CN117579394A - Safe transmission method based on TCP protocol under client condition - Google Patents
Safe transmission method based on TCP protocol under client condition Download PDFInfo
- Publication number
- CN117579394A CN117579394A CN202410059071.2A CN202410059071A CN117579394A CN 117579394 A CN117579394 A CN 117579394A CN 202410059071 A CN202410059071 A CN 202410059071A CN 117579394 A CN117579394 A CN 117579394A
- Authority
- CN
- China
- Prior art keywords
- message
- tcp
- message body
- client
- unique identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 title claims abstract description 30
- 150000003839 salts Chemical class 0.000 claims abstract description 16
- 238000004806 packaging method and process Methods 0.000 claims abstract description 4
- 238000012545 processing Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A secure transmission method under the condition of multiple clients based on TCP protocol includes: s1, after a TCP sending client and a TCP receiving client are respectively connected with a TCP server, presetting a salt value for encryption and decryption; s2, the TCP transmitting client builds and packages a message body, and encrypts the message body by using the salt value through an SM4 cryptographic algorithm; s3, splicing the message header before the message body, packaging and then sending the message to the TCP server; s4, the TCP server receives the message and analyzes the message header, judges whether the message header contains the unique identifier of the receiver, and if not, directly executes the step S5; if yes, the message is sent to the TCP receiving client and then the step S5 is executed; s5, the message body is decrypted through an SM4 national encryption algorithm and then is processed. By the method, the data security problem is effectively guaranteed, and the reliability of message transmission is improved.
Description
Technical Field
The invention relates to a protocol transmission technology, in particular to a safe transmission method under the condition of multiple clients based on a TCP (transmission control protocol).
Background
In the network of modern computers, the TCP protocol is the most commonly used transport layer protocol and is widely used in various application scenarios, such as web browsing, file transfer, email, etc. However, due to the nature of the TCP protocol, it cannot provide enough security guarantee during the transmission process, so that the data is easily subject to security threats such as man-in-the-middle attack and data interception, and in order to protect the security of TCP transmission, security protection measures such as transport layer security protocol (TLS) or Virtual Private Network (VPN) are generally adopted, however, implementation and application scenarios of these security measures may have some limitations, and are not necessarily applicable to all TCP transmission requests. For example, using TLS or VPV requires additional configuration and management, requires installation of certificates, configuration of encryption algorithms, processing keys, etc., and may be difficult for an average user to understand and operate. In addition, the encryption and decryption process consumes computing resources and may reduce the performance and efficiency of network transmissions.
Therefore, under the condition of multiple clients, a secure transmission method based on the TCP protocol is needed, so that the security problem of TCP transmission can be more effectively solved.
Disclosure of Invention
In order to solve the above problems, an object of the present invention is to provide a secure transmission method based on TCP protocol in a multi-client situation, which solves the problem of consuming computing resources in the conventional encryption method by using a secure transmission method based on encryption by a cryptographic algorithm and verification of a unique identifier.
The invention provides a secure transmission method under the condition of multiple clients based on TCP protocol, comprising the following steps:
s1, after a TCP sending client and a TCP receiving client are respectively connected with a TCP server, presetting a salt value for encryption and decryption; if the connection fails, the step is directly finished, and if the connection is successful, the step S2 is executed;
s2, the TCP transmitting client builds and packages a message body, and encrypts the message body by using the salt value through an SM4 cryptographic algorithm;
s3, splicing the message header before the message body, packaging and then sending the message to the TCP server;
s4, the TCP server receives the message and analyzes the message header to judge whether the message header contains the connection
The unique identifier of the receiver, if not, directly executing the step S5; if yes, the message is sent to a TCP receiving client, and the receiving client executes step S5;
s5, the message body is decrypted through an SM4 national encryption algorithm and then is processed.
Preferably, step S2 includes:
s21, the TCP sending client acquires a unique identifier through a uuid/uuid.h library, constructs a message body through a linkhelBody () function, and stores the unique identifier in the message body;
s22, encrypting the message body by using a salt value through a YSM4: ecb _encrypt () function in the SM4 library, and returning the encrypted message body and the message body length.
Preferably, step S3 includes:
s31, encapsulating a message header by using the QjsonObject, wherein the message header is constructed by a message body length, a message body type, a unique identifier of a receiver and a unique identifier of a sender;
s32, splicing the message header and the message body together, and sending a message to a TCP server through a QConvaapplication () function by using an event mechanism of QT.
