CN108234461A - A kind of encrypted blinded communication system and method based on USB pairings - Google Patents
A kind of encrypted blinded communication system and method based on USB pairings Download PDFInfo
- Publication number
- CN108234461A CN108234461A CN201711400782.8A CN201711400782A CN108234461A CN 108234461 A CN108234461 A CN 108234461A CN 201711400782 A CN201711400782 A CN 201711400782A CN 108234461 A CN108234461 A CN 108234461A
- Authority
- CN
- China
- Prior art keywords
- usb
- encrypted
- communication system
- pairings
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of encrypted blinded communication systems and method based on USB pairings, communication system includes being distributed to the pairing USB device of communicating pair, the pairing USB device is the HID device for being built-in with embedded OS, the HID device is the equipment of CDC classes, equipment is managed and controlled by communication interface class, data are transmitted by data-interface class;When secrecy transmission, the network of access host is utilized, it would be desirable to which the information of transmission is encrypted in embedded OS.The present invention contributes to there is remote end-to-end secret communication, and solves the problems, such as that incoming end security protection is weaker.The present invention improves the confidentiality of information transmission by End to End Encryption.All data processings are deployed in the embedded OS of external USB forms and are transmitted by the present invention, do not retain any data on access machine hard disk, concealment is preferable.It is applied widely, have the access terminal to plurality of target.
Description
Technical field
The present invention relates to a kind of encrypted blinded communication systems and method based on USB pairings.
Background technology
Network security secret communication has formd a set of based on cryptographic algorithm and procotol by development for many years
Security system.But it in practical secret communication application, in the technology branch of particularly extraordinary portable covert communications, also lacks
Weary safe and practical means of communication.Most of secret communications end to end, message is retransmited after needing arranging key in advance.But
It is that the information of all transmission can leave a trace on access host.Although traditional approach is realized by password and security protocol
Link secrecy, but can not ensure to retain information processing trace on access machine, it is difficult to accomplish most hidden and effective safety guarantor
It is close.
Invention content
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of encrypted blinded communications based on USB pairings
System and method, it is intended to when solving telecommunication security, when that can not ensure access host inherently safe, how to accomplish reliable
End-to-end covert communications secrecy.When there are the demand of secret communication, but when can not ensure to send the safety of end main frame, utilize
The present invention can solve the problems, such as this.User will plus can be solved by the embedded customized development systems of the pairing USB negotiated in advance
All flows of confidential information are placed in carrying out in the pairing USB device.
The technical solution adopted by the present invention to solve the technical problems is:A kind of encrypted blinded communication based on USB pairings
System, the pairing USB device including being distributed to communicating pair, the pairing USB device is to be built-in with embedded OS
HID device, the HID device are the equipment of CDC classes, and equipment is managed and controlled by communication interface class, passes through data
Interface class transmits data;When secrecy transmission, the network of access host is utilized, it would be desirable to which the information of transmission is in embedded operation system
It is encrypted in system.
The present invention also provides a kind of encrypted blinded communication means based on USB pairings, include the following steps:
Step 1: the pairing USB device negotiated in advance to communicating pair distribution;
Step 2: communicating pair in designated time point, finds terminal and is accessed, and after being inserted into USB device, starting up
Program is run, and is attached request to the address agreed upon successively;
Step 3: recipient B establishes oracle listener in advance, when the incoming end of B is public network address, sender is directly waited for
A connections;When the incoming end of B is internal address, then third party's storage server is sent to after first the public network address of B is encoded;
Step 4: A obtains the public network address after being decoded by third party's storage server;
Step 5: A is sent after information is encrypted to B.
Compared with prior art, the positive effect of the present invention is:It is hidden that the present invention proposes a kind of secrecy matched based on USB
Cover traffic model and implementation method, contribute to there is remote end-to-end secret communication, but solve incoming end security protection compared with
The problem of weak.It is encrypted using built-in embedded OS and Encryption Algorithm.Its main advantageous effect and advantage are as follows:
1. End to End Encryption, confidentiality is high
The present invention improves the confidentiality of information transmission by End to End Encryption.
2. external operating system, access machine leaves no trace
All data processings are deployed in the embedded OS of external USB forms and are transmitted by the present invention,
Any data are not retained on access machine hard disk, concealment is preferable.
3. it is applied widely, have the access terminal to plurality of target.
The method of the present invention is applied widely, and precondition is less, has stronger engineering practical value, from now on can be into
One step is promoted, and good reference is respectively provided with to demands such as extraordinary transmission, hided transmissions.
Description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is SM4 cryptographic algorithm principle schematics;
Fig. 2 is coded communication schematic diagram when communication party has public network address.
Fig. 3 is required to coded communication schematic diagram when NAT is passed through for communication party.
Specific embodiment
The present invention proposes a kind of encrypted blinded traffic model matched based on USB and implementation method, utilizes customized HID
DeviceMode carries out secret and safe communication by built-in embedded developping system.
HID is the abbreviation of Human interface Device, is the equipment directly interacted with people.The data storage of exchange
In the structure as report, the firmware of equipment must support HID to report tableau format.Report tableau format very flexible, it can be with
Handle the data of any classification.Each affairs can carry the data of a small amount of or middle amount, each affairs maximum of low-speed device
It it is 8, each affairs maximum of full-speed device is 64 bytes, and it is 1024 bytes to tell each affairs maximum of equipment.One
A report can use more affairs.
CDC classes are the agreement of virtual serial port communication can be realized in USB standard subclass, and due to most behaviour
Make system (Windows and Linux) all with support CDC classes device driver, can with the equipment of automatic identification CDC classes,
The burden for writing special equipment driving while the installation for simplifying device drives are not only eliminated in this way.CDC classes are USB tissue definition
One kind be dedicated for the USB subclasses that various communication equipments (telecommunication path equipment and middling speed network communication equipment) use.
A usual CDC class is made of again two interface subclasses:Communication interface class (Communication Interface
) and data-interface class (Data Interface Class) Class.This patent equipment is managed by communication interface class and
Control, and data are transmitted by data-interface class.
Control terminal point be mainly used for USB device enumerate with the baud rate of virtual serial port and data type (data bits,
Stop position and start bit) setting communication.The asynchronous end point of outbound course is used for host (Host) to slave device (Slave)
Transmission data, the TXD lines (if from the point of view of microcontroller) being equivalent in conventional physical serial ports, the asynchronous end of input direction
Endpoint is used for slave device to host transmission data, the RXD lines being equivalent in conventional physical serial ports.
Embedded OS uses the linux kernel based on hardware structure, and selects file system and the system cut out
Using to the software platform of fixer system offer operation;USB HID firmware drivers run on built-in Linux operation system
The kernel spacing of system.
When secrecy transmission, using the network of access host, the information that will be transmitted in HID embedded developping systems into
Row encryption.Domestic block encryption SM4 algorithms may be used in Encryption Algorithm.Equipment is pulled out after end of transmission, whole process, which does not leave, appoints
What trace.In ciphering process, handled using domestic SM4 Encryption Algorithm.
SM4 cryptographic algorithms are a grouping algorithms.The block length of the algorithm is 128 bits, and key length is 128 ratios
It is special.Encryption Algorithm and key schedule are all using 32 wheel nonlinear iteration structures.Data deciphering and the encrypted algorithm knot of data
Structure is identical, and only the use sequence of round key is on the contrary, decryption round key is the backward of encryption round key.Encryption key lengths are
128 bits are expressed as MK=(MK0,MK1,MK2,MK3), wherein MKi(i=0,1,2,3) it is word.Round key is expressed as:(rk0,
rk1,...,rk31), wherein rki(i=0 ..., 31) it is 32 bit words.Round key is generated by encryption key.FK=(FK0,FK1,
FK2,FK3) for systematic parameter, CK=(CK0,CK1,CK2,CK3) it is preset parameter.As shown in Figure 1.
In transmission process, there are two scenes:
1) when communication party has public network address condition.Access owner moves connection public network IP address host, and communicates.It inserts
Enter coded communication after USB device, revoked apparatus after encryption.As shown in Figure 2.
2) when communication party is required to NAT and passes through.
Principle is passed through with reference to NAT, active obtaining exports public network address in B terminals.And the address is passed through into coding staff
Formula is stored in third-party server, and the port mapping content of router is configured by script, is started oracle listener and is received
Connection request.Actively by connecting third-party server, obtaining the public network address of B terminals and being decoded in A terminals.Again to
The public network address of B terminals initiates linking request.The data of transmission are encrypted.As shown in Figure 3.
The basic step of the method for the present invention is as follows:
(1) distribute pairing USB device to communicating pair in advance;Built-in embedded OS i.e. in USB device, it is built-in
The public network IP address list of communication and third-party server user name and password information.
(2) both sides find certain station terminal and are accessed in designated time point.After being inserted into USB device, starting up's program
Operation, is attached request to the address agreed upon successively.
(3) B needs to establish oracle listener in advance.When the incoming end of B is public network address, A connections are directly waited for;When B's
When incoming end is internal address, third party's storage server will be sent to after the public network address coding of B outlets.
(4) A obtains the address after being decoded by third party's storage server;
(5) it after A is encrypted information using high strength encrypting SM4 algorithms, is sent to B.
Claims (8)
1. a kind of encrypted blinded communication system based on USB pairings, it is characterised in that:Pairing including being distributed to communicating pair
USB device, the pairing USB device is the HID device for being built-in with embedded OS, and the HID device is set for CDC classes
It is standby, equipment is managed and controlled by communication interface class, data are transmitted by data-interface class;When secrecy transmission, profit
With the network of access host, it would be desirable to which the information of transmission is encrypted in embedded OS.
2. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:It is described embedding
Enter to be built-in with the public network IP address list of communication and third-party server user name and password information in formula operating system.
3. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:It is described embedding
Enter to be built-in with all flows of encryption and decryption information in formula operating system.
4. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:The HID
The firmware driver of equipment runs on the linux kernel space of embedded OS.
5. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:Encryption is calculated
Method uses block encryption SM4 cryptographic algorithms.
6. a kind of encrypted blinded communication system based on USB pairings according to claim 5, it is characterised in that:The SM4
The block length of cryptographic algorithm is 128 bits, and key length is 128 bits, and Encryption Algorithm and key schedule all use 32
Nonlinear iteration structure is taken turns, decryption round key is the backward of encryption round key.
7. a kind of encrypted blinded communication system based on USB pairings according to claim 1, it is characterised in that:The HID
The firmware of equipment supports HID statement forms.
8. a kind of encrypted blinded communication means based on USB pairings, it is characterised in that:Include the following steps:
Step 1: the pairing USB device negotiated in advance to communicating pair distribution;
Step 2: communicating pair in designated time point, finds terminal and is accessed, and after being inserted into USB device, starting up's program
Operation, is attached request to the address agreed upon successively;
Step 3: recipient B establishes oracle listener in advance, when the incoming end of B is public network address, directly sender A is waited for connect
It connects;When the incoming end of B is internal address, then third party's storage server is sent to after first the public network address of B is encoded;
Step 4: A obtains the public network address after being decoded by third party's storage server;
Step 5: A is sent after information is encrypted to B.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711400782.8A CN108234461A (en) | 2017-12-22 | 2017-12-22 | A kind of encrypted blinded communication system and method based on USB pairings |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711400782.8A CN108234461A (en) | 2017-12-22 | 2017-12-22 | A kind of encrypted blinded communication system and method based on USB pairings |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108234461A true CN108234461A (en) | 2018-06-29 |
Family
ID=62647650
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711400782.8A Pending CN108234461A (en) | 2017-12-22 | 2017-12-22 | A kind of encrypted blinded communication system and method based on USB pairings |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108234461A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112468517A (en) * | 2021-01-25 | 2021-03-09 | 广州大学 | Tracing-resistant anonymous communication network access method, system and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080189554A1 (en) * | 2007-02-05 | 2008-08-07 | Asad Ali | Method and system for securing communication between a host computer and a secure portable device |
US20130179685A1 (en) * | 2012-01-09 | 2013-07-11 | The Mitre Corporation | Secure remote peripheral encryption tunnel |
US20160191469A1 (en) * | 2014-12-31 | 2016-06-30 | Google Inc. | Secure host communications |
CN106845254A (en) * | 2017-01-20 | 2017-06-13 | 杭州华澜微电子股份有限公司 | A kind of encrypted data transmission line for computer |
-
2017
- 2017-12-22 CN CN201711400782.8A patent/CN108234461A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080189554A1 (en) * | 2007-02-05 | 2008-08-07 | Asad Ali | Method and system for securing communication between a host computer and a secure portable device |
US20130179685A1 (en) * | 2012-01-09 | 2013-07-11 | The Mitre Corporation | Secure remote peripheral encryption tunnel |
US20160191469A1 (en) * | 2014-12-31 | 2016-06-30 | Google Inc. | Secure host communications |
CN106845254A (en) * | 2017-01-20 | 2017-06-13 | 杭州华澜微电子股份有限公司 | A kind of encrypted data transmission line for computer |
Non-Patent Citations (1)
Title |
---|
佚名: "USB CDC通信设备子类概述", 《HTTPS://BLOG.CSDN.NET/SUIPINGSP/ARTICLE/DETAILS/29825117?UTM_SOURCE=BLOGXGWZ1》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112468517A (en) * | 2021-01-25 | 2021-03-09 | 广州大学 | Tracing-resistant anonymous communication network access method, system and device |
CN112468517B (en) * | 2021-01-25 | 2021-05-07 | 广州大学 | Tracing-resistant anonymous communication network access method, system and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW200307423A (en) | Password device and method, password system | |
CN110035047B (en) | Lightweight mechanism for checking message integrity in data packets | |
CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
CN103458400A (en) | Key management method for voice encryption communication system | |
CN106571907A (en) | Method and system for securely transmitting data between upper computer and USB flash disk | |
CN109344639A (en) | A kind of distribution automation double protection safety chip, data transmission method and equipment | |
CN102348210A (en) | Method and mobile security equipment for security mobile officing | |
CN111541776A (en) | Safe communication device and system based on Internet of things equipment | |
CN104993993A (en) | Message processing method, device, and system | |
US10419212B2 (en) | Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols | |
CN112040485A (en) | Local area network key agreement method, system and computer readable storage medium | |
JP2004056762A (en) | Wireless communication method and equipment, communication control program and controller, key management program, wireless lan system, and recording medium | |
CN102045343B (en) | DC (Digital Certificate) based communication encrypting safety method, server and system | |
CN106789845A (en) | A kind of method of network data security transmission | |
CN111294211A (en) | USB network card data encryption and decryption method based on RNDIS | |
CN108924157B (en) | Message forwarding method and device based on IPSec VPN | |
CN114499990A (en) | Vehicle control method, device, equipment and storage medium | |
CN108966217A (en) | A kind of secret communication method, mobile terminal and secrecy gateway | |
US20170359178A1 (en) | Network communication method having function of recovering terminal session | |
CN108234461A (en) | A kind of encrypted blinded communication system and method based on USB pairings | |
CN111563980B (en) | Bluetooth lock key generation and authentication method | |
CN114221822B (en) | Distribution network method, gateway device and computer readable storage medium | |
CN114629678B (en) | TLS-based intranet penetration method and device | |
CN111489462A (en) | Personal Bluetooth key system | |
CN101895878A (en) | Dynamic password configuration based mobile communication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180629 |
|
RJ01 | Rejection of invention patent application after publication |