Disclosure of Invention
The embodiment of the application provides a data transmission method for anonymous communication, which is used for reducing data headers and improving transmission efficiency.
The embodiment of the application provides a data transmission method for anonymous communication, which is executed by a communication node in an anonymous communication system, and comprises the following steps:
when the communication node is used as an entrance node, receiving a first encrypted data packet sent by a source node;
decrypting the first encrypted data packet by using a private key of the first encrypted data packet to obtain a first path label and a real data packet;
finding the relay node identification of the next hop according to the first path label;
shifting the first path label to obtain a second path label;
and encrypting the second path label and the real data packet by using the public key corresponding to the relay node identification to obtain a second encrypted data packet, and forwarding the second encrypted data packet to the relay node corresponding to the relay node identification.
In an embodiment, the finding, according to the first path label, a relay node identifier of a next hop includes:
and determining the relay node identification of the next hop according to the highest bit value of the first path label and the node connection graph.
In an embodiment, the shifting the first path label to obtain a second path label includes:
and moving the highest bit value of the first path label to the lowest bit, and shifting the numerical values of the rest bits to the highest bit in sequence to obtain the second path label.
In an embodiment, before receiving the first encrypted data packet sent by the source node, the method further includes:
receiving path label acquisition information sent by the source node;
and forwarding the path label acquisition information to a path node, and forwarding an optimal path label returned by the path node to the source node, so that the source node sends the first encrypted data packet according to the optimal path label.
In an embodiment, before the receiving the path label obtaining information sent by the source node, the method further includes:
and responding to login information sent by a source node, sending direct connection node information to a path node, and enabling the path node to add the entry node into a node connection graph according to the direct connection node information.
In an embodiment, the method further comprises:
when the communication node is used as a source node, selecting an entry node and sending login information to the entry node;
after receiving the login success message, sending path label acquisition information to the entry node, so that the entry node forwards the path label acquisition information to the path node;
and receiving the optimal path label returned by the path node, and sending the first encrypted data packet according to the optimal path label.
In an embodiment, the method further comprises:
sending path query information to the path nodes, and receiving a plurality of path labels returned by the path nodes;
selecting any one target mode from a plurality of balanced, random, timed and optimal transmission modes, and determining a target path label according to the selected target mode;
and generating the first encrypted data packet according to the target path label and forwarding the first encrypted data packet to the entry node.
In an embodiment, the method further comprises:
when the communication node is used as a relay node, receiving a third encrypted data packet, and decrypting the received third encrypted data packet by using a private key of the communication node to obtain a third path label and a real data packet;
according to the third path label, finding a relay node identifier of a next hop after the relay node, and shifting the third path label to obtain a fourth path label;
encrypting the fourth path label and the real data packet by using a public key corresponding to a relay node identifier of a next hop after the relay node to generate a fourth encrypted data packet;
and forwarding the fourth encrypted data packet to a relay node corresponding to the relay node identifier of the next hop after the relay node.
In an embodiment, the method further comprises:
and if the highest bit of the third path label is a designated numerical value, the relay node is an exit node, and forwards the real data packet to a destination node corresponding to the destination address according to the destination address in the real data packet.
An embodiment of the present application further provides an electronic device, where the electronic device includes:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the data transfer method of anonymous communication described above.
According to the technical scheme provided by the embodiment of the application, when the communication node is used as the entrance node, the first encrypted data packet sent by the source node is received; decrypting the first encrypted data packet by using a private key of the first encrypted data packet to obtain a first path label and a real data packet; finding the relay node identification of the next hop according to the first path label; offsetting the first path label to obtain a second path label; and encrypting the second path label and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwarding the second encrypted data packet to the relay node corresponding to the relay node identifier. Therefore, the relay node can continue to perform offset and encryption forwarding of the path label based on the second path label, and the label mode is used for replacing an IP address to represent a data transmission path, so that the data header length is compressed, and the data transmission rate is improved.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Fig. 1 is a schematic application scenario diagram of a data transmission method for anonymous communication according to an embodiment of the present application. As shown in fig. 1, the application scenario includes a plurality of communication nodes, the plurality of communication nodes form an anonymous communication system, and during one data transmission process, the plurality of communication nodes may be divided into a source node 101, a path node 102, an ingress node 103, a relay node 104, an egress node 105, and a destination node 106 based on different roles of the respective communication nodes. The source node 101 is connected to the ingress node 103, the destination node 106 is connected to the egress node 105, the path node 102 is connected to the ingress node 103, and the relay node 104 is connected to the ingress node 103 and the egress node 105. The communication node can be an intelligent terminal such as a smart phone, a tablet computer, a desktop computer or a server.
The source node 101 serves as a data sending party, the destination node 106 serves as a data receiving party, and the path node 102 is configured to calculate a path label from the source node 101 to the destination node 106, where more than one path from the source node 101 to the destination node 106 is required, and the path label with the minimum forwarding number can be regarded as an optimal path label, and the source node 101 can obtain multiple path labels from the path node 102 by querying. The source node can select a target transmission mode from four transmission modes of balance, random, timing and optimal, and further determine a target path label corresponding to the target transmission mode,
in an embodiment, the source node 101 may encrypt the target path tag and the real data packet with the public key of the ingress node 103 to generate a first encrypted data packet, and forward the first encrypted data packet to the ingress node 103.
The entry node 103 decrypts the first encrypted data packet by using its own private key, and obtains the target path label and the real data packet. Finding the relay node identification of the next hop according to the first path label; offsetting the first path label to obtain a second path label; and encrypting the second path label and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwarding the second encrypted data packet to the relay node 104 corresponding to the relay node identifier.
Assuming that a plurality of relay nodes 104 exist, the first relay node 104 connected to the entry node 103 receives the second encrypted data packet, and decrypts the received second encrypted data packet by using its own private key to obtain a second path label and a real data packet; according to the second path label, finding a relay node identifier of a next hop after the first relay node 104, and offsetting the second path label to obtain a third path label; encrypting the third path label and the real data packet by using a public key corresponding to a relay node identifier of a next hop after the first relay node 104 to generate a third encrypted data packet; and forwarding the third encrypted data packet to a second relay node 104 corresponding to the relay node identifier of the next hop after the first relay node 104.
The second relay node 104 receives the third encrypted data packet, and decrypts the received third encrypted data packet by using its own private key to obtain a third path label and a real data packet; according to the third path label, finding a relay node identifier of a next hop after the second relay node 104, and shifting the third path label to obtain a fourth path label; encrypting the fourth path label and the real data packet by using a public key corresponding to a relay node identifier of a next hop after the second relay node 104 to generate a fourth encrypted data packet; and forwarding the fourth encrypted data packet to a third relay node 104 corresponding to the relay node identifier of the next hop after the second relay node 104. And so on.
In an embodiment, if the highest bit of the third path label is a specified value (e.g. 1), the second relay node 104 is an egress node 105, and the egress node 105 forwards the real data packet to a destination node 106 corresponding to a destination address according to the destination address in the real data packet.
According to the embodiment of the application, the data transmission path is represented by using a label mode instead of an IP address, the length of the data head is compressed, and the data transmission rate is improved. The transmission path is selected through multiple modes, and the hiding performance of data transmission is improved.
Fig. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device 200 may serve as the communication node, and the electronic device 200 may be configured to execute the data transmission method for anonymous communication provided in the embodiment of the present application. As shown in fig. 2, the electronic device 200 includes: one or more processors 202, and one or more memories 204 storing processor-executable instructions. Wherein the processor 202 is configured to execute the data transmission method for anonymous communication provided by the following embodiments of the present application.
The processor 202 may be a device containing a Central Processing Unit (CPU), a Graphics Processing Unit (GPU) or other form of processing unit having data processing and/or instruction execution capabilities, may process data for other components in the electronic device 200, and may control other components in the electronic device 200 to perform desired functions.
The memory 204 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. On which one or more computer program instructions may be stored that processor 202 may execute to implement the data transfer method of anonymous communication described below. Various applications and various data, such as various data used and/or generated by the applications, may also be stored in the computer-readable storage medium.
In one embodiment, the electronic device 200 shown in FIG. 2 may also include an input device 206, an output device 208, and a data acquisition device 210, which may be interconnected via a bus system 212 and/or other form of connection mechanism (not shown). It should be noted that the components and configuration of the electronic device 200 shown in FIG. 2 are exemplary only, and not limiting, and the electronic device 200 may have other components and configurations as desired.