Preferably, step S5 includes:
s51, decrypting the message body according to the salt value through an SM4 national encryption algorithm;
s52, inquiring whether the message is processed or not through the unique identifier in the message body, and if not, executing the step S53;
s53, processing the message.
The invention has the beneficial effects that:
when data transmission is carried out, the message body is encrypted, so that only the length information of the message body is exposed in the message header. The decrypted message body effectively guarantees the data security problem through the unique identifier, and the security and reliability of message transmission are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a timing diagram of a plurality of TCP clients transmitting with a TCP server;
FIG. 2 is a diagram of steps for secure transmission in a multi-client scenario;
FIG. 3 is a flow chart of a TCP sending client sending a message to a TCP server;
FIG. 4 is a block diagram of a packet when transmitted;
FIG. 5 is a flow chart of processing after a TCP server receives a message;
fig. 6 is a flow chart of decryption performed after a TCP receiving client receives a message.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
As known from the background art, the conventional transmission method needs to perform additional configuration and management, that is, needs to install a certificate, configure an encryption algorithm, process a key, and the like, is difficult for an ordinary user to perform an operation, and consumes computing resources in the encryption process.
In order to overcome the problems, the invention provides a TCP secure transmission method based on encryption of a national encryption algorithm and verification by adopting a unique identifier, and provides a multi-client transmission method based on a TCP protocol, which can solve the problems that the traditional encryption and decryption processes consume computing resources and have low network transmission performance and efficiency.
Referring to fig. 1, a timing diagram of transmission between a plurality of TCP clients and a TCP server is shown, firstly, the TCP clients and the TCP server pre-define encrypted and decrypted salt values in advance, then establish connection between the TCP clients and the TCP server, and construct a message body after the connection, encrypt a unique identifier and message content in the message body through an SM4 cryptographic algorithm after the message body is packaged, obtain an encrypted message body length, splice a message header before the message body after encryption, and form a message after the message header and the message body are packaged; the TCP sending client (corresponding to TcpClient1 in FIG. 1) sends the message to the TCP server; the TCP server receives the message, acquires the message header, judges whether the message header has the unique identifier of the receiver, if so, transmits the message header to the corresponding TCP receiving client, uses the SM4 national encryption algorithm to decrypt the message body by the corresponding TCP receiving client (corresponding to TcpClient2 in figure 1) and processes the message, and if not, uses the SM4 national encryption algorithm to decrypt the message body and processes the message.
In order to provide a better understanding of the present application, those skilled in the art will now make further details of the present application with reference to the drawings and examples.
Referring to fig. 2 and 3, an embodiment of the present application discloses a secure protocol transmission method under the condition of multiple clients of a TCP protocol, where the method includes:
step S1, after a TCP sending client and a TCP receiving client are respectively connected with a TCP server, presetting a salt value for encryption and decryption; if the connection fails, the step is directly finished, and if the connection is successful, the step S2 is executed;
and S2, constructing and packaging a message body by the TCP transmitting client, and encrypting the message body by using the salt value through an SM4 cryptographic algorithm.
Specifically, step S2 includes:
s21, the TCP sending client acquires a unique identifier through a uuid/uuid.h library, constructs a message body through a linkhelBody () function body, and stores the unique identifier in the message body;
step S22, encrypting the message body by using a salt value through a YSM4: ecb _encrypt () function in the SM4 library, and returning the encrypted message body and the message body length.
Step S3, message heads are spliced and packed before the message body, and then a message is sent to a TCP server;
specifically, step S3 includes:
step S31, encapsulating a message header by using the QjsonObject, wherein the message header is constructed by a message body length, a message body type, a unique identifier of a receiver and a unique identifier of a sender;
and step S32, splicing the message header and the message body together, and sending a message to the TCP server through a QConvergence application () function by using an event mechanism of QT.
Referring to fig. 4, a block diagram of a packet when a message is transmitted is shown; the content in the data packet comprises a message header and a message body, wherein the message header comprises a message body length, a message body type, a sender unique identifier and a receiver unique identifier; the message body includes a unique identifier and message content. The message header is 48 bits in total, the message body length and the message body type are 4 bits respectively, the unique identifier of the sender is 20 bits, and the unique identifier of the receiver is 20 bits.
Step S4, the TCP server receives the message and analyzes the message header, and judges whether the message header is packaged or not
If not, directly executing the step S5; if yes, the message is sent to a TCP receiving client, and the receiving client executes step S5;
and S5, decrypting the message body through an SM4 cryptographic algorithm and then processing the message body.
Specifically, in step S5, the method includes:
step S51, decrypting the message body according to the salt value through an SM4 cryptographic algorithm;
step S52, inquiring whether the message is processed or not through the unique identifier in the message body, and if not, executing step S53;
step S53, process the message.
In this embodiment, referring to fig. 5, a flow chart of receiving a message by a TCP server is shown in fig. 5, where the TCP server monitors whether a message is received through a TCP server signal, analyzes a message header of the message through a QjsonObject object after the message is received, determines whether the message header includes a receiver unique identifier receiver, and if the message header does not include the receiver unique identifier receiver, continues to be processed by the TCP server. If the message header has the unique identifier of the receiver, the message is sent to the TCP receiving client for processing according to the unique identifier in the message header, referring to fig. 6, a flow chart of processing the message for the TCP receiving client is shown, and the TCP receiving client is regarded as the TCP server for processing the message after receiving the message.
The TCP server side or the TCP client receiving side decrypts the message by a YSM4: ecb _decrypt () method according to the message body length in the message header and the salt value determined in the step S1, processes different types of message according to the Datatype parameter in the message header, wherein the Datatype parameter can be preset, for example, msg is a common message, file is a file message and the like. During processing, inquiring whether the message is processed or not according to uuid in the message body through a database statement of a QSql database, and restarting processing if the message is not processed; if the message is processed, confirming the processing position of the message before the confirmation is needed, wherein the processing position is different according to the type of the message, and determining the method is different, if the msg common message judges whether the message is successfully displayed, if not, restarting the processing, and if so, discarding the message; and the file message type is processed from the end of the file which is not received according to the receiving size of the file received by the receiver, if the file is processed, the message is abandoned.
The beneficial effects of the invention are as follows:
1. the SM4 national encryption symmetric algorithm is introduced to encrypt and decrypt the message body under the condition of multiple clients based on the TCP protocol, and if a unique identifier uuid exists in the message body, whether the message is processed for the second time can be judged according to the uuid; only the length information of the message body is exposed in the message header; the data security problem is effectively guaranteed, and the safety and reliability of the information are guaranteed.
2. According to the receiver in the message header, the message is directly sent to the receiver for processing, so that the message data is not stored in the server.
3. The safe transmission scheme can be widely applied to various TCP transmission scenes, such as a data center, cloud computing, the Internet of things and the like, through economic and efficient deployment, and the performance and efficiency of network transmission are improved.
Although the present invention has been described with reference to the above preferred embodiments, it should be understood that the present invention is not limited to the above embodiments, and that various changes and modifications can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (4)
1. A secure transmission method in the case of multiple clients based on the TCP protocol, comprising the steps of:
s1, after a TCP sending client and a TCP receiving client are respectively connected with a TCP server, presetting a salt value for encryption and decryption; if the connection fails, the step is directly finished, and if the connection is successful, the step S2 is executed;
s2, the TCP transmitting client builds and packages a message body, and encrypts the message body by using the salt value through an SM4 cryptographic algorithm;
s3, splicing the message header before the message body, packaging and then sending the message to the TCP server;
s4, the TCP server receives the message and analyzes the message header to judge whether the message header contains the connection
The unique identifier of the receiver, if not, directly executing the step S5; if yes, the message is sent to a TCP receiving client, and the receiving client executes step S5;
s5, the message body is decrypted through an SM4 national encryption algorithm and then is processed.
2. The method for secure transmission in a multi-client TCP-based environment according to claim 1, wherein step S2 comprises:
s21, the TCP sending client acquires a unique identifier through a uuid/uuid.h library, constructs a message body through a linkhelBody () function, and stores the unique identifier in the message body;
s22, encrypting the message body by using a salt value through a YSM4: ecb _encrypt () function in the SM4 library, and returning the encrypted message body and the message body length.
3. The method for secure transmission in a multi-client TCP-based environment according to claim 1, wherein step S3 comprises:
s31, encapsulating a message header by using the QjsonObject, wherein the message header is constructed by a message body length, a message body type, a unique identifier of a receiver and a unique identifier of a sender;
s32, splicing the message header and the message body together, and sending a message to a TCP server through a QConvaapplication () function by using an event mechanism of QT.
