CAJ | 학술논문

提出了一种以密码学方法实现的 IPv6接入子网主机高速源地址验证方案.把主机 MAC 地址作为身份同主机公钥相绑定,利用密码生成地址算法从主机公钥衍生出 IPv6接入子网地址,通过数字签名提供主机真实性的验证,以消息认证码和流认证技术实现接入网关对数据分组流 IPv6地址的快速安全的验证.原型系统实验表明,该方案能够以低开销实现数据分组源地址验证,是一种安全、可行的方案.
제출료일충이밀마학방법실현적 IPv6접입자망주궤고속원지지험증방안.파주궤 MAC 지지작위신빈동주궤공약상방정,이용밀마생성지지산법종주궤공약연생출 IPv6접입자망지지,통과수자첨명제공주궤진실성적험증,이소식인증마화류인증기술실현접입망관대수거분조류 IPv6지지적쾌속안전적험증.원형계통실험표명,해방안능구이저개소실현수거분조원지지험증,시일충안전、가행적방안.
A cryptographically-implemented high-speed source address verification scheme for the hosts in the IPv6 ac-cess subnet was proposed. The MAC address was used as the identity of the host machine and bounded with the host’s public key. Then the IPv6 address was derived from the host machine’s public key using the cryptographically generated address algorithm. The address authenticity was guaranteed by the digital signature and the fast and secure source address verification for packet stream was achieved through message authentication code algorithm and stream authentication. The experimental system show that the scheme could verify the source addresses of data packets at a loss cost. Thus, it is a secure and feasible scheme.