Encryption and verification scheme of source IPv6 address between Internet domains

Abstract

Source address verification is to prevent nodes on the same link from deceiving each other’s IP addresses, to prevent hackers from gaining the trust of each other’s terminals, and then controlling the terminals, thus avoiding the penetration of attacks. Based on this, this paper proposes an inter-domain source IPv6 address encryption and verification scheme based on HMAC (HMAC-SAV). The verification scheme verifies the origin of data from transmission path and source/destination-end and identifies the authenticity of data packets. It makes up for the shortcomings of traditional Ingress/Egress filtering, thus preventing IP address spoofing attacks. Through the test vector evaluation of the HMAC-SAV scheme, it is proved that this scheme is a feasible and effective source address verification scheme with multiple verification methods.