CN107979600A - One kind divides field encryption interchanger and its method of work - Google Patents
One kind divides field encryption interchanger and its method of work Download PDFInfo
- Publication number
- CN107979600A CN107979600A CN201711228215.9A CN201711228215A CN107979600A CN 107979600 A CN107979600 A CN 107979600A CN 201711228215 A CN201711228215 A CN 201711228215A CN 107979600 A CN107979600 A CN 107979600A
- Authority
- CN
- China
- Prior art keywords
- encryption
- interchanger
- message
- field
- interference
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
Abstract
The present invention relates to one kind to divide field encryption interchanger and its method of work.Of the present invention point of field encryption interchanger, on the basis of general two layers/three-tier switch, increases interference module so that the message that interchanger transmits inside subnet is encrypted by field, and different field uses different cipher modes;Since message divides field encryption, unless install special descrambling module, otherwise common network interface card None- identified message;If cracking message by force, need all to decrypt all fields, existing computing capability can not be realized at all, so as to fulfill internal thief-proof auditory function.
Description
Technical field
The present invention relates to one kind to divide field encryption interchanger and its method of work, belongs to the technology neck of safe transmission interchanger
Domain.
Background technology
With the continuous development of network technology and popularization, the exchange of people are more and more frequently and convenient.The thing followed, is
The secrets disclosed by net that emerges in an endless stream, hacker attack, network interception event, huge threat is caused to the information security of people.Mesh
Before, most popular information safety protection mode is that data are encrypted with transmission, but the encryption of data is only for message load,
There is the possibility that is trapped on transmission link, if organization internal there are listener-in, in two layers of ad-hoc network, by network
The data of transmission all grab, and data are decrypted using powerful decoding tool, and private data still may quilt
Crack.
The content of the invention
In view of the deficiencies of the prior art, present invention offer one kind divides field encryption interchanger.
The present invention also provides a kind of method of work of above-mentioned point of field encryption interchanger.
Term explanation:
Subnet:The LAN being made of the computer within the same network segment
Outer net:The set of the computer of the same network segment is not belonging to the machine
The technical scheme is that:
One kind divides field encryption interchanger, and the interchanger is provided with dry on the basis of general two layers/three-tier switch
Module is disturbed, descrambling module corresponding with the interference module is provided with the network interface card of the interchanger;It is built-in to state interference module
In the business function module of interchanger;Interference module carries out Scrambling Operation by Encryption Algorithm to message;The descrambling module is real
The inverse operation of existing interference module, is original message by the data convert of scrambling.
The method of work of a kind of point of field encryption interchanger, including step are as follows:
1) the common IP packet outside interchanger reception, and common IP packet is divided into multiple fields;Each field is set
There is corresponding interference table, input of the interference table as the interference module, interference module is according to the setting of interference table to report
Text carries out Scrambling Operation;
2) descrambling is transmitted to after the message that the interference module transmits interchanger inside subnet is by field encryption
Module;Different fields uses different cipher modes in ciphering process;
3) the encryption message of reception is reduced and submits transport layer by the descrambling module.
Preferable according to the present invention, the communication mode between subnet and outer net is the out of order report after interference module scrambles
Text, on the basis of the transmission of original two/three-layer network, adds Custom Encryption and audit function.
Preferable according to the present invention, in the step 1), the field includes, DMAC/SMAC/TYPE/IP_
HEADER/SIP/DIP/SPORT/DPORT。
Preferable according to the present invention, in the step 2), the concrete mode of field encryption is as follows:
2.1) set using each field first byte as the interference table address of interference module, inquiry interference table;
2.2) interference table includes out of order table and encryption factor;The out of order table rearranges the byte order in field;
The encryption factor exports after the message content after upsetting order is performed mathematical calculations with encryption factor.
It is further preferred that in the step 2.2), tool that the out of order table rearranges the byte order in field
Body process is that interference module is according to out of order table, and in addition to first byte, every 8 byte is one group, and the byte order of message is upset.
In the step 2.2), the message content after upsetting order and encryption factor are carried out mathematics fortune by the encryption factor
The detailed process of calculation is, the interference module according to scrambling algorithms by each byte in message and the scrambling factor carry out exclusive or,
Displacement or in-place computation, the message after being scrambled.
Beneficial effects of the present invention are:
1. of the present invention point of field encryption interchanger, on the basis of general two layers/three-tier switch, increase interference mould
Block so that the message that interchanger transmits inside subnet is encrypted by field, and different field uses different cipher modes;
Since message divides field encryption, unless install special descrambling module, otherwise common network interface card None- identified message;If crack by force
Message, then need all to decrypt all fields, existing computing capability can not be realized at all, so as to fulfill internal anti-eavesdrop work(
Energy.
Brief description of the drawings
Fig. 1 is the operation principle schematic diagram that common IP packet is divided into multiple fields by interchanger in embodiment 2;
Fig. 2 is the operation principle schematic diagram that message is pressed field encryption by interference module in embodiment 2.
Embodiment
With reference to embodiment and Figure of description, the present invention will be further described, but not limited to this.
Embodiment 1
One kind divides field encryption interchanger, and the interchanger is provided with dry on the basis of general two layers/three-tier switch
Module is disturbed, descrambling module corresponding with the interference module is provided with the network interface card of the interchanger;It is built-in to state interference module
In the business function module of interchanger;Interference module carries out Scrambling Operation by Encryption Algorithm to message;The descrambling module is real
The inverse operation of existing interference module, is original message by the data convert of scrambling.
Embodiment 2
The method of work as described in Example 1 for dividing field encryption interchanger, including step are as follows:
1) the common IP packet outside interchanger reception, and common IP packet is divided into multiple field DMAC/SMAC/
TYPE/IP_HEADER/SIP/DIP/SPORT/DPORT;Each field is provided with corresponding interference table, the interference table conduct
The input of the interference module, interference module carry out Scrambling Operation according to the setting of interference table to message;As shown in Figure 1.
2) descrambling is transmitted to after the message that the interference module transmits interchanger inside subnet is by field encryption
Module;Different fields uses different cipher modes in ciphering process;
The concrete mode of field encryption is as follows:
2.1) set using each field first byte as the interference table address of interference module, inquiry interference table;
2.2) interference table includes out of order table and encryption factor;The out of order table rearranges the byte order in field;
The encryption factor exports after the message content after upsetting order is performed mathematical calculations with encryption factor.
The detailed process that byte order in field rearranges is by the out of order table, interference module according to out of order table,
In addition to first byte, every 8 byte is one group, and the byte order of message is upset.
Message content after upsetting order and the detailed process that encryption factor performs mathematical calculations be by the encryption factor,
Each byte in message and the scrambling factor are carried out exclusive or, displacement or in-place computation by the interference module according to scrambling algorithms,
Message after being scrambled.
3) the encryption message of reception is reduced and submits transport layer by the descrambling module.
As shown in Fig. 2, after interchanger receives the message that exterior DMAC contents are AABBCCEEDDFF, first according to message
First character section AA searches interference table, interference module upsets the byte order of message according to out of order sequence, message as index
Become AABBCC99DD88FFEE-5566771144002233.Interference module according to scrambling algorithms, by each byte of message with
The scrambling factor does nonequivalence operation, and the scrambling factor is " A0 ", and it is AA1B6C397D285F4E- to obtain final message
F5C6D7B1E4AD8293。
Embodiment 3
Divide the method for work of field encryption interchanger as described in Example 2, it is further, logical between subnet and outer net
Letter mode is the out of order message after interference module scrambles, and on the basis of the transmission of original two/three-layer network, adds and makes by oneself
Justice encryption and audit function.
Claims (6)
1. one kind divides field encryption interchanger, it is characterised in that the interchanger is on the basis of general two layers/three-tier switch
Interference module is provided with, descrambling module corresponding with the interference module is provided with the network interface card of the interchanger;State interference mould
Block is the business function module for being built in interchanger;Interference module carries out Scrambling Operation by Encryption Algorithm to message;The solution
The inverse operation that module realizes interference module is disturbed, is original message by the data convert of scrambling.
2. a kind of method of work for dividing field encryption interchanger as claimed in claim 1, it is characterised in that as follows including step:
1) the common IP packet outside interchanger reception, and common IP packet is divided into multiple fields;Each field is provided with pair
The interference table answered, input of the interference table as the interference module, interference module according to the setting of interference table to message into
Row Scrambling Operation;
2) descrambling module is transmitted to after the message that the interference module transmits interchanger inside subnet is by field encryption;
Different fields uses different cipher modes in ciphering process;
3) the encryption message of reception is reduced and submits transport layer by the descrambling module.
3. the method for work of according to claim 2 point of field encryption interchanger, it is characterised in that in the step 1),
The field includes, DMAC/SMAC/TYPE/IP_HEADER/SIP/DIP/SPORT/DPORT.
4. the method for work of according to claim 2 point of field encryption interchanger, it is characterised in that in the step 2),
The concrete mode of field encryption is as follows:
2.1) set using each field first byte as the interference table address of interference module, inquiry interference table;
2.2) interference table includes out of order table and encryption factor;The out of order table rearranges the byte order in field;It is described
Encryption factor exports after the message content after upsetting order is performed mathematical calculations with encryption factor.
5. the method for work of according to claim 4 point of field encryption interchanger, it is characterised in that the step 2.2)
In, the detailed process that the byte order in field rearranges is that interference module is according to out of order table, except lead-in by the out of order table
Section is outer, and every 8 byte is one group, and the byte order of message is upset;
In the step 2.2), the encryption factor performs mathematical calculations the message content after upsetting order and encryption factor
Detailed process is that each byte in message and the scrambling factor are carried out exclusive or, displacement by the interference module according to scrambling algorithms
Or in-place computation, the message after being scrambled.
6. the method for work of according to claim 2 point of field encryption interchanger, it is characterised in that between subnet and outer net
Communication mode be out of order message after interference module scrambles, on the basis of the transmission of original two/three-layer network, add
Custom Encryption and audit function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711228215.9A CN107979600A (en) | 2017-11-29 | 2017-11-29 | One kind divides field encryption interchanger and its method of work |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711228215.9A CN107979600A (en) | 2017-11-29 | 2017-11-29 | One kind divides field encryption interchanger and its method of work |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107979600A true CN107979600A (en) | 2018-05-01 |
Family
ID=62008303
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711228215.9A Pending CN107979600A (en) | 2017-11-29 | 2017-11-29 | One kind divides field encryption interchanger and its method of work |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107979600A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327306A (en) * | 2018-09-20 | 2019-02-12 | 国家体育总局体育科学研究所 | A kind of data transmission method and system based on fixed message length |
| CN115643101A (en) * | 2022-10-31 | 2023-01-24 | 重庆长安汽车股份有限公司 | Encryption transmission method and device of communication data, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780556A (en) * | 2011-05-09 | 2012-11-14 | 北大方正集团有限公司 | Method and device for encrypting and decrypting digital content section by section |
| CN105847233A (en) * | 2016-03-10 | 2016-08-10 | 浪潮集团有限公司 | Switch which carries out encrypted transmission according to fields |
| CN106254896A (en) * | 2016-08-05 | 2016-12-21 | 中国传媒大学 | A kind of distributed cryptographic method for real-time video |
| WO2017196136A1 (en) * | 2016-05-12 | 2017-11-16 | Lg Electronics Inc. | A system and method for efficient and secure implementation of ls-designs |
-
2017
- 2017-11-29 CN CN201711228215.9A patent/CN107979600A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780556A (en) * | 2011-05-09 | 2012-11-14 | 北大方正集团有限公司 | Method and device for encrypting and decrypting digital content section by section |
| CN105847233A (en) * | 2016-03-10 | 2016-08-10 | 浪潮集团有限公司 | Switch which carries out encrypted transmission according to fields |
| WO2017196136A1 (en) * | 2016-05-12 | 2017-11-16 | Lg Electronics Inc. | A system and method for efficient and secure implementation of ls-designs |
| CN106254896A (en) * | 2016-08-05 | 2016-12-21 | 中国传媒大学 | A kind of distributed cryptographic method for real-time video |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327306A (en) * | 2018-09-20 | 2019-02-12 | 国家体育总局体育科学研究所 | A kind of data transmission method and system based on fixed message length |
| CN115643101A (en) * | 2022-10-31 | 2023-01-24 | 重庆长安汽车股份有限公司 | Encryption transmission method and device of communication data, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mousavi et al. | Security of internet of things based on cryptographic algorithms: a survey | |
| CN105357218B (en) | A kind of router and its encipher-decipher method having hardware enciphering and deciphering function | |
| CN103441839B (en) | Application method and system of a kind of quantum cryptography in IP secure communications | |
| CN109525386A (en) | A method of based on the privately owned intersection of Paillier homomorphic cryptography and | |
| CN110011786B (en) | High-safety IP secret communication method | |
| CN105743645A (en) | PUF (Physical Unclonable Function)-based stream key generation device and method and data encryption and decryption method | |
| Jabeen et al. | A lightweight genetic based algorithm for data security in wireless body area networks | |
| CN102710624B (en) | Customizable network identity authentication method based on SM2 algorithm | |
| CN106067878A (en) | A kind of network data encryption transmission method | |
| CN107046548B (en) | Data packet filtering method under privacy protection | |
| CN110798311A (en) | IP encryption method for realizing one-time pad based on quantum true random number matrix | |
| Mousavi et al. | Security of Internet of Things using RC4 and ECC algorithms (case study: smart irrigation systems) | |
| CN102882850A (en) | Cryptographic device and method thereof for isolating data by employing non-network way | |
| CN107979600A (en) | One kind divides field encryption interchanger and its method of work | |
| Jasim et al. | Analysis of encryption algorithms proposed for data security in 4g and 5g generations | |
| Sumathi et al. | Using Artificial Intelligence (AI) and Internet of Things (IoT) for Improving Network Security by Hybrid Cryptography Approach | |
| CN109302282A (en) | A kind of trade secret sending method based on data encryption technology | |
| Li et al. | Mimic encryption system for network security | |
| Li | A Symmetric Cryptography Algorithm in Wireless Sensor Network Security. | |
| CN105847233A (en) | Switch which carries out encrypted transmission according to fields | |
| CN116980194A (en) | Safe and efficient data transmission method and system based on cloud edge end cooperation | |
| Bao et al. | A data partitioning and scrambling method to secure cloud storage with healthcare applications | |
| CN106535178B (en) | Access layer and Non-Access Stratum key safety insulating device and its method | |
| CN110213257B (en) | High-safety IP secret communication method based on true random stream exclusive or encryption | |
| Glass et al. | Insecurity in public-safety communications: APCO project 25 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180501 |
|
| WD01 | Invention patent application deemed withdrawn after publication |