[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111917746B - Routing protocol access authentication method, device and medium - Google Patents

Routing protocol access authentication method, device and medium Download PDF

Info

Publication number
CN111917746B
CN111917746B CN202010690368.0A CN202010690368A CN111917746B CN 111917746 B CN111917746 B CN 111917746B CN 202010690368 A CN202010690368 A CN 202010690368A CN 111917746 B CN111917746 B CN 111917746B
Authority
CN
China
Prior art keywords
router
authentication
authenticated
transaction message
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010690368.0A
Other languages
Chinese (zh)
Other versions
CN111917746A (en
Inventor
熊学涛
陈升
杨海峰
申成钢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
21VIANET GROUP Inc
Original Assignee
21VIANET GROUP Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 21VIANET GROUP Inc filed Critical 21VIANET GROUP Inc
Priority to CN202010690368.0A priority Critical patent/CN111917746B/en
Publication of CN111917746A publication Critical patent/CN111917746A/en
Application granted granted Critical
Publication of CN111917746B publication Critical patent/CN111917746B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, equipment and a medium for access authentication of a routing protocol, which are used for improving the reliability of the access authentication of a router and improving the network security. The method comprises the following steps: receiving a routing protocol access authentication transaction message of a router to be authenticated, which requests to join a block chain, wherein the authentication transaction message comprises hash values of authentication passwords of all router groups in the block chain, and the router groups at least comprise one router; sending the authentication transaction message to a router in the router group, so that the router verifies a corresponding hash value in the authentication transaction message by using an authentication password of the router group to which the router belongs; and according to the number of the routers passing the verification, after the router to be authenticated is determined to be successfully accessed and authenticated by the protocol, adding the router to be authenticated into the network domain of the block chain.