4. The method for secure transmission in a multi-client TCP-based environment according to claim 1, wherein step S5 comprises:
s51, decrypting the message body according to the salt value through an SM4 national encryption algorithm;
s52, inquiring whether the message is processed or not through the unique identifier in the message body, and if not, executing the step S53;
s53, processing the message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410059071.2A CN117579394B (en) | 2024-01-16 | 2024-01-16 | Secure transmission method based on TCP protocol under multi-client condition |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410059071.2A CN117579394B (en) | 2024-01-16 | 2024-01-16 | Secure transmission method based on TCP protocol under multi-client condition |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117579394A true CN117579394A (en) | 2024-02-20 |
CN117579394B CN117579394B (en) | 2024-04-09 |
Family
ID=89862869
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410059071.2A Active CN117579394B (en) | 2024-01-16 | 2024-01-16 | Secure transmission method based on TCP protocol under multi-client condition |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117579394B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130024686A1 (en) * | 2011-07-21 | 2013-01-24 | Drucker Steven J | Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier |
CN105610836A (en) * | 2015-12-31 | 2016-05-25 | 浙江省公众信息产业有限公司 | Data transmission method and system |
CN110636052A (en) * | 2019-09-04 | 2019-12-31 | 广西电网有限责任公司防城港供电局 | Power consumption data transmission system |
CN111865756A (en) * | 2020-06-04 | 2020-10-30 | 中国软件与技术服务股份有限公司 | Qt-based cross-multi-platform instant messaging method and system |
CN113595980A (en) * | 2021-06-25 | 2021-11-02 | 杭州天宽科技有限公司 | Configuration method based on TCP communication custom protocol |
CN115913618A (en) * | 2022-09-27 | 2023-04-04 | 武汉安天信息技术有限责任公司 | Method, medium and terminal for guaranteeing TCP communication safety based on hybrid encryption |
-
2024
- 2024-01-16 CN CN202410059071.2A patent/CN117579394B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130024686A1 (en) * | 2011-07-21 | 2013-01-24 | Drucker Steven J | Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier |
CN105610836A (en) * | 2015-12-31 | 2016-05-25 | 浙江省公众信息产业有限公司 | Data transmission method and system |
CN110636052A (en) * | 2019-09-04 | 2019-12-31 | 广西电网有限责任公司防城港供电局 | Power consumption data transmission system |
CN111865756A (en) * | 2020-06-04 | 2020-10-30 | 中国软件与技术服务股份有限公司 | Qt-based cross-multi-platform instant messaging method and system |
CN113595980A (en) * | 2021-06-25 | 2021-11-02 | 杭州天宽科技有限公司 | Configuration method based on TCP communication custom protocol |
CN115913618A (en) * | 2022-09-27 | 2023-04-04 | 武汉安天信息技术有限责任公司 | Method, medium and terminal for guaranteeing TCP communication safety based on hybrid encryption |
Also Published As
Publication number | Publication date |
---|---|
CN117579394B (en) | 2024-04-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8984268B2 (en) | Encrypted record transmission | |
US7539866B2 (en) | Method of cryptographing wireless data and apparatus using the method | |
US7464265B2 (en) | Methods for iteratively deriving security keys for communications sessions | |
EP3972293B1 (en) | Bluetooth device connection methods and bluetooth devices | |
CN112637136A (en) | Encrypted communication method and system | |
CN113067828A (en) | Message processing method and device, server, computer equipment and storage medium | |
US20050160269A1 (en) | Common security key generation apparatus | |
US11637699B2 (en) | Rollover of encryption keys in a packet-compatible network | |
CN112422560A (en) | Lightweight substation secure communication method and system based on secure socket layer | |
Premnath et al. | Application of NTRU cryptographic algorithm for SCADA security | |
US20180176230A1 (en) | Data packet transmission method, apparatus, and system, and node device | |
CN110855561A (en) | Intelligent gateway of Internet of things | |
CN117579394B (en) | Secure transmission method based on TCP protocol under multi-client condition | |
CN113708928B (en) | Edge cloud communication method and related device | |
CN115567195A (en) | Secure communication method, client, server, terminal and network side equipment | |
CN108809632B (en) | Quantum safety sleeving layer device and system | |
CN113973001A (en) | Method and device for updating authentication key | |
CN110855628A (en) | Data transmission method and system | |
CN115037490B (en) | Cross-network communication system for detecting malicious codes of transformer substation | |
CN111431846A (en) | Data transmission method, device and system | |
Joaquim et al. | Vulnerability-tolerant transport layer security | |
CN110798431A (en) | Security parameter interaction method, device, equipment and system | |
CN115242392B (en) | Method and system for realizing industrial information safety transmission based on safety transmission protocol | |
CN115208632B (en) | Front-end and back-end data encryption transmission method and system | |
US11343089B2 (en) | Cryptography system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |