检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]信息工程大学信息工程学院网络工程系,河南郑州450002
出 处:《小型微型计算机系统》2009年第1期87-90,共4页Journal of Chinese Computer Systems
基 金:国家"八六三"基金项目(2003AA146010)资助
摘 要:ND(Neighbor Discovery)协议的安全缺陷使得IPv6节点易受到中间人攻击,对网络安全造成巨大威胁.基于CGA(Cryptographically Generated Addresses)的SEND(Secure ND)协议虽然可以抵御此类攻击,但计算开销大,难以推广实施.本文提出的利用单向散列算法生成IPv6地址的方法,通过加密绑定节点的链路层地址和IP地址,可以有效阻止此类攻击.分析和模拟实验表明,该方法能够有效减小计算开销和网络负载,简便易于实施.现阶段该方法可与CGA结合使用对IPv6链路进行保护.ND (Neighbor Discovery) Protocol security threats leave IPv6 nodes vulnerable to Man-in-the-Middle attack, which threatens network security greatly. Although SEND (Secure Neighbor Discovery) Protocol based on CGA (Cryptographically Generated Addresses) can defeat such attack, computation expense large, promotes the implementation with difficulty. This paper presents a new IPv6 addresses generating method based on hash algorithm, depends on cryptographic bundled with the link layer address and IP address, can effectively defeat such attack. Simulation results show that this method can reduce computation expense and network load, easy to implement. Nowadays this method can be combined with CGA to protect IPv6 links.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7