CA3082084A1 - Architecture de communication en nuage securisee - Google Patents
Architecture de communication en nuage securisee Download PDFInfo
- Publication number
- CA3082084A1 CA3082084A1 CA3082084A CA3082084A CA3082084A1 CA 3082084 A1 CA3082084 A1 CA 3082084A1 CA 3082084 A CA3082084 A CA 3082084A CA 3082084 A CA3082084 A CA 3082084A CA 3082084 A1 CA3082084 A1 CA 3082084A1
- Authority
- CA
- Canada
- Prior art keywords
- cloud
- session
- key
- communication
- communications
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 216
- 230000006854 communication Effects 0.000 title claims abstract description 216
- 230000007246 mechanism Effects 0.000 claims description 54
- 230000004044 response Effects 0.000 claims description 33
- 230000005540 biological transmission Effects 0.000 claims description 30
- 238000000034 method Methods 0.000 claims description 29
- 238000012384 transportation and delivery Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 3
- RFHIWBUKNJIBSE-KQYNXXCUSA-N 2-amino-9-[(2r,3r,4s,5r)-3,4-dihydroxy-5-(hydroxymethyl)oxolan-2-yl]-7-methylpurin-9-ium-6-thiolate Chemical compound C12=NC(N)=NC([S-])=C2N(C)C=[N+]1[C@@H]1O[C@H](CO)[C@@H](O)[C@H]1O RFHIWBUKNJIBSE-KQYNXXCUSA-N 0.000 claims 1
- 238000004458 analytical method Methods 0.000 description 9
- 238000013467 fragmentation Methods 0.000 description 9
- 238000006062 fragmentation reaction Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 238000012163 sequencing technique Methods 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 238000012790 confirmation Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 229910021389 graphene Inorganic materials 0.000 description 2
- 231100001261 hazardous Toxicity 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 241000282326 Felis catus Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 108010005491 trypsin carboxypeptidase peptide inhibitor Proteins 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Une architecture de communication dans le nuage traite des faiblesses des protocoles de sécurité traditionnels (p. ex. SSL/TLS) dans l'infonuagique, afin d'améliorer la sécurité des données en transit et de l'authenticité des utilisateurs du nuage et des fournisseurs de services d'infonuagique. L'architecture protège également le canal de communication contre les attaques, par exemple de type par interception (y compris l'écoute clandestine, le reniflage, la mystification de l'identité et la falsification des données), les divulgations de données de nature délicate, la réexécution, les clés compromises, les répudiations et les détournements de session. L'architecture comprend un protocole de sécurité axé sur le nuage à rendement élevé. L'efficacité du protocole utilise la résistance et la vitesse des fonctions, comme le chiffrement par bloc symétrique comprenant un mode Galois/Counter, le hachage cryptographique, la cryptographie de clé publique et l'échange de clés éphémères et offre une installation de reconnexion rapide pour soutenir la connectivité fréquente et gérer les compromis de connexion. Des modes de réalisation présentent une sécurité améliorée contre les attaques susmentionnées et supérieure au protocole TLS v1.3 (la version stable la plus récente parmi les successeurs à SSL) en rendement, en consommation de bande passante et en utilisation de mémoire côté serveur.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3082084A CA3082084A1 (fr) | 2020-06-05 | 2020-06-05 | Architecture de communication en nuage securisee |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3082084A CA3082084A1 (fr) | 2020-06-05 | 2020-06-05 | Architecture de communication en nuage securisee |
Publications (1)
Publication Number | Publication Date |
---|---|
CA3082084A1 true CA3082084A1 (fr) | 2021-12-05 |
Family
ID=78822767
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA3082084A Pending CA3082084A1 (fr) | 2020-06-05 | 2020-06-05 | Architecture de communication en nuage securisee |
Country Status (1)
Country | Link |
---|---|
CA (1) | CA3082084A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114710763A (zh) * | 2022-03-23 | 2022-07-05 | 中国人民解放军海军工程大学 | 一种具有安全协同能力的智能小车系统 |
CN115225977A (zh) * | 2022-06-29 | 2022-10-21 | 浪潮云信息技术股份公司 | 一种视频稀疏非对称加密方法 |
-
2020
- 2020-06-05 CA CA3082084A patent/CA3082084A1/fr active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114710763A (zh) * | 2022-03-23 | 2022-07-05 | 中国人民解放军海军工程大学 | 一种具有安全协同能力的智能小车系统 |
CN114710763B (zh) * | 2022-03-23 | 2024-05-03 | 中国人民解放军海军工程大学 | 一种具有安全协同能力的智能小车系统 |
CN115225977A (zh) * | 2022-06-29 | 2022-10-21 | 浪潮云信息技术股份公司 | 一种视频稀疏非对称加密方法 |
CN115225977B (zh) * | 2022-06-29 | 2023-11-21 | 浪潮云信息技术股份公司 | 一种视频稀疏非对称加密方法 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11792169B2 (en) | Cloud storage using encryption gateway with certificate authority identification | |
Jager et al. | On the security of TLS 1.3 and QUIC against weaknesses in PKCS# 1 v1. 5 encryption | |
Bittau et al. | The case for ubiquitous {Transport-Level} encryption | |
US8418242B2 (en) | Method, system, and device for negotiating SA on IPv6 network | |
Petullo et al. | MinimaLT: minimal-latency networking through better security | |
Drucker et al. | Selfie: reflections on TLS 1.3 with PSK | |
CN108075890A (zh) | 数据发送端、数据接收端、数据传输方法及系统 | |
Pérez et al. | Application layer key establishment for end-to-end security in IoT | |
Faisal et al. | A secure architecture for TCP/UDP-based cloud communications | |
Jadin et al. | Securing multipath TCP: Design & implementation | |
US20160277372A1 (en) | Optimization of a secure connection with enhanced security for private cryptographic keys | |
WO2018075965A1 (fr) | Réseaux privés virtuels profonds, et services sécurisés | |
WO2018231519A1 (fr) | Stockage sur le nuage utilisant une passerelle de chiffrement avec identification d'autorité de certificat | |
Tiloca et al. | On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake | |
CA3082084A1 (fr) | Architecture de communication en nuage securisee | |
WO2009018510A1 (fr) | Systèmes et procédés visant à mettre en oeuvre des protocoles internet de sécurité en mutation | |
US11936691B2 (en) | Secure cloud communication architecture | |
Chaturvedi et al. | Multipath TCP security over different attacks | |
Kim et al. | Efficient design for secure multipath TCP against eavesdropper in initial handshake | |
Faisal et al. | Graphene: a secure cloud communication architecture | |
Fuchs et al. | IoT and HIP's opportunistic mode | |
Fraile et al. | Design and performance evaluation of an embedded EDHOC module | |
Zhu et al. | A web database Security model using the Host identity protocol | |
Feng et al. | A Reliable Lightweight Communication Method via Chain Verification | |
Faisal | Design and Implementation of a Secure Communication Architecture |