CN110708136A - Data leakage prevention method in network transmission process - Google Patents
Data leakage prevention method in network transmission process Download PDFInfo
- Publication number
- CN110708136A CN110708136A CN201910886238.1A CN201910886238A CN110708136A CN 110708136 A CN110708136 A CN 110708136A CN 201910886238 A CN201910886238 A CN 201910886238A CN 110708136 A CN110708136 A CN 110708136A
- Authority
- CN
- China
- Prior art keywords
- size
- data
- response packet
- value
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04K—SECRET COMMUNICATION; JAMMING OF COMMUNICATION
- H04K1/00—Secret communication
- H04K1/02—Secret communication by adding a second signal to make the desired signal unintelligible
Abstract
The invention provides a method for preventing and treating data leakage in a network transmission process, which comprises the following steps: step (1): analyzing a system request log to obtain the average response packet size and the average data transmission time of each request; obtaining response packet size range: Smin-Smax; acquiring a data transmission duration range: Tmin-Tmax; step (2): generating a random factor R according to the time of the hash value derived from data transmission and original data content; and (3): based on the random factor R generated in the step (2), filling original data, wherein the size of an original response packet is S, and the size of a response packet after filling is S'; and (4): and (3) prolonging the information sending time based on the random factor R generated in the step (2), wherein the size of the original response packet is T, and the size of the filled response packet is T'. The invention confuses the original response packet size and response time through the random value, so that a hacker cannot carry out valuable speculation according to the response packet size and the response time.
Description
Technical Field
The invention relates to the technical field of network information leakage prevention, in particular to a method for preventing data leakage in a network transmission process.
Background
In the 21 st century, with the continuous development of information technology, computer networks have become the main medium for the daily information transmission. In the early stages of network development, security of data transmitted in the network was not sufficiently valued. In the transmission process of data, the data is very easy to be threatened by data stealing, data tampering, data interception interruption and the like, the normal propagation of information is seriously disturbed, and the normal order of production and life is destroyed. With the gradual maturity of the TCP/IP protocol and related technologies, the network data transmission technology is more and more stable, and people only gradually pay attention to the problem and begin to adopt various encryption means to ensure the confidentiality and integrity of data transmission.
However, although the network eavesdropper cannot understand the encrypted data, the eavesdropper can presume the real operation of the user according to the information such as the size of the request, the size of the reply, the time consumption of the request and the like, so that the information of the user is leaked, a reference basis is provided for hackers to attack a specific target, and the leakage of the channel information on the network side is called.
At present, for information leakage prevention and control in a network transmission process, a scheme with wide practical application is mainly as follows:
the method comprises the following steps: the data is symmetrically encrypted, wherein the symmetric encryption is a technology for obfuscating data by using the same key for data encryption and decryption, and normal and identifiable information is converted into unidentifiable information.
The method has the advantages that: 1) the confidentiality of data is realized to a certain extent, and the method is simple and quick;
the disadvantages of this method are: 1) since algorithms are generally public, confidentiality is almost entirely dependent on the key; 2) when the number of communication objects is large, the problem of effective management of a plurality of keys is faced; 3) side channel information cannot be prevented from being leaked;
the second method comprises the following steps: data is encrypted asymmetrically. Different keys are used for encryption and decryption, one public key and one private key. The public key is usually public and available to all; the private key is not publicly available, only owned. Content that is confidential with a public key can only be decrypted with its corresponding private key and vice versa.
The method has the advantages that: 1) the possibility of key leakage is reduced; 2) the key transmission problem does not need to be considered;
the disadvantages of this method are: 1) the encryption process is complicated; 2) a third party notary institution is required; 3) side channel information leakage cannot be prevented.
Accordingly, there is a need for improvements in the art.
Disclosure of Invention
The invention aims to provide an efficient method for preventing and treating data leakage in a network transmission process.
In order to solve the technical problem, the invention provides a method for preventing and treating data leakage in a network transmission process, which comprises the following steps: the method comprises the following steps:
step (1): analyzing a system request log to obtain the average response packet size and the average data transmission time of each request; obtaining response packet size range: Smin-Smax; acquiring a data transmission duration range: Tmin-Tmax;
step (2): generating a random factor R according to the time of the hash value derived from data transmission and original data content;
and (3): based on the random factor R generated in the step (2), filling original data, wherein the size of an original response packet is S, and the size of a response packet after filling is S';
and (4): and (3) prolonging the information sending time based on the random factor R generated in the step (2), wherein the size of the original response packet is T, and the size of the filled response packet is T'.
As an improvement of the method for preventing and treating data leakage in the network transmission process, the method comprises the following steps:
the step (1) comprises the following steps:
step a): after the system normally operates for a period of time, analyzing a system request log;
step b): calculating the average response duration and the average response packet size of each request, and storing the data into a database by taking the interface name as key as original data;
step c): acquiring the size range of an interface response packet of the whole system: Smin-Smax;
step d): acquiring the interface response time range of the whole system: Tmin-Tmax.
As a further improvement of the method for preventing and treating data leakage in the network transmission process, the method comprises the following steps:
the step (2) comprises the following steps:
step a): before each data transmission, acquiring system time t, which is an absolute millisecond value from 0 min 0 s at 1 month, 1 day and 0 th of 1970, and taking a modulus of the value to 100 to obtain a value r 1;
step b): before each data transmission, acquiring the size of an original data packet, taking byte as a unit, and taking the value modulo 100 to obtain a value r 2;
step c): and adding R1 and R2, and taking the modulus of the value to 100 to obtain a value of 0-100, namely the random factor R.
As a further improvement of the method for preventing and treating data leakage in the network transmission process, the method comprises the following steps:
the step (3) comprises the following steps:
step a): obtaining the size S of an original packet;
step b), continuously doubling or halving R to obtain R ', wherein the size of the data packet obtained by adding a fill \{ R } field with the size of the R ' value into an original data packet (with the size of S) is S ', namely R ' + S ═ S ', so that the following two conditions are met, ① S ' > S, ② Smin < S ' < Smax;
smin is the minimum value of the interface response packet and Smax is the maximum value of the interface response packet.
As a further improvement of the method for preventing and treating data leakage in the network transmission process, the method comprises the following steps:
and (4):
the time filling specifically comprises the following steps:
step a): obtaining the average response time T of the request;
and step b), continuously doubling or halving R to obtain R ", and extending the response time length (with the size of T) by the new response time length T ' obtained by R", namely R ' + T ═ T ', so that the following two conditions are met, wherein ① T ' > T is obtained, and ② Tmin < T ' < T max is obtained.
The method for preventing and controlling data leakage in the network transmission process has the technical advantages that:
1. through a random value, the size and the response time of the original response packet are confused, so that a hacker cannot carry out valuable speculation according to the size and the response time of the response packet;
2. the content filling and the time filling are within a certain range, so that the performance is not greatly influenced;
3. all the confusing jobs are addition, and for a data receiving end, only the filled contents need to be ignored, and no additional adaptation work needs to be performed.
Detailed Description
The invention will be further described with reference to specific examples, but the scope of the invention is not limited thereto.
Embodiment 1, a method for preventing and treating data leakage in a network transmission process, providing a method for confusing original information based on a random number to achieve prevention and treatment of channel information leakage at a network side, specifically comprising the following steps:
step (1): acquiring all request data of the system:
analyzing a system request log to obtain the average response packet size and the average data transmission time of each request; obtaining response packet size range: Smin-Smax; acquiring a data transmission duration range: Tmin-Tmax.
The method for acquiring all the request data of the system specifically comprises the following steps:
step a): after the system normally operates for a period of time, analyzing a system request log;
step b): calculating the average response duration and the average response packet size of each request, and storing the data into a database by taking the interface name as key as original data;
step c): acquiring the size range of an interface response packet of the whole system: Smin-Smax;
step d): acquiring the interface response time range of the whole system: Tmin-Tmax.
Step (2): generating a random factor R;
before each data transmission, a random number in a certain range is generated based on the time of data transmission and the hash value derived from the content of the original data, and based on the random number, the original data is filled and the response time is prolonged, so that the purpose of covering the length and the response time of the original data is achieved.