The input device 206 may be a device used by a user to input instructions and may include one or more of a keyboard, a mouse, a microphone, a touch screen, and the like. The output device 208 may output various information (e.g., images or sounds) to the outside (e.g., a user), and may include one or more of a display, a speaker, and the like. The data acquisition device 210 may acquire an image of a subject and store the acquired image in the memory 204 for use by other components. Illustratively, the data acquisition device 210 may be a camera.
In an embodiment, the devices in the exemplary electronic device 200 for implementing the web page processing method of the embodiment of the present application may be integrally disposed, or may be disposed in a decentralized manner, such as integrally disposing the processor 202, the memory 204, the input device 206 and the output device 208, and disposing the data acquisition device 210 separately.
In an embodiment, the example electronic device 200 for implementing the data transmission method for anonymous communication of the embodiments of the present application may be implemented as a smart device such as a laptop, a desktop, a smartphone, or the like.
Fig. 3 is a schematic flowchart of a data transmission method for anonymous communication according to an embodiment of the present disclosure. The method may be performed by a communication node in the application scenario shown in fig. 1, and as shown in fig. 3, the method comprises the following steps S310 to S340.
Step S310: when the communication node is used as an entrance node, the entrance node receives a first encrypted data packet sent by a source node.
The source node, which may also be referred to as a user node, represents a node corresponding to an account with which the user is currently logged into the anonymous communication system. The source node selects an entry node as an access point, connects to the whole network topology, and sends login information to the entry node.
After receiving the login success message returned by the entry node, the source node may send path tag acquisition information to the entry node, so that the entry node forwards the path tag acquisition information to the path node. The path label acquisition information may include a source node address and a destination node address. The source node may receive the optimal path label returned by the path node, and send the first encrypted data packet to the ingress node according to the optimal path label.
The optimal path label may be a label sequence corresponding to a path with the minimum number of forwarding times from the source node to the destination node. As shown in fig. 4, assuming that a is an ingress node and I is an egress node, for example, the path number values of a and B are represented by 2, the path number values of D and B are represented by 3, and the optimal path label from node a to node I is 242361.
In an embodiment, the source node may encrypt the optimal path label and the real data packet by using a public key of the ingress node to obtain a first encrypted data packet, and send the first encrypted data packet to the ingress node.
In another embodiment, the source node may send path query information to the path node and receive multiple path labels returned by the path node; selecting any one target mode from a plurality of balanced, random, timed and optimal transmission modes, and determining a target path label according to the selected target mode; and generating the first encrypted data packet according to the target path label and forwarding the first encrypted data packet to the entry node.
The path query information may include a source node address and a destination node address. The path from the source node to the destination node can have other paths besides the optimal path, so the path node can also return a plurality of path labels to the source node.
The equalization mode refers to that each path label transmits a fixed file block number, and the next path label is switched when the file block number reaches a threshold value. The random mode refers to randomly switching a path label used for the block transmission of the current file. The timing mode refers to switching path labels within a fixed time. The optimal mode refers to selecting the optimal path label for transmission.
The source node may select one transmission mode from the above four modes as a target mode. For example, assuming that the optimal mode is selected, the target path label is the optimal path label, and the target path label and the real data packet are encrypted by using the public key of the ingress node to generate a first encrypted data packet.
For example, assuming that there are four path labels, and assuming that the timing mode is selected, the next path label is switched to every specified time point, and the switched path label may be referred to as a target path label. The source node may encrypt the target path label and the real data packet with a public key of the ingress node to generate a first encrypted data packet, and send the first encrypted data packet to the ingress node.
Step S320: and the entry node decrypts the first encrypted data packet by using a private key thereof to obtain a first path label and a real data packet.
The first path label may comprise a label length and label data, the label length occupying 1 byte, representing the label data length, in units (bytes), in the range [2,255], out of range representing a label format error, and discarding the data. Each 1 byte of the label data represents a path number value, direct connection node information stored by the current node can be inquired through the path number value, and then a corresponding public key and an IP address are obtained. The lowest bit value of the label data may be fixed to be 1, and when the node acquires that the number value is 1, it indicates that the current node is the destination node.
The real data packet includes data content to be transmitted and a destination address. The first path label refers to a sequence of labels corresponding to a path from the ingress node to the egress node, and the last bit of the first path label may be a designated value (e.g., 1). Since the source node encrypts the first path tag and the real data packet with the public key of the entry node to obtain the first encrypted data packet, the entry node can decrypt the first encrypted data packet with its own private key to obtain the first path tag and the real data packet.
Step S330: and the entry node finds the relay node identification of the next hop according to the first path label.
The relay node identifier of the next hop may be an ip address or a node number of a relay node of the next hop after the entry node.
In an embodiment, the ingress node may determine the relay node identifier of the next hop according to the highest bit value of the first path label and the node connection map.
The node connection graph may be as shown in fig. 4. In an embodiment, an entry node may send, in response to login information sent by a source node, direct connection node information to a path node, so that the path node adds the entry node to a node connection graph according to the direct connection node information.
The login information may be an account and a password of the user of the source node. If the account number and the password are correct, the entry node can return a login success message to the source node and send own direct connection node information to the path node. The direct connection node information refers to information of nodes directly connected with the entry node, the information of the nodes comprises a public key, an IP address and a path number value between the entry node and the direct connection node, and the path number value can be recorded from 2 and is determined by the access sequence of the user nodes.
The path node can add the node to a node connection Graph (Graph) by receiving direct connection node information reported by other nodes, the source node can send path query information to the path node before sending data, and the path node can calculate an optimal path from the source node to a destination node by using a Dijkstra algorithm and return the optimal path to the source node initiating the query. The path node can also use a DFS (depth First search) algorithm to calculate a plurality of paths from the source node to the destination node, and the paths are used for multi-path block transmission of files, so that the transmission efficiency is improved while the concealment of the system is ensured.
Assuming that the ingress node is node a, the egress node is node I, the first path label is "242361", the highest bit value is "2", and node a will take the value 2 of the highest bit of the label as the index value for obtaining the next-hop node information, thereby finding that node B is the relay node of the next hop.
Step S340: and the entrance node shifts the first path label to obtain a second path label.
And the second path label is the result of the first offset of the first path label. Wherein, the offset refers to moving forward one bit for the value on each bit in the first path label. In one embodiment, the highest bit value of the first path label may be shifted to the lowest bit, and the values of the remaining bits are sequentially shifted to the highest bit, so as to obtain the second path label. Still taking the example of fig. 4, after node a determines that the next hop is node B, the first path label "242361" may be offset to obtain a second path label "423612", i.e., the value 2 is moved to the lowest bit and the remaining bits are moved to the highest bit.
Step S350: and the entrance node encrypts the second path label and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwards the second encrypted data packet to the relay node corresponding to the relay node identifier.
The relay node refers to a transit node between an ingress node and an egress node. After receiving the encrypted data packet, each relay node decrypts the encrypted data packet to obtain a path label, analyzes the path label to obtain a node identifier of a next hop node, obtains an IP address and a public key of the next hop node through the node identifier, uses the public key to continuously encrypt data and then forwards the data to a node corresponding to the IP address until the data is forwarded to an exit node.
For the distinction, the encrypted data packet generated by the source node is called a first encrypted data packet, the encrypted data packet generated by the ingress node is called a second encrypted data packet, the encrypted data packet generated by the relay node connected with the ingress node is called a third encrypted data packet, the encrypted data packet generated by the next hop relay node is called a fourth encrypted data packet, and so on.
Specifically, a first relay node connected with the entry node receives a second encrypted data packet, and decrypts the received second encrypted data packet by using a private key of the first relay node to obtain a second path label and a real data packet; according to the second path label, finding a relay node identifier of a next hop after the first relay node, and offsetting the second path label to obtain a third path label; encrypting the third path label and the real data packet by using a public key corresponding to a relay node identifier of a next hop after the first relay node to generate a third encrypted data packet; and forwarding the third encrypted data packet to a second relay node corresponding to the relay node identifier of the next hop after the first relay node.
The second relay node receives the third encrypted data packet, and decrypts the received third encrypted data packet by using a private key of the second relay node to obtain a third path label and a real data packet; according to the third path label, finding a relay node identifier of a next hop after the second relay node, and offsetting the third path label to obtain a fourth path label; encrypting the fourth path label and the real data packet by using a public key corresponding to a relay node identifier of a next hop after the second relay node to generate a fourth encrypted data packet; and forwarding the fourth encrypted data packet to a third relay node corresponding to the relay node identifier of the next hop after the second relay node. And so on until forwarded to the egress node.
In an embodiment, if the highest bit of the third path label is a designated value (e.g., 1), the second relay node is an egress node, and the egress node forwards the real data packet to a destination node corresponding to a destination address according to the destination address in the real data packet.
That is, if the highest bit of the path label decrypted by a certain node is 1, it indicates that the node is already an egress node, and the node can directly send the real data packet to the destination node corresponding to the destination address. The destination address may be the ip address of the destination node.
Still taking the example shown in fig. 4, after node a determines that the next hop is node B, the first path label of "242361" may be offset to a second path label of "423612". The real data packet and the second path label are encrypted by the public key of the node B and then forwarded to the node B by the node A. The node B decrypts the encrypted packet to obtain a second path label "423612", determines that the next hop is node C, and shifts the second path label "423612" to obtain a third path label "236124"; after the real data packet and the third path label are encrypted by the public key of the node C, the node B forwards the encrypted real data packet and the third path label to the node C.
And so on, until the path is sent to the node I, the node I decrypts the nth encrypted data packet to obtain the path label of '124236'. Since the value of the highest bit at this time is 1, it indicates that the node I is the egress node, and the node I can send the real data packet to the destination node. Node I may flip the tag data as a whole to "632421". The label at this time is a path label from node I back to node a.
Fig. 5 is a detailed flowchart of a data transmission method for anonymous communication according to an embodiment of the present disclosure. As shown in fig. 5, the process includes the following steps:
the first step is as follows: the method comprises the steps that nodes log in, a user node (namely a source node) selects an entry node and sends self node information to the entry node;
the second step is that: after receiving the login information, the entry node returns a login success message to the user node and sends direct connection node information to the path node;
the third step: the path node adds the node into the Graph (Graph) according to the information of the directly connected node and returns the information of receiving confirmation to the entrance node;
the fourth step: before sending data, a user node sends path label acquisition information (a source address and a destination address) to an entrance node;
the fifth step: after receiving the path label acquisition information, the entry node forwards the information to the path node, and the path node returns the calculated optimal path label to the user node after receiving the information; the user node can use the obtained optimal path label to transmit data, and can also obtain a plurality of path labels from the path node, then the user node can select one of four transmission modes of balance, random, timing and optimal to carry out a target mode, and the target path label is determined based on the target mode.
And a sixth step: the data forwarding method comprises the steps that a user node sends a first encrypted data packet to an entrance node according to a target path label;
the seventh step: the entry node decrypts the first decrypted data to obtain a first path label and a real data packet, determines a next-hop relay node for the first path label and performs offset processing on the first path label to obtain a second path label;
eighthly, the entrance node encrypts the second path label and the real data packet through the public key of the next hop relay node and forwards the encrypted second path label and the encrypted real data packet to the next hop relay node;
and ninthly, when the relay node receives the data, firstly, decrypting the data head by using a private key of the relay node to obtain a path label, indexing the direct-connected node according to the highest value of the path label to find out the information of the next hop node, then, offsetting the label data, encrypting by using a public key in the information of the next hop node, and forwarding the IP address.
The tenth step: when data is transmitted to the exit node, the highest bit value of the path label is 1, and the exit node sends the real data packet to the destination node according to the destination IP in the real data packet.
In an anonymous communication system, a label mode is used for representing a path between two nodes, and a data transmission path is represented by using the label mode instead of an IP address, so that the data header length is compressed, and the data transmission rate is improved. The transmission path is selected through multiple modes, and the hiding performance of data transmission is improved.
The following is an embodiment of the apparatus of the present application, which may be used to implement the embodiment of the data transmission method for anonymous communication described above in the present application. For details that are not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the data transmission method for anonymous communication of the present application.
Fig. 6 is a block diagram of a data transmission apparatus for anonymous communication according to an embodiment of the present application, where the apparatus may be applied to a communication node in an anonymous communication system, and the apparatus includes: a data receiving module 610, a data decrypting module 620, a path finding module 630, a label processing module 640, and a data forwarding module 650.
A data receiving module 610, configured to receive a first encrypted data packet sent by a source node when the communication node serves as an ingress node;
the data decryption module 620 is configured to decrypt the first encrypted data packet by using a private key of the data decryption module to obtain a first path tag and a real data packet;
a path searching module 630, configured to find a relay node identifier of a next hop according to the first path label;
a label processing module 640, configured to offset the first path label to obtain a second path label;
and the data forwarding module 650 is configured to encrypt the second path label and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forward the second encrypted data packet to the relay node corresponding to the relay node identifier.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the data transmission method for anonymous communication, and is not described herein again.
In the embodiments provided in the present application, the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.