Description

Routing protocol access authentication method, device and medium
Technical Field
The present invention relates to the field of communications, and in particular, to a method, device, and medium for access authentication of a routing protocol.
Background
In the related art, a neighbor router verifies a password (password) on a configuration for establishing a neighbor relation, which is sent to the neighbor router by a newly joining router, allows the neighbor relation to be established when the password passes the verification, and joins the new router into a network. If the neighbor route is leaked to the password, any route direction of the neighbor route to the password can be added into the network, and the network topology and the route information are obtained, so that the network security is seriously influenced.
Disclosure of Invention
Some embodiments of the present invention provide a method, a device, and a medium for access authentication of a routing protocol, so as to improve reliability of routing authentication and improve network security.
According to a first aspect of the exemplary embodiments, there is provided a routing protocol access authentication method, applying authentication control router, the method comprising:
receiving a routing protocol access authentication transaction message of a router to be authenticated requesting to join a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
sending an authentication transaction message to a router in the router group so that the router verifies a corresponding hash value in the authentication transaction message by using an authentication password of the router group to which the router belongs;
and according to the number of the routers passing the verification, after the router protocol access authentication of the router to be authenticated is determined to be successful, adding the router to be authenticated into the network domain of the block chain.
In the above embodiment, the router to be authenticated accesses the authentication transaction message to initiate authentication through a routing protocol including hash values of authentication passwords of a plurality of router groups, the authentication control router sends the authentication transaction message to the routers in each router group, and the plurality of routers verify the authentication transaction message according to the authentication passwords of the router groups. If the authentication password of a certain router is leaked, other routers in the block chain are required to verify the authentication transaction message, and the authentication success in the routing protocol access process of the router to be authenticated is determined according to the number of the routers passing the authentication, so that an illegal router is prevented from adding into the network domain of the block chain through the leaked authentication password, the network security is improved, and the reliability of the access authentication process of the router in the network is improved.
In some exemplary embodiments, after receiving a routing protocol access authentication transaction message requesting to join a router to be authenticated of a blockchain, the method further comprises:
and verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router.
In the above embodiment, the authentication control router may also verify the router to be authenticated, and verify the hash value corresponding to the authentication control router in the authentication transaction message by verifying the authentication password of the authentication control router.
In some exemplary embodiments, verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router includes:
determining a hash value corresponding to a router group to which an authentication control router belongs according to the arrangement sequence of the hash values of a plurality of authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the authentication control router belongs.
In the above embodiment, the hash values of the authentication passwords of the routers in each group in the authentication transaction message are arranged according to an agreed sequence, and the authentication control router verifies the hash values of the authentication passwords of the authentication transaction message and the corresponding sequence thereof according to the authentication passwords of the router group to which the authentication control router belongs. Under the condition that the authentication passwords of the authentication control router are leaked, but because the hash values of the authentication passwords of all router groups in the authentication transaction message are arranged according to the appointed sequence, an illegal router cannot acquire the corresponding sequence of the authentication control router and cannot join the network, and the security of the network is further improved.
In some exemplary embodiments, determining that the access authentication of the routing protocol of the router to be authenticated is successful includes:
if the number of the routers passing the verification is larger than the number of the set routers, determining that the access authentication of the routing protocol of the router to be authenticated is successful;
or if the ratio of the number of the routers passing the verification to the number of the routers is larger than the set value, determining that the access authentication of the routing protocol of the router to be authenticated is successful.
In the above embodiment, whether the router to be authenticated is successfully authenticated is determined according to the number of routers that pass the authentication, the router in the network authenticates the router to be authenticated, and the reliability and the security of the access authentication process of the router to the network are improved in a distributed authentication manner.
In some exemplary embodiments, adding the router to be authenticated to the network domain of the block chain includes:
receiving the routing information sent by the router to be authenticated after successful authentication;
and sending the routing information of the network domain to the router to be authenticated which is successfully authenticated, wherein the routing information of the network domain comprises the routing information of the router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
In the above embodiment, after the authentication control router determines that the router to be authenticated passes the authentication, the authentication control router may access the router passing the authentication into the network, and transmit the routing information of the authentication control router with the router passing the authentication, so that the authentication control router and the router passing the authentication establish a neighbor relationship, and the router passing the authentication acquires the routing information of the whole network or the group to which the router passing the authentication belongs.
According to a second aspect of the exemplary embodiments, a routing protocol access authentication method is applied to verify a router, and the method includes:
receiving a routing protocol access authentication transaction message of a router to be authenticated, which is sent by an authentication control router and requests to join a block chain, wherein the authentication transaction message comprises hash values of authentication passwords of all router groups in the block chain, and the router groups at least comprise one router;
and verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs.
In the above embodiment, the authentication router verifies the access authentication transaction message of the routing protocol of the router to be authenticated according to the authentication password of the router group to which the authentication router belongs. And each verification router verifies the hash value corresponding to the verification transaction message only according to the verification password of the router group to which the verification router belongs. If the authentication password of a certain router is leaked, other routers in the block chain are required to verify the authentication transaction message, and the reliability and the safety of the router access authentication process are improved in a distributed verification mode.
In some exemplary embodiments, verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs includes:
determining a hash value corresponding to a router group to which a verification router belongs according to the arrangement sequence of the hash values of a plurality of authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the verification router belongs.
In the above embodiment, the hash values of the authentication passwords of the routers in each group in the authentication transaction message are arranged according to an agreed sequence, and the verification router verifies the authentication transaction message and the hash values of the authentication passwords in the corresponding sequence according to the authentication passwords of the router group to which the verification router belongs. Under the condition that the authentication passwords are leaked, but because the hash values of the authentication passwords of all router groups in the authentication transaction message are arranged according to the appointed sequence, an illegal router cannot acquire the sequence corresponding to the authentication passwords of all the router groups and cannot join the network, the safety of the network is further improved, and the reliability of the router in the access authentication process is improved.
In some exemplary embodiments, verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs further includes:
Determining that the hash value corresponding to the authentication password is the same as the determined hash value, and passing the verification;
or, determining the hash value corresponding to the authentication password and the determined hash value, and failing to pass the verification.
In the above embodiment, the authentication transaction message includes the hash value of the authentication password of each router group, and since a corresponding hash algorithm is further required to determine the hash value of the authentication password, if an illegal router learns the authentication password of each router group, the illegal router cannot determine the hash value corresponding to each authentication password, and cannot join the authentication password into the network, thereby protecting network security and improving access authentication reliability of the router.
According to a third aspect of the exemplary embodiments, a routing protocol access authentication method is provided, which is applied to a router to be authenticated, and the method includes:
determining a routing protocol access authentication transaction message requesting to join a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
and sending an authentication transaction message to the authentication control router of the blockchain, so that the router in the blockchain verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
In the above embodiment, the router to be authenticated accesses the authentication transaction message through the routing protocol including the hash value of the authentication password of the plurality of router groups to initiate authentication, so that the routers in the block chain verify the authentication transaction message by using the authentication password of the router group to which the router belongs, and by means of distributed verification, an illegal router is prevented from adding to the block chain through the leaked authentication password of the authentication control router, and the network security and the authentication reliability are improved.
In some exemplary embodiments, determining a routing protocol access authentication transaction message requesting to join a blockchain further comprises:
and determining the arrangement sequence of the hash values of the plurality of authentication passwords in the authentication transaction message according to the configured serial numbers corresponding to the router groups.
In the above embodiment, the hash values of the authentication passwords of the groups of routers in the authentication transaction message are arranged according to an agreed sequence, and the routers in the block chain verify the authentication transaction message and the hash values of the authentication passwords in the corresponding order according to the authentication passwords of the router group to which the routers belong. Under the condition that the authentication passwords of a certain or some routers are leaked, but the hash values of the authentication passwords of all router groups in the authentication transaction message are arranged according to the appointed sequence, an illegal router cannot know the sequence corresponding to the authentication control router and cannot be added into the network, and the network security is further improved.
In some exemplary embodiments, the method further comprises:
sending the routing information of the router to be authenticated to the authentication control router;
and receiving routing information of the network domain of the block chain, which is sent by the authentication control router after the authentication of the access of the routing protocol of the router to be authenticated is confirmed to be successful, wherein the routing information of the network domain comprises routing information of a router group added by the router to be authenticated or routing information of all routers in the network domain.
