Authentication method and apparatus for detecting and preventing source address spoofing packets
First Claim
1. An authentication apparatus for detecting and preventing a source address spoofing packet, the apparatus comprising:
- a packet reception unit configured to receive a packet from a previous node or a user host;
a self-assurance type identification (ID) generation unit configured to generate a self-assurance type ID of a source node of the received packet by;
generating a digital signature value Sign1 obtained by signing a source address of the input packet by using a private key;
generating a result of hashing the digital signature value Sign1 and a public key, as the self-assurance type; and
when a length of the self-assurance type ID is not equal to a length of a hash function;
generating a random number R1,generates a middle value T1 as a result of hashing the source address, the public key, and the random number,generating a digital signature value Sign2 by signing the source address and the random number by using a private key, andgenerating a result of hashing the digital signature value Sign2 and the public key, as the self-assurance type ID, replacing the previously generated self-assurance type ID with newly generated self assurance type ID;
a self-assurance type ID verification unit configured to determine whether the source address of the received packet has been spoofed by using the self-assurance type ID;
a white list storage unit configured to store an identification of a reliable source node based on the result of determination of the source address spoofing;
a black list storage unit configured to store an identification of an unreliable source node based on the result of determination of the source address spoofing; and
a packet transmission unit configured to transmit the packet whose source has been verified through the self-assurance type ID verification unit to a next network node.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication apparatus for detecting and preventing a source address spoofing packet, includes a packet reception unit configured to receive a packet from a previous node or a user host; a self-assurance type ID generation unit configured to generate a self-assurance type ID of a source node of the received packet; and a self-assurance type ID verification unit configured to determine whether the source address of the received packet has been spoofed. Further, the authentication apparatus includes a white list storage unit configured to store a reliable source node; a black list storage unit configured to store an unreliable source node; and a packet transmission unit configured to transmit the packet whose source has been verified through the self-assurance type ID verification unit to a next network node.
221 Citations
9 Claims
-
1. An authentication apparatus for detecting and preventing a source address spoofing packet, the apparatus comprising:
-
a packet reception unit configured to receive a packet from a previous node or a user host; a self-assurance type identification (ID) generation unit configured to generate a self-assurance type ID of a source node of the received packet by; generating a digital signature value Sign1 obtained by signing a source address of the input packet by using a private key; generating a result of hashing the digital signature value Sign1 and a public key, as the self-assurance type; and when a length of the self-assurance type ID is not equal to a length of a hash function; generating a random number R1, generates a middle value T1 as a result of hashing the source address, the public key, and the random number, generating a digital signature value Sign2 by signing the source address and the random number by using a private key, and generating a result of hashing the digital signature value Sign2 and the public key, as the self-assurance type ID, replacing the previously generated self-assurance type ID with newly generated self assurance type ID; a self-assurance type ID verification unit configured to determine whether the source address of the received packet has been spoofed by using the self-assurance type ID; a white list storage unit configured to store an identification of a reliable source node based on the result of determination of the source address spoofing; a black list storage unit configured to store an identification of an unreliable source node based on the result of determination of the source address spoofing; and a packet transmission unit configured to transmit the packet whose source has been verified through the self-assurance type ID verification unit to a next network node.
-
- 2. The authentication apparatus of claim wherein when the self-assurance type ID verification unit receives a self-assurance type ID of a packet received from the packet reception unit, the self-assurance type ID verification unit determines whether the self-assurance type ID has been stored in a white list in which reliable source nodes are stored, and when the self-assurance type ID has been stored in the white list, the self-assurance type ID verification unit transfers the packet to the packet transmission unit.
-
5. An authentication method for detecting and preventing a source address spoofing packet, the method comprising:
-
receiving a packet from a previous node or a user host; generating a self-assurance type ID of a source node of the received packet, wherein generating the self-assurance type ID includes, when a length of the self-assurance type ID is not equal to a length of a hash function; generating a random number R1; generating a middle value T1 as a result of hashing the source address, the public key, and the random number; generating a digital signature value Sign2 by signing the source address and the random number by using a private key; generating a result of hashing the digital signature value Sign2 and the public key, as the self-assurance type ID; verifying whether the source address of the received packet has been spoofed by using the self-assurance type ID; storing a reliable source node in a white list, based on the result of verification of the source address spoofing; storing an unreliable source node in a black list, based on the result of verification of the source address spoofing; and transmitting the packet whose source has been verified through the self-assurance type ID verification to a next network node. - View Dependent Claims (6, 7, 8, 9)
-
Specification