The random factor R generation specifically comprises the following steps:
step a): before each data transmission, acquiring system time t, which is an absolute millisecond value from 0 min 0 s at 1 month, 1 day and 0 th of 1970, and taking a modulus of the value to 100 to obtain a value r 1;
step b): before each data transmission, acquiring the size of an original data packet, taking byte as a unit, and taking the value modulo 100 to obtain a value r 2;
step c): and adding R1 and R2, and taking the modulus of the value to 100 to obtain a value of 0-100, namely the random factor R.
And (3): filling in the content;
and (3) adding a fill _ { R } field in the original data based on the random factor R generated in the step (2), filling the original data, wherein the size of the original data packet is S, and the size of the response packet after filling is S ', so that the following two conditions are met, wherein ① S ' > S and ② Smin < S ' < Smax.
The content filling specifically comprises the following steps:
step a): acquiring the size S of an original data packet;
and step b), continuously doubling or halving R to obtain R ', adding a fill \{ R } field with the value of R ' into the original data packet (with the size of S) to obtain the data packet with the size of S ', namely R ' + S ═ S ', so that the following two conditions are met, ① S ' > S and ② Smin < S ' < Smax.
Smin is the minimum value of the interface response packet and Smax is the maximum value of the interface response packet.
And (4): time filling;
and (3) prolonging the information sending time based on the random factor R generated in the step (2), wherein the response time is T, and the response time after filling is T ', so that the following two conditions are met, ① T ' > T, and ② Tmin < T ' < T max.
The time filling specifically comprises the following steps:
step a): obtaining the average response time T of the request;
and step b), continuously doubling or halving R to obtain R ', and extending the response time length (with the size of T) by R ' (ms) to obtain a new response time length T ', namely R ' + T ═ T ', so that the following two conditions are met, wherein ① T ' > T is provided, and ② Tmin < T ' < Tmax is provided.
Finally, it is also noted that the above-mentioned lists merely illustrate a few specific embodiments of the invention. It is obvious that the invention is not limited to the above embodiments, but that many variations are possible. All modifications which can be derived or suggested by a person skilled in the art from the disclosure of the present invention are to be considered within the scope of the invention.
Claims (5)
1. The method for preventing and controlling data leakage in the network transmission process is characterized in that: the method comprises the following steps:
step (1): analyzing a system request log to obtain the average response packet size and the average data transmission time of each request; obtaining response packet size range: Smin-Smax; acquiring a data transmission duration range: Tmin-Tmax;
step (2): generating a random factor R according to the time of the hash value derived from data transmission and original data content;
and (3): based on the random factor R generated in the step (2), filling original data, wherein the size of an original response packet is S, and the size of a response packet after filling is S';
and (4): and (3) prolonging the information sending time based on the random factor R generated in the step (2), wherein the size of the original response packet is T, and the size of the filled response packet is T'.
2. The method for preventing and treating data leakage in the network transmission process according to claim 1, wherein:
the step (1) comprises the following steps:
step a): after the system normally operates for a period of time, analyzing a system request log;
step b): calculating the average response duration and the average response packet size of each request, and storing the data into a database by taking the interface name as key as original data;
step c): acquiring the size range of an interface response packet of the whole system: Smin-Smax;
step d): acquiring the interface response time range of the whole system: Tmin-Tmax.
3. The method for preventing and treating data leakage in the network transmission process according to claim 2, wherein:
the step (2) comprises the following steps:
step a): before each data transmission, acquiring system time t, which is an absolute millisecond value from 0 min 0 s at 1 month, 1 day and 0 th of 1970, and taking a modulus of the value to 100 to obtain a value r 1;
step b): before each data transmission, acquiring the size of an original data packet, taking byte as a unit, and taking the value modulo 100 to obtain a value r 2;
step c): and adding R1 and R2, and taking the modulus of the value to 100 to obtain a value of 0-100, namely the random factor R.
4. The method for preventing and treating data leakage in the network transmission process according to claim 3, wherein:
the step (3) comprises the following steps:
step a): obtaining the size S of an original packet;
step b), continuously doubling or halving R to obtain R ', wherein the size of the data packet obtained by adding the fill _ { R } field of the R ' value into the original data packet is S ', namely R ' + S ═ S ', so that the following two conditions are met, ① S ' > S, ② Smin < S ' < Smax;
smin is the minimum value of the interface response packet and Smax is the maximum value of the interface response packet.
5. The method for preventing and treating data leakage in the network transmission process according to claim 4, wherein:
and (4):
the time filling specifically comprises the following steps:
step a): obtaining the average response time T of the request;
and step b), continuously doubling or halving R to obtain R ', and extending the response time length by the new response time length T ' obtained by the R ', namely R ' + T ═ T ', so that the following two conditions are met, wherein ① T ' > T and ② Tmin < T ' < T max.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910886238.1A CN110708136B (en) | 2019-09-19 | 2019-09-19 | Method for preventing and treating data leakage in network transmission process |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910886238.1A CN110708136B (en) | 2019-09-19 | 2019-09-19 | Method for preventing and treating data leakage in network transmission process |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110708136A true CN110708136A (en) | 2020-01-17 |
CN110708136B CN110708136B (en) | 2023-01-31 |
Family
ID=69195728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910886238.1A Active CN110708136B (en) | 2019-09-19 | 2019-09-19 | Method for preventing and treating data leakage in network transmission process |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110708136B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020186848A1 (en) * | 2001-05-03 | 2002-12-12 | Cheman Shaik | Absolute public key cryptographic system and method surviving private-key compromise with other advantages |
CN103618610A (en) * | 2013-12-06 | 2014-03-05 | 上海千贯节能科技有限公司 | Information safety algorithm based on energy information gateway in smart power grid |
CN108762966A (en) * | 2018-06-05 | 2018-11-06 | 中国平安人寿保险股份有限公司 | System exception hold-up interception method, device, computer equipment and storage medium |
-
2019
- 2019-09-19 CN CN201910886238.1A patent/CN110708136B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020186848A1 (en) * | 2001-05-03 | 2002-12-12 | Cheman Shaik | Absolute public key cryptographic system and method surviving private-key compromise with other advantages |
CN103618610A (en) * | 2013-12-06 | 2014-03-05 | 上海千贯节能科技有限公司 | Information safety algorithm based on energy information gateway in smart power grid |
CN108762966A (en) * | 2018-06-05 | 2018-11-06 | 中国平安人寿保险股份有限公司 | System exception hold-up interception method, device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110708136B (en) | 2023-01-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6628786B1 (en) | Distributed state random number generator and method for utilizing same | |
US6819766B1 (en) | Method and system for managing keys for encrypted data | |
KR100852146B1 (en) | System and method for lawful interception using trusted third parties in voip secure communications | |
US20170244687A1 (en) | Techniques for confidential delivery of random data over a network | |
US10412063B1 (en) | End-to-end double-ratchet encryption with epoch key exchange | |
CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
CN111277413B (en) | Reverse password firewall method suitable for proxy re-encryption | |
WO2013178019A1 (en) | Method, device and system for implementing media data processing | |
CN101971559A (en) | Method and apparatus to enable lawful intercept of encrypted traffic | |
GB2404535B (en) | Secure transmission of data within a distributed computer system | |
CN112055022A (en) | High-efficiency and high-security network file transmission double encryption method | |
JP2020532177A (en) | Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission | |
Hazra et al. | A hybrid cryptosystem of image and text files using blowfish and Diffie-Hellman techniques | |
CN114531239B (en) | Data transmission method and system for multiple encryption keys | |
CN112702332B (en) | Chain key exchange method, client, server and system | |
CN100376092C (en) | Firewall and invasion detecting system linkage method | |
US20170302444A1 (en) | System and methods for keyed communications channel encryption and decryption | |
Pavani et al. | Data Security and Privacy Issues in Cloud Environment | |
CN110708136B (en) | Method for preventing and treating data leakage in network transmission process | |
Sikarwar | An integrated synchronized protocol for secure information transmission derived from multilevel Steganography and dynamic cryptography | |
KR20020051597A (en) | Data encryption system and its method using asymmetric key encryption algorithm | |
Anagreh et al. | Encrypted Fingerprint into VoIP Systems using Cryptographic Key Generated by Minutiae Points | |
Scholar et al. | Easy and Secure Smart SMS Protocol on M-Health Environment in Mobile Computing | |
JP2001255815A (en) | Method and equipment for communicating enciphered speech | |
Fatayer | Generated un-detectability covert channel algorithm for dynamic secure communication using encryption and authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |