In this implementation, on the basis of being able to recognize that there is a network attack in the communication between the first communication device and the second communication device, the third information encrypted using the first public key or the second public key is not forwarded, thereby further improving the security when the first communication device communicates with the second communication device.
结合第一方面,在一种可能的实现方式中,所述方法还包括:将第一信息和/或第二信息的源通信设备确定为网络攻击行为的攻击者。With reference to the first aspect, in a possible implementation manner, the method further includes: determining a source communication device of the first information and/or the second information as an attacker of a network attack behavior.
该实现方式中,在能够识别出第一通信设备与第二通信设备之间的通信存在网络攻击行为的基础上,还能进一步地确定出实施网络攻击行为的攻击者。In this implementation manner, on the basis of being able to identify the network attack behavior in the communication between the first communication device and the second communication device, the attacker who implements the network attack behavior can be further determined.
第二方面,本申请提供一种识别网络攻击行为的装置,应用于通信设备,所述装置包括:接收模块,用于接收第一信息及第二信息,第一信息包括第一公开密钥信息和与第一公开密钥信息对应的第一通信设备标识信息,第二信息包括第二公开密钥信息和与第二公开密钥信息对应的第二通信设备标识信息;处理模块,用于第一公开密钥信息指示的第一公开密钥与第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与第二通信设备标识信息指示的第二通信设备不同的情况下,确定第一通信设备与第二通信设备之间的通信存在网络攻击行为。In a second aspect, the present application provides a device for identifying network attack behavior, which is applied to a communication device. The device includes: a receiving module for receiving first information and second information, the first information includes first public key information and first communication device identification information corresponding to the first public key information, and the second information includes second public key information and second communication device identification information corresponding to the second public key information; a processing module is used for the first public key indicated by the first public key information and the second public key indicated by the second public key information, and the first communication device indicated by the first communication device identification information and the second communication device indicated by the second communication device identification information Under different circumstances, it is determined that there is a network attack behavior in the communication between the first communication device and the second communication device.
结合第二方面,在一种可能的实现方式中,处理模块还用于:若接收使用第一公开密钥或第二公开密钥加密的第三信息,不转发第三信息。With reference to the second aspect, in a possible implementation manner, the processing module is further configured to: not forward the third information if the third information encrypted using the first public key or the second public key is received.
结合第二方面,在一种可能的实现方式中,所述处理模块还用于:将第一信息和/或第二信息的源通信设备确定为网络攻击行为的攻击者。With reference to the second aspect, in a possible implementation manner, the processing module is further configured to: determine a source communication device of the first information and/or the second information as an attacker of a network attack behavior.
第三方面,本申请提供一种识别网络攻击行为的装置,包括:存储器和处理器;存储器用于存储程序指令;所述处理器用于调用存储器中的程序指令以执行如第一方面或其中任意一种可能的实现方式所述的方法。In a third aspect, the present application provides an apparatus for identifying network attack behaviors, including: a memory and a processor; the memory is used to store program instructions; and the processor is used to call the program instructions in the memory to execute the method described in the first aspect or any one of the possible implementations.
在一些实现方式中,该装置可以是芯片。这种实现方式中,可选地,该装置还可以包括通信接口,用于与其他装置或设备进行通信。In some implementations, the device can be a chip. In this implementation manner, optionally, the apparatus may further include a communication interface, configured to communicate with other apparatuses or devices.
第四方面,本申请提供了一种计算机可读介质,所述计算机可读介质存储用于计算机执行的程序代码,该程序代码包括用于执行如第一方面或其中任意一种可能的实现方式所述的方法。In a fourth aspect, the present application provides a computer-readable medium, where the computer-readable medium stores program code for execution by a computer, and the program code includes a method for performing the method described in the first aspect or any one of the possible implementation manners.
第五方面,本申请提供了一种计算机程序产品,所述计算机程序产品中包括计算机程序代码,当所述计算机程序代码在计算机上运行时,使得所述计算机实现如第一方面或其中任意一种可能的实现方式所述的方法。In a fifth aspect, the present application provides a computer program product, the computer program product includes computer program code, and when the computer program code is run on a computer, the computer implements the method described in the first aspect or any one of the possible implementation modes.
第六方面,本申请提供了一种通信设备,该通信设备包括第一方面或第三方面或其中任意一种可能的实现方式中的装置。In a sixth aspect, the present application provides a communication device, where the communication device includes the apparatus in the first aspect or the third aspect or any possible implementation manner thereof.
附图说明Description of drawings
图1为本申请提供的通信系统的结构性示意图;FIG. 1 is a structural schematic diagram of a communication system provided by the present application;
图2为现有技术中确定通信双方公共密钥的结构性示意图;FIG. 2 is a structural schematic diagram of determining the public key of both communication parties in the prior art;
图3为本申请提供的通信系统中存在攻击行为时的结构性示意图;FIG. 3 is a schematic structural diagram when there is an attack in the communication system provided by the present application;
图4为本申请一个实施例提供的通信系统的结构性示意图;FIG. 4 is a schematic structural diagram of a communication system provided by an embodiment of the present application;
图5为本申请一个实施例提供的识别网络攻击行为的方法的流程性示意图;FIG. 5 is a schematic flowchart of a method for identifying network attack behavior provided by an embodiment of the present application;
图6为本申请一个实施例提供的识别网络攻击行为的装置的结构性示意图;FIG. 6 is a schematic structural diagram of a device for identifying network attack behavior provided by an embodiment of the present application;
图7为本申请另一个实施例提供的识别网络攻击行为的装置的结构性示意图。FIG. 7 is a schematic structural diagram of an apparatus for identifying network attack behavior provided by another embodiment of the present application.
具体实施方式Detailed ways
为于理解,首先对本申请所涉及到的相关术语进行说明。For ease of understanding, relevant terms involved in this application are firstly described.
1、数字证书1. Digital certificate
数字证书就是网络通信中标志通信各方身份信息的一系列数据,其作用类似于现实生活中的身份证。数字证书通常可以由一个权威机构发行,通信各方可以在互联网上用它来识别对方的身份。A digital certificate is a series of data that marks the identity information of all parties involved in network communication, and its function is similar to that of an ID card in real life. A digital certificate can usually be issued by an authority, and the communicating parties can use it to identify each other on the Internet.
2、公开密钥基础设施2. Public key infrastructure
公开密钥基础设施(public key infrastructure,PKI),是指用公钥概念和技术来实施和提供安全服务的具有普适性的安全基础设施,是一种遵循既定标准的密钥管理平台,它能够为所有网络应用提供加密和数字签名等密码服务及所必需的密钥和证书管理体系。Public key infrastructure (PKI) refers to a universal security infrastructure that implements and provides security services using public key concepts and technologies.
PKI技术是信息安全技术的核心,也是电子商务的关键和基础技术,其包括加密、数字签名、数据完整性机制、数字信封、双重数字签名等。PKI technology is the core of information security technology and the key and basic technology of e-commerce, including encryption, digital signature, data integrity mechanism, digital envelope, double digital signature and so on.
3、认证中心3. Certification center
认证中心(certification authority,CA)是一家能向用户签发数字证书以确认用户身份的管理机构。为了防止数字证书的伪造,CA的公共密钥必须是可靠的,CA必须公布其公共密钥或由更高级别的认证中心提供一个电子凭证来证明其公共密钥的有效性。CA颁发数字证书的过程如下:用户产生自己的密钥对后,将公钥及部分个人身份信息发送给CA。CA在核实身份后,将用户发送的公钥及部分个人身份信息做哈希算法得到哈希值,然后用CA自己的私钥对哈希值进行加密,产生CA的数字签名。在向用户颁发数字证书的时候,该数字证书内除附有用户的公钥及部分个人身份信息,同时还附有CA的数字签名信息。当用户想证明其公开密钥的合法性时,就可以提供这一数字证书。A certification authority (CA) is a management organization that can issue digital certificates to users to confirm their identities. In order to prevent the forgery of digital certificates, the public key of CA must be reliable, and CA must publish its public key or provide an electronic certificate from a higher-level certification center to prove the validity of its public key. The process of CA issuing a digital certificate is as follows: After the user generates his own key pair, he sends the public key and some personal identity information to the CA. After the CA verifies the identity, the public key and some personal identity information sent by the user are hashed to obtain the hash value, and then the hash value is encrypted with the CA's own private key to generate the digital signature of the CA. When issuing a digital certificate to a user, the digital certificate includes not only the user's public key and some personal identity information, but also the digital signature information of the CA. When the user wants to prove the legitimacy of his public key, he can provide this digital certificate.
随着因特网规模以及用户数量的逐年增加,各种网络方式层出不穷,不断改变着人们的生活方式。As the scale of the Internet and the number of users increase year by year, various network methods emerge in an endless stream, constantly changing people's lifestyles.
图1为本申请一个实施例提供的通信系统的结构示意图。如图1所示,该通信系统包括通信设备101与通信设备102,以及网络103。通信设备101与通信设备102通过网络103进行通信。FIG. 1 is a schematic structural diagram of a communication system provided by an embodiment of the present application. As shown in FIG. 1 , the communication system includes a communication device 101 and a communication device 102 , and a network 103 . The communication device 101 and the communication device 102 communicate through the network 103 .
通信设备101或通信设备102,可以是一种向用户提供语音和/或数据连通性的设备,例如,具有无线连接功能的手持式设备、车载设备等。终端设备也可以称为用户设备(user equipment,UE)、接入终端(access terminal)、用户单元(user unit)、用户站(userstation)、移动站(mobile station)、移动台(mobile)、远方站(remote station)、远程终端(remote terminal)、移动设备(mobile equipment)、用户终端(user terminal)、无线通信设备(wireless telecom equipment)、用户代理(user agent)、用户装备(userequipment)或用户装置。终端设备可以是无线局域网(wireless local Area networks,WLAN)中的站点(station,STA),可以是蜂窝电话、无绳电话、会话启动协议(sessioninitiation protocol,SIP)电话、无线本地环路(wireless local loop,WLL)站、个人数字处理(personal digital assistant,PDA)设备、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备以及下一代通信系统(例如,第五代(fifth-generation,5G)通信网络)中的终端或者未来演进的公共陆地移动网络(public land mobile network,PLMN)网络中的终端设备等。其中,5G还可以被称为新空口(new radio,NR)。本申请一种可能的应用的场景中,终端设备也可以为经常工作在地面的终端设备,例如车载设备。The communication device 101 or the communication device 102 may be a device that provides voice and/or data connectivity to a user, for example, a handheld device with a wireless connection function, a vehicle-mounted device, and the like. The terminal equipment may also be called user equipment (user equipment, UE), access terminal (access terminal), user unit (user unit), user station (userstation), mobile station (mobile station), mobile station (mobile), remote station (remote station), remote terminal (remote terminal), mobile equipment (mobile equipment), user terminal (user terminal), wireless communication equipment (wireless tele com equipment), user agent (user agent), user equipment (userequipment) or user device. The terminal device may be a station (station, STA) in a wireless local area network (wireless local area network, WLAN), and may be a cellular phone, a cordless phone, a session initiation protocol (sessioninitiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a personal digital assistant (PDA) device, a handheld device with a wireless communication function, a computing device, or connected to a wireless modem Other processing devices, vehicle-mounted devices, wearable devices, and terminals in next-generation communication systems (for example, fifth-generation (fifth-generation, 5G) communication networks) or terminal devices in future-evolved public land mobile networks (public land mobile network, PLMN) networks, etc. Among them, 5G can also be called new air interface (new radio, NR). In a possible application scenario of the present application, the terminal device may also be a terminal device that often works on the ground, such as a vehicle-mounted device.
可以理解的是,由于网络103的开放性以及匿名性,通信设备101与通信设备102在使用网络103进行通信时可能存在网络安全问题,例如通信设备101与通信设备102之间的通信信息被泄露或被篡改。因此,为了保证传输信息的安全性,通信设备101与通信设备102在使用网络103进行通信时会首先确定出用于加密传输信息的公共密钥。It can be understood that due to the openness and anonymity of the network 103, the communication device 101 and the communication device 102 may have network security problems when using the network 103 to communicate, for example, the communication information between the communication device 101 and the communication device 102 is leaked or tampered with. Therefore, in order to ensure the security of the transmitted information, the communication device 101 and the communication device 102 will first determine the public key used to encrypt the transmitted information when communicating through the network 103 .
目前,一种通信双方确定公共密钥的方法为迪菲赫尔曼(Diffie Hellman)算法。At present, a method for determining the public key by both parties in communication is the Diffie Hellman (Diffie Hellman) algorithm.
下面,以通信设备101为主机A,通信设备102为主机B为例,详细说明DiffieHellman算法确定公共密钥的过程。Next, taking the communication device 101 as the host A and the communication device 102 as the host B as an example, the process of determining the public key by the Diffie Hellman algorithm will be described in detail.
如图2所示,具体地,主机A和主机B首先协商出一个整数g和一个大素数p;然后,主机A产生一个很大的整数a(1<a<p-1),并计算公开密钥X,主机B产生一个很大的整数b(1<b<p-1),并计算公开密钥Y,其中,X=gamod(p),Y=gbmod(p)。As shown in Figure 2, specifically, host A and host B first negotiate an integer g and a large prime number p; then, host A generates a large integer a (1<a<p-1), and calculates the public key X, and host B generates a large integer b (1<b<p-1), and calculates the public key Y, where X=g a mod (p), Y=g b mod (p).
之后,主机A将自身的用户标识与X通过网络发送至主机B,主机B将自身的用户标识与Y通过网络发送至主机A;当主机A获得主机B的用户标识和Y时,确定主机A与主机B的公共密钥为KAB=gaY,当主机B获得主机A的用户标识和X时,确定主机B与主机A公共密钥为KAB=gbX。因为gaY=gabmod(p)且gbX=gabmod(p),因此KAB=KBA,即主机A和主机B之间商定得到同一公共密钥KAB。Afterwards, host A sends its own user ID and X to host B through the network, and host B sends its own user ID and Y to host A through the network; when host A obtains host B's user ID and Y, it determines that the public key of host A and host B is K AB = g a Y, and when host B obtains host A's user ID and X, it determines that the public key of host B and host A is K AB = g b X. Since g a Y = g ab mod(p) and g b X = g ab mod(p), K AB = K BA , that is, the same public key K AB is obtained through agreement between host A and host B.
当主机A和主机B商定得到同一公共密钥KAB后,在后续通主机A与主机B的通信过程中,主机A和主机端B可以分别使用该公共密钥KAB对需要进行传输的信息进行加密,以保障信息的安全性。After host A and host B agree to obtain the same public key K AB , in the subsequent communication process between host A and host B, host A and host B can respectively use the public key K AB to encrypt the information to be transmitted to ensure the security of the information.
但是,上述传输信息的方法仍然存在安全性问题。下面,结合图3,说明主机A与主机B通过Diffie Hellman算法确定公共密钥存在安全性问题的具体原因。However, the above-mentioned method of transmitting information still has security problems. In the following, with reference to FIG. 3 , the specific reason why the host A and the host B determine the security of the public key through the Diffie Hellman algorithm is explained.
如图3所示,主机A和主机B之间可能会存在可以监听到主机A与主机B之间的通信信息的攻击者C,该攻击者C可以监听到X、Y、p和g等信息。攻击者C在监听到p和g后,可以产生一个很大的整数c(1<c<p-1),并构造出一个公开密钥Z,其中,Z=gcmod(p)。同时,为了冒充主机A的身份,攻击者C将从窃取的报文中提取出主机A的用户标识。此时,攻击者C使用主机A的用户标识将Z系发送给主机B。As shown in Figure 3, there may be an attacker C between host A and host B who can monitor the communication information between host A and host B, and the attacker C can monitor information such as X, Y, p, and g. After the attacker C monitors p and g, he can generate a large integer c (1<c<p-1), and construct a public key Z, where Z=g c mod(p). At the same time, in order to impersonate the identity of host A, attacker C will extract the user ID of host A from the stolen message. At this time, the attacker C uses the user ID of the host A to send the Z series to the host B.
主机B在接收到Z后,会误以为该公开密钥Z为主机A的公开密钥,并确定出公共密钥为KBC=gbZ。此时,主机B在发送主机B的公开密钥Y与自身的用户标识时,实际上是发送到了攻击者C,其中,Y=gbmod(p)。攻击者C拦截到Y之后,就可以确定出攻击者C与主机B的公共密钥为KCB=gcY。也就是说,主机B会将和攻击者C之间商定得到的公共密钥KBC误以为是主机B和主机A之间商定得到公共密钥。After host B receives Z, it will mistakenly think that the public key Z is the public key of host A, and determine the public key as K BC =g b Z . At this time, when host B sends host B's public key Y and its own user ID, it is actually sent to attacker C, where Y=g b mod (p). After the attacker C intercepts Y, it can be determined that the public key between the attacker C and the host B is K CB =g c Y . That is to say, host B will mistake the public key K BC negotiated with attacker C for the public key negotiated between host B and host A.
同理,主机A会将和攻击者C之间商定得到的公共密钥误以为是主机A和主机B之间商定得到公共密钥。假设主机A会将和攻击者C之间商定得到的公共密钥用KAC表示。Similarly, host A will mistake the public key agreed with attacker C for the public key agreed between host A and host B. Assume that host A will denote the public key negotiated with attacker C by K AC .
此后,主机A发向主机B的报文将通过KAC进行加密,但实际报文会发向攻击者C,攻击者C使用KAC对报文解密并获取相关信息后,如果进行信息的篡改或者修改后,再使用KBC对报文加密,并且将加密报文发向接收端B,就会存在安全性问题。也就是说,在主机A与主机B通信的过程中,存在网络攻击行为。Afterwards, the message sent by host A to host B will be encrypted by K AC , but the actual message will be sent to attacker C. After attacker C uses K AC to decrypt the message and obtains relevant information, if the attacker C tampers or modifies the message, encrypts the message with K BC , and sends the encrypted message to receiving end B, there will be a security problem. That is to say, during the communication process between host A and host B, there is a network attack behavior.
经分析发现,上述存在网络攻击行为的原因是通信双方没有经过身份确认的过程。因此,现有技术中,为了能够识别上述网络攻击行为,在确定公共密钥的过程中引入了数字证书技术来确认通信双方身份。但是,该方法需要通信双方都能信任认证中心(certification authority,CA)所创建的公开密钥基础设施(public keyinfrastructure,PKI),并且通信书双方都需要为得到数字证书而支付很高的服务费,增加了运行成本。After analysis, it was found that the reason for the above-mentioned network attack behavior was that the two parties in the communication did not go through the identity verification process. Therefore, in the prior art, in order to be able to identify the above-mentioned network attack behavior, digital certificate technology is introduced in the process of determining the public key to confirm the identities of both communication parties. However, this method requires that both parties to the communication can trust the public key infrastructure (PKI) created by the certification authority (CA), and both parties need to pay a high service fee for obtaining the digital certificate, which increases the operating cost.
鉴于此,本申请实施例提供一种识别网络攻击行为的方法,该方法中,如果在网络中存在第一公开密钥信息与第二公开密钥信息相同,但第一公开密钥信息对应的第一通信设备标识信息指示的第一通信设备与第二公开密钥信息对应的第二通信设备标识信息指示的第二通信设备不同的情况下,就可以确定出第一通信设备与第二通信设备之间的通信存在网络攻击行为,该方法可以在识别出存在网络攻击行为的同时还能够降低成本。In view of this, an embodiment of the present application provides a method for identifying network attack behavior. In this method, if the first public key information is the same as the second public key information in the network, but the first communication device indicated by the first communication device identification information corresponding to the first public key information is different from the second communication device indicated by the second communication device identification information corresponding to the second public key information, it can be determined that there is network attack behavior in the communication between the first communication device and the second communication device. This method can identify the existence of network attack behavior while reducing costs.
为便于理解,图4为本申请实施例提供的通信系统的结构性示意图。如图4所示,该通信系统包括第一通信设备401、第二通信设备402、第三通信设备403、攻击设备404以及转发设备1、转发设备2、转发设备3、转发设备4与转发设备5。转发设备用于转发通信信息,以实现两个不同的通信设备在网络中的通信。在此说明的是,图4仅示例了5个转发设备,不构成对本申请实施例的限制,例如转发设备的数量还可以是10个,或者更多,或者更少。For ease of understanding, FIG. 4 is a schematic structural diagram of a communication system provided by an embodiment of the present application. As shown in FIG. 4 , the communication system includes a first communication device 401 , a second communication device 402 , a third communication device 403 , an attack device 404 , and a forwarding device 1 , a forwarding device 2 , a forwarding device 3 , a forwarding device 4 and a forwarding device 5 . The forwarding device is used to forward communication information, so as to realize communication between two different communication devices in the network. It should be noted here that FIG. 4 only illustrates 5 forwarding devices, which does not constitute a limitation to this embodiment of the application. For example, the number of forwarding devices may be 10, or more, or less.
对于图4所示的通信系统,第一通信设备401与第二通信设备402可以经过转发设备1、转发设备2、转发设备3、转发设备4与转发设备5进行通信,第一通信设备401与第三通信设备403可以通过转发设备1和转发设备2进行通信。For the communication system shown in FIG. 4, the first communication device 401 and the second communication device 402 can communicate with the forwarding device 1, the forwarding device 2, the forwarding device 3, the forwarding device 4 and the forwarding device 5, and the first communication device 401 and the third communication device 403 can communicate through the forwarding device 1 and the forwarding device 2.
还可以理解的是,无论是第二通信设备401,还是第二通信设备402或者第三通信设备403,为了能够在网络中与其他设备进行通信,其都会经过转发设备的转发,因此,本申请实施例中,执行识别网络攻击行为的方法的执行主体为转发设备,例如是转发设备1、转发设备2、转发设备3、转发设备4与转发设备5。在此说明的是,本申请实施例对转发设备的具体类型不做限定,例如转发设备可以是交换器类型,又或者可以是网关类型。It can also be understood that whether it is the second communication device 401, the second communication device 402 or the third communication device 403, in order to communicate with other devices in the network, it will be forwarded by the forwarding device. Therefore, in the embodiment of the present application, the execution subject of the method for identifying network attack behavior is the forwarding device, such as forwarding device 1, forwarding device 2, forwarding device 3, forwarding device 4, and forwarding device 5. It is noted here that the embodiment of the present application does not limit the specific type of the forwarding device, for example, the forwarding device may be a switch type, or may be a gateway type.
下面,结合图5,详细说明转发设备识别网络攻击行为的方法。Next, with reference to FIG. 5 , the method for the forwarding device to identify network attack behavior will be described in detail.
图5为本申请一个实施例提供的识别网络攻击行为的方法的流程性示意图。如图5所示,本实施例的方法可以包括S501、S502和S503。FIG. 5 is a schematic flowchart of a method for identifying network attack behavior provided by an embodiment of the present application. As shown in FIG. 5, the method in this embodiment may include S501, S502, and S503.
首先,可以理解的是,如果进行通信的设备不是攻击设备,例如以图4为例,假设第一通信设备401要与第二通信设备402实现通信,第一通信设备401就要通过转发设备1至转发设备5向第二通信设备402发送包括第一通信设备401生成的公开密钥和第一通信设备401的标识信息,即第一通信设备401发送第一信息,该第一信息包括第一通信设备401生成的公开密钥和第一通信设备401的标识信息,相应地,对于任意一个转发设备,接收的第一信息包括第一通信设备401生成的公开密钥和第一通信设备401的标识信息。同理,第二通信设备402通过转发设备1至转发设备5将第二通信设备402生成的公开密钥信息与第二通信设备402的标识信息发送给第一通信设备401。也就是说,如果第一通信设备401和第二通信设备402不是攻击设备,第一通信设备401发送的标识信息一定是第一通信设备401本身的标识信息,第二通信设备402发送的标识信息一定是第二通信设备402本身的标识信息。然后,第一通信设备401和第二通信设备402就可以确定出公共密钥。First of all, it can be understood that if the communicating device is not an attacking device, for example, taking FIG. 4 as an example, assuming that the first communication device 401 wants to communicate with the second communication device 402, the first communication device 401 will send the public key generated by the first communication device 401 and the identification information of the first communication device 401 to the second communication device 402 through the forwarding device 1 to the forwarding device 5, that is, the first communication device 401 sends the first information, and the first information includes the public key generated by the first communication device 401 and the identification information of the first communication device 401. Specifically, for any forwarding device, the received first information includes the public key generated by the first communication device 401 and the identification information of the first communication device 401 . Similarly, the second communication device 402 sends the public key information generated by the second communication device 402 and the identification information of the second communication device 402 to the first communication device 401 through the forwarding device 1 to the forwarding device 5 . That is to say, if the first communication device 401 and the second communication device 402 are not attacking devices, the identification information sent by the first communication device 401 must be the identification information of the first communication device 401 itself, and the identification information sent by the second communication device 402 must be the identification information of the second communication device 402 itself. Then, the first communication device 401 and the second communication device 402 can determine the public key.
进一步地,继续以图4为例,现假设第一通信设备401还与第三通信设备403进行通信,那么第一通信设备401就要通过转发设备1和转发设备2向第三通信设备403发送第一通信设备401生成的公开密钥(应理解,第一通信设备在与其他不同的通信设备确定公共密钥时,生成的公开密钥可能是不同的,本示例中,将第一通信设备401与第二通信设备402通信时生成的公开密钥称为第一公开密钥,将第一通信设备401与第三通信设备403通信时生成的公开密钥称为第二公开密钥)和第一通信设备401的标识信息,即第一通信设备401还要发送第二信息,该第二信息包括第一通信设备401生成的公开密钥和第一通信设备401的标识信息,相应地,对于任意一个转发设备,接收的第二信息应该是第一通信设备401生成的公开密钥(即第一公开密钥)和第一通信设备401的标识信息。Further, continuing to take FIG. 4 as an example, assuming that the first communication device 401 is still communicating with the third communication device 403, then the first communication device 401 will send the public key generated by the first communication device 401 to the third communication device 403 through the forwarding device 1 and the forwarding device 2 (it should be understood that when the first communication device determines the public key with other different communication devices, the generated public key may be different. In this example, the public key generated when the first communication device 401 communicates with the second communication device 402 is called the first public key, and the first The public key generated when the communication device 401 communicates with the third communication device 403 is called the second public key) and the identification information of the first communication device 401, that is, the first communication device 401 will also send the second information, and the second information includes the public key generated by the first communication device 401 and the identification information of the first communication device 401. Correspondingly, for any forwarding device, the received second information should be the public key generated by the first communication device 401 (i.e. the first public key) and the identification information of the first communication device 401.
因此,由于第一通信设备401不是攻击设备,第一通信设备401在发送公开密钥时使用的标识信息都是第一通信设备401的标识信息。Therefore, since the first communication device 401 is not an attacking device, the identification information used by the first communication device 401 when sending the public key is the identification information of the first communication device 401 .
但是,如果进行通信的设备是攻击设备,继续以图4为例,例如是攻击设备404。那么该攻击设备404为了在第一通信设备401与第二通信设备402之间实现攻击行为,在第一通信设备401与第二通信设备402通过Diffie Hellman算法确定公共密钥时,攻击设备404可以监听到第一通信设备401生成的公开密钥X、第二通信设备402生成的公开密钥Y、第一通信设备401与第二通信设备402协商的整数g和一个大素数p等信息。攻击者C在监听到p和g后,首先产生一个很大的整数c(1<c<p-1),并构造出一个公开密钥Z,其中,Z=gcmod(p)。之后,攻击设备404从窃取的第一通信设备401发送的报文中提取出第一通信设备401的标识信息,然后使用第一通信设备401的标识信息向第二通信设备402发送攻击设备生成的公开密钥Z。也就是说,攻击设备404可以通过转发设备向第二通信设备402发送第一信息,该第一信息包括第一通信设备401的标识信息和公开密钥Z。However, if the communicating device is an attacking device, continue to take FIG. 4 as an example, for example, the attacking device 404 . Then, in order to realize the attack behavior between the first communication device 401 and the second communication device 402, the attack device 404 can monitor the public key X generated by the first communication device 401, the public key Y generated by the second communication device 402, the integer g and a large prime number p negotiated between the first communication device 401 and the second communication device 402 when the first communication device 401 and the second communication device 402 determine the public key through the Diffie Hellman algorithm. After the attacker C monitors p and g, he first generates a large integer c (1<c<p-1), and constructs a public key Z, where Z=g c mod(p). Afterwards, the attacking device 404 extracts the identification information of the first communication device 401 from the stolen message sent by the first communication device 401, and then uses the identification information of the first communication device 401 to send the public key Z generated by the attacking device to the second communication device 402. That is to say, the attacking device 404 may send the first information to the second communication device 402 through the forwarding device, where the first information includes the identification information and the public key Z of the first communication device 401 .
同理,攻击设备404从窃取的第二通信设备402发送的报文中提取出第二通信设备402的标识信息,然后使用第二通信设备402的标识信息向第一通信设备401发送攻击设备生成的公开密钥Z。也就是说,攻击设备404可以通过转发设备向第一通信设备401发送第二信息,该第二信息包括第二通信设备402的标识信息和公开密钥Z。Similarly, the attacking device 404 extracts the identification information of the second communication device 402 from the stolen message sent by the second communication device 402, and then uses the identification information of the second communication device 402 to send the public key Z generated by the attacking device to the first communication device 401. That is to say, the attacking device 404 may send the second information to the first communication device 401 through the forwarding device, where the second information includes the identification information and the public key Z of the second communication device 402 .
因此,如果进行通信的设备是攻击设备,那么该攻击设备为了实现网络攻击,该攻击设备一定会冒充进行通信的通信双方的身份标识信息,即对于攻击设备发送的第一信息与第二信息,会出现同一个公开密钥对应不同的通信设备的标识信息的特点。Therefore, if the communicating device is an attacking device, in order to realize a network attack, the attacking device must impersonate the identity information of the communicating parties, that is, for the first information and the second information sent by the attacking device, there will be a feature that the same public key corresponds to identification information of different communication devices.
下面,通过S501~S503说明转发设备基于第一信息和第二信息识别网络攻击行为的方法。Next, through S501 to S503, the method for the forwarding device to identify network attack behavior based on the first information and the second information will be described.
S501,接收第一信息,第一信息包括第一公开密钥信息和与第一公开密钥信息对应的第一通信设备标识信息。S501. Receive first information, where the first information includes first public key information and first communication device identification information corresponding to the first public key information.
例如,接收第一信息的可以是图4所示的转发设备1,又或者可以是转发设备2、转发设备3、转发设备4与转发设备5,本申请实施例对此不做限定。For example, the one receiving the first information may be the forwarding device 1 shown in FIG. 4 , or may be the forwarding device 2, the forwarding device 3, the forwarding device 4, and the forwarding device 5, which is not limited in this embodiment of the present application.
本实施例中,转发设备接收的第一信息包括第一公开密钥信息和与第一公开密钥信息对应的第一通信设备标识信息。其中,与第一公开密钥信息对应的第一通信设备标识信息可以认为是发送第一公开密钥信息的设备在发送第一公开密钥信息时使用的通信设备的标识信息。In this embodiment, the first information received by the forwarding device includes first public key information and first communication device identification information corresponding to the first public key information. Wherein, the first communication device identification information corresponding to the first public key information can be regarded as the identification information of the communication device used by the device sending the first public key information when sending the first public key information.
如前述所述,发送该第一信息的可能是攻击设备,也有可能不是攻击设备。As mentioned above, the sender of the first information may or may not be the attacking device.
可以理解的是,如果发送第一信息的设备不是攻击设备,那么该第一通信设备标识信息就是发送第一公开密钥信息的设备的标识信息。It can be understood that if the device sending the first information is not an attacking device, then the identification information of the first communication device is the identification information of the device sending the first public key information.
还可以理解的是,如果发送第一公开密钥信息的设备为攻击设备,那么第一公开密钥信息为该攻击设备生成的,而该攻击设备为了冒充其他通信设备的身份,就需要使用其他通信设备的标识信息来发送该第一公开密钥,即,当发送第一公开密钥信息的设备为攻击设备时,第一通信设备标识信息为其他设备的标识信息。It can also be understood that if the device sending the first public key information is an attacking device, then the first public key information is generated by the attacking device, and the attacking device needs to use the identification information of other communication devices to send the first public key in order to impersonate the identity of other communication devices, that is, when the device sending the first public key information is an attacking device, the identification information of the first communication device is the identification information of other devices.
S502,接收第二信息,第二信息包括第二公开密钥信息和与第二公开密钥信息对应的第二通信设备标识信息。S502. Receive second information, where the second information includes second public key information and second communication device identification information corresponding to the second public key information.
例如,接收第二信息的可以是图4所示的转发设备1,又或者可以是转发设备2、转发设备3、转发设备4与转发设备5,本申请实施例对此不做限定。但是,应注意,接收第一信息与第二信息的应为同一个转发设备。For example, the recipient of the second information may be the forwarding device 1 shown in FIG. 4 , or may be the forwarding device 2, the forwarding device 3, the forwarding device 4, and the forwarding device 5, which is not limited in this embodiment of the present application. However, it should be noted that the same forwarding device should receive the first information and the second information.
本实施例中,转发设备接收的第二信息包括第二公开密钥信息和与第二公开密钥信息对应的第二通信设备标识信息。其中,与第二公开密钥信息对应的第一通信设备标识信息可以认为是发送第二公开密钥信息的设备在发送第二公开密钥信息时使用的通信设备的标识信息。In this embodiment, the second information received by the forwarding device includes second public key information and second communication device identification information corresponding to the second public key information. Wherein, the first communication device identification information corresponding to the second public key information can be regarded as the identification information of the communication device used by the device sending the second public key information when sending the second public key information.
与步骤S501相同,发送该第一信息的可能是攻击设备,也有可能不是攻击设备。Same as step S501, the sender of the first information may or may not be the attacking device.
S503,第一公开密钥信息指示的第一公开密钥与第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与第二通信设备标识信息指示的第二通信设备不同的情况下,确定第一通信设备与第二通信设备之间的通信存在网络攻击行为。S503. When the first public key indicated by the first public key information is the same as the second public key indicated by the second public key information, and the first communication device indicated by the first communication device identification information is different from the second communication device indicated by the second communication device identification information, determine that there is a network attack behavior in the communication between the first communication device and the second communication device.
如前述所述,若某个通信设备不是攻击设备,那么该通信设备在向网络中的任何其他通信设备在发送自己生成的公开密钥时,使用的标识信息都是相同的,即使用的一定是本身的标识信息。但是,若某个设备为攻击设备,那么该攻击设备为了实现网络攻击,该攻击设备一定会冒充进行通信的通信双方的身份标识信息,即对于攻击设备,其会对应不同的标识信息。As mentioned above, if a communication device is not an attack device, then the communication device will use the same identification information when sending the public key generated by itself to any other communication device in the network, that is, it must use its own identification information. However, if a certain device is an attacking device, in order to realize a network attack, the attacking device must pretend to be the identity information of the communicating parties, that is, for the attacking device, it will correspond to different identification information.
示例性地,继续以图4为例,例如是攻击设备404。那么对于攻击设备404而言,其在生成公开密钥后,为了在第一通信设备401与第二通信设备402之间实现攻击,攻击设备404会分别冒充第一通信设备401的标识信息和第二通信设备402的标识信息,具体地,攻击设备404为了冒充第一通信设备401,在向第二通信设备402发送攻击设备生成的公开密钥时使用的是第一通信设备401的标识信息,攻击设备404为了冒充第二通信设备402,在向第一通信设备401发送攻击设备生成的公开密钥时使用的是第二通信设备402的标识信息,即,对于攻击设备404,如果要在第一通信设备401和第二通信设备402之间实现攻击,其会出现同一个公开密钥对应两个通信设备标识信息的特征。Exemplarily, continuing to take FIG. 4 as an example, for example, the attacking device 404 . Then, for the attacking device 404, after generating the public key, in order to attack between the first communication device 401 and the second communication device 402, the attacking device 404 will pretend to be the identification information of the first communication device 401 and the identification information of the second communication device 402 respectively. 402. The identification information of the second communication device 402 is used when sending the public key generated by the attacking device to the first communication device 401, that is, for the attacking device 404, if an attack is to be implemented between the first communication device 401 and the second communication device 402, it will appear that the same public key corresponds to the identification information of the two communication devices.
因此,本申请实施例通过同一个公开密钥对应两个不同的标识信息的特征来确定出第一通信设备与第二通信设备之间的通信存在攻击行为。Therefore, in the embodiment of the present application, it is determined that there is an attack behavior in the communication between the first communication device and the second communication device through the feature that the same public key corresponds to two different identification information.
本申请实施例提供的识别网络攻击行为的方法中,如果转发设备确定出网络中存在第一公开密钥信息与第二公开密钥信息相同,但第一公开密钥信息对应的第一通信设备标识信息指示的第一通信设备与第二公开密钥信息对应的第二通信设备标识信息指示的第二通信设备不同的情况下,就可以确定出第一通信设备与第二通信设备之间的通信存在网络攻击行为。In the method for identifying network attack behavior provided by the embodiment of the present application, if the forwarding device determines that the first public key information is the same as the second public key information in the network, but the first communication device indicated by the first communication device identification information corresponding to the first public key information is different from the second communication device indicated by the second communication device identification information corresponding to the second public key information, it can be determined that there is a network attack behavior in the communication between the first communication device and the second communication device.
可以理解的是,相比现有技术,本实施例提供的识别网络攻击行为的方法,不需要第一通信设备与第二通信设备分别获得数字证书,从而不需要支付很高的服务费,可以在识别网络攻击行为的方法的同时还能够降低成本。It can be understood that, compared with the prior art, the method for identifying network attack behavior provided by this embodiment does not require the first communication device and the second communication device to obtain digital certificates separately, so that high service fees do not need to be paid, and the method for identifying network attack behavior can also reduce costs.
作为一个可选的实施例,所述方法还包括:将第一信息和/或第二信息的源通信设备确定为网络攻击行为的攻击者。As an optional embodiment, the method further includes: determining a source communication device of the first information and/or the second information as an attacker of a network attack behavior.
其中,第一信息和/或第二信息的源通信设备可以认为是发送该第一信息和第二信息的通信设备。Wherein, the source communication device of the first information and/or the second information may be regarded as the communication device sending the first information and the second information.
如上所述,第一信息包括第一公开密钥信息和与第一公开密钥信息对应的第一通信设备标识信息,第二信息包括第二公开密钥信息和与第二公开密钥信息对应的第二通信设备标识信息。As mentioned above, the first information includes first public key information and first communication device identification information corresponding to the first public key information, and the second information includes second public key information and second communication device identification information corresponding to the second public key information.
可以理解的是,只有网络攻击行为的攻击者发送的第一信息与第二信息中会出现第一公开密钥信息指示的第一公开密钥与所述第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与第二通信设备标识信息指示的第二通信设备不同的情况,因此,本实施例中,若出现上述情况,就将发送该第一信息和第二信息的通信设备(第一信息和/或第二信息的源通信设备)确定为网络攻击行为的攻击者。It can be understood that only in the first information and the second information sent by the attacker of the network attack, the first public key indicated by the first public key information is the same as the second public key indicated by the second public key information, and the first communication device indicated by the identification information of the first communication device is different from the second communication device indicated by the identification information of the second communication device.
在一种可能的实现方式中,第一信息与第二信息中携带源通信设备的标识,所述源通信设备的标识用于指示发送第一信息与第二信息的源通信设备,这样,当转发设备获取到第一信息与第二信息中,就可以基于第一信息与第二信息中的源通信设备的标识确定出源通信设备。In a possible implementation manner, the first information and the second information carry the identifier of the source communication device, and the identifier of the source communication device is used to indicate the source communication device that sent the first information and the second information, so that when the forwarding device obtains the first information and the second information, it can determine the source communication device based on the identifier of the source communication device in the first information and the second information.
该实现方式中,在能够识别出第一设备与第二设备之间存在网络攻击行为的基础上,还能进一步地确定出网络攻击行为的攻击者。In this implementation manner, on the basis of identifying the network attack behavior between the first device and the second device, the attacker of the network attack behavior can be further determined.
作为一个可选的实施例,所述方法还包括:若接收使用第一公开密钥或第二公开密钥加密的第三信息,不转发第三信息。As an optional embodiment, the method further includes: if the third information encrypted using the first public key or the second public key is received, not forwarding the third information.
本实施例中,可以理解的是,第一公开密钥信息指示的第一公开密钥与第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与所述第二通信设备标识信息指示的第二通信设备不同的情况下,可以确定出第一公开密钥和第二公开密钥为攻击者生成的密钥,因此,本实施例中,当出现使用第一公开密钥或第二公开密钥加密的第三信息时,就不转发该第三信息。In this embodiment, it can be understood that when the first public key indicated by the first public key information is the same as the second public key indicated by the second public key information, and the first communication device indicated by the first communication device identification information is different from the second communication device indicated by the second communication device identification information, it can be determined that the first public key and the second public key are keys generated by an attacker. Therefore, in this embodiment, when the third information encrypted using the first public key or the second public key appears, the third information is not forwarded.
例如,以图4所示为例,当转发设备2确定出第一信息与第二信息中,存在第一公开密钥信息指示的第一公开密钥与第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与所述第二通信设备标识信息指示的第二通信设备不同的情况,转发设备2可以切断使用第一公开密钥或第二公开密钥加密的第三信息,这样该第三信息就不会进行转发,相当于转发设备切断了该第三信息在网络中的传输,从而保证了第一通信设备与第二通信设备通信时的安全性。For example, taking the example shown in FIG. 4, when forwarding device 2 determines that the first public key indicated by the first public key information is the same as the second public key indicated by the second public key information in the first information and the second information, and the first communication device indicated by the first communication device identification information is different from the second communication device indicated by the second communication device identification information, forwarding device 2 can cut off the third information encrypted with the first public key or the second public key, so that the third information will not be forwarded, which is equivalent to the forwarding device cutting off the transmission of the third information in the network, thus ensuring the communication between the first communication device and the second communication device security at the time.
可选地,可以为各个转发设备统一配置相关的转发策略,比如生成树协议(spanning tree protocol,STP)协议等,以有效防止报文广播而导致的网络效率降低或出错等问题。Optionally, relevant forwarding policies, such as spanning tree protocol (STP) protocol, etc. may be uniformly configured for each forwarding device, so as to effectively prevent network efficiency reduction or errors caused by message broadcasting.
可选地,本申请实施例提供的识别网络攻击行为的方法可以只存在于通信双方的公开密钥交换过程,而不是之后的真实数据传输过程,以提升整体网络的运行效率。Optionally, the method for identifying network attack behavior provided by the embodiment of the present application may only exist in the public key exchange process between the communication parties, rather than the subsequent real data transmission process, so as to improve the operating efficiency of the overall network.
图6为本申请一个实施例提供的识别网络攻击行为的装置,应用于通信设备,所述装置600包括:接收模块601,用于接收第一信息及第二信息,第一信息包括第一公开密钥信息和与第一公开密钥信息对应的第一通信设备标识信息,第二信息包括第二公开密钥信息和与第二公开密钥信息对应的第二通信设备标识信息;处理模块602,用于第一公开密钥信息指示的第一公开密钥与第二公开密钥信息指示的第二公开密钥相同,且第一通信设备标识信息指示的第一通信设备与第二通信设备标识信息指示的第二通信设备不同的情况下,确定第一通信设备与第二通信设备之间的通信存在网络攻击行为。Fig. 6 is an apparatus for identifying network attack behavior provided by an embodiment of the present application, which is applied to a communication device. The apparatus 600 includes: a receiving module 601 for receiving first information and second information. The first information includes first public key information and first communication device identification information corresponding to the first public key information, and the second information includes second public key information and second communication device identification information corresponding to the second public key information; a processing module 602 is used for the first public key indicated by the first public key information and the second public key indicated by the second public key information. If the device is different from the second communication device indicated by the identification information of the second communication device, it is determined that there is a network attack behavior in the communication between the first communication device and the second communication device.
作为一种示例,接收模块601可以用于执行图5所述的方法中的接收第一信息步骤。例如,接收模块601用于执行S501。As an example, the receiving module 601 may be configured to execute the step of receiving the first information in the method described in FIG. 5 . For example, the receiving module 601 is configured to execute S501.
作为另一种示例,处理模块602可以用于执行图5所述的方法中的确定第一通信设备与第二通信设备之间的通信存在网络攻击行为步骤。例如,处理模块602用于执行S503。As another example, the processing module 602 may be configured to execute the step of determining that there is a network attack behavior in the communication between the first communication device and the second communication device in the method described in FIG. 5 . For example, the processing module 602 is configured to execute S503.
在一种可能的实现方式中,处理模块602还用于:若接收使用第一公开密钥或第二公开密钥加密的第三信息,不转发第三信息。In a possible implementation manner, the processing module 602 is further configured to: not forward the third information if the third information encrypted using the first public key or the second public key is received.
在一种可能的实现方式中,所述处理模块602还用于:将第一信息和/或第二信息的源通信设备确定为网络攻击行为的攻击者。In a possible implementation manner, the processing module 602 is further configured to: determine the source communication device of the first information and/or the second information as the attacker of the network attack behavior.
图7为本申请另一个实施例提供的识别网络攻击行为的装置的结构性示意图。图7所示的装置可以用于执行前述任意一个实施例所述的方法。FIG. 7 is a schematic structural diagram of an apparatus for identifying network attack behavior provided by another embodiment of the present application. The device shown in FIG. 7 may be used to execute the method described in any one of the foregoing embodiments.
如图7所示,本实施例的装置700包括:存储器701、处理器702、通信接口703以及总线704。其中,存储器701、处理器702、通信接口703通过总线704实现彼此之间的通信连接。As shown in FIG. 7 , an apparatus 700 in this embodiment includes: a memory 701 , a processor 702 , a communication interface 703 and a bus 704 . Wherein, the memory 701 , the processor 702 , and the communication interface 703 are connected to each other through a bus 704 .
存储器701可以是只读存储器(read only memory,ROM),静态存储设备,动态存储设备或者随机存取存储器(random access memory,RAM)。存储器701可以存储程序,当存储器701中存储的程序被处理器702执行时,处理器702用于执行图5所示的方法的各个步骤。The memory 701 may be a read only memory (read only memory, ROM), a static storage device, a dynamic storage device or a random access memory (random access memory, RAM). The memory 701 may store a program, and when the program stored in the memory 701 is executed by the processor 702, the processor 702 is configured to execute each step of the method shown in FIG. 5 .
处理器702可以采用通用的中央处理器(central processing unit,CPU),微处理器,应用专用集成电路(application specific integrated circuit,ASIC),或者一个或多个集成电路,用于执行相关程序,以实现本申请方法实施例的方法。The processor 702 may adopt a general-purpose central processing unit (central processing unit, CPU), microprocessor, application specific integrated circuit (application specific integrated circuit, ASIC), or one or more integrated circuits, for executing related programs, so as to implement the method of the method embodiment of the present application.
处理器702还可以是一种集成电路芯片,具有信号的处理能力。在实现过程中,本申请实施例的方法的各个步骤可以通过处理器702中的硬件的集成逻辑电路或者软件形式的指令完成。The processor 702 may also be an integrated circuit chip, which has a signal processing capability. In the implementation process, each step of the method in the embodiment of the present application may be completed by an integrated logic circuit of hardware in the processor 702 or instructions in the form of software.
上述处理器702还可以是通用处理器、数字信号处理器(digital signalprocessing,DSP)、专用集成电路(ASIC)、现成可编程门阵列(field programmable gatearray,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The above-mentioned processor 702 may also be a general-purpose processor, a digital signal processor (digital signal processing, DSP), an application-specific integrated circuit (ASIC), an off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, and discrete hardware components. Various methods, steps, and logic block diagrams disclosed in the embodiments of the present application may be implemented or executed. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
结合本申请实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器701,处理器702读取存储器701中的信息,结合其硬件完成本申请装置包括的单元所需执行的功能,例如,可以执行图5所示实施例的各个步骤/功能。The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, register. The storage medium is located in the memory 701, and the processor 702 reads the information in the memory 701, and combines its hardware to complete the functions required by the units included in the device of the present application. For example, it can execute various steps/functions of the embodiment shown in FIG. 5 .
通信接口703可以使用但不限于收发器一类的收发装置,来实现装置700与其他设备或通信网络之间的通信。The communication interface 703 may use, but is not limited to, a transceiver device such as a transceiver to implement communication between the device 700 and other devices or communication networks.
总线704可以包括在装置700各个部件(例如,存储器701、处理器702、通信接口703)之间传送信息的通路。The bus 704 may include pathways for transferring information between various components of the apparatus 700 (eg, memory 701 , processor 702 , communication interface 703 ).
应理解,本申请实施例所示的装置700可以是电子设备,或者,也可以是配置于电子设备中的芯片。It should be understood that the apparatus 700 shown in the embodiment of the present application may be an electronic device, or may also be a chip configured in the electronic device.
上述实施例,可以全部或部分地通过软件、硬件、固件或其他任意组合来实现。当使用软件实现时,上述实施例可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令或计算机程序。在计算机上加载或执行所述计算机指令或计算机程序时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以为通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集合的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质。半导体介质可以是固态硬盘。The above-mentioned embodiments may be implemented in whole or in part by software, hardware, firmware or other arbitrary combinations. When implemented using software, the above-described embodiments may be implemented in whole or in part in the form of computer program products. The computer program product comprises one or more computer instructions or computer programs. When the computer instruction or computer program is loaded or executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server or data center to another website, computer, server or data center by wired (such as infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center that includes one or more sets of available media. The available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, DVD), or semiconductor media. The semiconductor medium may be a solid state drive.
应理解,在本申请的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that in various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of each process should be determined by its functions and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器、随机存取存储器、磁碟或者光盘等各种可以存储程序代码的介质。If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on such an understanding, the technical solution of the present application can be embodied in the form of a software product in essence or the part that contributes to the prior art or a part of the technical solution. The computer software product is stored in a storage medium and includes several instructions to make a computer device (which can be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the application. The aforementioned storage medium includes: various media capable of storing program codes such as U disk, mobile hard disk, read-only memory, random access memory, magnetic disk or optical disk.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above is only a specific embodiment of the application, but the scope of protection of the application is not limited thereto. Anyone skilled in the art within the scope of the technology disclosed in this application can easily think of changes or replacements, which should be covered within the scope of protection of the application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111183144.1A CN113923668B (en) | 2021-10-11 | 2021-10-11 | Method, device, chip and readable storage medium for identifying network attack behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111183144.1A CN113923668B (en) | 2021-10-11 | 2021-10-11 | Method, device, chip and readable storage medium for identifying network attack behavior |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113923668A CN113923668A (en) | 2022-01-11 |
| CN113923668B true CN113923668B (en) | 2023-07-25 |
Family
ID=79239284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111183144.1A Active CN113923668B (en) | 2021-10-11 | 2021-10-11 | Method, device, chip and readable storage medium for identifying network attack behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923668B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114915475B (en) * | 2022-05-18 | 2023-06-27 | 中国联合网络通信集团有限公司 | Method, device, equipment and storage medium for determining attack path |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610510A (en) * | 2009-06-10 | 2009-12-23 | 南京邮电大学 | Multi-Authentication Method of Node Legitimacy in Layer-Cluster Wireless Ad Hoc Networks |
| CN105553966A (en) * | 2015-12-10 | 2016-05-04 | 中国联合网络通信集团有限公司 | Method and device for key exchange |
| CN108322464A (en) * | 2018-01-31 | 2018-07-24 | 中国联合网络通信集团有限公司 | A kind of secret key verification method and equipment |
| CN112019647A (en) * | 2018-02-12 | 2020-12-01 | 华为技术有限公司 | Method and device for obtaining equipment identifier |
| CN112398800A (en) * | 2019-08-19 | 2021-02-23 | 华为技术有限公司 | A data processing method and device |
| CN113395247A (en) * | 2020-03-11 | 2021-09-14 | 华为技术有限公司 | Method and equipment for preventing replay attack on SRv6HMAC verification |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9571475B2 (en) * | 2015-06-09 | 2017-02-14 | Verizon Patent And Licensing Inc. | Call encryption systems and methods |
-
2021
- 2021-10-11 CN CN202111183144.1A patent/CN113923668B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610510A (en) * | 2009-06-10 | 2009-12-23 | 南京邮电大学 | Multi-Authentication Method of Node Legitimacy in Layer-Cluster Wireless Ad Hoc Networks |
| CN105553966A (en) * | 2015-12-10 | 2016-05-04 | 中国联合网络通信集团有限公司 | Method and device for key exchange |
| CN108322464A (en) * | 2018-01-31 | 2018-07-24 | 中国联合网络通信集团有限公司 | A kind of secret key verification method and equipment |
| CN112019647A (en) * | 2018-02-12 | 2020-12-01 | 华为技术有限公司 | Method and device for obtaining equipment identifier |
| CN112398800A (en) * | 2019-08-19 | 2021-02-23 | 华为技术有限公司 | A data processing method and device |
| CN113395247A (en) * | 2020-03-11 | 2021-09-14 | 华为技术有限公司 | Method and equipment for preventing replay attack on SRv6HMAC verification |
Non-Patent Citations (2)
| Title |
|---|
| Man-in-the-Middle and Denial of Service Attacks in Wireless Secret Key Generation;Miroslav Mitev等;2019 IEEE Global Communications Conference (GLOBECOM);全文 * |
| 基于IPSec的虚拟专用网络密钥交换实现及其安全分析;吴越, 疏朝明, 卜勇华, 胡爱群, 毕光国;东南大学学报(自然科学版)(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113923668A (en) | 2022-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110971415B (en) | An anonymous access authentication method and system for a space-earth integrated spatial information network | |
| US10097525B2 (en) | System, apparatus and method for generating dynamic IPV6 addresses for secure authentication | |
| CN101600204B (en) | File transmission method and system | |
| CN101156346B (en) | Context-bound shared secret | |
| CN114830602A (en) | Mutual authentication protocol for systems with low throughput communication links and apparatus for performing the protocol | |
| CN106101068A (en) | Terminal communicating method and system | |
| CN108650227A (en) | Handshake method based on datagram secure transfer protocol and system | |
| CN100358282C (en) | Key agreement method in WAPI authentication mechanism | |
| CN112866981B (en) | Method and device for managing subscription data | |
| CN112514436B (en) | Secure, authenticated communication between initiator and responder | |
| CN108574571B (en) | Private key generation method, device and system | |
| Ullah et al. | A secure NDN framework for Internet of Things enabled healthcare | |
| CN107925578A (en) | Cryptographic key negotiation method, equipment and system | |
| Niu et al. | A novel user authentication scheme with anonymity for wireless communications | |
| CN101483863B (en) | Instant message transmitting method, system and WAPI terminal | |
| Maughan et al. | Rfc2408: Internet security association and key management protocol (isakmp) | |
| CN100571124C (en) | Method for preventing replay attack and method for ensuring non-duplication of message sequence number | |
| Ostad‐Sharif et al. | Efficient privacy‐preserving authentication scheme for roaming consumer in global mobility networks | |
| CN101242274B (en) | Method for guaranteeing non-duplicate message SN and preventing from re-play attack and mobile terminal | |
| CN113923668B (en) | Method, device, chip and readable storage medium for identifying network attack behavior | |
| Songshen et al. | Hash-based signature for flexibility authentication of IoT devices | |
| Wu et al. | Efficient authentication for Internet of Things devices in information management systems | |
| CN102739660A (en) | Key exchange method for single sign on system | |
| Hwang et al. | On the security of an enhanced UMTS authentication and key agreement protocol | |
| CN111404670A (en) | A key generation method, UE and network device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |