CN108234461A - A kind of encrypted blinded communication system and method based on USB pairings - Google Patents

A kind of encrypted blinded communication system and method based on USB pairings Download PDF

Info

Publication number
CN108234461A
CN108234461A CN201711400782.8A CN201711400782A CN108234461A CN 108234461 A CN108234461 A CN 108234461A CN 201711400782 A CN201711400782 A CN 201711400782A CN 108234461 A CN108234461 A CN 108234461A
Authority
CN
China
Prior art keywords
usb
encrypted
communication system
pairings
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711400782.8A
Other languages
Chinese (zh)
Inventor
赵尔凡
刘雅闻
康荣保
夏明赟
饶志宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN201711400782.8A priority Critical patent/CN108234461A/en
Publication of CN108234461A publication Critical patent/CN108234461A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a kind of encrypted blinded communication systems and method based on USB pairings, communication system includes being distributed to the pairing USB device of communicating pair, the pairing USB device is the HID device for being built-in with embedded OS, the HID device is the equipment of CDC classes, equipment is managed and controlled by communication interface class, data are transmitted by data-interface class;When secrecy transmission, the network of access host is utilized, it would be desirable to which the information of transmission is encrypted in embedded OS.The present invention contributes to there is remote end-to-end secret communication, and solves the problems, such as that incoming end security protection is weaker.The present invention improves the confidentiality of information transmission by End to End Encryption.All data processings are deployed in the embedded OS of external USB forms and are transmitted by the present invention, do not retain any data on access machine hard disk, concealment is preferable.It is applied widely, have the access terminal to plurality of target.

Description

A kind of encrypted blinded communication system and method based on USB pairings
Technical field
The present invention relates to a kind of encrypted blinded communication systems and method based on USB pairings.
Background technology
Network security secret communication has formd a set of based on cryptographic algorithm and procotol by development for many years Security system.But it in practical secret communication application, in the technology branch of particularly extraordinary portable covert communications, also lacks Weary safe and practical means of communication.Most of secret communications end to end, message is retransmited after needing arranging key in advance.But It is that the information of all transmission can leave a trace on access host.Although traditional approach is realized by password and security protocol Link secrecy, but can not ensure to retain information processing trace on access machine, it is difficult to accomplish most hidden and effective safety guarantor It is close.
Invention content
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of encrypted blinded communications based on USB pairings System and method, it is intended to when solving telecommunication security, when that can not ensure access host inherently safe, how to accomplish reliable End-to-end covert communications secrecy.When there are the demand of secret communication, but when can not ensure to send the safety of end main frame, utilize The present invention can solve the problems, such as this.User will plus can be solved by the embedded customized development systems of the pairing USB negotiated in advance All flows of confidential information are placed in carrying out in the pairing USB device.
The technical solution adopted by the present invention to solve the technical problems is:A kind of encrypted blinded communication based on USB pairings System, the pairing USB device including being distributed to communicating pair, the pairing USB device is to be built-in with embedded OS HID device, the HID device are the equipment of CDC classes, and equipment is managed and controlled by communication interface class, passes through data Interface class transmits data;When secrecy transmission, the network of access host is utilized, it would be desirable to which the information of transmission is in embedded operation system It is encrypted in system.
The present invention also provides a kind of encrypted blinded communication means based on USB pairings, include the following steps:
Step 1: the pairing USB device negotiated in advance to communicating pair distribution;
Step 2: communicating pair in designated time point, finds terminal and is accessed, and after being inserted into USB device, starting up Program is run, and is attached request to the address agreed upon successively;
Step 3: recipient B establishes oracle listener in advance, when the incoming end of B is public network address, sender is directly waited for A connections;When the incoming end of B is internal address, then third party's storage server is sent to after first the public network address of B is encoded;
Step 4: A obtains the public network address after being decoded by third party's storage server;
Step 5: A is sent after information is encrypted to B.
Compared with prior art, the positive effect of the present invention is:It is hidden that the present invention proposes a kind of secrecy matched based on USB Cover traffic model and implementation method, contribute to there is remote end-to-end secret communication, but solve incoming end security protection compared with The problem of weak.It is encrypted using built-in embedded OS and Encryption Algorithm.Its main advantageous effect and advantage are as follows:
1. End to End Encryption, confidentiality is high
The present invention improves the confidentiality of information transmission by End to End Encryption.
2. external operating system, access machine leaves no trace
All data processings are deployed in the embedded OS of external USB forms and are transmitted by the present invention, Any data are not retained on access machine hard disk, concealment is preferable.
3. it is applied widely, have the access terminal to plurality of target.
The method of the present invention is applied widely, and precondition is less, has stronger engineering practical value, from now on can be into One step is promoted, and good reference is respectively provided with to demands such as extraordinary transmission, hided transmissions.
Description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is SM4 cryptographic algorithm principle schematics;
Fig. 2 is coded communication schematic diagram when communication party has public network address.
Fig. 3 is required to coded communication schematic diagram when NAT is passed through for communication party.
Specific embodiment
The present invention proposes a kind of encrypted blinded traffic model matched based on USB and implementation method, utilizes customized HID DeviceMode carries out secret and safe communication by built-in embedded developping system.
HID is the abbreviation of Human interface Device, is the equipment directly interacted with people.The data storage of exchange In the structure as report, the firmware of equipment must support HID to report tableau format.Report tableau format very flexible, it can be with Handle the data of any classification.Each affairs can carry the data of a small amount of or middle amount, each affairs maximum of low-speed device It it is 8, each affairs maximum of full-speed device is 64 bytes, and it is 1024 bytes to tell each affairs maximum of equipment.One A report can use more affairs.
CDC classes are the agreement of virtual serial port communication can be realized in USB standard subclass, and due to most behaviour Make system (Windows and Linux) all with support CDC classes device driver, can with the equipment of automatic identification CDC classes, The burden for writing special equipment driving while the installation for simplifying device drives are not only eliminated in this way.CDC classes are USB tissue definition One kind be dedicated for the USB subclasses that various communication equipments (telecommunication path equipment and middling speed network communication equipment) use.
A usual CDC class is made of again two interface subclasses:Communication interface class (Communication Interface ) and data-interface class (Data Interface Class) Class.This patent equipment is managed by communication interface class and Control, and data are transmitted by data-interface class.
Control terminal point be mainly used for USB device enumerate with the baud rate of virtual serial port and data type (data bits, Stop position and start bit) setting communication.The asynchronous end point of outbound course is used for host (Host) to slave device (Slave) Transmission data, the TXD lines (if from the point of view of microcontroller) being equivalent in conventional physical serial ports, the asynchronous end of input direction Endpoint is used for slave device to host transmission data, the RXD lines being equivalent in conventional physical serial ports.
Embedded OS uses the linux kernel based on hardware structure, and selects file system and the system cut out Using to the software platform of fixer system offer operation;USB HID firmware drivers run on built-in Linux operation system The kernel spacing of system.
When secrecy transmission, using the network of access host, the information that will be transmitted in HID embedded developping systems into Row encryption.Domestic block encryption SM4 algorithms may be used in Encryption Algorithm.Equipment is pulled out after end of transmission, whole process, which does not leave, appoints What trace.In ciphering process, handled using domestic SM4 Encryption Algorithm.
SM4 cryptographic algorithms are a grouping algorithms.The block length of the algorithm is 128 bits, and key length is 128 ratios It is special.Encryption Algorithm and key schedule are all using 32 wheel nonlinear iteration structures.Data deciphering and the encrypted algorithm knot of data Structure is identical, and only the use sequence of round key is on the contrary, decryption round key is the backward of encryption round key.Encryption key lengths are 128 bits are expressed as MK=(MK0,MK1,MK2,MK3), wherein MKi(i=0,1,2,3) it is word.Round key is expressed as:(rk0, rk1,...,rk31), wherein rki(i=0 ..., 31) it is 32 bit words.Round key is generated by encryption key.FK=(FK0,FK1, FK2,FK3) for systematic parameter, CK=(CK0,CK1,CK2,CK3) it is preset parameter.As shown in Figure 1.
In transmission process, there are two scenes:
1) when communication party has public network address condition.Access owner moves connection public network IP address host, and communicates.It inserts Enter coded communication after USB device, revoked apparatus after encryption.As shown in Figure 2.
2) when communication party is required to NAT and passes through.
Principle is passed through with reference to NAT, active obtaining exports public network address in B terminals.And the address is passed through into coding staff Formula is stored in third-party server, and the port mapping content of router is configured by script, is started oracle listener and is received Connection request.Actively by connecting third-party server, obtaining the public network address of B terminals and being decoded in A terminals.Again to The public network address of B terminals initiates linking request.The data of transmission are encrypted.As shown in Figure 3.
The basic step of the method for the present invention is as follows:
(1) distribute pairing USB device to communicating pair in advance;Built-in embedded OS i.e. in USB device, it is built-in The public network IP address list of communication and third-party server user name and password information.
(2) both sides find certain station terminal and are accessed in designated time point.After being inserted into USB device, starting up's program Operation, is attached request to the address agreed upon successively.
(3) B needs to establish oracle listener in advance.When the incoming end of B is public network address, A connections are directly waited for;When B's When incoming end is internal address, third party's storage server will be sent to after the public network address coding of B outlets.
(4) A obtains the address after being decoded by third party's storage server;
(5) it after A is encrypted information using high strength encrypting SM4 algorithms, is sent to B.

Claims (8)

1. a kind of encrypted blinded communication system based on USB pairings, it is characterised in that:Pairing including being distributed to communicating pair USB device, the pairing USB device is the HID device for being built-in with embedded OS, and the HID device is set for CDC classes It is standby, equipment is managed and controlled by communication interface class, data are transmitted by data-interface class;When secrecy transmission, profit With the network of access host, it would be desirable to which the information of transmission is encrypted in embedded OS.
2. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:It is described embedding Enter to be built-in with the public network IP address list of communication and third-party server user name and password information in formula operating system.
3. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:It is described embedding Enter to be built-in with all flows of encryption and decryption information in formula operating system.
4. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:The HID The firmware driver of equipment runs on the linux kernel space of embedded OS.
5. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:Encryption is calculated Method uses block encryption SM4 cryptographic algorithms.
6. a kind of encrypted blinded communication system based on USB pairings according to claim 5, it is characterised in that:The SM4 The block length of cryptographic algorithm is 128 bits, and key length is 128 bits, and Encryption Algorithm and key schedule all use 32 Nonlinear iteration structure is taken turns, decryption round key is the backward of encryption round key.
7. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:The HID The firmware of equipment supports HID statement forms.
8. a kind of encrypted blinded communication means based on USB pairings, it is characterised in that:Include the following steps:
Step 1: the pairing USB device negotiated in advance to communicating pair distribution;
Step 2: communicating pair in designated time point, finds terminal and is accessed, and after being inserted into USB device, starting up's program Operation, is attached request to the address agreed upon successively;
Step 3: recipient B establishes oracle listener in advance, when the incoming end of B is public network address, directly sender A is waited for connect It connects;When the incoming end of B is internal address, then third party's storage server is sent to after first the public network address of B is encoded;
Step 4: A obtains the public network address after being decoded by third party's storage server;
Step 5: A is sent after information is encrypted to B.
CN201711400782.8A 2017-12-22 2017-12-22 A kind of encrypted blinded communication system and method based on USB pairings Pending CN108234461A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711400782.8A CN108234461A (en) 2017-12-22 2017-12-22 A kind of encrypted blinded communication system and method based on USB pairings

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711400782.8A CN108234461A (en) 2017-12-22 2017-12-22 A kind of encrypted blinded communication system and method based on USB pairings

Publications (1)

Publication Number Publication Date
CN108234461A true CN108234461A (en) 2018-06-29

Family

ID=62647650

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711400782.8A Pending CN108234461A (en) 2017-12-22 2017-12-22 A kind of encrypted blinded communication system and method based on USB pairings

Country Status (1)

Country Link
CN (1) CN108234461A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468517A (en) * 2021-01-25 2021-03-09 广州大学 Tracing-resistant anonymous communication network access method, system and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080189554A1 (en) * 2007-02-05 2008-08-07 Asad Ali Method and system for securing communication between a host computer and a secure portable device
US20130179685A1 (en) * 2012-01-09 2013-07-11 The Mitre Corporation Secure remote peripheral encryption tunnel
US20160191469A1 (en) * 2014-12-31 2016-06-30 Google Inc. Secure host communications
CN106845254A (en) * 2017-01-20 2017-06-13 杭州华澜微电子股份有限公司 A kind of encrypted data transmission line for computer

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080189554A1 (en) * 2007-02-05 2008-08-07 Asad Ali Method and system for securing communication between a host computer and a secure portable device
US20130179685A1 (en) * 2012-01-09 2013-07-11 The Mitre Corporation Secure remote peripheral encryption tunnel
US20160191469A1 (en) * 2014-12-31 2016-06-30 Google Inc. Secure host communications
CN106845254A (en) * 2017-01-20 2017-06-13 杭州华澜微电子股份有限公司 A kind of encrypted data transmission line for computer

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
佚名: "USB CDC通信设备子类概述", 《HTTPS://BLOG.CSDN.NET/SUIPINGSP/ARTICLE/DETAILS/29825117?UTM_SOURCE=BLOGXGWZ1》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468517A (en) * 2021-01-25 2021-03-09 广州大学 Tracing-resistant anonymous communication network access method, system and device
CN112468517B (en) * 2021-01-25 2021-05-07 广州大学 Tracing-resistant anonymous communication network access method, system and device

Similar Documents

Publication Publication Date Title
TW200307423A (en) Password device and method, password system
CN110035047B (en) Lightweight mechanism for checking message integrity in data packets
CN109714360B (en) Intelligent gateway and gateway communication processing method
CN103458400A (en) Key management method for voice encryption communication system
CN106571907A (en) Method and system for securely transmitting data between upper computer and USB flash disk
CN109344639A (en) A kind of distribution automation double protection safety chip, data transmission method and equipment
CN102348210A (en) Method and mobile security equipment for security mobile officing
CN111541776A (en) Safe communication device and system based on Internet of things equipment
CN104993993A (en) Message processing method, device, and system
US10419212B2 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
CN112040485A (en) Local area network key agreement method, system and computer readable storage medium
JP2004056762A (en) Wireless communication method and equipment, communication control program and controller, key management program, wireless lan system, and recording medium
CN102045343B (en) DC (Digital Certificate) based communication encrypting safety method, server and system
CN106789845A (en) A kind of method of network data security transmission
CN111294211A (en) USB network card data encryption and decryption method based on RNDIS
CN108924157B (en) Message forwarding method and device based on IPSec VPN
CN114499990A (en) Vehicle control method, device, equipment and storage medium
CN108966217A (en) A kind of secret communication method, mobile terminal and secrecy gateway
US20170359178A1 (en) Network communication method having function of recovering terminal session
CN108234461A (en) A kind of encrypted blinded communication system and method based on USB pairings
CN111563980B (en) Bluetooth lock key generation and authentication method
CN114221822B (en) Distribution network method, gateway device and computer readable storage medium
CN114629678B (en) TLS-based intranet penetration method and device
CN111489462A (en) Personal Bluetooth key system
CN101895878A (en) Dynamic password configuration based mobile communication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180629

RJ01 Rejection of invention patent application after publication