[go: up one dir, main page]

CN111262701A - Replay attack detection method, system, equipment and storage medium - Google Patents

Replay attack detection method, system, equipment and storage medium Download PDF

Info

Publication number
CN111262701A
CN111262701A CN202010024384.6A CN202010024384A CN111262701A CN 111262701 A CN111262701 A CN 111262701A CN 202010024384 A CN202010024384 A CN 202010024384A CN 111262701 A CN111262701 A CN 111262701A
Authority
CN
China
Prior art keywords
client
timestamp
digital signature
replay attack
attack detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010024384.6A
Other languages
Chinese (zh)
Other versions
CN111262701B (en
Inventor
程文强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lianzhou Group Co.,Ltd.
Original Assignee
Pulian International Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pulian International Co ltd filed Critical Pulian International Co ltd
Priority to CN202010024384.6A priority Critical patent/CN111262701B/en
Publication of CN111262701A publication Critical patent/CN111262701A/en
Application granted granted Critical
Publication of CN111262701B publication Critical patent/CN111262701B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a replay attack detection method, which comprises the following steps: receiving a data packet which is sent by a client and comprises a first digital signature, a client current timestamp and a client identification code; the first digital signature is generated by a client identification code, a client current time stamp and a client password through an encryption algorithm; extracting a client current timestamp and a client identification code in the data packet; generating a second digital signature by using the extracted client current timestamp, the client identification code and the pre-stored password; the pre-stored password is a preset password which is the same as the client password; when the first digital signature and the second digital signature are not the same, it is determined that a replay attack has occurred. The invention also discloses a replay attack detection system, a replay attack detection device and a computer storage medium. By adopting the embodiment of the invention, the problem that the server without the timestamp can not detect replay attack can be effectively solved, and the network security of the server without the timestamp can be enhanced.

Description

一种重放攻击检测方法、系统、设备及存储介质A replay attack detection method, system, device and storage medium

技术领域technical field

本发明涉及通信网络技术领域,尤其涉及一种重放攻击检测方法、系统、设备及存储介质。The present invention relates to the technical field of communication networks, and in particular, to a replay attack detection method, system, device and storage medium.

背景技术Background technique

重放攻击(ReplayAttacks),是指攻击者发送一个目的主机已接收过的包,来达到欺骗系统的目的,主要用于身份认证过程,破坏认证的正确性。它是一种攻击类型,这种攻击会不断恶意或欺诈性地重复一个有效的数据传输,重放攻击可以由发起者,也可以由拦截并重发该数据的敌方进行。Replay attack (ReplayAttacks) means that the attacker sends a packet that the destination host has received to achieve the purpose of deceiving the system. It is mainly used in the identity authentication process and destroys the correctness of the authentication. It is a type of attack that repeatedly maliciously or fraudulently repeats a valid data transmission, a replay attack can be performed by the initiator or by an adversary who intercepts and retransmits the data.

现有的重放攻击检测方法中,因为时间戳自身的优越性,使得当前主流的防重放攻击方法基本上都是基于服务器和客户端时间戳来完成的。目前检测重放攻击的方式有三种:第一种是基于时间戳timestamp方案的,该方案存在被攻击者修改timestamp而绕过防重放机制,使得重放攻击生效的风险;第二种是基于nonce的方案,该方案随着时间的推移会消耗越来越多的服务器内存空间,使得验证nonce是否存在于服务器上耗时会越来越长,严重影响服务器性能;第三种是基于timestamp和nonce相结合方案,可以有效规避上述两种方案的缺点,在规定时间内保存nonce,使得内存消耗降低的同时又能防范短时间内的重放攻击。In the existing replay attack detection methods, due to the superiority of the timestamp itself, the current mainstream anti-replay attack methods are basically completed based on the server and client timestamps. There are currently three ways to detect replay attacks: the first is based on the timestamp scheme, which has the risk that the attacker modifies the timestamp to bypass the anti-replay mechanism, making the replay attack effective; the second is based on The nonce scheme consumes more and more server memory space over time, making it more and more time-consuming to verify whether the nonce exists on the server, which seriously affects server performance; the third is based on timestamp and The nonce combination scheme can effectively avoid the shortcomings of the above two schemes, and save the nonce within a specified time, which reduces memory consumption and prevents short-term replay attacks.

但是,上述三种方式必须依赖于服务器和客户端的时间戳来实施。对于没有时间戳的服务器而言,则不能准确检测重放攻击,从而无法保证服务器的网络安全。However, the above three ways must rely on server and client timestamps to implement. For a server without a timestamp, the replay attack cannot be accurately detected, so the network security of the server cannot be guaranteed.

发明内容SUMMARY OF THE INVENTION

本发明实施例的目的是提供一种重放攻击检测方法、系统、设备及存储介质,能有效解决无时间戳服务器无法检测重放攻击的问题,加强无时间戳服务器的网络安全。The purpose of the embodiments of the present invention is to provide a replay attack detection method, system, device and storage medium, which can effectively solve the problem that the time stampless server cannot detect the replay attack, and strengthen the network security of the time stampless server.

为实现上述目的,本发明实施例提供了一种重放攻击检测方法,包括:To achieve the above purpose, an embodiment of the present invention provides a replay attack detection method, including:

接收客户端发送的包括第一数字签名、客户端当前时间戳和客户端识别码的数据包;其中,所述第一数字签名由所述客户端识别码、所述客户端当前时间戳和客户端密码通过加密算法生成;Receive the data packet sent by the client including the first digital signature, the current timestamp of the client and the client identification code; wherein, the first digital signature is composed of the client identification code, the current timestamp of the client and the client identification code. The terminal password is generated by an encryption algorithm;

提取所述数据包中的所述客户端当前时间戳和所述客户端识别码;extracting the current timestamp of the client and the client identification code in the data packet;

将提取的所述客户端当前时间戳、所述客户端识别码和预存密码生成第二数字签名;其中,所述预存密码为预设的与所述客户端密码相同的密码;generating a second digital signature from the extracted current timestamp of the client, the client identification code and the pre-stored password; wherein, the pre-stored password is a preset password identical to the client password;

当所述第一数字签名和所述第二数字签名不相同时,判定发生重放攻击。When the first digital signature and the second digital signature are different, it is determined that a replay attack occurs.

与现有技术相比,本发明实施例公开的重放攻击检测方法,首先,通过接收包含第一数字签名、客户端当前时间戳和客户端识别码的数据包,并从数据包中提取客户端当前时间戳和客户端识别码;然后,将数据包中提取的客户端当前时间戳和客户端识别码与预存密码生成第二数字签名;最后,通过判断第一数字签名与第二数字签名是否相同来确定当前网络是否遭受重放攻击,当第一数字签名与第二数字签名不相同时,表明数据包中的数据被篡改过,此时可确认当前网络遭遇重放攻击,能有效解决无时间戳服务器无法检测重放攻击的问题,加强无时间戳服务器的网络安全。Compared with the prior art, in the replay attack detection method disclosed in the embodiment of the present invention, firstly, by receiving a data packet containing the first digital signature, the current timestamp of the client and the client identification code, and extracting the client from the data packet. terminal current timestamp and client identification code; then, generate the second digital signature by extracting the client current timestamp and client identification code and the pre-stored password from the data packet; finally, by judging the first digital signature and the second digital signature Whether the current network is the same to determine whether the current network suffers from a replay attack, when the first digital signature is different from the second digital signature, it indicates that the data in the data packet has been tampered with. At this time, it can be confirmed that the current network has suffered a replay attack, which can be effectively solved. The problem that no timestamp server cannot detect replay attacks, and the network security of no timestamp server is strengthened.

作为上述方案的改进,所述方法还包括:As an improvement of the above scheme, the method also includes:

当所述第一数字签名和所述第二数字签名相同时,判断所述客户端当前时间戳是否大于预存在时间戳列表中的最新时间戳;When the first digital signature and the second digital signature are the same, determine whether the current timestamp of the client is greater than the latest timestamp pre-stored in the timestamp list;

若是,则以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中;若否,则判定发生重放攻击或所述客户端请求超时。If yes, write the current timestamp of the client as the latest timestamp into the timestamp list; if not, determine that a replay attack occurs or the client request times out.

作为上述方案的改进,所述以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中后,还包括:As an improvement of the above solution, after the current timestamp of the client is written into the timestamp list as the latest timestamp, the method further includes:

判断所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值是否大于预设时间阈值;Judging whether the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold;

若是,则在所述时间戳列表中删除与所述最新时间戳的差值大于所述预设时间阈值的客户端时间戳;若否,则保留与所述最新时间戳的差值小于或等于所述预设时间阈值的客户端时间戳。If yes, delete the client timestamp whose difference from the latest timestamp is greater than the preset time threshold from the timestamp list; if not, keep the difference from the latest timestamp less than or equal to The client timestamp of the preset time threshold.

作为上述方案的改进,所述时间戳列表包括若干个与所述客户端识别码对应的客户端时间戳,每一所述客户端时间戳按照预设顺序排序。As an improvement of the above solution, the timestamp list includes several client timestamps corresponding to the client identification codes, and each of the client timestamps is sorted in a preset order.

作为上述方案的改进,所述第二数字签名通过加密算法生成。As an improvement of the above solution, the second digital signature is generated by an encryption algorithm.

为实现上述目的,本发明实施例还提供一种重放攻击检测系统,包括:In order to achieve the above purpose, an embodiment of the present invention also provides a replay attack detection system, including:

数据包接收模块,用于接收客户端发送的包括第一数字签名、客户端当前时间戳和客户端识别码的数据包;其中,所述第一数字签名由所述客户端识别码、所述客户端当前时间戳和客户端密码通过加密算法生成;A data packet receiving module, configured to receive a data packet sent by a client including a first digital signature, a current timestamp of the client and a client identification code; wherein the first digital signature is composed of the client identification code, the client identification The current timestamp of the client and the client password are generated by an encryption algorithm;

数据提取模块,用于提取所述数据包中的所述客户端当前时间戳和所述客户端识别码;a data extraction module for extracting the current timestamp of the client and the client identification code in the data packet;

数字签名生成模块,用于将提取的所述客户端当前时间戳、所述客户端识别码和预存密码生成第二数字签名;其中,所述预存密码为预设的与所述客户端密码相同的密码;A digital signature generation module, configured to generate a second digital signature from the extracted current timestamp of the client, the client identification code and the pre-stored password; wherein, the pre-stored password is the same as the preset password of the client password;

第一判断模块,用于判断所述第一数字签名和所述第二数字签名是否相同;a first judgment module for judging whether the first digital signature and the second digital signature are the same;

第一检测模块,用于当所述第一数字签名和所述第二数字签名不相同时,判定发生重放攻击。A first detection module, configured to determine that a replay attack occurs when the first digital signature and the second digital signature are different.

与现有技术相比,本发明实施例公开的重放攻击检测系统,首先,数据包接收模块接收包含第一数字签名、客户端当前时间戳和客户端识别码的数据包,数据提取模块从数据包中提取客户端当前时间戳和客户端识别码;然后,数字签名生成模块将数据包中提取的客户端当前时间戳和客户端识别码与预存密码生成第二数字签名;最后,第一判断模块判断第一数字签名与第二数字签名是否相同,以使第一检测模块确定当前网络是否遭受重放攻击,当第一数字签名与第二数字签名不相同时,表明数据包中的数据被篡改过,此时可确认当前网络遭遇重放攻击,能有效解决无时间戳服务器无法检测重放攻击的问题,加强无时间戳服务器的网络安全。Compared with the prior art, in the replay attack detection system disclosed in the embodiment of the present invention, first, the data packet receiving module receives the data packet containing the first digital signature, the current time stamp of the client and the client identification code, and the data extraction module receives the data packet from the Extract the current timestamp of the client and the client identification code from the data packet; then, the digital signature generation module generates the second digital signature from the current timestamp of the client, the client identification code and the pre-stored password extracted from the data packet; finally, the first digital signature is generated. The judgment module judges whether the first digital signature and the second digital signature are the same, so that the first detection module determines whether the current network suffers from a replay attack, and when the first digital signature is different from the second digital signature, it indicates that the data in the data packet If it has been tampered with, it can be confirmed that the current network has encountered a replay attack, which can effectively solve the problem that the timestampless server cannot detect the replay attack, and strengthen the network security of the timestampless server.

作为上述方案的改进,所述重放攻击检测系统还包括:As an improvement of the above solution, the replay attack detection system further includes:

第二判断模块,用于当所述第一数字签名和所述第二数字签名相同时,判断所述客户端当前时间戳是否大于预存在时间戳列表中的最新时间戳;a second judgment module, configured to judge whether the current timestamp of the client is greater than the latest timestamp in the pre-existing timestamp list when the first digital signature and the second digital signature are the same;

时间戳更新模块,用于当所述客户端当前时间戳大于所述最新时间戳时,以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中;A timestamp updating module, configured to use the current timestamp of the client as the latest timestamp to write into the timestamp list when the current timestamp of the client is greater than the latest timestamp;

第二检测模块,用于当所述客户端当前时间戳小于或等于所述最新时间戳时,判定发生重放攻击或所述客户端请求超时。The second detection module is configured to determine that a replay attack occurs or the client request times out when the current timestamp of the client is less than or equal to the latest timestamp.

作为上述方案的改进,所述重放攻击检测系统还包括:As an improvement of the above solution, the replay attack detection system further includes:

第三判断模块,用于判断所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值是否大于预设时间阈值;a third judging module, configured to judge whether the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold;

时间戳删除模块,用于当所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值大于预设时间阈值时,在所述时间戳列表中删除与所述最新时间戳的差值大于所述预设时间阈值的客户端时间戳。A timestamp deletion module, configured to delete the latest timestamp from the timestamp list and the latest timestamp when the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold The difference between the stamps is greater than the client timestamp of the preset time threshold.

为实现上述目的,本发明实施例还提供了一种重放攻击检测设备,包括处理器、存储器以及存储在所述存储器中且被配置为由所述处理器执行的计算机程序,所述处理器执行所述计算机程序时实现如上述任一实施例所述的重放攻击检测方法。To achieve the above object, an embodiment of the present invention further provides a replay attack detection device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor When the computer program is executed, the replay attack detection method described in any of the above embodiments is implemented.

为实现上述目的,本发明实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质包括存储的计算机程序,其中,在所述计算机程序运行时控制所述计算机可读存储介质所在设备执行如上述任一实施例所述的重放攻击检测方法。To achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, wherein the computer-readable storage medium is controlled when the computer program runs The device where it is located executes the replay attack detection method described in any of the foregoing embodiments.

附图说明Description of drawings

图1是本发明实施例提供的一种重放攻击检测方法的流程图;1 is a flowchart of a method for detecting a replay attack provided by an embodiment of the present invention;

图2是本发明实施例提供的另一种重放攻击检测方法的流程图;2 is a flowchart of another method for detecting a replay attack provided by an embodiment of the present invention;

图3是本发明实施例提供的更新时间戳列表的流程图;3 is a flowchart of updating a timestamp list provided by an embodiment of the present invention;

图4是本发明实施例提供的一种重放攻击检测系统的结构框图;4 is a structural block diagram of a replay attack detection system provided by an embodiment of the present invention;

图5是本发明实施例提供的一种重放攻击检测设备的结构框图。FIG. 5 is a structural block diagram of a replay attack detection device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

参见图1,图1是本发明实施例提供的一种重放攻击检测方法的流程图;所述重放攻击检测方法包括:Referring to FIG. 1, FIG. 1 is a flowchart of a replay attack detection method provided by an embodiment of the present invention; the replay attack detection method includes:

S1、接收客户端发送的包括第一数字签名、客户端当前时间戳和客户端识别码的数据包;其中,所述第一数字签名由所述客户端识别码、所述客户端当前时间戳和客户端密码通过加密算法生成;S1. Receive a data packet including a first digital signature, a current timestamp of the client, and a client identification code sent by a client; wherein, the first digital signature is composed of the client identification code, the current timestamp of the client And the client password is generated by an encryption algorithm;

S2、提取所述数据包中的所述客户端当前时间戳和所述客户端识别码;S2, extracting the current timestamp of the client and the client identification code in the data packet;

S3、将提取的所述客户端当前时间戳、所述客户端识别码和预存密码生成第二数字签名;其中,所述预存密码为预设的与所述客户端密码相同的密码;S3. Generate a second digital signature from the extracted current timestamp of the client, the client identification code and the pre-stored password; wherein, the pre-stored password is a preset password identical to the client password;

S4、当所述第一数字签名和所述第二数字签名不相同时,判定发生重放攻击。S4. When the first digital signature and the second digital signature are different, determine that a replay attack occurs.

值得说明的是,本发明实施例中所述的重放攻击检测方法由服务器执行实现,所述服务器与若干个客户端进行网络通信。所述客户端以自身客户端识别码、客户端当前时间戳、客户端密码作为输入生成固定长度的第一数字签名。示例性的,所述客户端采用加密算法生成所述第一数字签名,比如所述加密算法为哈希散列算法、Md5算法或其他加密算法,具体所述哈希散列算法和Md5算法的计算过程可参考现有技术,在此不再赘述。当所述客户端向服务器发起验证请求时,将所述第一数字签名、所述客户端当前时间戳和所述客户端识别码封装成数据包,发送给服务器。It should be noted that the replay attack detection method described in the embodiment of the present invention is implemented by a server, and the server performs network communication with several clients. The client generates a fixed-length first digital signature with its own client identification code, client current timestamp, and client password as input. Exemplarily, the client uses an encryption algorithm to generate the first digital signature. For example, the encryption algorithm is a hash algorithm, an Md5 algorithm, or other encryption algorithms. Specifically, the hash algorithm and the Md5 algorithm are different. For the calculation process, reference may be made to the prior art, and details are not repeated here. When the client initiates a verification request to the server, the first digital signature, the current timestamp of the client and the client identification code are encapsulated into a data packet and sent to the server.

具体的,所述服务器在接收到所述客户端发送的数据包后,提取所述数据包中的所述客户端当前时间戳和所述客户端识别码,然后所述服务器将提取的所述客户端当前时间戳、所述客户端识别码和在数据库中的预存密码生成固定长度的第二数字签名,所述服务器采用加密算法(哈希散列算法、Md5算法或其他加密算法)生成所述第二数字签名。最后,所述服务器通过判断所述第一数字签名与所述第二数字签名是否相同来确定当前网络是否遭受重放攻击。当所述第一数字签名和所述第二数字签名相同时,则认为客户端请求属于正常请求,当前网络并未遭受重放攻击,流程继续;当所述第一数字签名和所述第二数字签名不相同时,此时可确认所述客户端发送的数据包中的内容被篡改过,可判定当前网络发生重放攻击,此时所述服务器拒绝所述客户端的请求,客户端验证请求流程结束,同时采取相应措施应对重放攻击已发生的情况。Specifically, after receiving the data packet sent by the client, the server extracts the current timestamp of the client and the client identification code in the data packet, and then the server extracts the extracted The current timestamp of the client, the client identification code and the pre-stored password in the database generate a second digital signature of a fixed length, and the server uses an encryption algorithm (hash algorithm, Md5 algorithm or other encryption algorithm) to generate the the second digital signature. Finally, the server determines whether the current network suffers from a replay attack by judging whether the first digital signature is the same as the second digital signature. When the first digital signature and the second digital signature are the same, it is considered that the client request is a normal request, the current network is not subject to replay attacks, and the process continues; when the first digital signature and the second digital signature are the same When the digital signatures are different, it can be confirmed that the content of the data packet sent by the client has been tampered with, and it can be determined that a replay attack has occurred on the current network. At this time, the server rejects the client's request, and the client verifies the request. The process ends, and measures are taken to deal with the fact that the replay attack has occurred.

优选的,所述方法还包括:Preferably, the method further includes:

S5、当所述第一数字签名和所述第二数字签名相同时,判断所述客户端当前时间戳是否大于预存在时间戳列表中的最新时间戳;S5, when the first digital signature and the second digital signature are the same, determine whether the current timestamp of the client is greater than the latest timestamp in the pre-existing timestamp list;

S6、若是,则以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中;若否,则判定发生重放攻击或所述客户端请求超时。S6. If yes, write the current timestamp of the client as the latest timestamp into the timestamp list; if not, determine that a replay attack occurs or the client request times out.

具体的,当所述服务器判定所述第一数字签名和所述第二数字签名相同时,进一步进行校验,此时所述服务器将所述客户端当前时间戳T1与预存在时间戳列表中的最新时间戳Tnew做比对。当T1大于Tnew时,则认为客户端请求属于正常请求,当前网络并未遭受重放攻击,流程继续;当T1小于或等于于Tnew时,发生重放攻击或所述客户端请求超时,此时所述服务器拒绝客户端请求,客户端验证请求流程结束,为了防止用户信息泄露,采取相应措施应对发生重放攻击或所述客户端请求超时的情况。通过双重验证能够准确检测当前网络是否发生重放攻击,提高网络安全。Specifically, when the server determines that the first digital signature and the second digital signature are the same, further verification is performed. At this time, the server compares the current timestamp T1 of the client with the pre-stored timestamp list. The latest timestamp Tnew is compared. When T1 is greater than Tnew, it is considered that the client request is a normal request, the current network is not subject to a replay attack, and the process continues; when T1 is less than or equal to Tnew, a replay attack occurs or the client request times out, at this time The server rejects the client's request, and the client-side verification request process ends. In order to prevent leakage of user information, corresponding measures are taken to deal with the occurrence of a replay attack or the client's request timeout. Two-factor authentication can accurately detect whether a replay attack occurs on the current network, thereby improving network security.

进一步的,上述步骤S1~S6的过程可参考图2。Further, for the process of the above steps S1 to S6, reference may be made to FIG. 2 .

优选的,所述时间戳列表包括若干个时间戳存储空间,所述时间戳存储空间为为每个客户端开辟的内存空间,专门用于存储该客户端验证请求通过时的客户端时间戳,与所述客户端识别码一一对应。优选的,每一所述客户端时间戳按照预设顺序排序,比如,按照更新时间进行排序,将所述最新时间戳排在所述时间戳列表中的最后面。Preferably, the time stamp list includes several time stamp storage spaces, and the time stamp storage space is a memory space opened for each client, which is specially used to store the client time stamp when the client verification request is passed, One-to-one correspondence with the client identification code. Preferably, each of the client timestamps is sorted according to a preset order, for example, sorted according to update time, and the latest timestamp is ranked last in the timestamp list.

当客户端通过验证后,会比较Tnew与T1,当T1小于或等于Tnew时,可以认为当前发起验证的客户端请求已经超时(因为Tnew是服务器记载中的最新时刻,而比Tnew小的T1基本上可以认为是更老旧的时刻,该时刻明显超时),拒绝该请求;当T1大于Tnew时,认为当前请求为新鲜请求,则通过所述时间戳存储空间来保存当前验证通过客户端发起验证的所述客户端当前时间戳。When the client passes the verification, it will compare Tnew and T1. When T1 is less than or equal to Tnew, it can be considered that the client request that currently initiates verification has timed out (because Tnew is the latest time recorded in the server, and T1 smaller than Tnew is basically When T1 is greater than Tnew, it is considered that the current request is a fresh request, then the timestamp storage space is used to save the current verification, and the client initiates verification. The current timestamp of the client.

值得说明的是,所述服务器因为自身没有时间戳,无法获取当前时间,更无法将自身时间与客户端时间进行对比。为解决该问题,本发明实施例中为服务器设计了时间戳列表动态老化机制,该机制使得所述服务器能获取所述客户端验证通过后的最新时刻Tnew,又能通过动态老化机制防止时间戳占用服务器大量内存。It is worth noting that the server cannot obtain the current time because it does not have a time stamp, and cannot compare its own time with the client time. In order to solve this problem, in the embodiment of the present invention, a dynamic aging mechanism of the timestamp list is designed for the server. This mechanism enables the server to obtain the latest time Tnew after the client has passed the verification, and can prevent timestamps through the dynamic aging mechanism. Takes up a lot of server memory.

此时,所述以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中后,还包括:At this time, after the current timestamp of the client is written into the timestamp list as the latest timestamp, the method further includes:

S7、判断所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值是否大于预设时间阈值;S7, determine whether the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold;

S8、若是,则在所述时间戳列表中删除与所述最新时间戳的差值大于所述预设时间阈值的客户端时间戳;若否,则保留与所述最新时间戳的差值小于或等于所述预设时间阈值的客户端时间戳。S8. If yes, delete the client timestamp whose difference from the latest timestamp is greater than the preset time threshold from the timestamp list; if not, keep the difference from the latest timestamp less than or a client timestamp equal to the preset time threshold.

进一步的,上述步骤S7~S8的过程可参考图3。Further, for the process of the above steps S7-S8, reference may be made to FIG. 3 .

所述时间戳列表以客户端识别码为索引,以该客户端通过验证请求的客户端当前时间戳为值进行存储,且所述时间戳列表按照时间戳的时间先后顺序依次存储,时间戳越新排序越靠后,最新时刻对应的时间戳记为Tnew,其中随着客户端验证请求的通过,Tnew会被最新的通过验证的客户端时间戳不断刷新。The timestamp list is stored with the client identification code as the index and the current timestamp of the client that the client has passed the verification request as the value. The later the new order is, the timestamp corresponding to the latest moment is Tnew, and as the client verification request passes, Tnew will be continuously refreshed by the latest verified client timestamp.

所述客户端在初次验证通过后,所述服务器会根据所述数据包中客户端识别码为每个客户端设备开辟一个时间戳存储空间用于存储该客户端验证通过的时间戳,并进行初始化,初始化初值为0,所述时间戳存储空间通过所述客户端识别码进行检索取值,也即每个客户端都对应有一个时间戳存储空间,用于存储验证通过的客户端当前时间戳。所述服务器会将每个验证通过的客户端当前时间戳的按照从前往后顺序依次进行存储,排在最后的时间戳记为Tnew,其中随着越来越多的客户端验证请求的通过,Tnew会被最新的通过验证的客户端时间戳不断刷新。After the client has passed the initial verification, the server will open up a timestamp storage space for each client device according to the client identification code in the data packet to store the timestamp of the client's verification, and perform the verification. Initialization, the initial value of initialization is 0, and the time stamp storage space is retrieved and retrieved through the client identification code, that is, each client corresponds to a time stamp storage space, which is used to store the current value of the client that has passed the verification. timestamp. The server will store the current timestamp of each client that has passed the verification in order from front to back, and the last timestamp is Tnew, where as more and more client verification requests pass, Tnew Will be continuously refreshed with the latest authenticated client timestamp.

分别计算Tnew与服务器内存中所保存的所有客户端时间戳的时间差值,假如差值大于预设时间阈值t0,则删除对应的较老的时间戳并释放该时间戳所占用内存空间。t0可根据具体使用需要人为设定,可以是一天,亦可以是一周,甚至是一个月。通过t0这个预先设定的阈值,可以实现服务器所保存的时间戳进行动态老化,所有与最新时刻时间差超过t0的时间戳都将被删除并释放所占用内存,通过这个动态老化机制能够及时的释放老化时间戳的内存空间,既节省了内存空间,又简化了时间戳列表排序过程的时间复杂度。Calculate the time difference between Tnew and all client timestamps stored in the server memory. If the difference is greater than the preset time threshold t0, delete the corresponding older timestamp and release the memory space occupied by the timestamp. t0 can be set artificially according to specific usage needs, and can be one day, one week, or even one month. Through the preset threshold of t0, the timestamps saved by the server can be dynamically aged. All timestamps with a time difference of more than t0 from the latest time will be deleted and the occupied memory will be released. This dynamic aging mechanism can be released in time. The memory space of aging timestamps not only saves memory space, but also simplifies the time complexity of the timestamp list sorting process.

本发明实施例提供的重放攻击检测方法,存储验证通过的客户端时间戳进并实现更新同步,使得服务器维护了一张客户端验证通过的时间戳列表。先是通过验证数字签名的方式,再是通过对验证请求的时间戳与服务器存储的最新时刻的时间戳的对比的方式给整个系统增加了双重保险机制。通过这双重验证机制来判别是否属于重放攻击,提高了系统防范重放攻击的正确率和稳定性。另外,通过这个动态老化机制能够及时的释放老化时间戳所占用的内存空间,既大大降低了服务器系统的内存空间的消耗,又简化了时间戳列表,使得在按时间戳先后顺序排序过程中的时间复杂度也大大降低。In the replay attack detection method provided by the embodiment of the present invention, the time stamps of the clients that have passed the verification are stored and updated and synchronized, so that the server maintains a list of the time stamps of the clients that have passed the verification. First, by verifying the digital signature, and then by comparing the timestamp of the verification request with the timestamp of the latest moment stored by the server, a double insurance mechanism is added to the entire system. This double verification mechanism is used to determine whether it is a replay attack, which improves the accuracy and stability of the system to prevent replay attacks. In addition, through this dynamic aging mechanism, the memory space occupied by the aging timestamp can be released in time, which not only greatly reduces the memory space consumption of the server system, but also simplifies the timestamp list. The time complexity is also greatly reduced.

参见图4,图4是本发明实施例提供的一种重放攻击检测系统100的结构框图;所述重放攻击检测系统100包括:Referring to FIG. 4, FIG. 4 is a structural block diagram of a replay attack detection system 100 provided by an embodiment of the present invention; the replay attack detection system 100 includes:

数据包接收模块101,用于接收客户端发送的包括第一数字签名、客户端当前时间戳和客户端识别码的数据包;其中,所述第一数字签名由所述客户端识别码、所述客户端当前时间戳和客户端密码通过加密算法生成;A data packet receiving module 101 is configured to receive a data packet sent by a client including a first digital signature, a current timestamp of the client and a client identification code; wherein the first digital signature is composed of the client identification code, the The current timestamp of the client and the client password are generated by an encryption algorithm;

数据提取模块102,用于提取所述数据包中的所述客户端当前时间戳和所述客户端识别码;A data extraction module 102, configured to extract the current timestamp of the client and the client identification code in the data packet;

数字签名生成模块103,用于将提取的所述客户端当前时间戳、所述客户端识别码和预存密码生成第二数字签名;其中,所述预存密码为预设的与所述客户端密码相同的密码;A digital signature generation module 103, configured to generate a second digital signature from the extracted current timestamp of the client, the client identification code and the pre-stored password; wherein, the pre-stored password is a preset and the client password the same password;

第一判断模块104,用于判断所述第一数字签名和所述第二数字签名是否相同;The first judgment module 104 is used for judging whether the first digital signature and the second digital signature are the same;

第一检测模块105,用于当所述第一数字签名和所述第二数字签名不相同时,判定发生重放攻击;a first detection module 105, configured to determine that a replay attack occurs when the first digital signature and the second digital signature are different;

第二判断模块106,用于当所述第一数字签名和所述第二数字签名相同时,判断所述客户端当前时间戳是否大于预存在时间戳列表中的最新时间戳;A second judgment module 106, configured to judge whether the current timestamp of the client is greater than the latest timestamp in the pre-existing timestamp list when the first digital signature and the second digital signature are the same;

时间戳更新模块107,用于当所述客户端当前时间戳大于所述最新时间戳时,以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中;A timestamp updating module 107, configured to write the timestamp list with the current timestamp of the client as the latest timestamp when the current timestamp of the client is greater than the latest timestamp;

第二检测模块108,用于当所述客户端当前时间戳小于或等于所述最新时间戳时,判定发生重放攻击或所述客户端请求超时;The second detection module 108 is configured to determine that a replay attack occurs or the client request times out when the current timestamp of the client is less than or equal to the latest timestamp;

第三判断模块109,用于判断所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值是否大于预设时间阈值;A third judging module 109, configured to judge whether the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold;

时间戳删除模块110,用于当所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值大于预设时间阈值时,在所述时间戳列表中删除与所述最新时间戳的差值大于所述预设时间阈值的客户端时间戳。A timestamp deletion module 110, configured to delete the latest timestamp from the timestamp list when the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold The difference of the timestamps is greater than the client timestamp of the preset time threshold.

优选的,所述时间戳列表包括若干个与所述客户端识别码对应的客户端时间戳,每一所述客户端时间戳按照预设顺序排序。所述第二数字签名通过加密算法生成。Preferably, the timestamp list includes several client timestamps corresponding to the client identifiers, and each of the client timestamps is sorted in a preset order. The second digital signature is generated by an encryption algorithm.

值得说明的是,本发明实施例所述的重放攻击检测系统100可为服务器,所述服务器与若干个客户端进行网络通信。所述客户端以自身客户端识别码、客户端当前时间戳、客户端密码作为输入进行生成固定长度的第一数字签名。示例性的,所述客户端采用通过加密算法生成所述第一数字签名。当所述客户端向服务器发起验证请求时,将所述第一数字签名、所述客户端当前时间戳和所述客户端识别码封装成数据包,发送给服务器。It should be noted that the replay attack detection system 100 according to the embodiment of the present invention may be a server, and the server performs network communication with several clients. The client generates a fixed-length first digital signature with its own client identification code, client current timestamp, and client password as input. Exemplarily, the client uses an encryption algorithm to generate the first digital signature. When the client initiates a verification request to the server, the first digital signature, the current timestamp of the client and the client identification code are encapsulated into a data packet and sent to the server.

本发明实施例所述重放攻击检测系统100的工作过程可参考上述实施例所述的重放攻击检测方法的工作过程,在此不再赘述。For the working process of the replay attack detection system 100 according to the embodiment of the present invention, reference may be made to the working process of the replay attack detection method described in the foregoing embodiment, and details are not described herein again.

本发明实施例提供的重放攻击检测系统100,存储验证通过的客户端时间戳进并实现更新同步,使得服务器维护了一张客户端验证通过的时间戳列表。先是通过验证数字签名的方式,再是通过对验证请求的时间戳与服务器存储的最新时刻的时间戳的对比的方式给整个系统增加了双重保险机制。通过这双重验证机制来判别是否属于重放攻击,提高了系统防范重放攻击的正确率和稳定性。另外,通过这个动态老化机制能够及时的释放老化时间戳所占用的内存空间,既大大降低了服务器系统的内存空间的消耗,又简化了时间戳列表,使得在按时间戳先后顺序排序过程中的时间复杂度也大大降低。The replay attack detection system 100 provided by the embodiment of the present invention stores the time stamps of clients that have passed the verification and implements update synchronization, so that the server maintains a list of time stamps that pass the verification of the clients. First, by verifying the digital signature, and then by comparing the timestamp of the verification request with the timestamp of the latest moment stored by the server, a double insurance mechanism is added to the entire system. This double verification mechanism is used to determine whether it is a replay attack, which improves the accuracy and stability of the system to prevent replay attacks. In addition, through this dynamic aging mechanism, the memory space occupied by the aging timestamp can be released in time, which not only greatly reduces the memory space consumption of the server system, but also simplifies the timestamp list. The time complexity is also greatly reduced.

参见图5,图5是本发明实施例提供的一种重放攻击检测设备200的结构框图;该实施例的重放攻击检测设备200包括:处理器201、存储器202以及存储在所述存储器202中并可在所述处理器201上运行的计算机程序。所述处理器201执行所述计算机程序时实现上述重放攻击检测方法实施例中的步骤,例如图1所示的步骤S1~S4。或者,所述处理器201执行所述计算机程序时实现上述各装置实施例中各模块/单元的功能,例如数据包接收模块101。Referring to FIG. 5 , FIG. 5 is a structural block diagram of a replay attack detection device 200 provided by an embodiment of the present invention; the replay attack detection device 200 in this embodiment includes: a processor 201 , a memory 202 , and a storage device stored in the memory 202 A computer program that can be executed on the processor 201. When the processor 201 executes the computer program, the steps in the above embodiments of the replay attack detection method are implemented, for example, steps S1 to S4 shown in FIG. 1 . Alternatively, when the processor 201 executes the computer program, the functions of the modules/units in the foregoing device embodiments, such as the data packet receiving module 101 , are implemented.

示例性的,所述计算机程序可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器202中,并由所述处理器201执行,以完成本发明。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序在所述重放攻击检测设备200中的执行过程。例如,所述计算机程序可以被分割成数据包接收模块101、数据提取模块102、数字签名生成模块103、第一判断模块104、第一检测模块105、第二判断模块106、时间戳更新模块107、第二检测模块108、第三判断模块109和时间戳删除模块110,各模块具体功能请参考上述实施例所述的重放攻击检测系统100的具体工作过程,在此不再赘述。Exemplarily, the computer program can be divided into one or more modules/units, and the one or more modules/units are stored in the memory 202 and executed by the processor 201 to complete the present invention. invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer program in the replay attack detection device 200 . For example, the computer program can be divided into a data packet receiving module 101, a data extraction module 102, a digital signature generation module 103, a first judgment module 104, a first detection module 105, a second judgment module 106, and a timestamp update module 107 , the second detection module 108 , the third judgment module 109 and the timestamp deletion module 110 . For specific functions of each module, please refer to the specific working process of the replay attack detection system 100 described in the above embodiment, which will not be repeated here.

所述重放攻击检测设备200可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述重放攻击检测设备200可包括,但不仅限于,处理器201、存储器202。本领域技术人员可以理解,所述示意图仅仅是重放攻击检测设备200的示例,并不构成对重放攻击检测设备200的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述重放攻击检测设备200还可以包括输入输出设备、网络接入设备、总线等。The replay attack detection device 200 may be a computing device such as a desktop computer, a notebook computer, a handheld computer, and a cloud server. The replay attack detection device 200 may include, but is not limited to, a processor 201 and a memory 202 . Those skilled in the art can understand that the schematic diagram is only an example of the replay attack detection device 200, and does not constitute a limitation on the replay attack detection device 200, and may include more or less components than those shown in the figure, or a combination of certain Some components, or different components, for example, the replay attack detection device 200 may further include an input and output device, a network access device, a bus, and the like.

所述处理器201可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器201也可以是任何常规的处理器等,所述处理器201是所述重放攻击检测设备200的控制中心,利用各种接口和线路连接整个重放攻击检测设备200的各个部分。The processor 201 may be a central processing unit (Central Processing Unit, CPU), other general-purpose processors, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), Off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The general-purpose processor may be a microprocessor or the processor 201 may also be any conventional processor, etc. The processor 201 is the control center of the replay attack detection device 200, and uses various interfaces and lines to connect the entire Various parts of the attack detection device 200 are placed.

所述存储器202可用于存储所述计算机程序和/或模块,所述处理器201通过运行或执行存储在所述存储器202内的计算机程序和/或模块,以及调用存储在存储器202内的数据,实现所述重放攻击检测设备200的各种功能。所述存储器202可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器202可以包括高速随机存取存储器,还可以包括非易失性存储器,例如硬盘、内存、插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)、至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 202 can be used to store the computer programs and/or modules, and the processor 201 executes or executes the computer programs and/or modules stored in the memory 202 and calls the data stored in the memory 202, Various functions of the replay attack detection device 200 are implemented. The memory 202 may mainly include a stored program area and a stored data area, wherein the stored program area may store an operating system, an application program required for at least one function (such as a sound playback function, an image playback function, etc.), etc.; the storage data area may Stores data (such as audio data, phonebook, etc.) created according to the use of the mobile phone, and the like. In addition, the memory 202 may include high-speed random access memory, and may also include non-volatile memory such as hard disk, internal memory, plug-in hard disk, Smart Media Card (SMC), Secure Digital (SD) card, Flash Card, at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

其中,所述重放攻击检测设备200集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器201执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括电载波信号和电信信号。Wherein, if the modules/units integrated in the replay attack detection device 200 are implemented in the form of software functional units and sold or used as independent products, they may be stored in a computer-readable storage medium. Based on this understanding, the present invention can implement all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium. When the program is executed by the processor 201, the steps of the foregoing method embodiments can be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file or some intermediate form, and the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a USB flash drive, a removable hard disk, a magnetic disk, an optical disc, a computer memory, a read-only memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium, etc. It should be noted that the content contained in the computer-readable media may be appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction, for example, in some jurisdictions, according to legislation and patent practice, the computer-readable media Electric carrier signals and telecommunication signals are not included.

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围。The above are the preferred embodiments of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, several improvements and modifications can be made, and these improvements and modifications may also be regarded as It is the protection scope of the present invention.

Claims (10)

1.一种重放攻击检测方法,其特征在于,包括:1. a replay attack detection method, is characterized in that, comprises: 接收客户端发送的包括第一数字签名、客户端当前时间戳和客户端识别码的数据包;其中,所述第一数字签名由所述客户端识别码、所述客户端当前时间戳和客户端密码通过加密算法生成;Receive the data packet sent by the client including the first digital signature, the current timestamp of the client and the client identification code; wherein, the first digital signature is composed of the client identification code, the current timestamp of the client and the client identification code. The terminal password is generated by an encryption algorithm; 提取所述数据包中的所述客户端当前时间戳和所述客户端识别码;extracting the current timestamp of the client and the client identification code in the data packet; 将提取的所述客户端当前时间戳、所述客户端识别码和预存密码生成第二数字签名;其中,所述预存密码为预设的与所述客户端密码相同的密码;generating a second digital signature from the extracted current timestamp of the client, the client identification code and the pre-stored password; wherein, the pre-stored password is a preset password identical to the client password; 当所述第一数字签名和所述第二数字签名不相同时,判定发生重放攻击。When the first digital signature and the second digital signature are different, it is determined that a replay attack occurs. 2.如权利要求1所述的重放攻击检测方法,其特征在于,所述方法还包括:2. The replay attack detection method according to claim 1, wherein the method further comprises: 当所述第一数字签名和所述第二数字签名相同时,判断所述客户端当前时间戳是否大于预存在时间戳列表中的最新时间戳;When the first digital signature and the second digital signature are the same, determine whether the current timestamp of the client is greater than the latest timestamp pre-stored in the timestamp list; 若是,则以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中;若否,则判定发生重放攻击或所述客户端请求超时。If yes, write the current timestamp of the client as the latest timestamp into the timestamp list; if not, determine that a replay attack occurs or the client request times out. 3.如权利要求2所述的重放攻击检测方法,其特征在于,所述以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中后,还包括:3 . The replay attack detection method according to claim 2 , wherein after writing the current timestamp of the client as the latest timestamp into the timestamp list, the method further comprises: 3 . 判断所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值是否大于预设时间阈值;Judging whether the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold; 若是,则在所述时间戳列表中删除与所述最新时间戳的差值大于所述预设时间阈值的客户端时间戳;若否,则保留与所述最新时间戳的差值小于或等于所述预设时间阈值的客户端时间戳。If yes, delete the client timestamp whose difference from the latest timestamp is greater than the preset time threshold from the timestamp list; if not, keep the difference from the latest timestamp less than or equal to The client timestamp of the preset time threshold. 4.如权利要求2所述的重放攻击检测方法,其特征在于,所述时间戳列表包括若干个与所述客户端识别码对应的客户端时间戳,每一所述客户端时间戳按照预设顺序排序。4. The replay attack detection method according to claim 2, wherein the timestamp list includes several client timestamps corresponding to the client identifiers, and each client timestamp is Sort by default order. 5.如权利要求1所述的重放攻击检测方法,其特征在于,所述第二数字签名通过加密算法生成。5. The replay attack detection method according to claim 1, wherein the second digital signature is generated by an encryption algorithm. 6.一种重放攻击检测系统,其特征在于,包括:6. A replay attack detection system, characterized in that, comprising: 数据包接收模块,用于接收客户端发送的包括第一数字签名、客户端当前时间戳和客户端识别码的数据包;其中,所述第一数字签名由所述客户端识别码、所述客户端当前时间戳和客户端密码通过加密算法生成;A data packet receiving module, configured to receive a data packet sent by a client including a first digital signature, a current timestamp of the client and a client identification code; wherein the first digital signature is composed of the client identification code, the client identification The current timestamp of the client and the client password are generated by an encryption algorithm; 数据提取模块,用于提取所述数据包中的所述客户端当前时间戳和所述客户端识别码;a data extraction module for extracting the current timestamp of the client and the client identification code in the data packet; 数字签名生成模块,用于将提取的所述客户端当前时间戳、所述客户端识别码和预存密码生成第二数字签名;其中,所述预存密码为预设的与所述客户端密码相同的密码;A digital signature generation module, configured to generate a second digital signature from the extracted current timestamp of the client, the client identification code and the pre-stored password; wherein, the pre-stored password is the same as the preset password of the client password; 第一判断模块,用于判断所述第一数字签名和所述第二数字签名是否相同;a first judgment module for judging whether the first digital signature and the second digital signature are the same; 第一检测模块,用于当所述第一数字签名和所述第二数字签名不相同时,判定发生重放攻击。A first detection module, configured to determine that a replay attack occurs when the first digital signature and the second digital signature are different. 7.如权利要求6所述的重放攻击检测系统,其特征在于,所述重放攻击检测系统还包括:7. The replay attack detection system according to claim 6, wherein the replay attack detection system further comprises: 第二判断模块,用于当所述第一数字签名和所述第二数字签名相同时,判断所述客户端当前时间戳是否大于预存在时间戳列表中的最新时间戳;a second judgment module, configured to judge whether the current timestamp of the client is greater than the latest timestamp in the pre-existing timestamp list when the first digital signature and the second digital signature are the same; 时间戳更新模块,用于当所述客户端当前时间戳大于所述最新时间戳时,以所述客户端当前时间戳作为所述最新时间戳写入所述时间戳列表中;A timestamp updating module, configured to use the current timestamp of the client as the latest timestamp to write into the timestamp list when the current timestamp of the client is greater than the latest timestamp; 第二检测模块,用于当所述客户端当前时间戳小于或等于所述最新时间戳时,判定发生重放攻击或所述客户端请求超时。The second detection module is configured to determine that a replay attack occurs or the client request times out when the current timestamp of the client is less than or equal to the latest timestamp. 8.如权利要求7所述的重放攻击检测系统,其特征在于,所述重放攻击检测系统还包括:8. The replay attack detection system according to claim 7, wherein the replay attack detection system further comprises: 第三判断模块,用于判断所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值是否大于预设时间阈值;a third judging module, configured to judge whether the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold; 时间戳删除模块,用于当所述最新时间戳与所述时间戳列表中的任一客户端时间戳的差值大于预设时间阈值时,在所述时间戳列表中删除与所述最新时间戳的差值大于所述预设时间阈值的客户端时间戳。A timestamp deletion module, configured to delete the latest timestamp from the timestamp list and the latest timestamp when the difference between the latest timestamp and any client timestamp in the timestamp list is greater than a preset time threshold The difference between the stamps is greater than the client timestamp of the preset time threshold. 9.一种重放攻击检测设备,其特征在于,包括处理器、存储器以及存储在所述存储器中且被配置为由所述处理器执行的计算机程序,所述处理器执行所述计算机程序时实现如权利要求1至5中任意一项所述的重放攻击检测方法。9. A replay attack detection device, characterized by comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, when the processor executes the computer program The replay attack detection method according to any one of claims 1 to 5 is implemented. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质包括存储的计算机程序,其中,在所述计算机程序运行时控制所述计算机可读存储介质所在设备执行如权利要求1至5中任意一项所述的重放攻击检测方法。10. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored computer program, wherein, when the computer program is run, the device where the computer-readable storage medium is located is controlled to perform as claimed in the claims The replay attack detection method described in any one of 1 to 5.
CN202010024384.6A 2020-01-10 2020-01-10 A replay attack detection method, system, device and storage medium Active CN111262701B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010024384.6A CN111262701B (en) 2020-01-10 2020-01-10 A replay attack detection method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010024384.6A CN111262701B (en) 2020-01-10 2020-01-10 A replay attack detection method, system, device and storage medium

Publications (2)

Publication Number Publication Date
CN111262701A true CN111262701A (en) 2020-06-09
CN111262701B CN111262701B (en) 2023-05-23

Family

ID=70953953

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010024384.6A Active CN111262701B (en) 2020-01-10 2020-01-10 A replay attack detection method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN111262701B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813857A (en) * 2020-07-02 2020-10-23 珑门汽车科技(上海)有限公司 Detection data management system and method based on block chain technology
CN112019548A (en) * 2020-08-28 2020-12-01 重庆可兰达科技有限公司 User-defined interface signature method, server and system for preventing malicious attacks
CN112257047A (en) * 2020-11-17 2021-01-22 珠海大横琴科技发展有限公司 Safety control method, device, equipment and medium for data sharing platform
CN112615883A (en) * 2020-12-28 2021-04-06 北京威努特技术有限公司 Attack detection method and device, electronic equipment and storage medium
CN112711759A (en) * 2020-12-28 2021-04-27 山东鲁能软件技术有限公司 Method and system for preventing replay attack vulnerability security protection
CN113382011A (en) * 2021-06-18 2021-09-10 金陵科技学院 Method for preventing replay attack by API interface
CN113612795A (en) * 2021-08-18 2021-11-05 广州科语机器人有限公司 Replay attack judgment method, Internet of things equipment, electronic equipment and storage medium
CN114124374A (en) * 2021-11-10 2022-03-01 郭胜群 Communication anti-replay method and system
CN114499995A (en) * 2021-12-30 2022-05-13 中国电信股份有限公司 A method, apparatus and system for preventing replay attacks
CN114640524A (en) * 2022-03-18 2022-06-17 中国建设银行股份有限公司 Method, apparatus, device and medium for processing transaction replay attack
CN115065503A (en) * 2022-05-11 2022-09-16 浪潮云信息技术股份公司 Method for preventing replay attack of API gateway
CN115150176A (en) * 2022-07-07 2022-10-04 北京达佳互联信息技术有限公司 Replay attack prevention method and device, electronic equipment and storage medium
CN115459930A (en) * 2022-09-14 2022-12-09 中国工商银行股份有限公司 API interface security verification processing method and device
CN116094786A (en) * 2022-12-29 2023-05-09 天翼物联科技有限公司 Data processing method, system, device and storage medium based on double-factor protection

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090187983A1 (en) * 2007-09-07 2009-07-23 Board Of Trustees Of The University Of Illinois Method and system for distributed, localized authentication in the framework of 802.11
CN102023926A (en) * 2010-12-08 2011-04-20 杭州华三通信技术有限公司 Method and device for data overtime aging processing
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN103067258A (en) * 2012-12-14 2013-04-24 北京思特奇信息技术股份有限公司 Message overtime detection processing method
CN103139200A (en) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 Single sign-on method of web service
CN105099690A (en) * 2014-05-19 2015-11-25 江苏博智软件科技有限公司 OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN106534196A (en) * 2016-12-22 2017-03-22 国云科技股份有限公司 An Authentication Method Against Password Guessing Replay Attack
CN106790238A (en) * 2017-01-19 2017-05-31 北京神州绿盟信息安全科技股份有限公司 It is a kind of to forge CSRF defence authentication method and device across station request
CN108306739A (en) * 2018-01-22 2018-07-20 武汉斗鱼网络科技有限公司 A kind of method, server and computer equipment for detecting subscriber identity information
CN109698806A (en) * 2017-10-20 2019-04-30 福建省天奕网络科技有限公司 A kind of user data method of calibration and system
CN110611564A (en) * 2019-07-30 2019-12-24 云南昆钢电子信息科技有限公司 A defense system and method for API replay attack based on timestamp

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090187983A1 (en) * 2007-09-07 2009-07-23 Board Of Trustees Of The University Of Illinois Method and system for distributed, localized authentication in the framework of 802.11
CN102023926A (en) * 2010-12-08 2011-04-20 杭州华三通信技术有限公司 Method and device for data overtime aging processing
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN103067258A (en) * 2012-12-14 2013-04-24 北京思特奇信息技术股份有限公司 Message overtime detection processing method
CN103139200A (en) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 Single sign-on method of web service
CN105099690A (en) * 2014-05-19 2015-11-25 江苏博智软件科技有限公司 OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN106534196A (en) * 2016-12-22 2017-03-22 国云科技股份有限公司 An Authentication Method Against Password Guessing Replay Attack
CN106790238A (en) * 2017-01-19 2017-05-31 北京神州绿盟信息安全科技股份有限公司 It is a kind of to forge CSRF defence authentication method and device across station request
CN109698806A (en) * 2017-10-20 2019-04-30 福建省天奕网络科技有限公司 A kind of user data method of calibration and system
CN108306739A (en) * 2018-01-22 2018-07-20 武汉斗鱼网络科技有限公司 A kind of method, server and computer equipment for detecting subscriber identity information
CN110611564A (en) * 2019-07-30 2019-12-24 云南昆钢电子信息科技有限公司 A defense system and method for API replay attack based on timestamp

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ZAHOOR AHMED ALIZAI等: "Improved IoT Device Authentication Scheme Using Device Capability and Digital Signatures", 《2018 INTERNATIONAL CONFERENCE ON APPLIED AND ENGINEERING MATHEMATICS (ICAEM)》 *
钟声等: "基于时间戳的密码身份认证方案", 《计算机应用》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813857A (en) * 2020-07-02 2020-10-23 珑门汽车科技(上海)有限公司 Detection data management system and method based on block chain technology
CN112019548A (en) * 2020-08-28 2020-12-01 重庆可兰达科技有限公司 User-defined interface signature method, server and system for preventing malicious attacks
CN112257047A (en) * 2020-11-17 2021-01-22 珠海大横琴科技发展有限公司 Safety control method, device, equipment and medium for data sharing platform
CN112615883B (en) * 2020-12-28 2023-04-07 北京威努特技术有限公司 Attack detection method and device, electronic equipment and storage medium
CN112615883A (en) * 2020-12-28 2021-04-06 北京威努特技术有限公司 Attack detection method and device, electronic equipment and storage medium
CN112711759A (en) * 2020-12-28 2021-04-27 山东鲁能软件技术有限公司 Method and system for preventing replay attack vulnerability security protection
CN113382011A (en) * 2021-06-18 2021-09-10 金陵科技学院 Method for preventing replay attack by API interface
CN113612795A (en) * 2021-08-18 2021-11-05 广州科语机器人有限公司 Replay attack judgment method, Internet of things equipment, electronic equipment and storage medium
CN114124374A (en) * 2021-11-10 2022-03-01 郭胜群 Communication anti-replay method and system
CN114499995A (en) * 2021-12-30 2022-05-13 中国电信股份有限公司 A method, apparatus and system for preventing replay attacks
CN114640524A (en) * 2022-03-18 2022-06-17 中国建设银行股份有限公司 Method, apparatus, device and medium for processing transaction replay attack
CN114640524B (en) * 2022-03-18 2024-04-30 中国建设银行股份有限公司 Method, apparatus, device and medium for processing transaction replay attack
CN115065503A (en) * 2022-05-11 2022-09-16 浪潮云信息技术股份公司 Method for preventing replay attack of API gateway
CN115065503B (en) * 2022-05-11 2024-05-31 浪潮云信息技术股份公司 Method for preventing replay attack of API gateway
CN115150176A (en) * 2022-07-07 2022-10-04 北京达佳互联信息技术有限公司 Replay attack prevention method and device, electronic equipment and storage medium
CN115150176B (en) * 2022-07-07 2023-10-17 北京达佳互联信息技术有限公司 Replay attack prevention method and device, electronic equipment and storage medium
CN115459930A (en) * 2022-09-14 2022-12-09 中国工商银行股份有限公司 API interface security verification processing method and device
CN116094786A (en) * 2022-12-29 2023-05-09 天翼物联科技有限公司 Data processing method, system, device and storage medium based on double-factor protection

Also Published As

Publication number Publication date
CN111262701B (en) 2023-05-23

Similar Documents

Publication Publication Date Title
CN111262701B (en) A replay attack detection method, system, device and storage medium
US11270306B2 (en) Asset management method and apparatus, and electronic device
US10348505B1 (en) Systems and techniques for validation of media data
US10997808B2 (en) Secure smart unlocking
CN111868689B (en) Runtime self-correction of blockchain ledgers
US11916920B2 (en) Account access security using a distributed ledger and/or a distributed file system
US10200198B2 (en) Making cryptographic claims about stored data using an anchoring system
US20190332765A1 (en) File processing method and system, and data processing method
US12132836B2 (en) Verified presentation of non-fungible tokens
CN104715183B (en) A kind of trust authentication method and apparatus during virtual machine operation
WO2020192406A1 (en) Method and apparatus for data storage and verification
US9385869B1 (en) Systems and methods for trusting digitally signed files in the absence of verifiable signature conditions
CN112968910B (en) Replay attack prevention method and device
CN107135077B (en) Software protection method and device
CN109447809B (en) Video active identification method combined with block chain
WO2019080423A1 (en) Resource value transfer method and apparatus, storage medium, and server
US20170006060A1 (en) Systems and methods for detecting man-in-the-middle attacks
CN111431908B (en) An access processing method, device, management server and readable storage medium
CN109101797A (en) Intelligent device control method, intelligent device and server
CN112231754B (en) A method, system, and storage medium for monitoring configuration information of power edge computing nodes
CN116132149B (en) Anti-tampering communication method, device, server, smart home and terminal equipment
CN114006738B (en) APP instance fingerprint and device fingerprint based hand-trip login verification method and system
US12216805B2 (en) Monitoring file sharing commands between network equipment to identify adverse conditions
US20230061141A1 (en) Software posture for zero trust access
CN114650175B (en) A verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 901, 9th Floor, New East Sea Centre, 9 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong, China

Patentee after: Lianzhou Group Co.,Ltd.

Country or region after: Hongkong, China

Address before: Room 901, 9th Floor, New East Sea Centre, 9 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong, China

Patentee before: Pulian International Co.,Ltd.

Country or region before: Hongkong, China

CP03 Change of name, title or address