In the above embodiment, after passing the authentication, the router to be authenticated establishes a neighbor relationship with the authentication control router and receives the routing information of the authentication control router, and can also acquire the routing information of the whole network or the group to which the router passing the authentication belongs.
According to a fourth aspect of the exemplary embodiments there is provided a routing protocol access authentication device, the device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the routing protocol access authentication method as in any one of the first aspect.
According to a fifth aspect of the exemplary embodiments, there is provided a routing protocol access authentication device, comprising:
A processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the routing protocol access authentication method as in any one of the second aspect.
According to a sixth aspect of the exemplary embodiments, there is provided a routing protocol access authentication device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the routing protocol access authentication method according to any one of the third aspect.
According to a seventh aspect of the exemplary embodiments, there is provided a routing protocol access authentication apparatus, applied to an authentication control router side, including:
the receiving unit is used for receiving a routing protocol access authentication transaction message of a router to be authenticated, which requests to be added into the block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
the sending unit is used for sending the authentication transaction message to the router in the router group so that the router verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs;
And the processing unit is used for adding the router to be authenticated into the network domain of the block chain after determining that the access authentication of the routing protocol of the router to be authenticated is successful according to the number of the routers passing the verification.
According to an eighth aspect of the exemplary embodiments, there is provided a routing protocol access authentication apparatus applied to a verification router side, including:
the receiving unit is used for receiving a routing protocol access authentication transaction message of a router to be authenticated, which is sent by an authentication control router and requests to be added into a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
and the processing unit is used for verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs.
According to a ninth aspect of the exemplary embodiments, there is provided a routing protocol access authentication apparatus, applied to a router side to be authenticated, including:
the processing unit is used for determining a routing protocol access authentication transaction message requesting to join the block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
And the sending unit is used for sending the authentication transaction message to the authentication control router of the blockchain so that the router in the blockchain verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
According to a tenth aspect of the exemplary embodiments a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of the first, second or third aspect. In addition, for technical effects brought by any one implementation manner of the fourth to ninth aspects, reference may be made to technical effects brought by different implementation manners of the first aspect, the second aspect, and the third aspect, and details are not described here again.
Drawings
FIG. 1 is a schematic diagram of a network architecture provided by some embodiments of the present invention;
FIG. 2 is a schematic flow diagram illustrating a router to be authenticated, an authentication control router, and a verification router performing route authentication in accordance with an illustrative embodiment;
FIG. 3 is a schematic flow chart diagram illustrating a routing protocol access authentication method in accordance with an exemplary embodiment;
FIG. 4 is a schematic flow chart diagram illustrating another routing protocol access authentication method in accordance with an exemplary embodiment;
FIG. 5 is a schematic flow chart diagram illustrating yet another routing protocol access authentication method in accordance with an illustrative embodiment;
FIG. 6 is a diagram illustrating a routing protocol access authentication device architecture in accordance with an illustrative embodiment;
FIG. 7 is a schematic diagram illustrating another routing protocol access authentication device architecture in accordance with an illustrative embodiment;
FIG. 8 is a schematic diagram illustrating a further routing protocol access authentication device architecture in accordance with an illustrative embodiment;
FIG. 9 is a schematic diagram illustrating a further routing protocol access authentication device architecture in accordance with an illustrative embodiment;
fig. 10 is a schematic diagram illustrating a structure of another routing protocol access authentication device according to an example embodiment;
FIG. 11 is a diagram illustrating a further routing protocol access authentication device architecture in accordance with an illustrative embodiment;
fig. 12 is a diagram illustrating a routing protocol access authentication device according to an example embodiment;
fig. 13 is a schematic diagram illustrating another routing protocol access authentication device according to an example embodiment;
fig. 14 is a schematic diagram illustrating a structure of another routing protocol access authentication device according to an example embodiment.
Detailed Description
To make the objects, technical solutions and advantages of some embodiments of the present invention clearer, the technical solutions of some embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of some embodiments of the present invention. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. And the embodiments and features of the embodiments may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the described embodiments of the invention without inventive step, are within the scope of protection of the invention.
The terms "comprising" and "having," and any variations thereof, in the description and claims of this invention and the drawings are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the sizes and shapes of the various figures in the drawings are not to scale, but are merely intended to illustrate the present disclosure. And like reference numerals refer to like or similar elements or elements having like or similar functions throughout.
A routing protocol is an internet protocol that specifies the manner in which packets are transferred. The main node equipment of the Internet network is a router, which forwards received data through a routing table. The forwarding policy may be manually specified (by static routing, policy routing, etc.). However, in a large-scale network (such as a multinational enterprise network and an ISP network), if a forwarding policy is manually specified, a huge amount of work is required for a network administrator, and it becomes very difficult to manage and maintain a routing table. To solve this problem, dynamic routing protocols have been developed.
The dynamic routing protocol can enable the router to automatically learn the network of other routers and automatically update the routing table after the network topology changes. The network administrator only needs to configure the dynamic routing protocol, and compared with a manual appointed forwarding strategy, the workload is greatly reduced. Routing protocols support routable protocols by sharing routing information between routers. Routing information is passed between adjacent routers, ensuring that all routers know the path to other routers. The network topology may be described by a routing table created by a routing protocol. The routing protocol and the router work cooperatively to realize the functions of routing and data packet forwarding. It can be seen that the routing protocol technology is the key to the continuous operation of the network. Common Routing protocols include Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Intermediate System and Intermediate System Routing Protocol (IS-IS), Border Gateway Protocol (BGP), and each Routing Protocol IS respectively applicable to networks of different scales according to different technical characteristics thereof.
In the existing routing protocol access authentication technology, the authentication is realized by configuring an authentication password on a neighbor router. Specifically, in an existing network area, when a new router joins the network area, the authentication of the adjacent router to the newly joined router can be realized by configuring a password authentication mode after the related configuration of a routing protocol is completed directly according to related network information, the neighbor relation between the newly joined router and the neighbor router can be established by the password authentication of the neighbor router, the joining in the network area is completed, the newly joined router sends own routing information to the neighbor, and the routing information of the whole network is acquired from the neighbor. For example, the relevant authentication configuration in the OSPF routing protocol: ospf authentication-mode md 51 cipher%% c JCOn7 tp! mUQ),6(\ c5y ] w-%. As another example, the relevant configuration in the BGP routing protocol: nei 10.1.255.2password super 123.
The authentication technology can be understood as a single-point authentication process, the new router is added to the network through single authentication of the neighbor router, single-point authentication and single password authentication, once the password is leaked, the new router is added to the network, topology and routing information of the whole network is obtained, and the network information is completely leaked, so that the network safety is seriously influenced. In addition, if one router in the network is broken, the information such as the IP address of the router, the routing protocol authentication password and the like can be completely acquired, and an illegal router (or a router simulator stealing network information) can be completely added into the network through the broken router. The existing authentication technology has great network hidden trouble and can not improve the network security.
In view of this, in order to solve the problems of low network security, network hidden danger caused by single-point authentication, and the like in the existing authentication technology, the invention combines the block chain technology with the routing protocol authentication technology, and utilizes the technical characteristics of decentralized distributed verification of the block chain to realize the routing protocol authentication process with high security.
In the embodiment of the invention, a router in a network is added into a block chain and used as a node of the block chain to verify the access authentication transaction message of a routing protocol newly added into the network.
Fig. 1 is a schematic diagram of a network structure in an embodiment of the present invention. The network in the embodiment of the present invention includes a plurality of router groups 101, where each router group includes at least one route 102.
In some examples, multiple router groups 101 are in the same network, where data interaction may be performed between routers in the same network, that is, data interaction may be performed between routers in different router groups, and data between routers may be shared without secret sharing. Routers in the network can be used as nodes to be added into a public block chain or a private block chain, so that data interaction can be performed between the routers in the network through block chain transaction information.
In some examples, the plurality of router groups 101 belong to different local area networks, data interaction may be performed between routers in each local area network, and data interaction is not performed between routers in different local area networks, that is, data in different local area networks is not shared. The routers in each router group can be used as nodes to join a public block chain, so that data interaction can be performed between the routers in different router groups through the block chain transaction information.
In some examples, multiple router groups 101 are in the same network, and the routers in each router group may join the federation blockchain as nodes, so that data interaction may be performed between the routers in the network through the blockchain transaction information. Each router group belongs to different mechanisms in the block chain of the alliance, data interaction can be carried out among the routers in the same network mechanism, and data among the different mechanisms can be shared or shared after being authorized.
The router n1 to be authenticated applies for joining the network through any router in the network, for example, the router m1, the router m1 may be regarded as the authentication control router 103 when the router n1 to be authenticated applies for joining the network, and other routers in the network may be regarded as the verification routers of the router n1 to be authenticated. The router n2 to be authenticated applies for joining the network through the router m2 in the network, the router m2 can be regarded as the authentication control router 103 when the router n2 to be authenticated applies for joining the network, and other routers in the network can be regarded as verification routers of the router n2 to be authenticated. In other words, the authentication control router shown in the embodiment of the present application is not a fixed router, and any router in the network has the functions of the authentication control router and the verification router provided in the embodiment of the present application.
