CN107666491B - Data transmission method of air-ground integrated network based on symmetric encryption - Google Patents

Data transmission method of air-ground integrated network based on symmetric encryption Download PDF

Info

Publication number
CN107666491B
CN107666491B CN201711128463.6A CN201711128463A CN107666491B CN 107666491 B CN107666491 B CN 107666491B CN 201711128463 A CN201711128463 A CN 201711128463A CN 107666491 B CN107666491 B CN 107666491B
Authority
CN
China
Prior art keywords
data
node
encrypted
key
receiving node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711128463.6A
Other languages
Chinese (zh)
Other versions
CN107666491A (en
Inventor
张振江
李超
李娜
张文宇
张静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
CETC 54 Research Institute
Original Assignee
Beijing Jiaotong University
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University, CETC 54 Research Institute filed Critical Beijing Jiaotong University
Priority to CN201711128463.6A priority Critical patent/CN107666491B/en
Publication of CN107666491A publication Critical patent/CN107666491A/en
Application granted granted Critical
Publication of CN107666491B publication Critical patent/CN107666491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a data transmission method of an air-ground integrated network based on symmetric encryption. The method comprises the following steps: the key generated by the transmitting node encrypts data and transmits the encrypted data to the receiving node through an air network; the transmitting node performs fragmentation operation on the secret key to obtain a plurality of fragment data, each fragment data is encrypted by using a public key of the receiving node, and the encrypted fragment data is sent to the receiving node through a ground network; the receiving node decrypts the encrypted fragment data by using a private key of the receiving node, restores the plurality of fragment data obtained by decryption to obtain a secret key, and decrypts the encrypted data sent by the transmitting node by using the secret key to obtain plaintext data. The method of the invention simultaneously encrypts the important information and the encryption key of the important information, so that the important information in the air-ground integrated network can be safely transmitted to the related receiving end, thereby effectively ensuring that the important information is not tampered.

Description

Data transmission method of air-ground integrated network based on symmetric encryption
Technical Field
The invention relates to the technical field of data security transmission, in particular to a data transmission method of an air-ground integrated network based on symmetric encryption.
Background
The air-ground integrated network is a comprehensive ground and space network resource, realizes the integrated comprehensive processing and the maximum effective utilization of the space-time complex network through the effective acquisition, cooperation and transmission of multi-dimensional information such as air, sky, land, sea and the like, the overall processing of resources, the distribution of tasks and the organization and management of actions, and provides real-time and reliable on-demand services for various different users. The aim of the air-ground integrated network is to carry out comprehensive and efficient collaborative processing on events, and for expansion, multidimensional information is adopted to collaborate each working module to enhance the processing capacity of the events; the advantages of various networks and systems in the air, the sky and the ground are combined, function complementation is realized, and the range of events which can be processed is expanded; the high-efficiency processing of events and tasks is realized by utilizing the strong maneuvering performance, wide coverage range, global cooperation capability and intelligent information processing capability of the air-ground integrated network comprehensive information system.
The air-ground integrated network can realize global integrated information service and ensure the real-time accuracy of the information service. In order to obtain real-time and accurate information service, communication modes have been rapidly developed towards the direction of collaboration and become the trend of future communication, and an air-ground integrated network is a necessary premise and an effective means for realizing collaboration of different communication modes and has the following characteristics:
(1) the collaboration is as follows: the air, space and ground networks are integrated into a unified integrated network system through cooperative work, the advantages of a ground mobile network and a satellite network are utilized to the maximum extent, all modules in the system and the advantages of the modules can be cooperatively worked, the spatial information is coordinated, managed and optimized, various spatial information resources are collected and utilized to the maximum extent, and events are processed more quickly and better;
(2) ubiquitous property: the method integrates various networks of air, sky, land and sea to realize wide coverage and multiple coverage, and has all-weather real-time coverage for areas;
(3) high efficiency: the air-ground integrated network comprehensive information system has the capability of quickly responding to task events and high-efficiency processing capability.
The satellite information network is a backbone part of an air-ground integrated network, and is a network system which takes a satellite as a main carrier to acquire, transmit and process information. The satellite network is a network consisting of satellites with different orbits, types and performances, constellations and corresponding ground facilities which are connected together through inter-satellite and satellite-ground links, and a collection of command, control, communication and other various application systems supported by a spatial information network. As a main communication means of the satellite network, the quality of radio communication directly affects the transmission rate of information, and is one of the key factors determining the performance of the whole system.
The prior art has no safe and effective data transmission method in the air-ground integrated network.
Disclosure of Invention
The embodiment of the invention provides a data transmission method of an air-ground integrated network based on symmetric encryption, which aims to provide a transmission technology with higher security for important data in the air-ground integrated network.
In order to achieve the purpose, the invention adopts the following technical scheme.
A data transmission method of an air-ground integrated network based on symmetric encryption comprises the following steps: when a transmitting node needs to transmit data, firstly, the transmitting node generates a key, encrypts the data needing to be transmitted by using the key to obtain encrypted data, and transmits the encrypted data to a receiving node through an air network;
the transmitting node performs fragmentation operation on the secret key to obtain a plurality of fragment data, each fragment data is encrypted by using a public key of a receiving node, and the encrypted fragment data is sent to the receiving node through a ground network;
the receiving node decrypts the encrypted fragment data sent by the sending node by using a private key of the receiving node, performs reduction operation corresponding to the fragment operation on a plurality of fragment data obtained by decryption operation to obtain the key, and decrypts the encrypted data sent by the sending node by using the key to obtain the data to be transmitted.
Further, before the sending node generates the key, the method further includes:
before data transmission begins, a receiving node generates a pair of public key and private key through a key generation mechanism, the public key is sent to a transmitting node through a secure channel, and the private key is stored by the receiving node.
Further, the sending node generates a key, encrypts data to be transmitted by using the key to obtain encrypted data, and sends the encrypted data to the receiving node through an air network, including:
the transmitting node generates a key k, encrypts data m needing to be transmitted by using the key k to obtain encrypted data Enc (m, k), and encrypts identification data mark of the transmitting node and an integer randomly generated by the transmitting node by using a public key sent by the receiving node to obtain Enc (mark);
and the transmitting node transmits the ciphertext Enc (m, k) and the encrypted identification data Enc (mark) to the receiving node through an air network.
Further, the above mentioned sending node performs a fragmentation operation on the key to obtain multiple fragment data, and uses the public key of the receiving node to perform an encryption operation on each fragment data, and sends the encrypted fragment data to the receiving node through the ground network, including:
the sending node carries out fragmentation operation on the secret key to generate a plurality of fragment data, the fragmentation operation is reversible operation, each fragment data, the identification data mark of the sending node and an integer randomly generated by the sending node are encrypted together by using a public key of the receiving node to obtain a plurality of encrypted fragment data, and each encrypted fragment data is transmitted to the receiving node through a ground network.
Further, the decrypting operation performed by the receiving node on the encrypted fragment data sent by the sending node by using its own private key, the restoring operation corresponding to the fragment operation performed on the plurality of fragment data obtained by the decrypting operation to obtain the key, and the decrypting operation performed on the encrypted data sent by the sending node by using the key to obtain the data to be transmitted include:
after the receiving node receives the ciphertext Enc (m, k), the encrypted identification data Enc (mark) and each encrypted fragment data sent by the sending node, the encrypted identification data Enc (mark) is decrypted according to a private key stored by the receiving node to obtain an identifier of the sending node, each encrypted fragment data is decrypted according to a private key stored by the receiving node to respectively obtain an identifier of the sending node, the receiving node judges whether the identifier of the sending node obtained by decrypting the Enc (mark) is equal to the identifier of the sending node obtained by decrypting the encrypted fragment data, if so, the following processing flow is continued, and if not, the subsequent processing flow is continued; the flow is finished;
the receiving node carries out decryption operation on each encrypted fragment data according to a private key stored by the receiving node to obtain a corresponding integrity verification value, judges whether the integrity verification values obtained by decrypting each encrypted fragment data are equal, if so, continues the following processing flow, otherwise; the flow is finished;
and the receiving node performs data decryption operation on each encrypted fragment data according to a private key stored by the receiving node to obtain corresponding fragment data, performs restoration operation corresponding to the fragment on all the fragment data to obtain a key k, and performs decryption operation on the ciphertext Enc (m, k) by using the key k to obtain plaintext information of the data to be transmitted.
Further, the method further comprises the following steps:
if the receiving node does not receive all the encrypted fragment data or the encrypted fragment data does not pass the data integrity verification within a certain time, requesting the sending node to resend the encrypted fragment data;
and after receiving the retransmission request, the transmitting node generates new encrypted fragment data again according to the transmission stage flow, and selects a transmission path different from the last time when transmitting the new encrypted fragment data to the receiving node through the air-ground integrated network.
It can be seen from the technical solutions provided by the embodiments of the present invention that, a new security data transmission method for an air-ground integrated network based on symmetric encryption is provided in the embodiments of the present invention, and the method adopts two encryption manners to encrypt important information and an encryption key of the important information at the same time, so that the important information in the air-ground integrated network can be safely transmitted to a related receiving end, and meanwhile, the important information is effectively ensured not to be tampered.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a processing flow chart of a method for air-ground integrated network security data transmission based on symmetric encryption according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the convenience of understanding the embodiments of the present invention, the following description will be further explained by taking several specific embodiments as examples in conjunction with the drawings, and the embodiments are not to be construed as limiting the embodiments of the present invention.
The embodiment of the invention provides a novel safety data transmission method in an air-ground integrated network based on symmetric encryption on the basis of designing important data transmission in the air-ground integrated network, so that the safety requirement of important data is guaranteed, and a data integrity verification function is provided for an encryption key of the important data. The air-ground integrated network comprises an air network and a ground network.
The node types included in the concurrent routing protocol are the following two types:
the transmitting node: the node is a type of node which stores important information and needs to transmit the information. The node has the functions of encrypting important information, encrypting related key data, fragmentally encrypting the key data, sending the encrypted important information and encrypting the fragmentally data and the like.
A receiving node: refers to a terminal node that receives important information. The node has the functions of receiving encryption important information, receiving encryption fragment data, reducing fragment data, decrypting key data, decrypting important information, requesting the originating node to resend related data and the like.
The secure data transmission technology provided by the embodiment of the invention mainly comprises the following three aspects:
key generation for public key encryption: the receiving node generates a group of public and private keys according to a known public and private key generation mechanism. The receiving node holds the private key and sends the public key to the transmitting node through the secure transmission channel.
Encryption of important data: when important data needing to be sent exist in a sending node, a symmetric key is generated firstly; then, encrypting important data by using the symmetric key; next, the symmetric key is subjected to fragmentation operation, and all fragments are subjected to public key encryption respectively; and finally, directly sending the encrypted important data to a receiving node, and sending the encrypted fragment data to the receiving node through a satellite network and a ground network respectively.
Decryption of important data: after receiving the encrypted important data, if not receiving all the encrypted fragment data within a certain time or the encrypted fragment data fails to pass the data integrity verification, the receiving node sends a request for resending the fragment data to the sending node, and if receiving all the encrypted fragment data and passing the data integrity verification, the receiving node starts to decrypt the important data. Firstly, the fragmentation data are decrypted by using a private key held by a receiving node, then all the fragmentation data are synthesized to obtain a key, and finally, important data are decrypted according to the obtained key to obtain plaintext information of the important data.
Example one
The processing flow of the air-ground integrated network security data transmission technology based on symmetric encryption provided by the embodiment is shown in fig. 1, and includes the following processing steps:
step S110, before communication begins, the receiving node generates a set of public and private keys capable of verifying data integrity, the public key is sent to the sending node through a secure channel, and the private key is stored by the receiving node.
The embodiment of the invention uses a public and private key encryption mechanism between the receiving nodes and the transmitting nodes, on one hand, one receiving node may correspond to a plurality of transmitting nodes under normal conditions, if a symmetric encryption mechanism is adopted, a corresponding number of symmetric keys are required to be generated according to the number of the receiving nodes, otherwise, data among the transmitting nodes can be cracked mutually, and the security risk is higher; on the other hand, the public and private key encryption mechanism is convenient to maintain, and the issuing security of the public key is also higher.
The public and private key encryption mechanism of the embodiment of the invention can use the existing encryption mechanism which can meet any requirements according to actual conditions. The adopted public and private key encryption mechanism needs to satisfy the following three conditions:
the first condition is as follows: the safety is high;
and a second condition: data integrity verification can be performed;
and (3) carrying out a third condition: the data source may be verified.
The first condition is the basic requirement for an encryption mechanism, the second condition is to ensure that encrypted data is not maliciously tampered in the transmission process, and the third condition is to ensure that a receiving node can know which transmitting node the encrypted data comes from through the encrypted data. Most public and private key encryption mechanisms can meet the three requirements through adjustment.
Step S120, before sending the data to be transmitted, the sending node randomly generates a key k, encrypts the data m to be transmitted by using the key k to obtain encrypted data, and encrypts the identification data mark of the sending node and the integer randomly generated by the sending node by using the public key sent by the receiving node to obtain Enc (mark). Then, the transmitting node transmits the ciphertext Enc (m, k) and the encrypted identification data Enc (mark) to the receiving node through the air network.
In the embodiment of the invention, a symmetric encryption mechanism is adopted for important data of a transmitting node, and an encryption key of the symmetric encryption mechanism is also generated by the transmitting node. Because the transmission of the encrypted important data is directly transmitted from the receiving node to the transmitting node through the air network, the integrity of the data is not usually damaged.
Step S130, the sending node carries out fragmentation operation on the key k to generate a plurality of fragment data, the fragmentation operation is reversible operation, each fragment data, the identification data mark of the sending node and an integer randomly generated by the sending node are encrypted together by using a public key of the receiving node to obtain a plurality of encrypted fragment data, and each encrypted fragment data is transmitted to the receiving node through a ground network.
For example, the sending node performs a fragmentation operation on the key k to generate a and b, generates a random number r for integrity verification, encrypts a and b according to the public key of the receiving node to obtain encrypted data a and encrypted data b, simultaneously adds r into the encrypted data a and the encrypted data b for data integrity verification, and finally sends the two encrypted data to the receiving node through a ground network.
In the embodiment of the present invention, the slicing operation may be a multiplication operation, an addition operation, or other reversible operations, and the operations are mutually known between the receiving node and the transmitting node. In addition, the data of the fragments cannot be too small, taking addition as an example, if one of the fragments is 5, an attacker obtains the other fragment, the plaintext of the symmetric key can be easily cracked, and the fragment data cannot play a role in improving the security.
In the embodiment of the invention, the public key encrypted data is provided with identification data of the transmitting node besides the fragment data and the integrity verification data, and the identification data can ensure that the receiving node confirms which transmitting node the received data belongs to and the total number of fragments.
Step S140, the receiving node performs a decryption operation on the encrypted fragment data sent by the sending node by using its own private key, performs a reduction operation corresponding to the fragment operation on the plurality of fragment data obtained by the decryption operation to obtain the key, and performs a decryption operation on the encrypted data sent by the sending node by using the key to obtain the data to be transmitted.
After receiving a ciphertext Enc (m, k), encrypted identification data Enc (mark) and each encrypted fragment data sent by a sending node, a receiving node decrypts the encrypted identification data Enc (mark) according to a private key stored by the receiving node to obtain an identifier of the sending node, and decrypts each encrypted fragment data according to a private key stored by the receiving node to respectively obtain the identifier of the sending node, and the receiving node judges whether the identifier of the sending node obtained by decrypting the Enc (mark) is equal to the identifier of the sending node obtained by decrypting the encrypted fragment data, if so, the following processing flow is continued, otherwise, the receiving node decrypts the encrypted fragment data according to the private key stored by the receiving node; the flow ends.
The receiving node carries out decryption operation on each encrypted fragment data according to a private key stored by the receiving node to obtain a corresponding integrity verification value, judges whether the integrity verification values obtained by decrypting each encrypted fragment data are equal, if so, continues the following processing flow, otherwise; the flow ends.
And the receiving node performs data decryption operation on each encrypted fragment data according to a private key stored by the receiving node to obtain corresponding fragment data, performs restoration operation corresponding to the fragment on all the fragment data to obtain a key k, and performs decryption operation on the ciphertext Enc (m, k) by using the key k to obtain plaintext information of the data to be transmitted.
For example, after receiving public key encrypted data and identifier encrypted data sent by a sending node through an air network and a ground network, a receiving node performs integrity verification on the public key encrypted data, decrypts the encrypted data after the integrity verification is passed to obtain fragments a and b, and performs reduction operation on the two fragments a and b to obtain a symmetric encryption key k. And finally, decrypting the encrypted data of the transmitting node according to the key k to obtain final plaintext data.
In the embodiment of the invention, the receiving node firstly receives encrypted important data and identifier data from an air network, then receives fragment data from a ground network, firstly verifies the transmitting node of the fragment data, then carries out integrity verification on the fragment data, and carries out decryption operation on the fragment data after the verification is passed.
In the embodiment of the invention, if the integrity verification fails or the fragment data of the target transmitting node does not completely reach the receiving node within a certain time, a request needs to be sent to the target transmitting node to request the transmitting node to send the fragment data again.
In the entire air-ground integrated network, as long as there is transmission of important data, the operations of the above steps S120 to S140 are performed, and the public key updating operation of the above step S110 is performed at regular intervals.
Example two
This embodiment will show a specific implementation example through simulation.
In the embodiment of the invention, the public and private key encryption algorithm adopts an elliptic curve encryption system (namely an ECC encryption algorithm), the fragmentation algorithm adopts addition operation, and the symmetric key encryption mechanism adopts a DES encryption algorithm, so that the flow of the algorithm is as follows:
an initial stage:
the receiving node generates a tuple (q) based on the parameters1,q2,q3E), wherein q1,q2,q3Is 3 different prime numbers, E represents an order of m ═ q1q2q3An elliptic curve of (a);
then, 3 points { X, Y, Z } with the order m are taken from E;
let P be q1q2X,Q=q2q3Y,R=q3q1And Z. Wherein, P is used for encrypting important information in the transmitting node, Q is used for data integrity verification, and R is used for encrypting the identification data of the transmitting node.
The public key generated by the receiving node is (m, P, Q, R, E) and the private key is (Q)1,q2,q3). The receiving node holds the private key and sends the public key to all the transmitting nodes through the secure channel.
And (3) an encryption stage:
first, according to DES (Data Encryption Standard) Encryption rules, the originating node randomly generates a key k with a length of 64 bits, wherein the 8 th, 16 th, 24 th, 32 th, 40 th, 48 th, 56 th, 64 th bits are parity bits, so that each key has an odd number of 1.
Next, the input 64-bit data blocks are recombined bit by bit and the output is divided into L0、R0Two parts, each part is 32 bits long, and the displacement is carried out before and after the displacement, finally the displacement is carried out by L0Output left 32 bits, R0Outputting the right 32 bits, and obtaining L after 16 times of iterative operation according to the rule16、R16And taking the result as input, and carrying out inverse permutation opposite to the initial permutation to obtain the ciphertext output.
Through the above process, the plaintext m of the important data can be encrypted to obtain the ciphertext Des (m, k). And simultaneously, encrypting the unique identification data (mark) of the transmitting node according to the public key:
Ecc(mark)=mark×R+r1×Q,
wherein r is1Randomly generated integers for the originating node are used to enforce the security of the identification data.
And finally, sending the ciphertext Des (m, k) and the encrypted identification data Ecc (mark) to the receiving node.
And (3) a transmission stage:
firstly, two positive integers a and b and a random integer r are randomly generated2Wherein a and b satisfy:
k, and min { a, b } < p < q < max { a, b },
p and q are manually set thresholds, and prevent the generated positive integer from being too large or too small, and a and b are the fragment data of the key k.
Then, the fragment data is encrypted according to the public key of the transmitting node:
Ecc(a)=a×P+r2×Q+mark×R,Ecc(b)=b×P+r2×Q+mark×R,
wherein mark is identification data of the receiving node, r2An integer randomly generated by the originating node.
Finally, the encrypted fragment data ecc (a), ecc (b) is transmitted to the receiving node through the ground network.
And a decryption stage:
since the ciphertext Des (m, k) and the encrypted identification data ec (mark) are directly sent to the receiving node, the receiving node receives the above two data first, and then receives the encrypted fragment data ec (a) and ec (b) from the ground network. And after receiving all the data, the receiving node starts to decrypt:
firstly, the receiving node decrypts Ecc (mark) according to a private key stored by the receiving node to obtain an identifier of the transmitting node,
mark=logP(q1×Ecc(mark))。
random number r1Has the functions of strengthening the security of encrypted data and ensuring the decryption processTo directly remove the random numbers. Then, the receiving node decrypts the ecc (a) and the ecc (b) according to the private key stored by the receiving node to obtain the identifier of the corresponding sending node:
marka=logR(q2q3×Ecc(a)),markb=logR(q2q3×Ecc(b)),
by applying marka,markbAnd comparing with mark to judge whether the group of data all belong to a transmitting node. When marka,markbIf the three identification data are the same as the mark data, the group of data are judged to belong to the same transmitting node, and the subsequent process is continued; when marka,markbIf the three identification data are different from the mark data, the group of data is judged not to belong to a transmitting node, and the process is ended.
After the comparison of the identification data of the sending node is finished, carrying out data integrity verification on the Ecc (a) and the Ecc (b), and carrying out decryption operation on the Ecc (a) and the Ecc (b) by the receiving node according to a private key stored by the receiving node to obtain a corresponding integrity verification value:
r2a=logQ(q1q3×Ecc(a)),r2b=logQ(q1q3×Ecc(b))
by comparing integrity verification values r2aAnd an integrity verification value r2bJudging whether the data are equal, if so, judging the integrity of the data2aIs equal to r2bIf the data integrity verification of the Ecc (a) and the Ecc (b) is passed, continuing to perform the subsequent processing flow; if r is2aIs not equal to r2bThen, it is confirmed that the data integrity verification of ec (a) and ec (b) is not passed, and the process ends.
After the data integrity verification of the ecc (a) and the ecc (b) is passed, data decryption is performed on the ecc (a) and the ecc (b) to obtain two fragment data a and b:
a=logP(q1q2×Ecc(a)),b=logP(q1q2×Ecc(b)),
and adding the two fragment data a and b to obtain a decryption key k of the ciphertext Des (m, k). And according to a DES encryption mechanism, decrypting the ciphertext Des (m, k) by using the decryption key k to obtain a plaintext m of the important data.
The key retransmission mechanism:
and if the receiving node does not receive all the encrypted fragment data or the encrypted fragment data does not pass the data integrity verification within a certain time, requesting the transmitting node to resend the encrypted fragment data.
And after receiving the retransmission request, the transmitting node generates new encrypted fragment data again according to the transmission stage flow. Meanwhile, when the new encrypted fragment data is transmitted through the satellite network and the ground network, a transmission path different from the last transmission path is selected.
In summary, the embodiment of the present invention provides a new secure data transmission method for an air-ground integrated network based on symmetric encryption, which employs two encryption methods to encrypt important information and an encryption key of the important information at the same time, so that the important information in the air-ground integrated network can be safely transmitted to a related receiving end, and the important information is effectively ensured not to be tampered.
The safety data transmission method provided by the embodiment of the invention fully utilizes the characteristics of the air-ground network and has universal applicability in the network based on the air-ground network structure.
Those of ordinary skill in the art will understand that: the figures are merely schematic representations of one embodiment, and the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, they are described in relative terms, as long as they are described in partial descriptions of method embodiments. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (2)

1. A data transmission method of an air-ground integrated network based on symmetric encryption is characterized by comprising the following steps: when a transmitting node needs to transmit data, firstly, the transmitting node generates a key k, encrypts the data needing to be transmitted by using the key k to obtain a ciphertext Enc (m, k), and transmits the ciphertext Enc (m, k) to a receiving node through an air network; the method specifically comprises the following steps:
the transmitting node generates a key k, encrypts data m needing to be transmitted by using the key k to obtain encrypted data Enc (m, k), and encrypts identification data mark of the transmitting node and an integer randomly generated by the transmitting node by using a public key sent by the receiving node to obtain Enc (mark);
the transmitting node transmits the ciphertext Enc (m, k) and the encrypted identification data Enc (mark) to the receiving node through an air network;
the transmitting node performs fragmentation operation on the secret key to obtain a plurality of fragment data, each fragment data is encrypted by using a public key of a receiving node, and the encrypted fragment data is sent to the receiving node through a ground network; the method specifically comprises the following steps:
the sending node carries out fragmentation operation on a secret key to generate a plurality of fragment data, the fragmentation operation is reversible operation, each fragment data, the identification data mark of the sending node and an integer randomly generated by the sending node are encrypted together by using a public key of the receiving node to obtain a plurality of encrypted fragment data, and each encrypted fragment data is transmitted to the receiving node through a ground network;
the receiving node decrypts the encrypted fragment data sent by the sending node by using a private key of the receiving node, performs reduction operation corresponding to the fragment operation on a plurality of fragment data obtained by decryption operation to obtain a key k, and decrypts the encrypted data sent by the sending node by using the key k to obtain the data to be transmitted; the method specifically comprises the following steps:
after the receiving node receives the ciphertext Enc (m, k), the encrypted identification data Enc (mark) and each encrypted fragment data sent by the sending node, the encrypted identification data Enc (mark) is decrypted according to a private key stored by the receiving node to obtain an identifier of the sending node, each encrypted fragment data is decrypted according to a private key stored by the receiving node to respectively obtain an identifier of the sending node, the receiving node judges whether the identifier of the sending node obtained by decrypting the encrypted identification data Enc (mark) is equal to the identifier of the sending node obtained by decrypting each encrypted fragment data, if so, the following processing flow is continued, otherwise, the receiving node decrypts the encrypted identification data Enc (mark) to obtain the identifier of the sending node; the flow is finished;
the receiving node carries out decryption operation on each encrypted fragment data according to a private key stored by the receiving node to obtain a corresponding integrity verification value, judges whether the integrity verification values obtained by decrypting each encrypted fragment data are equal, if so, continues the following processing flow, otherwise; the flow is finished;
the message receiving node performs data decryption operation on each encrypted fragment data according to a private key stored by the message receiving node to obtain corresponding fragment data, performs restoration operation corresponding to the fragment on all the fragment data to obtain a key k, and performs decryption operation on the ciphertext Enc (m, k) by using the key k to obtain plaintext information of the data needing to be transmitted;
the method further comprises the following steps:
if the receiving node does not receive all encrypted fragment data or the encrypted fragment data does not pass data integrity verification within a certain time, requesting the sending node to resend the encrypted fragment data;
and after receiving the retransmission request, the transmitting node generates new encrypted fragment data again according to the transmission stage flow, and selects a transmission path different from the last time when transmitting the new encrypted fragment data to the receiving node through the air-ground integrated network.
2. The method of claim 1, wherein prior to said originating node generating the key, further comprising:
before data transmission begins, a receiving node generates a pair of public key and private key through a key generation mechanism, the public key is sent to a transmitting node through a secure channel, and the private key is stored by the receiving node.
CN201711128463.6A 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption Active CN107666491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711128463.6A CN107666491B (en) 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711128463.6A CN107666491B (en) 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption

Publications (2)

Publication Number Publication Date
CN107666491A CN107666491A (en) 2018-02-06
CN107666491B true CN107666491B (en) 2020-05-05

Family

ID=61143896

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711128463.6A Active CN107666491B (en) 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption

Country Status (1)

Country Link
CN (1) CN107666491B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112580062B (en) * 2019-09-27 2023-03-21 厦门网宿有限公司 Data consistency checking method and data uploading and downloading device
CN112769547A (en) * 2019-11-05 2021-05-07 成都鼎桥通信技术有限公司 Key fragment transmission method and device and corresponding receiving method and device
CN112839329B (en) * 2019-11-06 2022-07-22 中国移动通信有限公司研究院 Verification method, device, equipment and computer readable storage medium
CN111818023A (en) * 2020-06-23 2020-10-23 中国商用飞机有限责任公司 Data transmission method and data transmission system suitable for air-ground communication link

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107231368A (en) * 2017-06-22 2017-10-03 四川长虹电器股份有限公司 The method for lifting the software interface security that Internet is opened

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047494A (en) * 2006-05-14 2007-10-03 华为技术有限公司 Method and system of key consultation in PON system
CN101286843B (en) * 2008-06-03 2010-08-18 江西省电力信息通讯有限公司 Single-point login method under point-to-point model
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
CN103401678A (en) * 2013-07-30 2013-11-20 成都卫士通信息产业股份有限公司 Method for ensuring data transmission safety of Internet of things
US9219722B2 (en) * 2013-12-11 2015-12-22 Globalfoundries Inc. Unclonable ID based chip-to-chip communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107231368A (en) * 2017-06-22 2017-10-03 四川长虹电器股份有限公司 The method for lifting the software interface security that Internet is opened

Also Published As

Publication number Publication date
CN107666491A (en) 2018-02-06

Similar Documents

Publication Publication Date Title
CN107666491B (en) Data transmission method of air-ground integrated network based on symmetric encryption
US8050410B2 (en) Distributed encryption methods and systems
CN102869013B (en) Based on the safe communication system of radio channel characteristic
CN102088441B (en) Data encryption transmission method and system for message-oriented middleware
CN109962769B (en) Data security deduplication method based on threshold blind signature
WO1999012310A1 (en) Encryption of data packets using a sequence of private keys generated from a public key exchange
CN112104454B (en) Data secure transmission method and system
CN105792190B (en) Data encryption, decryption and transmission method in communication system
CN110138550B (en) QKD network system model construction method
CN102088352B (en) Data encryption transmission method and system for message-oriented middleware
JP2010166564A (en) Device and method for reducing overhead in wireless network
Tajbakhsh et al. Coded cooperative data exchange for multiple unicasts
CN102469173A (en) IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm
Xie et al. An efficient privacy-preserving scheme for secure network coding based on compressed sensing
CN116321129B (en) Lightweight dynamic key-based power transaction private network communication encryption method
CN102271330A (en) Terminal, network server and method for communication between terminal and network server
CN111385088B (en) Efficient satellite quantum key pairing generation method
CN110380848B (en) Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication
CN114025346B (en) Data transmission method for data security and effectiveness between mobile self-setting networks
US20130003968A1 (en) Method and apparatus for generating session key and cluster key
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
CN111885013A (en) Mimicry encryption communication module, system and method
Leu et al. Improving security levels of IEEE802. 16e authentication by Involving Diffie-Hellman PKDS
Omar et al. ARQ secrecy: From theory to practice
CN111865972B (en) Anonymous communication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant