CN114389835B - IPv6 option explicit source address encryption security verification gateway and verification method - Google Patents

Abstract

The present invention discloses an IPv6 option explicit source address encryption security verification gateway, the security verification gateway device comprises: a data probability acquisition module, which is used to perform probability acquisition of data packets for transmission data and send them to an encryption function module; an encryption function module, which is used to encrypt and sign the source IPv6 address in the data packet, load the ciphertext obtained by signing into the hop-by-hop option header in the data packet and send the data packet carrying the source address verification information to the destination; a verification function module, which is used to verify the source address information of the received data, the initialization creation and dynamic update of the dynamic verification table. The present invention also provides a verification method for an IPv6 option explicit source address encryption security verification gateway, which can encrypt the transmitted data and verify the transmitted data, thus realizing the integration of encryption and verification.

Description

An IPv6 option explicit source address encryption security verification gateway and verification method

Technical Field

The present invention belongs to the technical field of network security, and in particular relates to an IPv6 option explicit source address encryption security verification gateway and a verification method.

Background technique

In recent years, due to the continuous deepening of research in the field of source address verification, targeted and detailed research has been gradually carried out on different network environments, diverse network applications and various network threats to make up for the defects of traditional source address verification technology, so as to make network defense capabilities more prominent and better able to resist various network threats in complex and changeable network environments. Based on this, in response to the storage overhead problem of traditional verification technology, Vijayalakshmi et al. proposed a novel enhanced packet marking algorithm, which can be directly deployed on the victim end to provide backtracking for a single data packet. Since it does not need to traverse the entire computer network or use out-of-band messages to identify the attack source, the marking algorithm is easy to apply and does not have the problem of storage overhead; Suresh et al. solved the scalability problem of the DPM verification mechanism and designed a backtracking scheme based on deterministic multi-packet marking (DMPM), using a global marking distribution server (MOD on-demand marking) to mark untrusted data packets, effectively defending against DDoS attacks; Lu Ning et al. proposed a hierarchical anti-anonymous alliance construction method (EAGLE) based on egress filtering, which overcomes the egress filtering (Egress In order to solve the problems of high cost and low forwarding efficiency faced by source address and path verification in packet forwarding, Wu Bo proposed an efficient source address and path verification mechanism PPV based on random marking of data packets. He designed the PPV verification mechanism from the perspective of data flow verification. By utilizing the security verification of random marking of data packets, he avoided the hop-by-hop and packet-by-packet verification of traditional solutions, reduced the overhead of additional communication and verification delay of packet forwarding verification, and improved the efficiency of packet forwarding security verification.

Based on this analysis, most source address verification technologies use the technical principles of encryption verification schemes, but existing technologies based on encryption verification schemes mostly adopt end verification, and a few adopt a hybrid mode of end/path verification. Since the end verification mode lacks verification on the path transmission, its network defense capability is characterized by low false positives and high false negatives; and the mode of adopting full path transmission verification will cause problems such as increased computing overhead, increased communication overhead, increased bandwidth and network resource consumption, and reduced deployment compatibility.

Summary of the invention

In view of the above-mentioned problems, the purpose of the present invention is to provide an IPv6 option explicit source address encryption security verification gateway and verification method.

The technical solution adopted by the present invention is:

An IPv6 option explicit source address encryption security verification gateway, the security verification gateway device comprising:

The data probability acquisition module is used to perform probability acquisition of data packets for the transmission data and send them to the encryption function module;

The encryption function module is used to encrypt and sign the source IPv6 address in the data packet, load the signed ciphertext into the hop-by-hop option header in the data packet, and send the data packet carrying the source address verification information to the destination;

The verification function module is used to verify the source address information of the received data, and to initialize the creation and dynamic update of the dynamic verification table.

Preferably, the data probability acquisition module includes

The data acquisition module is used to perform probability sampling on the data packets and provide data with marking information for the encryption function module;

The key node dynamic identification module is used to monitor the traffic status of each transmission node in the transmission path, calculate and identify key nodes using complex network indicators, and then encrypt and sign them through the encryption function module and verify them using the verification function module.

Preferably, the encryption function module includes:

The first SHA224 hash module is used to encrypt the source IPv6 address to generate a 28-byte message digest MAC in preparation for the next step of digital signature;

The ECDSA signature module is used to generate the ciphertext C by digitally signing the message digest MAC and provide source address verification information;

The first ECC key library generates a key pair (Pk, Sk) using an ECC key generation algorithm, and stores the key pair (Pk, Sk) in the key library to facilitate the ECDSA signature module to extract the key;

The sending module is used to send data carrying source address verification information to the destination end, completing the first step of source address verification.

Preferably, the verification function module includes:

A receiving module, used to receive a data packet carrying source address verification information and to create a local dynamic verification table using neighbor SAG initialization;

A hop-by-hop header verification module is used to determine the bit value of the hop-by-hop header option type field in the data packet and select the source address verification mode;

The data reading module is used to read the received data packet and obtain the source IPv6 address and ciphertext C information;

Dynamic verification table: Create a dynamically updated verification table by using a triple as a rule table entry. The triple includes the source IPv6, subnet prefix, and Pk.

The clock module is used to provide a time signal to the dynamic verification table and update the dynamic verification table regularly. The default cycle is 3 hours.

The second SHA224 hash module is used to hash the obtained source IPv6 address and calculate a message digest MAC' for verification, which is an input of the verification module;

The ECDSA signature verification module verifies the ciphertext C and recovers the original message digest MAC for verification. It is another input of the verification module.

The second ECC key library uses the ECC key generation algorithm to generate a key pair (Pk, Sk), finds the corresponding public key Pk according to the key library, provides the public key for the ECDSA signature verification module, and provides the corresponding key information for the dynamic verification table;

Verification module, used to verify the authenticity of the data source.

Preferably, the verification process of the verification module includes:

During single data verification, the MAC’ obtained by the second SHA224 hash module is compared with the MAC of the ECDSA signature verification module. If they are equal, the data source is authentic; otherwise, it is forged data. During stream data verification, the received data is read, including the source IPv6, MAC, Pk or subnet prefix, Pk, and the tuple information of the source IPv6, subnet prefix, Pk in the dynamic verification table is matched. If the tuple matches, the data source is authentic; otherwise, it is forged data.

A method for verifying an IPv6 option explicit source address encryption security verification gateway comprises the following steps:

Step 1: Encryption Phase

101: Initialization, using the ECC key generation algorithm to generate a key pair (Pk, Sk) for digital signature calls;

102: Use the first SHA224 hash module to hash the source IPv6 address of the data packet, calculate the message digest MAC, and use it as the input of the ECDSA signature module;

103: The ECDSA signature module calls the key pair of the first ECC key library, uses the private key Sk to digitally sign the message digest MAC, and obtains the ciphertext C;

104: Load the ciphertext C into the hop-by-hop option header in the data packet to obtain a data packet carrying source address verification information, and then send it;

Step 2: Verification Phase

201: Initialization: The dynamic verification table is initialized to create a local dynamic verification table by sharing the verification table of the adjacent SAG;

202: By determining the bit value of the option type field in the hop-by-hop option header, a suitable source address verification mode is adopted to perform a verification operation.

Preferably, in step 202, the judgment and verification process is as follows:

If it is determined that single data verification is used, the source IPv6 address and ciphertext C are obtained through the data received by the destination. Since the encryption stage and the verification stage use a unified key library, the public key Pk can be extracted. The ciphertext C is signed with the public key Pk to obtain the original message digest MAC, and the source IPv6 address is hashed with SHA224 to obtain a new message digest MAC'. The MAC and MAC' are compared. If the values are the same, the data source is authentic, received or forwarded, and the data is added to the dynamic verification table as a tuple; otherwise, it is forged data and should be discarded;

If it is decided to use stream data verification, the source IPv6 address and ciphertext C are obtained through the data received by the destination, and the corresponding public key Pk can be known through the key library, forming the corresponding tuple source IPv6, Pk or subnet prefix, Pk, and searching and matching against the tuple information in the dynamic verification table. If the tuple matches, the data source is authentic and the data is received or forwarded. If the tuple is not found or does not match, the single data verification mechanism is entered for re-verification. If it is judged to be real data, the data should be received or forwarded, otherwise it is forged data and the data should be discarded and the original verification mode is restored.

Beneficial effects of the present invention:

1. This system can both encrypt and verify the transmitted data, realizing the integration of encryption and verification. The integrated security verification gateway has universal applicability and can be inserted into the transmission equipment to realize the secure transmission from source to destination and on the path. It not only verifies the authenticity of the source of the data packet, but also reduces the deployment overhead, making up for the lack of widespread deployment, integrated verification, and effectively defending against network attacks such as source address spoofing and forgery.

2. The present invention is designed as a plug-and-play module, which can be inserted into routers, switches and PC terminals, so it has the characteristics of incremental deployment and better adaptability.

3. Compared with the traditional SAVA device, the design of the present invention only marks part of the data and performs signature verification at key nodes on the transmission path, which improves the data transmission efficiency, reduces the computing overhead and reduces the occupancy of the network bandwidth.

4. In terms of defense effectiveness, compared with traditional SAVA devices, this verification gateway can defend against most data deception and forgery attacks, has strong defense effectiveness, and can also make up for the defense defects of other security devices.

5. In terms of data transmission efficiency, compared with SAVA devices or other types of source address verification technologies, this verification gateway has better data transmission performance. Because this solution is based on the principle of probabilistic tag signature verification of data packets, and verifies through key nodes on the transmission path, it reduces verification overhead and improves data transmission efficiency. 6. It avoids the security risks of introducing a third party for data verification, that is, if the third party is breached, the encrypted information can be cracked and the source address can be forged to obtain the trust of the terminal, achieving the illegal purpose of attack penetration.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

Figure 1 shows the basic design framework of the SAEAv6 verification solution;

Figure 2 shows the key node identification of the network transmission topology;

Figure 3 shows the hop-by-hop option data structure definition;

FIG4 shows a single data verification process of inserting a SAG into a network device (taking a router as an example);

Figure 5 shows the modular structure of the Security Authentication Gateway (SAG);

Figure 6 shows the safety verification workflow;

Figure 7 shows the experimental network connectivity results;

Figure 8 shows the defense effectiveness of the security authentication gateway deployment based on the SAEAv6 solution.

Detailed ways

In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below. Obviously, the described embodiments are only part of the embodiments of the present invention, rather than all the embodiments.

Therefore, the following detailed description of the embodiments of the present invention is not intended to limit the scope of the invention claimed for protection, but merely represents selected embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

The invention provides an ECDSA hop-by-hop option explicit source address encryption authentication scheme (SAEAv6) method for an IPv6 network, and proposes a corresponding security authentication gateway device.

1. Overview of SAEAv6 Verification Scheme

According to the source address verification method based on encryption verification, a description of the problem to be solved, an adversary model and an overview of the SAEAv6 verification method are given. The source verification scheme proposed in the present invention is implemented based on end-to-end and path verification, that is, the data packet passes through the sending end (i.e., the data source end, S), along the expected path L=<S, R1, R2,…, Ri,…, Rn, D> in the router, and reaches the destination end (data receiving end, D), where i, n represent the path length (excluding the data sending end), and S, D, Ri and Rn are network entities in the network transmission topology. Under an unreliable communication channel, due to attacks or failures, intermediate routers may discard, modify data packets or change their forwarding paths.

1.1 Problem Description and Assumptions

Source address verification problem: Since each network transmission node in the Internet network (such as routers, switches, etc.) only stores and forwards the destination IP address in the data packet when transmitting the data packet, it does not verify the authenticity of the source IP address in the data packet and the payload in the packet and continues to forward it. This may cause attackers to tamper with the source IP address in the forged data packet to deceive the destination terminal and then carry out illegal attacks, such as intrusion, theft or destruction of the destination terminal.

We assume that S and D are terminal devices, and define the legal transmission path as L = <S, R1, R2, ..., Rn, D>, where R represents the router. Ideally, data packets should be transmitted along this path. According to routing exchange protocols such as the Border Gateway Protocol (BGP) or the Pathlet routing protocol, it can be assumed that the source end S can know the expected traversal path of the data packet transmission, and can deploy execution path verification at key nodes in the path.

1.2 Adversary Model Establishment

Packet tampering and spoofing: forging the information of the packet and deceiving the destination D, such as the source IP address, header or payload data.

Packet injection: The malicious router forges a packet and sends it to the destination D. Note that a packet replay attack is a special case of attack packet injection.

DDoS and DoS attacks: As part of both attacks, consider memory and computation exhaustion attacks on endpoints, routers, etc.

1.3 SAEAv6 Verification Scheme

The SAEAv6 verification scheme is mainly as follows: first, verification information is added to the sent data packets in a probabilistic marking manner at the sending end S, instead of marking all the data packets at the sending end S, which reduces the consumption of network resources and reduces the computational overhead of the verification scheme; second, by introducing the indicator concepts of complex networks (such as degree, centrality, betweenness, etc.), the transmission nodes in the topological path of the data packet transmission are dynamically identified, the key nodes of the data packet on the transmission path are identified, and the key nodes are used as the inspection nodes for verifying the authenticity of the source address of the data packet; finally, the source address path and end verification of the transmitted data packet are performed by checking the nodes and the destination end D to determine the authenticity of the source of the data packet, thereby reducing the threat of network deception attacks.

Therefore, according to the above, the design principle of the SAEAv6 verification scheme is very simple and easy to understand. Its detailed design idea is to enable the Hop-by-hop Option in the IPv6 message field as the transmission carrier of the verification information, use the SHA224withECDSA digital signature algorithm as the security verification mechanism, and design it based on the idea of data packet identity authentication. The SAEAv6 verification scheme can adopt both the end verification mode and the verification operation on the data transmission path. Unlike the traditional source address verification scheme based on encryption verification, this verification scheme does not perform a hop-by-hop and packet-by-packet source address verification mechanism in the full path mode of network transmission, but only performs dynamic verification at key network nodes in the transmission path, which reduces the verification overhead and the occupation of network resources, and improves the forwarding efficiency of network data. Its basic design framework is shown in Figure 1, and the corresponding (Pk, Sk) in the figure is searched and obtained in the key library.

According to the SAEAv6 verification scheme, a modular design is implemented to realize the security verification gateway. The signature and verification of the packet address information are realized through the security verification gateway, and the source address verification operation is completed, in which SHA224 hash is used as the message digest algorithm of the source IPv6 address and ECDSA is used as the digital signature mechanism for source address verification.

2. SAEAv6 Verification Scheme Design

2.1 Dynamic Identification of Key Nodes

The transmission path information of network data can be obtained through routing protocols, such as BGP, Pathlet routing, etc., and the network transmission topology is established based on the routing information. As shown in Figure 2, it is assumed that it is an IPv6 network transmission topology. The exact transmission path is obtained through routing information, and the traffic status is monitored at each transmission node in the transmission path. The key node information of the network topology is identified for the nodes in the transmission path using the measurement indicators of the complex network. The following is a description through the example in Figure 2: From top to bottom in the figure, there are the physical network topology, abstract node topology, and key path topology. The transmission topology of the upper physical network can be abstracted into a node topology graph. According to the node topology of the middle layer, the key nodes are calculated and identified using complex network indicators (such as degree, authority, intermediary and centrality), and the key node path graph of the lowest layer is obtained. The data packet can be transmitted according to the key node path or other paths. However, the key point is that whether the data packet is transmitted according to the key path or other transmission paths, the source address of the data must be verified at the key node in the path (i.e., the orange node marked in Figure 2) to determine the authenticity of its data source.

According to the above description, there are two possibilities for data transmission: one is that the data packet is transmitted according to the critical path and verified at each critical node, so its data transmission is equivalent to hop-by-hop and packet-by-packet verification, and the transmission security is extremely high; the other is that the data is not transmitted according to the critical path, but is transmitted along other paths according to the routing information. However, most of the nodes on the transmission path must be critical nodes, because critical nodes occupy an important position in the network topology. Therefore, no matter which path is taken, the critical nodes cannot be bypassed. For example, the source end S reaches the destination end D through the path <R1, R3, R4, R6, R8, R10>, so it is feasible to verify the authenticity of the datagram at the critical node.

2.2 Verification of vector design

The selection of the verification carrier of the SAEAv6 scheme is crucial, and it is related to the feasibility, applicability and compatibility of the entire source address verification scheme. Through the study of various source address verification technologies, it is found that the use of hop-by-hop option headers has better compatibility and universality than the newly designed protocol or the new data option header when the network protocol is running. Therefore, according to the principle of encryption verification, it is decided to enable the hop-by-hop option header in the IPv6 message. There are three reasons for selecting the hop-by-hop option header: (1) The hop-by-hop option header will not be inserted or deleted at will during the data packet transmission process, and the hop-by-hop option header can be checked or processed at any node along the data packet transmission path; (2) Since the data packet is checked from the IPv6 header, hop-by-hop option header, target option header, routing header, etc. in sequence during the transmission inspection stage, it has the characteristic of fast verification; (3) Since the hop-by-hop option header is checked in each hop route of the data packet transmission in the network, it is possible to locate the attack source of the forged data packet. Because if a data packet is transmitted and it is found to be spoofed when passing through several transmission nodes, it must be that the previous hop route of the transmission node forged the data packet, so it is possible to trace the source of the attack end. In summary, the use of the hop-by-hop option header can not only give full play to its advantages but also make it more compatible with network protocols and will not cause unnecessary conflicts with other types of network protocols. Therefore, this authentication scheme has wider applicability, versatility and compatibility than other authentication protocols.

The hop-by-hop option header consists of five fields: next header, header extension length, option type, option data length, and option data. The functions of the option type and option data fields can be defined according to user needs. In order to better cooperate with the SAEAv6 verification scheme, according to the IPv6 address protocol standard, the field functions of the next header and header extension length in the hop-by-hop option header are defined by the IPv6 protocol standard, and the field functions of the option type field, option data length, and option data are defined by this verification scheme. The total length of the hop-by-hop option header is defined as 32 bytes, the length of the hop-by-hop option header field is 4 bytes, and the functions of the remaining fields are defined as follows. Figure 3 shows the field structure of the hop-by-hop option header.

(1) Next Header (1 Byte). The options extension header of IPv6 packets contains this field, which is used to identify the type of the next header, such as 0-hop-by-hop options header, 43-routing header, 44-fragment header, 60-destination options header, etc.

(2) Header extension length (1 Byte), which identifies the length of the fields including option type, option data length, and option data, excluding the next header field. The unit length is 8 Byte and must be an integer multiple of 8 Byte. The default value of this field is 0.

(3) Option type field (1 Byte), mainly used for verification and judgment. The specific definitions of each bit value of the option type are as follows:

① The first, second and third bits are defined by the RFC8200 standard and will not be described in detail. The first and second bits are used to define the action when the option type cannot be identified, and the default value is 00; the third bit is used to identify whether the data packet can be modified during transmission, and the default value is 0.

②The fourth bit is used alone to determine whether the node where the data packet is located is a key node, where: 0—ordinary node; 1—key node.

③The fifth bit is used alone to establish and update the dynamic verification table in the security verification gateway.

0-Update the verification table regularly, add new rule table items, delete invalid rule table items, and update the verification table itself;

1- Initialize and create a verification table. Initialize and create a verification table through the neighbor security verification gateway. If the neighbor security verification gateway does not have a verification table, a dynamic verification table is created according to the single data verification mechanism. Note: This bit is applied when the device is turned on or reconnected. It is generally not used and is usually defaulted to 0.

④The sixth and seventh digits are used in combination to determine which source address verification mode to use:

00-The default verification is single data verification (fine-grained), which verifies the data one by one and adds the successfully verified data as a tuple into the dynamic verification table;

01-Flow data verification (coarse-grained), query the dynamic verification table, and provide any tuple verification method (source IPv6, MAC, Pk) or (subnet prefix, Pk). If the tuple matches, the verification is successful and the data is received or forwarded; otherwise, the single data verification mechanism is entered, and after the verification is completed and the successfully verified data is added to the dynamic verification table as a tuple, this verification mode is restored;

10- Only query and verify with <source IPv6, MAC, Pk> in the verification table. If the tuple matches, the verification is passed directly. If not, it enters single data verification. The successfully verified data is added to the verification table as a tuple, and then the original verification mode is restored. Usually suitable for single data or small-scale flow data;

11—Only query and verify with <subnet prefix, Pk> in the verification table. If the tuple matches, the verification is passed and the data is received or forwarded; otherwise, it enters single data verification, adds the successfully verified data as a tuple to the verification table, and then restores the original verification mode. It is often applicable to large-scale streaming data and provides a probabilistic verification mechanism.

⑤The eighth position is reserved for other purposes.

(4) Option length (1 Byte), identifies the length of the option data, is defined as 28 bytes, and the field value is 28 (00011100).

(5) The option data is used to carry the source address information of the SAEAv6 authentication scheme, i.e., the payload. It provides authentication information to the destination, including ciphertext (28 bytes).

3. Security verification mechanism

Internet network data security verification generally uses hash algorithms, symmetric encryption algorithms and asymmetric encryption algorithms as encryption mechanisms for security verification. Hash functions include MD5, SHA, CRC, etc. MD5 and SHA series functions are generally used as message digest algorithms in the field of network information security. They can generate fixed-length message digests by hashing values or strings of any length, and have the characteristics of high hashing and one-way. However, MD5 and SHA-1 have been found to have weaknesses and have been broken by cryptographers, so that they no longer have the advantage of strong collision, and their security strength is greatly reduced. Therefore, SHA-2 is often used as a message digest algorithm in data encryption and identity authentication in the world's network security field. It is widely used in data encryption and identity authentication, such as SSL, PGP, IPsec and other security protocols. Among them, SHA-256 and SHA-512 are more commonly used hash functions. Their function structures are the same, but the definition units are different, and different offsets are used and different numbers of cycles are executed, making them the most secure hash functions today; and SHA-224 and SHA-384 are truncated versions of the above two functions, respectively inheriting their advantages such as strong security. Therefore, since SHA-224 has the general security of SHA-256 and the generated digest length is moderate, it is particularly appropriate to use SHA-224 as the auxiliary digest algorithm of this source address verification scheme.

Symmetric and asymmetric encryption algorithms are encryption mechanisms used as traditional source address verification technologies, such as DES, AES, RC4, RSA, DSA, ECC, etc. Traditional security verification schemes have defects when using symmetric encryption algorithms. For example, each pair of senders and receivers use a unique key each time they use a symmetric encryption algorithm, which causes the number of keys owned by both senders and receivers to grow exponentially, making key management difficult and costly. Compared with public key encryption algorithms, symmetric encryption algorithms can only provide encryption and authentication but lack signature functions, which reduces their application scope. In addition, public key encryption algorithms are easy to verify the integrity of digital signatures of data, and digital signatures are non-repudiation. This feature has certain advantages for network data source address verification, and its security is higher than that of symmetric encryption algorithms. Therefore, public key encryption algorithms are selected as the main encryption mechanism of this study, and according to the comparison of the advantages and disadvantages of various public key encryption algorithms in Table 1, it is decided to use ECC elliptic curve encryption algorithms.

Table 1 Comparison of advantages of public key encryption algorithms

Since ECDSA is a digital signature mechanism based on asymmetric private key encryption of the ECC elliptic encryption algorithm, its security is based on the difficulty of solving the discrete logarithm solution of the elliptic curve. Therefore, the study of ECDSA should start with the ECC elliptic encryption algorithm, which has two application modes: (1) when used in the encryption algorithm, the public key encrypts and the private key decrypts; (2) when used in the signature algorithm, the private key signs and the public key verifies. Therefore, ECDSA is implemented based on the ECC signature algorithm. Compared with the most commonly used RSA public key cryptography system, the ECC encryption system has a long key ciphertext, slow operation, low efficiency, and low security strength of ciphertexts below 1024 bits; while the ECC key ciphertext is short, fast operation, high efficiency, less memory usage, and can use smaller keys to provide higher security strength. In view of the above advantages of ECDSA, it is decided to use the BRAINPOOLP224r1 curve to implement the ECDSA signature mechanism, which can provide a 224-bit key security strength that matches the 2048-bit key security strength of RSA.

According to the above, the SAEAv6 verification scheme uses the highly secure SHA224withECDSA digital signature algorithm. In order to make the signature mechanism more suitable for this scheme, the SHA-224 auxiliary hash and the ECDSA signature mechanism based on the BRAINPOOLP224r1 curve are used together to generate a 28-byte signature ciphertext, which avoids the MTU communication problem caused by the ciphertext being too large and filled into the message header, and is conducive to the verification of data integrity. This not only supports the feasibility of the SAEAv6 verification scheme, but also ensures its security.

Based on the above research, the present invention proposes an IPv6 option explicit source address encryption security verification gateway. The security verification gateway device is a logical function module designed based on the SAEAv6 verification scheme as a security verification gateway. It first identifies the node status of the local network deployment, and then determines the corresponding source address verification mode by judging the bit value of the option type field in the hop-by-hop option header. Then, the SHA224withECDSA digital signature is used for signature verification to complete the source address verification operation of the data packet. SAG can be inserted into the network transmission equipment as a source address verification function module therein to identify the authenticity of the data source address. It has the advantages of being integrable, easy to operate, highly compatible, and low cost. It can be widely deployed in various network environments and has good universality and practicality. Figure 4 shows an example of SAG being inserted into a router at a key node of the network for source address verification.

The security verification gateway device includes:

The data probability acquisition module is used to perform probability acquisition of data packets for the transmission data and send them to the encryption function module;

The encryption function module is used to encrypt and sign the source IPv6 address in the data packet (referring to the source IPv6 address (i.e., source address) in the data packet header), load the signed ciphertext into the hop-by-hop option header in the data packet, and send the data packet carrying the source address verification information to the destination;

The verification function module is used to verify the source address information of the received data, and to initialize the creation and dynamic update of the dynamic verification table.

Data Probability Collection Module

The data probability acquisition module performs probability sampling on the data packets and sends them to the encryption function module to mark the data packets for verification information. It includes a data acquisition module and a key node dynamic identification module. The combination of the two modules performs data-triggered probability acquisition and provides data for the encryption function module to mark information. Data acquisition module: Data can be collected through software design or hardware integration. It is now widely used in the market; the key node dynamic identification module monitors the traffic status of each transmission node in the transmission path, and uses complex network indicators to calculate and identify key nodes, and then uses the encryption function module to perform encryption signatures and verification using the verification function module. (Complex network is a professional term in computer networks and a field of computer network research. The introduction of complex networks is to use some indicators on complex networks (such as degree, centrality, betweenness, etc.) to confirm the criticality and importance of transmission nodes.)

Encryption function module

The encryption function module encrypts and signs the source IPv6 address in the data packet, loads the signed ciphertext into the hop-by-hop option header in the data packet, and sends the data packet carrying the source address verification information to the destination. Compared with the complex verification function module, its structure is relatively simple and its function is relatively single. It only includes four parts: SHA224 hash module, ECDSA signature module, ECC key library, and sending module. The design of each module is as follows:

(1) The first SHA224 hash module: used to encrypt the source IPv6 address to generate a 28-byte message digest MAC, in preparation for the next step of digital signature.

(2) ECDSA signature module: ECDSA is implemented based on the ECC signature algorithm. The ECDSA signature principle is shown in Table 1. It generates the ciphertext C by digitally signing the message digest MAC and provides source address verification information.

Table 1 ECDSA digital signature algorithm

(3) First ECC key library: Use the ECC key generation algorithm to generate a key pair and store the key pair (Pk, Sk) in the key library to facilitate the ECDSA signature module to extract the key without wasting time on temporary key generation.

(4) Sending module: Sends data carrying source address verification information to the destination, completing the first step of source address verification.

Verification function module

The verification function module is an important function module of SAG. By judging the value of the option type field bit in the hop-by-hop option header of the received data and deciding to adopt the appropriate source address verification mode, ECDSA is applied for signature verification or dynamic verification table search to complete the source address verification along the transmission path and the source/destination end, ensuring the reliable transmission of the data stream. It provides two verification mechanisms: stream data (coarse-grained) and single data (fine-grained). Coarse-grained verification can perform probabilistic verification, with fast running speed and high security, and is suitable for verifying large-scale stream data; while fine-grained verification can perform more detailed verification, with a lower running speed than coarse-grained verification, but extremely high security, and will not reduce the user's service experience. It is suitable for verifying single data and small-scale stream data. The verification function module of SAG consists of nine modules: receiving module, hop-by-hop header verification module, data reading module, dynamic verification table, second SHA224 hash module, clock module, ECDSA signature verification module, second ECC key library and verification module. These nine single-function modules cooperate with each other to provide a complex source address verification function. The functional design of each module is as follows:

(1) Receiving module: used to receive data packets carrying source address verification information and use neighbor SAG initialization to create a local dynamic verification table.

(2) Hop-by-hop header verification module: This module is a module that performs bit value judgment on the hop-by-hop header option type field in the data packet in order to select the appropriate source address verification mode.

(3) Data reading module: reads the received data packet to obtain the source IPv6 address and ciphertext C information.

(4) Dynamic verification table: This is a key module for flow data verification. It creates a dynamically updated verification table using a triplet (source IPv6, subnet prefix, Pk) as a rule table item. There are two situations for updating the verification table: one is that when the device is turned on or reconnected, it will automatically share the neighbor SAG's verification table to initialize the creation of a local verification table; the other is that the data that has completed single data verification and succeeded is added as a tuple to the dynamic verification table for comparison and use in flow data verification. The verification table is then updated regularly through the clock module to efficiently complete flow data verification.

(5) Clock module: provides time signals for the dynamic verification table and updates the dynamic verification table regularly. The default cycle is 3 hours. It can be manually set according to the actual application scenario.

(6) Second SHA224 hash module: Hash the acquired source IPv6 address and calculate a message digest MAC’ for verification, which is an input of the verification module.

(7) ECDSA signature verification module: Verify the signature of the ciphertext C and restore the original message digest MAC for verification. It is another input of the verification module. Table 2 shows the principle mechanism of ECDSA public key signature verification.

Table 2 ECDSA signature verification algorithm

(8) Second ECC key library: Use the same ECC key generation algorithm as the encryption module to generate a key pair to form a unified key library. Find the corresponding public key Pk according to the key library, provide the public key for the ECDSA signature verification module, and provide the corresponding key information for the dynamic verification table.

(9) Verification module: It is a numerical comparison module. When verifying single data, the MAC’ obtained by the SHA224 hash module is compared with the MAC of the ECDSA signature verification module. If they are equal, the data source is authentic; otherwise, it is forged data. When verifying stream data, the received data reads (source IPv6, MAC, Pk) or (subnet prefix, Pk) and matches the tuple information of (source IPv6, subnet prefix, Pk) in the dynamic verification table. If the tuple matches, the data source is authentic; otherwise, it is forged data.

In addition, the present invention also provides an ECDSA hop-by-hop option explicit source address encryption verification method for an IPv6 network, as shown in FIG6 , comprising the following steps:

Step 1: Encryption Phase

101: Initialization, using the ECC key generation algorithm to generate a key pair (Pk, Sk) for digital signature calls;

102: Use the first SHA224 hash module to hash the source IPv6 address of the data packet, calculate the message digest MAC, and use it as the input of the ECDSA signature module;

103: The ECDSA signature module calls the key pair of the first ECC key library, uses the private key Sk to digitally sign the message digest MAC, and obtains the ciphertext C;

104: Load the ciphertext C into the hop-by-hop option header in the data packet to obtain a data packet carrying the source address verification information, and then send it;

Step 2: Verification Phase

201: Initialization: The dynamic authentication table initializes and creates local dynamic authentication by sharing the authentication table of the adjacent SAG;

202: Perform verification by judging the bit value of the option type field in the hop-by-hop option header and adopting an appropriate source address verification mode;

If it is determined that single data verification is used, the source IPv6 address and ciphertext C are obtained through the data received by the destination. Since the encryption stage and the verification stage use a unified key library, the public key Pk can be extracted. The ciphertext C is signed with the public key Pk to obtain the original message digest MAC, and the source IPv6 address is used to perform SHA224 hashing to obtain a new message digest MAC'. The MAC and MAC' are compared. If the values are the same, the data source is correct, and it is received or forwarded, and the data is added to the dynamic verification table as a tuple; otherwise, it is forged data and should be discarded;

If it is determined that the flow data verification is used, the source IPv6 and ciphertext C are obtained through the data received by the destination, and the corresponding public key Pk can be known through the key library, forming the corresponding tuple (source IPv6, Pk) or (subnet prefix, Pk), and searching and matching against the tuple information in the dynamic verification table. If the tuple matches, the data source is authentic, and the data is received or forwarded; if the tuple is not found or does not match, the single data verification mechanism is entered for re-verification. If it is judged to be authentic data, the data should be received or forwarded, otherwise it is forged data, the data should be discarded, and the original verification mode is restored. The advantage of doing this is that it can reduce misjudgment and missed judgment, and improve the accuracy of data source address verification.

4. SAEAv6 Solution Evaluation

4.1 Experimental Analysis

A pure IPv6 network was built using the RIP static routing protocol with the Cisco Packet Tracer simulator using IPv6 addresses. The connectivity is shown in Figure 7. According to the network topology, assuming that the network has a Gigabit bandwidth, uses optical fiber connections, and has an average transmission distance of 5 km, SAG simulates the ECDSA signature verification using Java using the OpenSSL model and measures the average processing delays of ECDSA interactive signature and verification to be 11.3ms and 14.7ms, respectively. The average processing delay decreases with the improvement of computer performance, and the delays measured when using Java and Python for simulation are quite different, which may be caused by different algorithm programs and computer performance. In order to consider network load balancing, Java simulation delays are used, and relevant performance indicators are calculated, and the indicator data are analyzed.

Table 3 shows the experimental data of SAG in the access domain scenario under different bandwidth networks. It can be seen that the data transmission delay and transmission rate when SAG is used are slightly different from those when SAG is not used under different bandwidths, but the difference is very small, which means that the network speed will not fluctuate greatly when SAG is used in the network, and therefore will not reduce the user's service experience when using the network. Therefore, judging from the above two experimental data alone, the use of SAG will not have a significant impact on the network speed, and will not occupy too much bandwidth for data transmission.

Table 3 Experimental data using SAG in access domain

Table 4 Experimental data using SAG in three scenarios of SAVA

According to the maximum transmission time in Table 4, the simulated IPv6 network is stable, and the impact of other network factors on performance indicators can be ignored. In addition, the network delay of SAG in different network scenarios is at least about 47.88ms. Network engineers can generally evaluate the quality of the existing network environment based on network delay. It is often believed that the delay range of IPv4 network is: 1-30ms indicates that the network speed is extremely fast and the delay is almost imperceptible; 31-50ms indicates that the network speed is fast and there is no obvious delay; 51-100ms indicates that the network speed is slightly slow and there is a slight delay; >100ms indicates that the network speed is poor, there are freezes and packet loss and disconnection. Although the above delay range is often used to evaluate IPv4 networks, it can be used to abstractly predict the network speed of SAG in the IPv6 network environment. According to the delay result prediction, it can be seen that using SAG in the IPv6 network will not affect the network speed and will not reduce the service experience of network users. Therefore, it can be inferred that SAG has the applicability of IPv6 networks and can be used in any SAVA network scenario. Therefore, it is proved that the SAEAv6 verification scheme is applicable to IPv6 networks and is a feasible scheme.

4.2 Effectiveness Analysis

Deploying SAG in three network scenarios, namely, access domain, AS domain, and inter-AS domain, can obtain network defense capabilities for single deployment and joint deployment, and the benefits gained will be further improved as the number of deployments increases, achieving the deployment incentive of "whoever deploys, whoever benefits". According to the network topology in Figure 7, assuming that deployment is carried out in these three network scenarios, the network defense strength obtained is different, and the specific analysis is as follows:

Scenario 1: Access domain deployment: SAG can be deployed in the access domain in two ways: terminal deployment and key node deployment to improve the security of data transmission. Terminal deployment provides host-level defense capabilities, while the other deployment method provides access layer protection. According to the packet security verification mechanism of the SAEAv6 solution, dynamic security protection can be performed on single data and stream data, and the two types of protection have different effectiveness. For example, when using the single data verification mechanism, the security protection capability of terminal data transmission can be enhanced. Attackers cannot break the SHA224withECDSA signature verification mechanism because the ECDSA signature algorithm uses a 224-bit key, which has a much higher security strength than the RSA1024-bit key. Even if it is broken, it will take at least 10 ²⁰ MIPS years; the stream data verification mechanism uses a probabilistic filtering mechanism, which has a lower security defense effectiveness than the previous verification method, but has little impact on the transmission rate of network data. Therefore, forged data packets are filtered out while ensuring that the network speed is not reduced, and the source security of the data is verified.

Scenario 2: Deployment within the AS domain: SAG can be deployed on the ingress/egress routing nodes or key nodes within the AS domain to ensure the security of network communications at all levels within the domain, and prevent any node within the domain from forging data and deceiving nodes within the domain to cause attacks. The deployment of ingress/egress routing nodes provides prevention of spoofing of traffic from outside the AS domain to within the domain, ensuring the security of inbound and outbound communications within the AS domain; deployment at key nodes provides data verification between nodes within the AS domain, providing secure communications within the domain. Data access to networks at all levels within the AS domain improves security protection to a certain extent, thereby ensuring secure data interaction within the AS domain from the inside out or from the outside in.

Scenario 3: Deployment between AS domains: The security protection between AS domains depends on the SAG deployed on the border routers in the AS domain. The Border Gateway Protocol (BGP) is used in the border routers to determine the AS domain source of the data traffic and whether it is based on data transmitted between AS domains. Then, the network data verification mechanism between AS domains is applied to ensure the data integrity and unforgeability of communication between AS domains and avoid deception and forgery-type network attacks. It should be noted that the data security verification mechanism provided between AS domains is mainly based on flow data security, and provides security data protection based on the probability of network address prefixes. The defense effectiveness is slightly lower than the defense capabilities within the access domain and AS domain, but it ensures that the data transmission rate between domains is within the standard range.

In summary, the security authentication gateway (SAG) based on the SAEAv6 authentication scheme is deployed accordingly according to different network scenarios, which can further improve the security defense effectiveness in various network scenarios based on the original network protection strength. In the above description, it can be seen that a bottom-up and inside-out security protection mechanism is provided, from access domain terminal authentication to AS domain data-level authentication to AS domain regional-level authentication, from micro to macro, providing a systematic incremental deployment network defense model, and its defense effectiveness is shown in Figure 8. It can be seen from Figure 8 that when large-scale deployment is carried out on the network, as the deployment scale continues to expand, its network defense effectiveness will be greatly improved, further demonstrating the effectiveness of network defense based on the SAEAv6 authentication scheme.

4.3 Security Analysis

SAG is designed based on the SAEAv6 verification scheme. According to the verification rules of the SAEAv6 verification scheme, its overall security is based on the verification strategy and digital signature algorithm. The combination of the two forms a very strong verification rule. The verification rule is dynamically verified according to the size of the data flow to form a comprehensive defense system. It has stronger defense effectiveness in the access domain and AS domain, because between the two, whether it is configured on each transmission node or installed only in the upstream router or switch, it can form a relatively strong defense rule. The security effectiveness in the AS domain is slightly lower than the application scenario in the access domain and AS domain, but it can play a defensive effect of protecting the boundary only when it is installed on the edge router between AS domains. The overhead is slightly higher, but it will not reduce the service experience of network users. Compared with the traditional secure communication mode, it has stronger defense effectiveness and can reduce the probability of missed judgment and misjudgment. In other words, the configuration of SAG can reduce the false positive and false negative of network data authenticity identification.

The theoretical framework of the SAEAv6 scheme relies on the rule mechanism formed by the verification strategy and the SHA224withECDSA digital signature algorithm. The verification strategy is shown in Figure 3 above, which has two strategies: single data verification and stream data verification. It determines which verification mode to use based on the bit value change of the hop-by-hop option, thereby forming a strict dynamic verification strategy, which plays a certain defensive role in data source verification. The SHA224withECDSA digital signature algorithm uses SHA224 hash and the ECDSA digital signature algorithm based on the ECC elliptic encryption algorithm to form a stronger and more secure digital signature mechanism. The security of ECDSA is based on the difficulty of solving the discrete logarithm solution of the ECC elliptic curve. It has the characteristics of low computational complexity and high security. Using a smaller key can provide higher security strength. The combination of the two will greatly improve its security. Compared with existing source address verification algorithms such as HMAC-MD5, HMAC-SHA1, RSA, CGA and other encryption algorithms, it has fast running speed, less memory usage, low time overhead and higher security. Therefore, the SHA224withECDSA digital signature algorithm is selected as the core security algorithm of the SAEAv6 verification scheme, which can provide higher, stronger and more effective defense capabilities. Table 5 is a comparison table between the SAEAv6 authentication scheme and the traditional source address authentication technology. It can be seen that the SAEAv6 authentication scheme has better security advantages than the traditional source address authentication technology.

Table 5 Comparison between SAEAv6 technology and traditional technology

According to Table 3 and Table 4, SAG has a small difference in performance indicators such as transmission delay, transmission rate, and latency, and does not affect the transmission rate of the network and the service experience of network users. It is suitable for IPv6 networks, which proves the feasibility of the SAEAv6 authentication scheme. Through the security analysis of the SAEAv6 authentication scheme, it can be seen that its security strength is much higher than the 1024-bit RSA public key encryption system. According to Table 5, the SAEAv6 authentication scheme has better advantages in deployment, overhead, and defense than traditional source address authentication technology. In summary, the SAEAv6 authentication scheme is a feasible, effective, and secure source address authentication scheme.

The above description is only used to illustrate the technical solution of the present invention rather than to limit it. Other modifications or equivalent substitutions made to the technical solution of the present invention by ordinary technicians in this field should be included in the scope of the claims of the present invention as long as they do not depart from the spirit and scope of the technical solution of the present invention.

Claims (4)

1. An IPv6 option explicit source address encryption security verification gateway, characterized in that the security verification gateway device comprises: A data probability acquisition module is used to perform probability sampling on the transmission data packets and send them to the encryption function module; The encryption function module is used to encrypt and sign the source IPv6 address in the data packet, load the signed ciphertext into the hop-by-hop option header in the data packet, and send the data packet carrying the source address verification information to the destination; Verification function module, used to verify the source address information of received data, initialization creation and dynamic update of dynamic verification table; The data probability acquisition module includes: The data acquisition module is used to perform probability sampling on the data packets and provide data with marking information for the encryption function module; The key node dynamic identification module is used to monitor the traffic status of each transmission node in the transmission path, calculate and identify the key nodes using complex network indicators, and then perform encryption signatures through the encryption function module and verify using the verification function module; The encryption function module includes: The first SHA224 hash module is used to encrypt the source IPv6 address to generate a 28-byte message digest MAC in preparation for the next step of digital signature; The ECDSA signature module is used to generate the ciphertext C by digitally signing the message digest MAC and provide source address verification information; The first ECC key library uses the ECC key generation algorithm to generate a key pair (Pk, Sk), and stores the key pair (Pk, Sk) in the key library to facilitate the ECDSA signature module to extract the key; The sending module is used to send data carrying source address verification information to the destination end, completing the first step of source address verification; The verification function module includes: A receiving module, used to receive a data packet carrying source address verification information and to create a local dynamic verification table using neighbor SAG initialization; A hop-by-hop header verification module is used to determine the bit value of the hop-by-hop header option type field in the data packet and select the source address verification mode; The data reading module is used to read the received data packet and obtain the source IPv6 address and ciphertext C information; Dynamic verification table: Create a dynamically updated verification table by using a triplet as a rule table entry. The triplet includes the source IPv6, subnet prefix, and Pk. The clock module is used to provide a time signal to the dynamic verification table and update the dynamic verification table regularly. The default cycle is 3 hours. The second SHA224 hash module is used to hash the obtained source IPv6 address and calculate a message digest MAC' for verification, which is an input of the verification module; The ECDSA signature verification module verifies the ciphertext C and recovers the original message digest MAC for verification. It is another input of the verification module. The second ECC key library uses the ECC key generation algorithm to generate a key pair (Pk, Sk), finds the corresponding public key Pk according to the key library, provides the public key for the ECDSA signature verification module, and provides the corresponding key information for the dynamic verification table; Verification module, used to verify the authenticity of the data source. 2. The IPv6 option explicit source address encryption security verification gateway according to claim 1, wherein the verification process of the verification module comprises: During single data verification, the MAC’ obtained by the second SHA224 hash module is compared with the MAC of the ECDSA signature verification module. If they are equal, the data source is authentic; otherwise, it is forged data. During stream data verification, the received data is read, including the source IPv6, MAC, Pk or subnet prefix, Pk, and the tuple information of the source IPv6, subnet prefix, Pk in the dynamic verification table is matched. If the tuple matches, the data source is authentic; otherwise, it is forged data. 3. An ECDSA hop-by-hop option explicit source address encryption verification method for an IPv6 network applied to the security verification gateway according to claim 1 or 2, characterized in that it comprises the following steps: Step 1: Encryption Phase 101: Initialization, using the ECC key generation algorithm to generate a key pair (Pk, Sk) for digital signature calls; 102: Use the first SHA224 hash module to hash the source IPv6 address of the data packet, calculate the message digest MAC, and use it as the input of the ECDSA signature module; 103: The ECDSA signature module calls the key pair of the first ECC key library, uses the private key Sk to digitally sign the message digest MAC, and obtains the ciphertext C; 104: Load the ciphertext C into the hop-by-hop option header in the data packet to obtain a data packet carrying the source address verification information, and then send it; Step 2: Verification Phase 201: Initialization: The dynamic verification table is initialized to create a local dynamic verification table by sharing the verification table of the adjacent SAG; 202: By determining the bit value of the option type field in the hop-by-hop option header, a suitable source address verification mode is adopted to perform a verification operation. 4. According to claim 3, the ECDSA hop-by-hop option explicit source address encryption verification method for an IPv6 network is characterized in that in step 202, the judgment and verification process is as follows: If it is determined that single data verification is used, the source IPv6 address and ciphertext C are obtained through the data received by the destination. Since the encryption stage and the verification stage use a unified key library, the public key Pk can be extracted. The ciphertext C is signed with the public key Pk to obtain the original message digest MAC, and the source IPv6 address is hashed with SHA224 to obtain a new message digest MAC'. The MAC and MAC' are compared. If the values are the same, the data source is authentic, received or forwarded, and the data is added to the dynamic verification table as a tuple; otherwise, it is forged data and should be discarded; If it is decided to use stream data verification, the source IPv6 address and ciphertext C are obtained through the data received by the destination, and the corresponding public key Pk can be known through the key library, forming the corresponding tuple source IPv6, Pk or subnet prefix, Pk, and searching and matching against the tuple information in the dynamic verification table. If the tuple matches, the data source is authentic and the data is received or forwarded. If the tuple is not found or does not match, the single data verification mechanism is entered for re-verification. If it is judged to be real data, the data should be received or forwarded, otherwise it is forged data and the data should be discarded and the original verification mode is restored.