In addition, in an actual application scenario, the authentication of a plurality of routers to be authenticated, which apply for joining the network, can be synchronously or asynchronously processed in the network.
Fig. 2 is a schematic flowchart illustrating a router to be authenticated, an authentication control router, and a verification router performing routing authentication according to an example embodiment.
Step S201, the router to be authenticated determines a routing protocol access authentication transaction message requesting to join the block chain, the authentication transaction message includes a hash value of an authentication password of each router group in the block chain, and the router group includes at least one route.
In specific implementation, the router to be authenticated forms a routing protocol access authentication transaction message by the hash value of the authentication password of each router group in the block chain. Wherein the authentication passwords of the routes included in the router group are the same. The authentication passwords of different router groups are different from each other.
Step S202, the router to be authenticated sends an authentication transaction message to the authentication control router of the block chain, so that the router in the block chain verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
In specific implementation, the router to be authenticated sends the authentication transaction message to the authentication control router in an authentication transaction mode of packaging the authentication transaction message into a blockchain.
Step S203, the authentication control router sends the authentication transaction message to the router in the router group, so that the router verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
During specific implementation, the authentication control router in the block chain is used for receiving the routing protocol access authentication transaction messages of all routers to be authenticated, the router requesting to be added into the block chain needs to communicate with the authentication control router, and the routing protocol access authentication process is initiated through the authentication control router.
After receiving the routing protocol access authentication transaction message, the authentication control router sends the authentication transaction message to the routers in each router group, namely sends the authentication transaction message to other routers in the network, so that other routers can verify the authentication transaction message.
Step S204, the verification router verifies the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs.
In specific implementation, each verification router verifies the corresponding hash value in the authentication transaction message. The authentication password for verifying the router is the authentication password of the router group to which the router belongs, for example, the authentication transaction message carries the hash values of the authentication passwords of the router group 1 and the router group 2. The router group 1 includes a router a and a router B, and the router group 2 includes a router C and a router D. The hash value corresponding to the router A is the hash value of the authentication password of the router group 1 to which the router A belongs, and when the router A verifies the authentication transaction message, the router A verifies the hash value of the authentication password of the router group 1 in the authentication transaction message. In the same way, the router D verifies the hash value of the authentication password of the router group 2 corresponding to the router D in the authentication transaction message.
In one possible implementation, the hash values of the authentication passwords of the router groups in the authentication transaction message are arranged in a agreed order. For example, the hash value of the authentication password of the router group 1 is in the 1 st byte, and the hash value of the authentication password of the router group 2 is in the 2 nd byte. When the router a verifies the authentication transaction message, the hash value may be extracted from the 1 st byte of the authentication transaction message for verification. When the router D verifies the authentication transaction message, the hash value may be extracted from the 2 nd byte of the authentication transaction message for verification.
When the verification router verifies the hash value, whether the hash value of the authentication password of the verification router is consistent with the hash value corresponding to the verification router carried in the authentication transaction message or not can be determined, if so, the verification router determines that the router to be authenticated passes verification or succeeds verification, and if not, the router to be authenticated fails verification or fails verification.
In a possible implementation manner, the verification router sends the verification success message of the router to be authenticated to the authentication control router, and may also broadcast the verification success message of the router to be authenticated to the network. Of course, when the verification router fails to verify the authentication transaction message, the verification router may also send the verification failure message of the router to be authenticated to the authentication control router, or broadcast the verification failure message of the router to be authenticated to the network, so that the authentication control router or other routers can know that the connection between the authentication router and the network is normal.
And step S205, the authentication control router adds the router to be authenticated into the network domain of the block chain after determining that the access authentication of the routing protocol of the router to be authenticated is successful according to the number of the routers passing the verification.
In specific implementation, the authentication control router may determine the number of verification-passing routers through a received verification-passing message or verification-success message sent by the verification router. The number of the verification routers which pass the verification of the authentication transaction message by the verification router is judged, a certain condition is met, the router protocol access authentication of the router to be authenticated can be determined to be successful, and the router can be added into a network domain of the block chain.
In a possible implementation manner, the number of routers passing the verification is greater than the set number of routers, and it is determined that the router to be authenticated succeeds in authentication. For example, the number of all routers in the network is 100, the number of the routers is set to be 80, and the number of the routers passing the verification is greater than 80, so that the router protocol access authentication of the router to be authenticated can be determined to be successful. Otherwise, the number of the routers passing the verification is 79 and is smaller than the set number of the routers, and the router protocol access authentication failure of the router to be authenticated is determined.
In a possible implementation manner, the ratio of the number of routers passing the verification to the number of routers is greater than a set value, and it is determined that the router to be authenticated succeeds in authentication. For example, the number of all routers in the network is 100, the set value is 0.75, the ratio of the number 80 of the routers passing the verification to the number 100 of all routers in the network is 0.8, and if the ratio is greater than the set value, it is determined that the access authentication of the routing protocol of the router to be authenticated is successful. Otherwise, the ratio of the number 60 of the routers passing the verification to the number 100 of all the routers in the network is 0.6, and is smaller than the set value, and the router protocol access authentication failure of the router to be authenticated is determined.
Step S206, the router to be authenticated sends the routing information of the router to be authenticated to the authentication control router.
During specific implementation, after passing authentication, the router to be authenticated can send routing information to the authentication control router, and establishes a neighbor relation with the authentication control router. The router to be authenticated can also send the routing message to the authentication control router after sending the authentication transaction message to the authentication control router, and after the authentication is passed, the authentication control router establishes the neighbor relation according to the routing message of the router to be authenticated.
Step S207, the authentication control router sends the routing information of the network domain of the block chain to the router to be authenticated that is successfully authenticated, where the routing information of the network domain includes the routing information of the router group to which the router to be authenticated is added, or includes the routing information of all routers in the network domain.
During specific implementation, the authentication control router establishes a neighbor relation with the router passing the authentication, and sends the routing information of the network or the routing information of the router group added by the router to the router passing the authentication, so as to complete the process of adding the router to the network.
In an actual application scenario, if the authentication control router determines that the router to be authenticated does not pass the access authentication of the routing protocol, the router to be authenticated can be regarded as an illegal router, and the authentication control router can initiate network early warning. And sending the information that the router to be authenticated fails to pass the authentication to a management terminal used by a network administrator. The management terminal has network security management functions of tracing information of the illegal router, checking configuration and security state of an authentication control router (a neighbor router), updating an authentication password of a router group to which the router passing verification of the illegal router belongs, and the like, so as to actively enhance the network security defense capability.
Fig. 3 is a schematic flowchart illustrating a routing protocol access authentication method according to an exemplary embodiment, which is applied to an authentication control router side, and as shown in fig. 3, the method includes the following steps.
Step S301, receiving a routing protocol access authentication transaction message of a router to be authenticated requesting to join a block chain, wherein the authentication transaction message comprises hash values of authentication passwords of each router group in the block chain, and the router group at least comprises one router.
In particular, in order to realize high-reliability distributed authentication, routers in the network are grouped in a block chain, and the authentication password of each router group is different. When a router applies to join the network, the router needs to be controlled to initiate multi-password authentication through authentication.
The authentication control router receives a routing protocol access authentication transaction message of a router to be authenticated requesting to join a block chain (or a network), the authentication transaction message carries a hash value of an authentication password of each router group, authentication is carried out through plaintext transmission of the password, each router group cannot know the authentication passwords of other router groups, network security is improved, and the situation that a certain router in the network is illegally broken to obtain the authentication passwords of other router groups in the network can be avoided.
Step S302, sending an authentication transaction message to the routers in the router group, so that the routers verify the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the routers belong.
During specific implementation, the authentication control router sends the received authentication transaction message to other routers in the network for authentication. The authenticated transaction message may be sent to other routers in the network by way of an authenticated transaction in the blockchain.
Step S303, according to the number of the routers passing the verification, after the router to be authenticated is determined to be successfully accessed to the authentication by the routing protocol, the router to be authenticated is added into the network domain of the block chain.
In particular implementation, the authentication control router may receive the verification result of the authentication transaction message from the other router. And determining whether the router protocol access authentication of the router to be authenticated is successful according to the number of the verification routers passing the verification as a verification result.
For example, the number of the routers passing the verification is larger than the set number of the routers, and it is determined that the access authentication of the routing protocol of the router to be authenticated is successful. Or the ratio of the number of the routers passing the verification to the number of the routers in the whole network is larger than a set value, and the router protocol access authentication of the router to be authenticated is determined to be successful.
In some exemplary embodiments, after receiving a routing protocol access authentication transaction message requesting to join a router to be authenticated of a blockchain, the method further comprises:
and verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router.
In specific implementation, the authentication control router also belongs to a certain router group in the network, and the authentication control router can also verify the authentication transaction information. For example, according to the arrangement order of the hash values of the plurality of authentication passwords in the authentication transaction message, the hash value corresponding to the router group to which the authentication control router belongs is determined, and the determined hash value is verified according to the authentication password of the router group to which the authentication control router belongs.
The hash values of the multiple authentication passwords authenticating the transaction message may be arranged in a agreed order, facilitating other verification routers to obtain the corresponding hash values. The order of the authentication password hash value of each router group is configured in advance, and the verification router verifies the hash value on the corresponding order of the router group to which the router belongs.
In some exemplary embodiments, adding a router to be authenticated to a blockchain includes:
Receiving the routing information sent by the router to be authenticated after successful authentication;
and sending the routing information of the network domain to the router to be authenticated which is successfully authenticated, wherein the routing information of the network domain comprises the routing information of the router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
In specific implementation, after determining that the router to be authenticated passes the authentication, the authentication control router may send a notification message to the router to be authenticated so that the router to be authenticated knows that the router to be authenticated passes the authentication, or directly send routing information of a network domain of a block chain or routing information of a router group that requests to join to the router to be authenticated, so that the router to be authenticated generates a routing table according to the routing information, and starts to forward traffic.
It should be noted that the router to be authenticated sends its routing information to the authentication control router, either before or after passing authentication. If the router information is sent to the authentication control router before passing the authentication, the authentication control router can establish a neighbor relation according to the router information of the router to be authenticated after passing the authentication. Or after receiving the authentication passing message sent by the authentication control router, sending the routing information to the authentication control router.
Fig. 4 is a schematic flowchart illustrating a routing protocol access authentication method according to an exemplary embodiment, which is applied to verify the router side, and as shown in fig. 4, the method includes the following steps.
Step S401, receiving a routing protocol access authentication transaction message of a to-be-authenticated router requesting to join a block chain, which is sent by an authentication control router, wherein the authentication transaction message includes a hash value of an authentication password of each router group in the block chain, and the router group includes at least one router.
In particular implementation, when the authentication control router initiates authentication, each verification router receives an authentication transaction message of a router to be authenticated. In the authentication process, a router in the network participates in verification, so that the hidden danger of single-point authentication in the prior art is avoided. The routing protocol access authentication method provided by the invention can be used for distributed verification, thereby improving the network security and the authentication reliability.
Step S402, according to the authentication password of the router group to which the authentication router belongs, the hash value corresponding to the authentication router in the authentication transaction message is verified.
In specific implementation, the authentication password of each verification router is the authentication password of the router group to which the verification router belongs, and the authentication password can be stored locally in the verification router. The authentication password for each router group may be pre-configured. In order to further improve the network security, the authentication password can also be changed, and when the authentication password of a certain router group is changed, the password is broadcasted in the router group, so that all the routes in the router group can acquire the updated authentication password.
In some exemplary embodiments, the hash values of the router group authentication passwords in the authentication transaction message are arranged according to an agreed order. In the process that the verification router verifies the hash value corresponding to the verification router in the authentication transaction message, the hash value in the agreed order can be determined to be the hash value corresponding to the router group to which the verification router belongs according to the arrangement order of the hash values of the plurality of authentication passwords in the authentication transaction message. And then verifying the determined hash value according to the authentication password of the router group to which the verification router belongs. And determining whether the hash value of the authentication password of the router group to which the authentication router belongs is consistent with the hash value in the corresponding sequence in the authentication transaction message, if the hash value corresponding to the authentication password is the same as the determined hash value, the authentication is passed, otherwise, if the hash value corresponding to the authentication password is determined to be the same as the determined hash value, the authentication is not passed.
In one possible implementation, the authentication router informs the authentication control router of the result of the verification of the authentication transaction message, or broadcasts the result of the verification in the network.
Fig. 5 is a schematic flowchart illustrating a routing protocol access authentication method according to an exemplary embodiment, which is applied to a router side to be authenticated, and as shown in fig. 5, the method includes the following steps.
Step S501, determining a routing protocol access authentication transaction message requesting to join the block chain, where the authentication transaction message includes hash values of authentication passwords of each router group in the block chain, and the router group includes at least one router.
The router to be authenticated can determine the arrangement sequence of the hash values of the plurality of authentication passwords in the routing protocol access authentication transaction message according to the configured sequence number corresponding to each router group. The router to be authenticated, which applies to join the network, can arrange the hash values of the authentication passwords of all router groups according to an agreed sequence, and authentication transaction messages do not need to carry the authentication passwords of all router groups. Through non-plaintext verification, the authentication reliability is further improved.
In a possible implementation manner, the hash value of the authentication password of each router group that may be carried in the authentication transaction message is generated by hash calculation according to the authentication password of each router group and the information of the router to be authenticated. The authentication transaction message also carries the information of the router to be authenticated. And after receiving the authentication transaction message, each authentication router obtains a hash value through a hash algorithm according to the authentication password stored locally and the information of the router to be authenticated in the authentication transaction message, verifies the hash value obtained through calculation and the hash value corresponding to the authentication router in the authentication transaction message, and if the hash value is consistent with the hash value, the verification is passed. Otherwise, if not, the verification is not passed.
Step S502, sending an authentication transaction message to the authentication control router of the blockchain, so that the router in the blockchain verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
And when the authentication transaction message is specifically implemented, the determined authentication transaction message is sent to the authentication control router of the block chain through the authentication transaction of the block chain. Authentication is initiated by an authentication control router to a route in a blockchain.
In some exemplary embodiments, the method further comprises:
sending the routing information of the router to be authenticated to the authentication control router;
and receiving routing information of the network domain of the block chain, which is sent by the authentication control router after the authentication of the access of the routing protocol of the router to be authenticated is confirmed to be successful, wherein the routing information of the network domain comprises routing information of a router group added by the router to be authenticated or routing information of all routers in the network domain.
In specific implementation, after the router to be authenticated passes authentication, a neighbor relation can be established with the authentication control router, and the router can issue the routing information of the router to the network domain of the block chain and receive the routing information of the network domain of the block chain.
Fig. 6 is a schematic diagram illustrating a structure of a routing protocol access authentication device according to an exemplary embodiment, where as shown in fig. 6, the device 600 includes:
a processor 601;
a memory 602 for storing instructions executable by the processor 601;
processor 601 is configured to execute instructions to implement the following processes:
receiving a routing protocol access authentication transaction message of a router to be authenticated requesting to join a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
sending an authentication transaction message to a router in the router group so that the router verifies a corresponding hash value in the authentication transaction message by using an authentication password of the router group to which the router belongs;
and according to the number of the routers passing the verification, after the router protocol access authentication of the router to be authenticated is determined to be successful, adding the router to be authenticated into the network domain of the block chain.
In some exemplary embodiments, the processor 601 is further configured to:
and verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router.
In some exemplary embodiments, the processor 601 is specifically configured to:
Determining a hash value corresponding to a router group to which the authentication control router belongs according to the arrangement sequence of the hash values of the authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the authentication control router belongs.
In some exemplary embodiments, the processor 601 is specifically configured to:
if the number of the routers passing the verification is larger than the set number of the routers, determining that the access authentication of the routing protocol of the router to be authenticated is successful;
or, if the ratio of the number of the routers passing the verification to the number of the routers is larger than the set value, determining that the access authentication of the routing protocol of the router to be authenticated is successful.
In some exemplary embodiments, the processor 601 is specifically configured to:
receiving the routing information sent by the router to be authenticated, which is successfully authenticated;
and sending the routing information of the network domain to the router to be authenticated which is successfully authenticated, wherein the routing information of the network domain comprises the routing information of the router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
Fig. 7 shows a schematic diagram of a routing protocol access authentication device according to an example embodiment, which may include a processor 701 and a memory 702 storing computer program instructions.
Specifically, the processor 701 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 702 may include a mass storage for data or instructions. By way of example, and not limitation, memory 702 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 702 may include removable or non-removable (or fixed) media, where appropriate. The memory 702 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 702 is non-volatile solid-state memory. In a particular embodiment, the memory 702 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 701 implements the processes performed by the routing protocol access authentication device processor 601 described above by reading and executing computer program instructions stored in the memory 702.
In one example, the routing protocol access authentication device may also include a communication interface 703 and a bus 710. As shown in fig. 7, the processor 701, the memory 702, and the communication interface 703 are connected by a bus 710 to complete mutual communication.
The communication interface 703 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiment of the present invention.
Bus 710 comprises hardware, software, or both coupling the components of the routing protocol access authentication device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 710 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
Fig. 8 is a schematic diagram illustrating a routing protocol access authentication device according to an exemplary embodiment, where, as shown in fig. 8, the device 800 includes:
a processor 801;
a memory 802 for storing instructions executable by the processor 801;
the processor 801 is configured to execute instructions to implement the following processes:
receiving a routing protocol access authentication transaction message of a router to be authenticated, which is sent by an authentication control router and requests to be added into a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
and verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs.
In some exemplary embodiments, the processor 801 is specifically configured to:
determining hash values corresponding to router groups to which verification routers belong according to the arrangement sequence of the hash values of a plurality of authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the verification router belongs.
In some exemplary embodiments, the processor 801 is further configured to:
determining that the hash value corresponding to the authentication password is the same as the determined hash value, and passing the verification;
Or, determining the hash value corresponding to the authentication password and the determined hash value, and failing to pass the verification.
Fig. 9 shows a schematic diagram of a routing protocol access authentication device according to an example embodiment, which may include a processor 901 and a memory 902 storing computer program instructions.
Specifically, the processor 901 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing the embodiments of the present invention.
Memory 902 may include mass storage for data or instructions. By way of example, and not limitation, memory 902 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 902 may include removable or non-removable (or fixed) media, where appropriate. The memory 902 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 902 is a non-volatile solid-state memory. In a particular embodiment, the memory 902 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 901 performs the processes performed by the routing protocol access authentication device processor 801 described above by reading and executing computer program instructions stored in the memory 902.
In one example, the routing protocol access authentication device may also include a communications interface 903 and a bus 910. As shown in fig. 9, the processor 901, the memory 902, and the communication interface 903 are connected via a bus 910 to complete communication therebetween.
The communication interface 903 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiment of the present invention.
Bus 910 includes hardware, software, or both coupling the components of the routing protocol access authentication device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 910 can include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
Fig. 10 is a schematic diagram illustrating a structure of a routing protocol access authentication device according to an exemplary embodiment, where as shown in fig. 10, the device 1000 includes:
a processor 1001;
a memory 1002 for storing instructions executable by the processor 1001;
processor 1001 is used to execute instructions to implement the following processes:
determining a routing protocol access authentication transaction message requesting to join a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
and sending an authentication transaction message to the authentication control router of the blockchain, so that the router in the blockchain verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
In some exemplary embodiments, the processor 1001 is further configured to:
and determining the arrangement sequence of the hash values of the plurality of authentication passwords in the authentication transaction message according to the configured serial numbers corresponding to the router groups.
In some exemplary embodiments, the processor 1001 is further configured to:
sending the routing information of the router to be authenticated to the authentication control router;
and receiving routing information of the network domain of the block chain, which is sent by the authentication control router after the authentication of the router to be authenticated for the access of the routing protocol of the router to be authenticated is successful, wherein the routing information of the network domain comprises the routing information of a router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
Fig. 11 shows a schematic diagram of a routing protocol access authentication device according to an example embodiment, which may include a processor 1101 and a memory 1102 storing computer program instructions.
Specifically, the processor 1101 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 1102 may include a mass storage for data or instructions. By way of example, and not limitation, memory 1102 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 1102 may include removable or non-removable (or fixed) media, where appropriate. The memory 1102 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 1102 is a non-volatile solid-state memory. In a particular embodiment, the memory 1102 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 1101 implements the processes performed by the routing protocol access authentication device processor 1001 described above by reading and executing computer program instructions stored in the memory 1102.
In one example, the routing protocol access authentication device may also include a communication interface 1102 and a bus 1110. As shown in fig. 11, the processor 1101, the memory 1102, and the communication interface 1102 are connected via a bus 1110 to complete communication therebetween.
The communication interface 1102 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present invention.
Bus 1110 includes hardware, software, or both coupling the components of the routing protocol access authentication device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 1110 may include one or more buses, where appropriate. Although specific buses have been described and illustrated with respect to embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
Fig. 12 is a schematic diagram illustrating a structure of a routing protocol access authentication device, which is applied to an authentication control router side according to an exemplary embodiment, and as shown in fig. 12, the device includes:
a receiving unit 1201, configured to receive a routing protocol access authentication transaction message of a to-be-authenticated router requesting to join a block chain, where the authentication transaction message includes a hash value of an authentication password of each router group in the block chain, and the router group includes at least one router;
a sending unit 1202, configured to send an authentication transaction message to a router in a router group, so that the router verifies a corresponding hash value in the authentication transaction message by using an authentication password of the router group to which the router belongs;
the processing unit 1203, according to the number of routers passing the verification, after determining that the access authentication of the routing protocol of the router to be authenticated is successful, adds the router to be authenticated into the network domain of the block chain.
In some exemplary embodiments, the processing unit 1203 is further configured to:
and verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router.
In some exemplary embodiments, the processing unit 1203 is specifically configured to:
Determining a hash value corresponding to a router group to which the authentication control router belongs according to the arrangement sequence of the hash values of the authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the authentication control router belongs.
In some exemplary embodiments, the processing unit 1203 is specifically configured to:
if the number of the routers passing the verification is larger than the set number of the routers, determining that the access authentication of the routing protocol of the router to be authenticated is successful;
or, if the ratio of the number of the routers passing the verification to the number of the routers is larger than the set value, determining that the access authentication of the routing protocol of the router to be authenticated is successful.
In some exemplary embodiments, the processing unit 1203 is specifically configured to:
receiving the routing information sent by the router to be authenticated, which is successfully authenticated;
and sending the routing information of the network domain to the router to be authenticated which is successfully authenticated, wherein the routing information of the network domain comprises the routing information of the router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
Fig. 13 shows a routing protocol access authentication apparatus applied to verify a router side according to an exemplary embodiment, and as shown in fig. 13, the apparatus includes:
A receiving unit 1301, configured to receive a routing protocol access authentication transaction message of a to-be-authenticated router requesting to join a block chain, where the routing protocol access authentication transaction message is sent by an authentication control router, and the authentication transaction message includes hash values of authentication passwords of each router group in the block chain, where the router group includes at least one router;
the processing unit 1302 is configured to verify the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs.
In some exemplary embodiments, the processing unit 1302 is specifically configured to:
determining a hash value corresponding to a router group to which a verification router belongs according to the arrangement sequence of the hash values of a plurality of authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the verification router belongs.
In some exemplary embodiments, the processing unit 1302 is further configured to:
determining that the hash value corresponding to the authentication password is the same as the determined hash value, and passing the verification;
or, determining the hash value corresponding to the authentication password and the determined hash value, and failing to pass the verification.
Fig. 14 shows a routing protocol access authentication apparatus applied to a router to be authenticated according to an exemplary embodiment, and as shown in fig. 14, the apparatus includes:
A processing unit 1401, configured to determine a routing protocol access authentication transaction message requesting to join a block chain, where the authentication transaction message includes a hash value of an authentication password of each router group in the block chain, and the router group includes at least one router;
a sending unit 1402, configured to send an authentication transaction message to the authentication control router of the blockchain, so that the router in the blockchain verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs.
In some exemplary embodiments, the processing unit 1401 is further configured to:
and determining the arrangement sequence of the hash values of the plurality of authentication passwords in the authentication transaction message according to the configured serial numbers corresponding to the router groups.
In some exemplary embodiments, the sending unit 1402 is further configured to:
sending the routing information of the router to be authenticated to the authentication control router;
and receiving routing information of the network domain of the block chain, which is sent by the authentication control router after the authentication of the router to be authenticated for the access of the routing protocol of the router to be authenticated is successful, wherein the routing information of the network domain comprises the routing information of a router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
In addition, in combination with the routing protocol access authentication method in the foregoing embodiment, the present invention also provides a computer-readable storage medium, where when instructions in the storage medium are executed on a computer, the computer is caused to execute any one of the above routing protocol access authentication methods.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (15)

1. A routing protocol access authentication method, wherein an authentication control router is applied, the method comprising:
receiving a routing protocol access authentication transaction message of a router to be authenticated, which requests to join a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
sending the authentication transaction message to a router in the router group, so that the router in the router group verifies the corresponding hash value in the authentication transaction message by using the authentication password of the router group to which the router belongs;
and according to the number of the routers passing the verification, after the router protocol access authentication of the router to be authenticated is determined to be successful, adding the router to be authenticated into the network domain of the block chain.
2. The method of claim 1, wherein after receiving a routing protocol access authentication transaction message for a router to be authenticated requesting to join a blockchain, the method further comprises:
and verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router.
3. The method of claim 2, wherein the verifying the hash value corresponding to the authentication control router in the authentication transaction message according to the authentication password of the authentication control router comprises:
determining a hash value corresponding to a router group to which the authentication control router belongs according to the arrangement sequence of the hash values of the authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the authentication control router belongs.
4. The method according to any of claims 1-3, wherein the determining that the routing protocol access authentication of the router to be authenticated is successful comprises:
if the number of the routers passing the verification is larger than the set number of the routers, determining that the access authentication of the routing protocol of the router to be authenticated is successful; or the like, or, alternatively,
and if the ratio of the number of the routers passing the verification to the number of the routers is larger than a set value, determining that the access authentication of the routing protocol of the router to be authenticated is successful.
5. The method according to claim 1, wherein the adding the router to be authenticated into the network domain of the block chain comprises:
Receiving the routing information sent by the router to be authenticated after successful authentication;
and sending the routing information of the network domain to the router to be authenticated, which is successfully authenticated, wherein the routing information of the network domain comprises the routing information of a router group added by the router to be authenticated or comprises the routing information of all routers in the network domain.
6. A routing protocol access authentication method is applied to the verification of a router, and comprises the following steps:
receiving a routing protocol access authentication transaction message of a to-be-authenticated router which is sent by an authentication control router and requests to join a block chain, wherein the authentication transaction message comprises hash values of authentication passwords of all router groups in the block chain, and the router groups at least comprise one router;
verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs;
and sending a verification passing message or a verification success message to the authentication control router so that the authentication control router determines the number of verification routers passing verification.
7. The method of claim 6, wherein the verifying the hash value corresponding to the verification router in the authentication transaction message according to the authentication password of the router group to which the verification router belongs comprises:
Determining the hash value corresponding to the router group to which the verification router belongs according to the arrangement sequence of the hash values of the authentication passwords in the authentication transaction message;
and verifying the determined hash value according to the authentication password of the router group to which the verification router belongs.
8. The method of claim 7, wherein the verifying the hash value corresponding to the verification router in the authentication transaction message according to an authentication password of a router group to which the verification router belongs, further comprises:
determining that the hash value corresponding to the authentication password is the same as the determined hash value, and passing the verification; or the like, or, alternatively,
and determining the hash value corresponding to the authentication password and the determined hash value, and failing to verify.
9. A routing protocol access authentication method is applied to a router to be authenticated, and comprises the following steps:
determining a routing protocol access authentication transaction message requesting to join a block chain, wherein the authentication transaction message comprises a hash value of an authentication password of each router group in the block chain, and the router group at least comprises one router;
and the authentication control router verifies a corresponding hash value in the authentication transaction message by using an authentication password of a router group to which the router in the router group belongs, and adds the router to be authenticated into a network domain of the block chain after determining that the router protocol access authentication of the router to be authenticated succeeds according to the number of the routers passing the verification.
10. The method of claim 9, wherein determining a routing protocol access authentication transaction message requesting to join a blockchain further comprises:
and determining the arrangement sequence of the hash values of the plurality of authentication passwords in the authentication transaction message according to the configured serial numbers corresponding to the router groups.
11. The method of claim 9, further comprising:
sending the routing information of the router to be authenticated to the authentication control router;
and receiving routing information of the network domain of the block chain, which is sent by the authentication control router after confirming that the access authentication of the routing protocol of the router to be authenticated is successful, wherein the routing information of the network domain comprises routing information of a router group added by the router to be authenticated or routing information of all routers in the network domain.
12. A routing protocol access authentication device, the device comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the routing protocol access authentication method according to any one of claims 1 to 5.
13. A routing protocol access authentication device, the device comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the routing protocol access authentication method according to any one of claims 6 to 8.
14. A routing protocol access authentication device, the device comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the routing protocol access authentication method according to any one of claims 9 to 11.
15. A computer storage medium having computer program instructions stored therein which, when run on a computer, cause the computer to perform a routing protocol access authentication method as claimed in any one of claims 1 to 11.
CN202010690368.0A 2020-07-17 2020-07-17 Routing protocol access authentication method, device and medium Active CN111917746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010690368.0A CN111917746B (en) 2020-07-17 2020-07-17 Routing protocol access authentication method, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010690368.0A CN111917746B (en) 2020-07-17 2020-07-17 Routing protocol access authentication method, device and medium

Publications (2)

Publication Number Publication Date
CN111917746A CN111917746A (en) 2020-11-10
CN111917746B true CN111917746B (en) 2022-06-28

Family

ID=73281289

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010690368.0A Active CN111917746B (en) 2020-07-17 2020-07-17 Routing protocol access authentication method, device and medium

Country Status (1)

Country Link
CN (1) CN111917746B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219239A (en) * 2014-08-29 2014-12-17 南京邮电大学 LoWPAN (low-power wireless personal area network) node secure access control method based on neighbor discovery
CN105871777A (en) * 2015-01-20 2016-08-17 中兴通讯股份有限公司 Wireless router access processing method, wireless router access method and device
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219239A (en) * 2014-08-29 2014-12-17 南京邮电大学 LoWPAN (low-power wireless personal area network) node secure access control method based on neighbor discovery
CN105871777A (en) * 2015-01-20 2016-08-17 中兴通讯股份有限公司 Wireless router access processing method, wireless router access method and device
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal

Also Published As

Publication number Publication date
CN111917746A (en) 2020-11-10

Similar Documents

Publication Publication Date Title
Ahmed et al. IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey
Shin et al. A security protocol for route optimization in DMM-based smart home IoT networks
US7992193B2 (en) Method and apparatus to secure AAA protocol messages
US8650397B2 (en) Key distribution to a set of routers
US9654482B2 (en) Overcoming circular dependencies when bootstrapping an RPKI site
WO2020174121A1 (en) Inter-mobile network communication authorization
WO2013176689A1 (en) Using neighbor discovery to create trust information for other applications
CN107396350B (en) SDN-5G network architecture-based security protection method between SDN components
CN103701700A (en) Node discovering method and system in communication network
US11362837B2 (en) Generating trustable RPL messages having root-signed rank values
US20170099143A1 (en) Methods, networks and nodes for dynamically establishing encrypted communications
JP4783340B2 (en) Protecting data traffic in a mobile network environment
US8949949B1 (en) Network element authentication in communication networks
CN106603512A (en) SDN (software define network) architecture IS (Intermediate System)-IS (Intermediate System) routing protocol-based trusted authentication method
CN117478428B (en) Stealth communication system and configuration method
CN111917746B (en) Routing protocol access authentication method, device and medium
Modares et al. Enhancing security in mobile IPv6
CN117879927A (en) Security level determining method, device, equipment and storage medium
US20230077053A1 (en) Authentication using a decentralized and/or hybrid dencentralized secure crypographic key storage method
Dinu et al. DHCPAuth—a DHCP message authentication module
CN104486082A (en) Authentication method and router
KR20110036913A (en) Router associated with a secure device
CN117501671A (en) Border Gateway Protocol (BGP) FlowSpec-initiated authorization using route source authorization (ROA)
Gollier et al. SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network
CN113890761A (en) Partition operation system-oriented lightweight secure communication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant