CN101834832B - Method and system for safe transmission of network data - Google Patents
Method and system for safe transmission of network data Download PDFInfo
- Publication number
- CN101834832B CN101834832B CN 200910119539 CN200910119539A CN101834832B CN 101834832 B CN101834832 B CN 101834832B CN 200910119539 CN200910119539 CN 200910119539 CN 200910119539 A CN200910119539 A CN 200910119539A CN 101834832 B CN101834832 B CN 101834832B
- Authority
- CN
- China
- Prior art keywords
- message
- session
- sid
- identifier
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000008569 process Effects 0.000 claims abstract description 20
- 238000004891 communication Methods 0.000 claims abstract description 18
- 238000012545 processing Methods 0.000 claims abstract description 4
- 230000004044 response Effects 0.000 claims description 63
- 238000012795 verification Methods 0.000 claims description 16
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 238000007429 general method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000003278 mimic effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a system for the safe transmission of network data. The system comprises an initialization module, a message control counter and a data transmission module, wherein the initialization module is used for establishing a network session between two communication parties to acquire a session key for transmitting data between the two communication parties; the message control counter is used for generating different message identifiers on each user message in the process of message transmission; and the data transmission module is used for performing the safe data transmission between the two communication parties on the session established by the initialization module by using the session key and the message identifiers. The invention also discloses a method for the safe transmission of the network data, which comprises the following steps of: establishing session connection first, and calling an ideal key exchange protocol to acquire the session key; and then calling an authentication encryption scheme to perform authentication encryption processing on the messages to be transmitted. The method and the system for the safe transmission of the network data provide a universal method for network safe transmission performed by using the authentication encryption scheme, and have the UC security (Universally Composable Security).
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a method and a system for secure transmission of network data.
Background
The secure channel protocol is a network channel protocol that allows two communicating parties to communicate over a network controlled by an adversary. By means of the protocol, two communication parties can transmit confidential information through a public network, and the information cannot be divulged or tampered in the transmission process. Although ssl (secure Sockets Layer Protocol), ssh (secure shell), and ipsec (internet Protocol security) have already gained widespread use as examples of secure channel protocols, until recently, Canetti et al first studied their security systematically and given formal definitions under the uc (uc universal composable security) security framework.
The core of the UC security framework is the "analog" approach proposed by Goldreich et al to define protocol security: in order to determine whether a protocol is secure for a certain security task, an ideal execution process (ideal process) is first imagined, which is able to complete the specified task in a secure manner. In this ideal process, all participants (or entities) of the protocol pass their input to a "trusted entity" which processes it according to certain rules and passes the output to the designated entity. This ideal process can be viewed as a formal description of the security requirements. A protocol is said to safely perform the security task if it can "mimic" the ideal process of the security task. Here, "analog" means: any corruption of one adversary to the actual protocol can be made available by another adversary to the corresponding ideal process.
To systematically describe the security of the protocol, the UC security framework introduces a new computing entity called "environment". By "environment", it is meant all factors, other than the target protocol and its adversary, that are currently running, including other running protocols and corresponding adversaries, users, etc. The environment interacts with the target protocol twice: first, it selects arbitrary inputs for the protocol entity and adversary. It then collects the output of the protocol entities and adversaries. Finally, the environment outputs a bit to determine if it is the actual pi execution process and its adversary ARTo interact with, or interact with, the ideal process F and its adversary AIAnd carrying out interaction. We call a protocol π to safely implement the ideal process F (sometimes called an ideal process "ideal function" because a process always embodies some function), if an adversary A for any real protocolR(real adaptation), there is an ideal course of adversary AI(ideal adaptation) so that any environment Z cannot be distinguished with non-negligible probability that it is in the actual agreement pi (and actual adversary A)R) Whether interacting (i.e., in an actual process) or interacting with an ideal process F (and an ideal adversary A)I) Interaction takes place (i.e. in the ideal process).
According to the UC security framework, in order to define UC security of a network channel protocol, an ideal process is defined to describe security requirements of the network channel protocol. While the ideal function F of the network channelscIs described as follows: when a request for establishing a secure channel is received from both parties, the adversary is notified that a secure channel is established. Thereafter, if an entity requires FscTransmitting a message m to another entity, FscThe message is delivered secretly to the destination entity and the adversary is informed that a message of length | m | bits is delivered over the secure channel. Once there is an entity to terminate the session, FscNo further transmission of any messages takes place. If an actual network channel protocol is capable of implementing the desired function FscIt is called a UC-secure network channel protocol.
Under the above definition, Canetti et al have demonstrated that if the key exchange protocol is loose UC-secure, an IND-CPA secure encryption scheme and a (weak) fake-secure authentication scheme can be constructed such that the network channel protocol implemented in an encryption-first-authentication manner (i.e., IPSec manner) is UC-secure.
However, the above conclusion is not general. That is, there do exist some secure encryption schemes, and when the network channel protocol is formed in the above-described manner, even if the key exchange protocol with strong UC security is used, the ideal function F cannot be simulatedsc. The root of the problem is that when an actual adversary destroys some protocol entities adaptively and requires to obtain a plaintext message corresponding to a ciphertext, an ideal adversary cannot perform a good simulation. Because, to simulate this activity of an actual adversary, the ideal adversary must "commit" the ciphertext before knowing the plaintext or decryption key.
As was the case when discussing the security of the key exchange protocol, the encryption scheme herein has little security weakness that can be exploited by adversaries, and therefore the failure to achieve UC security is also due to the ideal secure channel function FscMay be too strong. To this end, Canetti et al further propose a "relaxed" ideal network channel function FN sc. Similar to the loose key exchange function, this loose network channel function FN scA "no-information" Oracle is also used to provide the ideal adversary (simulator) with "randomized information" about the transmitted message when it is to be surreptitiously transmitted a message to the intended recipient. Specifically, when two undisrupted entities pass through FN scWhen message m is transmitted, FN scThe message is delivered secretly to the intended recipient while calling "no-information" Oracle (N-information Oracle) N and inputting m to N, and thenThe output of oracle is passed to the ideal adversary. When a session or protocol entity is destroyed, FN scThe internal state of N is exposed to the adversary.
The requirement for the plain oracle N here is slightly different from the plain oracle in the UC secure key exchange protocol. Here, N is required to have an output and an input that are "computationally independent". That is, if each message input to the no information oracle N is replaced with a string of all 0's of equal length, its output is indistinguishable. The rationale for its adoption of the information-free oracle is that the information obtained by the adversary over N is completely independent of the message being secretly transmitted. If an appropriate uninformative oracle N can be selected, the ideal adversary can obtain some additional information when a certain entity is destroyed in order to simulate the actual adversary.
For a channel protocol pi, if an information-free oracle N exists, the pi can realize an ideal network channel protocol FN scThen the protocol pi is said to be loose UC security.
For this relaxed UC-safe channel protocol, Canetti et al later defines the no-information oracle N as a leakage function Leak: {0, 1} → {0, 1}, indicating that the information allowed to be obtained by the adversary during the transmission of message m is only leak (m), and not the entire message m. The secure channel protocol studied here is also under the UC security framework, with Fleak scAs an ideal network channel function. We mainly discuss how this ideal functionality is achieved in a real network using an authenticated encryption scheme.
The UC security framework and UC security definition of the protocol intuitively depict the security goals that an actual protocol should have in a "simulated" manner, however these approaches merely provide a means for security goals and verifying that they are met, rather than providing a general method of how to achieve these security goals. For the secure channel protocol, these security definitions only provide a way to verify the security of the network channel protocol, and do not generally suggest how a secure channel can be conveniently implemented. Canetti et al, although also presented an example of implementing a secure channel using a key exchange protocol, a message authentication scheme, and an encryption scheme, have been limited to implementations that are composed in an "Encrypt-then-MAC" fashion from the encryption and authentication schemes. Essentially, a secure channel is intended to manage to prevent the transmitted message from leaking to the adversary and to ensure that it is not tampered with by the adversary. This requirement is also embodied by the authentication encryption scheme (Authenticated encryption scheme), and Canetti, et al, which combines authentication and encryption schemes in an "encrypted-then-MAC" manner, is also a common form of implementing authentication encryption schemes. It would therefore be useful to provide a general method and system for implementing network channels.
Disclosure of Invention
In view of the above, a primary object of the present invention is to provide a radio frequency unit for automatic radio frequency testing of a wireless communication base station, comprising:
in order to solve the general implementation problem of the network channel, the invention provides a network data secure transmission method and a system thereof, so that a UC secure network channel can be implemented by applying a general authentication encryption scheme.
The invention discloses a network data safe transmission method and a system, comprising the following steps:
an initialization module (101) for establishing a network session between two communication parties, acquiring a session key for data transmission between the two communication parties, and initializing a message control counter (102);
a message control counter (102) for generating a different message identity for each user message for the process of transmitting the message;
and the data transmission module (103) is used for carrying out safe data transmission on the two communication parties by utilizing the session key and the message identifier on the session established by the initialization module.
The initialization module further comprises a connection request input module, a network connection message sending module, a network connection message receiving module, a connection request output module, a connection response input module, a session key establishment module and a message control counter initialization module:
a connection request input module, configured to receive Session establishment request information sent by an entity during communication, where the request information includes a connection establishment identifier (Establish-Session) indicating a request type and a Session identifier (P)S,PRSid'), wherein the session identifier includes the sender identifier (P)S) Receiving person identification (P)R) And a connection identity (sid') of this time;
the connection request output module is used for outputting a session connection request message to the entity after receiving a session connection request transmitted from the network so as to ensure that the entity confirms whether to accept the connection request. The request information includes a connection establishment identifier (Establish-Session) indicating a type of the request, a Session identifier (P)S,PRSid'), and a connection request identification (initial);
and the connection response input module is used for receiving the connection response information input from the entity. The request information includes a connection establishment identifier (Establish-Session) indicating a type of the request, a Session identifier (P)S,PRSid'), and a connection response identification (response);
a network connection message receiving module for receiving another party Session connection request or connection response information of the Session transmitted from the network, wherein the information includes a connection establishment identifier (Establish-Session) indicating the request type, a Session identifier (P)S,PRSid'), and a connection request identification (initial) or a connection response identification (response);
a network connection message sending module for receiving a connection request or a connection response output from an entityThe information is transmitted to the other party via the network in response to information including a connection establishment identity (Establish-Session) indicating the type of request, a Session identity (P)S,PRSid'), and a connection request identification (initial) or a connection response identification (response);
and the session key establishing module is used for establishing a network session key between the two communication parties. The module invokes a secure key exchange protocol
A secure session key K is generated.
And the message control counter initialization module initializes the message control counter to a determined value.
The data transmission module further comprises a user message input module, a session channel checking module, an authentication encryption module, a network encryption message sending module, a network encryption message receiving module, a decryption verification module and a user message output module:
a user message input module for receiving a message transmission request message input by an entity, the message including a message transmission identification (Send) session id (sid) and a message itself (m) (where sid ═ (P)S,PR,sid));
A session channel checking module for checking whether the session ID mentioned in the message transmission request information and the corresponding session key exist after the user message input module receives a message transmission request;
the authentication encryption module is used for increasing the value (l) of the message control counter by 1 after the session channel checking module successfully checks, and performing authentication encryption processing on the message specified in the message transmission request information by using a session key corresponding to the session ID specified in the message transmission request information;
the network encryption message sending module is used for sending the message ciphertext (e) processed by the authentication encryption module, the session ID (sid) and the value (l) of the corresponding message control counter out through a network;
a network encryption message receiving module, which is used for receiving message ciphertext (e), a session ID (sid) and a corresponding message control counter value (l) transmitted from the network;
the decryption verification module is used for carrying out decryption verification on the message ciphertext (e) and verifying the legality of the message by combining the value of the control counter;
and the user message output module is used for outputting message plaintext to the entity and sending a successful response message back to the sender after the decryption verification module succeeds, wherein the successful response message comprises a successful identifier (ack), a session ID (sid) and a corresponding message control counter value (l).
The invention also provides a network data secure transmission method, which comprises
Step 1, establishing session connection, acquiring a session key, and initializing a message control counter;
and 2, safely transmitting the user message, including the activity of the transmitting end and the activity of the receiving end.
The step 1 further comprises:
step 1.1, when an entity PSAn association request message (sid) input by a user (where sid ═ PS,PRSid')) is activated, entity PSChecking whether there is an entity PRSo that sid is (P)S,PRSid') holds true. Then, the sid is set as establishing, and the entity P is sent to the networkRThe connection request information (Establish, initial) sent;
step 1.2, when entity PRReceiving a message from an entity P on the networkSConnection request information (id, initial) (where id ═ P)S,PRSid')), entity PROutputting connection request information (Establis) to a userh-Session,sid,initial);
Step 1.3, when entity PRAn input connect response message(s) (wherein sid ═ P) by the userS,PRSid')) are activated, PRSetting sid as estableshed, and then sending the entity P through the networkSConnection response information (Establish-Session, sid, response) is transmitted. Then with (estimate-session, sid', P)R,PSRole) as input, invoking a key exchange protocol
If a response (key, sid', K) is obtained, recording (sid, K);
step 1.4, Once entity PSReceiving a slave P over a networkRThe received connection response information (sta-Session, sid, response) (where sid ═ PS,PRSid')) entity PSSet sid to estableshied and then use (Establish-session, sid', P)S,PRRole) as input, invoking a key exchange protocol
If a response (key, sid', K) is obtained, recording (sid, K);
step 1.5, a message control counter is initialized.
The transmitting end of step 2 further comprises:
step 2.1, if the sending end entity PSFor a session id (sid) (where sid ═ (P)S,PRSid')) has message to be sent, then executing step 2.2, otherwise executing step 2.7, ending the session;
step 2.2, if no record (sid, K) exists, ignoring the input, and executing step 2.7, otherwise, executing step 2.3;
step 2.3, then e ═ TagEnc is calculatedK(m, l) incrementing the value of the message control counter by 1, sending the message (sid, e, l) to the entity PRStarting a timeout counter;
e=TagEncK(m, l) denotes an authenticated encryption operation performed on the message m and the calculator value l with the key K, and the resulting ciphertext is given to e.
Step 2.4, subtracting 1 from the overtime counter;
step 2.5, if the overtime counter is reset to zero, executing step 2.7, otherwise executing step 2.6;
step 2.6, if receiving the response information (ack, sid, l) returned by the receiver, executing step 2.1, otherwise executing step 2.4;
and 2.7, ending the session.
The receiving end step of step 3 further comprises:
step 3.1, starting an overtime counter;
step 3.2, subtracting 1 from the overtime counter;
step 3.3, if the overtime counter returns to zero, executing step 3.8, otherwise executing step 3.4;
step 3.4, if entity PRA message (sid, e, l) is received (where sid ═ P)S,PRSid')), then step 3.5 is performed, otherwise step 3.2 is performed;
step 3.5, PRVerifying that the message corresponding to the value of the counter l has not been received in the current session and that there is a record (sid, K), if yes, performing step 3.6, otherwise performing step 3.2;
step 3.6, calculate v ═ DecVerK(e, l), if v ≠ t, then perform step 37, otherwise perform step 3.2;
v=DecVerK(e, l) represents the decryption of the ciphertext e and the calculator value l using the key KAnd the result is given to v in plaintext, and if the result fails, the symbol is given to v by ″.
Step 3.7, outputting the message (send, sid, v) and sending to the entity PSSending the message (ack, sid, l), performing step 3.1;
and 3.8, ending the session.
The invention has the advantages of overcoming the singleness of the construction methods of SSL, SSH, IPSec and other protocols, providing a uniform method for realizing the safe transmission of the network data by utilizing an authentication encryption scheme, and proving that the safe transmission of the network data realized by the method has UC safety.
While the invention will be described in connection with certain exemplary implementations and methods of use, it will be understood by those skilled in the art that it is not intended to limit the invention to these embodiments. On the contrary, the intent is to cover all alternatives, modifications and equivalents as included within the spirit and scope of the invention as defined by the appended claims.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a schematic diagram of a network data secure transmission system according to the present invention;
FIG. 2 is a schematic diagram of the initialization module of the present invention;
FIG. 3 is a schematic structural diagram of a data transmission module according to the present invention;
FIG. 4 is a flow chart of an implementation of a method for secure transmission of network data according to the present invention;
FIG. 5 is a flow chart of an embodiment of the present invention for establishing a session connection;
fig. 6 is a flowchart of an embodiment of transmitting data by a transmitting end according to the present invention;
FIG. 7 is a flow chart of an embodiment of the present invention in which a receiving end receives data;
Detailed Description
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings. It is to be noted that the embodiment of the network data secure transmission system according to the present invention is only an example, but the present invention is not limited to this specific embodiment.
Referring to fig. 1, a specific embodiment of a network data secure transmission system of the present invention is shown:
an initialization module 101, configured to establish a network session between two communication parties, obtain a session key for data transmission between the two communication parties, and initialize a message control counter 102;
a message control counter 102 for generating a different message identifier for each user message in the process of transmitting the message;
and the data transmission module 103 is configured to perform secure data transmission between the two communication parties by using the session key and the message identifier on the session established by the initialization module.
The message control counter 102 is a counting device known to those skilled in the art, and increases by 1 each time a message is sent, which is used as a message number (message identifier). The specific control is invoked by the data transfer module 103 during the transfer of the message. Detailed control can be seen in blocks 207, 303, 304 and 305 below. In addition, in the preferred embodiment, there may be a timeout counter for controlling the transmission failure of data.
Referring to fig. 2, a specific embodiment of the initialization module 101 is shown:
a connection request input module 201, configured to receive Session establishment request information sent by an entity during communication, where the request information includes a connection establishment identifier (Establish-Session) and a Session identifier (P) indicating a request typeS,PRSid'), wherein the session identifier includes the sender identifier (P)S) Receiving person identification (P)R) And the current connection identifier (sid'), which calls the network connection message sending module 202;
a network connection message sending module 202, configured to, when receiving a connection request or a connection response message output from an entity, transmit the message to another party via the network, where the message includes a connection establishment identifier (Establish-Session) indicating a request type, a Session identifier (P)S,PRSid'), and a connection request identifier (initial) or a connection response identifier (response), which invokes the session key establishment module 206 and the message control counter initialization module 207;
a network connection message receiving module 203 for receiving another party Session connection request or connection response information of the Session transmitted from the network, wherein the information includes a connection establishment identifier (Establish-Session) indicating the request type, a Session identifier (P)S,PRSid'), and a connection request identifier (initial) or a connection response identifier (response), which invokes the connection request output module 204, the session key establishment module 206, and the message control counter initialization module 207;
a connection request output module 204, for outputting a session connection request to the entity after receiving a session connection request from the networkAnd obtaining information for the entity to confirm whether to accept the connection request. The request information includes a connection establishment identifier (Establish-Session) indicating a type of the request, a Session identifier (P)S,PRSid'), and a connection request identification (initial);
a connection response input module 205, configured to receive connection response information input from the entity. The request information includes a connection establishment identifier (Establish-Session) indicating a type of the request, a Session identifier (P)S,PRSid'), and a connection response identification (response), which invokes the network connection messaging module 202;
a session key establishing module 206, configured to establish a network session key between the two communicating parties. The module invokes a secure key exchange protocol
A secure session key K is generated.
The message control counter initialization module 207 initializes the message control counter to a certain value, such as 0.
Referring to fig. 3, a specific embodiment of the data transmission module 103 is shown:
a user message input module 301, configured to receive a message transmission request message input by an entity, where the message transmission request message includes a message transmission identification (Send) session id (sid) and a message itself (m) (where sid ═ (P)S,PRSid')) that invokes a session channel check module 302, an authentication encryption module 303, and a network encryption messaging module 304;
a session channel checking module 302, configured to check whether the session ID mentioned in the message transmission request information and the corresponding session key exist after the user message input module receives a message transmission request;
an authentication encryption module 303 for incrementing a message control counter value (l) when the session channel check module checks successfullyAdding 1, and performing authentication encryption processing on the message specified in the message transmission request information by using a session key corresponding to the session ID specified in the message transmission request information; if the adopted authentication encryption algorithm is TagEncK(. to) then one embodiment of the module is to calculate e TagEncK(m, l), where K is the session key, m is the user message, l is the current value of the message control counter, and e is the processed ciphertext.
A network encrypted message sending module 304, configured to send a message ciphertext (e) processed by the authentication and encryption module, together with a session id (sid) and a value (l) of a corresponding message control counter, through a network;
a network encrypted message receiving module 305, configured to receive a message ciphertext (e), a session id (sid) and a corresponding message control counter value (l) transmitted from the network, where the module invokes a decryption verification module 306 and a user message output module 307;
the decryption verification module 306 is used for performing decryption verification on the message ciphertext (e) and verifying the validity of the message by combining the value of the control counter; if the decryption verification algorithm adopted is DecVerK(. to), then one embodiment of the module is to calculate v ═ DecVerK(e, l), where K is the session key, e is the received ciphertext, l is the current value of the message control counter, and v is the decrypted plaintext message.
And a user message output module 307, configured to output a message plaintext to the entity and send a successful response message back to the sender, where the successful response message includes a successful identifier (ack), a session id (sid) and a corresponding message control counter value (l). One embodiment of this module is to send the triplet (ack, sid, l) over the network to the sender P of the message if the v value output by the decryption verification module 306 is not an illegal symbol "-" (i.e. a legitimate user message)SSimultaneously to the recipient P of the messageROutputting a clear text message v, otherwise, doing nothing.
Fig. 4 shows a specific embodiment of a network data secure transmission method of the present invention:
step S401, establishing session connection, acquiring a session key, and initializing a message control counter;
step S402, the user message is transmitted safely, including the sending data of the sending end and the receiving data of the receiving end.
Referring to fig. 5, a specific embodiment of the step S401 is shown:
step S501, receiving entity PSAn association request message (sid) input by a user (where sid ═ PS,PRSid')) if there is a recipient entity P presentRSo that sid is (P)S,PRSid') holds true. Step S502 is executed;
step S502, setting the sid as establishing, and sending the sid to an entity P through a networkRThe connection request information (Establish, initial) sent;
step S503, entity PRReceiving a message from an entity P on the networkSConnection request information (id, initial) (where id ═ P)S,PR,sid′));
Step S504, entity PROutputting connection request information (Establish, iterative) to the user;
step S505, entity PRReceiving an input connection response message (sid, response) of a user (wherein sid ═ P)S,PR,sid′));
Step S506, PRSetting sid as estableshed, and then sending the entity P through the networkSConnection response information (Establish-Session, sid, response) is transmitted.
Step S507, using (accurate-session, sid', P)R,PSRole) as input, invoking a key exchange protocolIf a response (key, sid', K) is obtained, recording (sid, K);
step S508, entity PSReceiving a slave P over a networkRThe received connection response information (sta-Session, sid, response) (where sid ═ PS,PR,sid′));
Step S509, entity PSSet sid to estableshied and then use (Establish-session, sid', P)S,PRRole) as input, invoking a key exchange protocol
If a response (key, sid', K) is obtained, recording (sid, K);
in step S510, a message control counter is initialized, for example, set to 0.
Referring to fig. 6, a specific embodiment of the transmitting end transmitting data of step S402 is shown:
step S601, if the sending end entity PSFor a session id (sid) (where sid ═ (P)S,PRSid')) has message to be sent, then execute step S602, otherwise execute step S607, end the session;
step S602, if there is a record (sid, K), go to step S603, otherwise, go to step S607;
step S603, reading a user message, incrementing the message control counter by 1, and calculating e-TagEncK(m, l), sending a message (sid, e, l) to the entity PRStarting a timeout counter;
e=TagEncK(m, l) denotes an authenticated encryption operation performed on the message m and the calculator value l with the key K, and the resulting ciphertext is given to e.
Step S604, subtracting 1 from the overtime counter;
step S605, if the overtime counter is reset to zero, executing step S607, otherwise executing step S606;
step S606, if receiving the response information (ack, sid, l) returned by the receiving party, executing step S601, otherwise executing step S604;
step S607, the session is ended.
Referring to fig. 7, a specific embodiment of the receiving end receiving data of step S402 is shown:
step S701, starting a timeout counter;
step S702, subtracting 1 from the overtime counter;
step S703, if the timeout counter is reset to zero, step S708 is executed, otherwise step S704 is executed;
step S704, if the entity PRA message (sid, e, l) is received (where sid ═ P)S,PRSid')), step S705 is performed, otherwise step S702 is performed;
step S705, PRVerifying that the message corresponding to the value of the counter l has not been received in the current session and that there is a record (sid, K), if yes, performing step S706, otherwise performing step S702;
step S706, calculate v ═ DecVerK(e, l), if v ≠ ≠ t, then execute step S707, otherwise execute step S702;
v=DecVerK(e, l) denotes the decryption verification operation of the ciphertext e and the calculator value l with the key K, and the resulting plaintext is assigned to v, and if it fails, the symbol ″) is assigned to v.
Step S707, outputting the message (send, sid, v) to the entity PSSending a message (ack, sid, l), executing step S701;
step S708 ends the session.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and it is obvious that those skilled in the art can make various changes and modifications of the present invention without departing from the spirit and scope of the present invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (3)
1. A system for secure transmission of network data, comprising:
an initialization module (101) for establishing a network session between two communication parties, acquiring a session key for data transmission between the two communication parties, and initializing a message control counter (102);
a message control counter (102) for generating a different message identity for each user message for the process of transmitting the message;
a data transmission module (103) for performing secure data transmission between the two communication parties by using the session key and the message identifier on the session established by the initialization module;
the initialization module (101) further comprises a connection request input module (201), a network connection message sending module (202), a network connection message receiving module (203), a connection request output module (204), a connection response input module (205), a session key establishment module (206) and a message control counter initialization module (207);
a connection request input module (201) for receiving a Session establishment request message sent by an entity during communication, where the request message includes a connection establishment identifier (Establish-Session) indicating a request type and a Session identifier (sid), where the Session identifier (sid) includes a sender identifier (P)SReceiving message person identification PRAnd the current connection identifier sid';
a connection request output module (202) for outputting a Session connection request message to the entity after receiving a Session connection request transmitted from the network, so that the entity can confirm whether to accept the connection request, wherein the request message includes a connection establishment identifier (Establish-Session), a Session identifier (sid) and a connection request identifier (initial) indicating the request type;
a connection response input module (203) for receiving connection response information input from the entity, the connection response information including a connection establishment identifier (Establish-Session), a Session identifier (sid) and a connection response identifier (response) indicating the request type;
a network connection message receiving module (204) for receiving another party Session connection request or connection response information of the Session transmitted from the network, wherein the information includes a connection establishment identifier (Establish-Session), a Session identifier (sid) and a connection request identifier (initial) or connection response identifier (response) indicating the request type;
a network connection message sending module (205) for transmitting a connection request or a connection response message output from an entity to another party through a network when the message is received, wherein the message includes a connection establishment identifier (Establish-Session), a Session identifier (sid) and a connection request identifier (initial) or a connection response identifier (response) indicating a request type;
a session key establishment module (206) for establishing network session keys between the communicating parties, the module invoking a secure key exchange protocol
Generating a secure session key K;
a message control counter initialization module (207) initializes the message control counter to a determined value.
2. The network data security transmission system according to claim 1, wherein the data transmission module (103) further comprises a user message input module (301), a session channel verification module (302), an authentication encryption module (303), a network encrypted message transmission module (304), a network encrypted message reception module (305), a decryption verification module (306) and a user message output module (307):
a user message input module (301) for receiving a message transmission request message input by an entity, the message including a message transmission identification Send, a session identification sid and a message m, wherein sid includes a sender identification PSReceiving message person identification PRAnd the current connection identifier sid';
a session channel checking module (302) for checking whether the session identifier sid mentioned in the message transmission request message and its corresponding session key K exist after the user message input module receives a message transmission request;
the authentication encryption module (303) is used for increasing the value l of the message control counter by 1 after the session channel checking module successfully checks, and performing authentication encryption processing on the message specified in the message transmission request message by using the session key K corresponding to the specified session identifier sid in the message transmission request message;
a network encrypted message sending module (304) for sending the message ciphertext e processed by the authentication encryption module, together with the session identifier sid and the value l of the corresponding message control counter, out through the network;
a network encryption message receiving module (305) for receiving a message ciphertext e, a session identification sid and a corresponding message control counter value l transmitted from a network;
the decryption verification module (305) is used for carrying out decryption verification on the message ciphertext e and verifying the validity of the message by combining the value of the control counter;
and the user message output module (307) is used for outputting the message plaintext to the entity and sending a successful response message back to the sender after the decryption verification module succeeds, wherein the successful response message comprises a successful identifier ack, a session identifier sid and a corresponding message control counter value l.
3. A network data security transmission method is characterized by comprising
Step 1, establishing session connection, obtaining session key, initializing message control counter,
step 2, the user information is transmitted safely, the sending end sends data,
step 3, the receiving end receives data;
wherein,
step 1 is further defined as:
step 1.1, when an entity PSReceiving connection establishment identification Establish-Session input by user and Session identification sid, where sid includes PS,PRAnd the connection ID sid' of this time, the entity PSChecking that there is some entity PR;
Step 1.2, if there is a receiver entity PRIf yes, the sid is marked as establishing, and the entity P is sent to the networkRSending a connection establishment identifier Establish-Session, a Session identifier sid and a connection request identifier initial;
step 1.3, when entity PRReceiving a message from an entity P on the networkSWhen the connection establishment identifier, Session identifier sid and connection request identifier initial are located, entity PROutputting the connection establishment identifier Establish-Session, the Session identifier sid and the connection request identifier initial to the user;
step 1.4, when entity PRConnection establishment mark receiving user inputP when identifying the Establish-Session, the Session identification sid and the connection response identification responseRMark sid as estableshed, then go through network to entity PSSending a connection establishment identifier Establish-Session, a Session identifier sid and a connection response identifier response;
step 1.5, then use Establech-Session, sid' and PR、PSAnd role as input, invoking the key exchange protocol
If response keys, sid' and K are obtained, and K represents the generated session key, then sid and K are recorded;
step 1.6, Once entity PSReceiving a slave P over a networkRThe coming connection establishment identifier, Session identifier, sid and connection response identifier, entity PSThe sid is identified as estableshed,
step 1.7, then use Establish-Session, sid', PS、PRAnd role as input, invoking the key exchange protocol
If response keys, sid' and K are obtained, then sid and K are recorded;
step 1.8, initializing a message control counter;
step 2 is further defined as:
step 2.1, if the sending end entity PSIf a session identifier sid has a message to be sent, executing step 2.2, otherwise executing step 2.7, and ending the session;
step 2.2, if there is no session key K corresponding to the session identifier sid in the existing record, ignoring the input, and executing step 2.7, otherwise, executing step 2.3;
step 2.3, then e ═ TagEnc is calculatedK(m, l), increasing the value of the message control counter by 1, and sending the session identifier sid, the ciphertext e and the value of the message control counter l to the entity PRStarting a timeout counter;
e=TagEncK(m, l) performing an authenticated encryption operation on the message m and the calculator value l by using the session key K, and giving a result ciphertext to e;
step 2.4, subtracting 1 from the overtime counter;
step 2.5, if the overtime counter is reset to zero, executing step 2.7, otherwise executing step 2.6;
step 2.6, if receiving successful identification ack, session identification sid and l returned by the receiving party, executing step 2.1, otherwise executing step 2.4;
step 2.7, ending the session;
step 3 is further defined as:
step 3.1, starting an overtime counter;
step 3.2, subtracting 1 from the overtime counter;
step 3.3, if the overtime counter returns to zero, executing step 3.8, otherwise executing step 3.4;
step 3.4, if entity PRReceiving a session identification sid, a cipher text e and a value l of a message control counter, wherein sid comprises PS、PRAnd sid', then executing step 3.5, otherwise executing step 3.2;
step 3.5, PRVerifying that the message corresponding to the value l of the message control counter has not been received in the current session and that there is a record sid and a corresponding K, if yes, executing step 3.6, otherwise executing step 3.2;
step 3.6, calculate v ═ DecVerK(e, l), if v ≠ t, then perform step 3.7, otherwise perform step 3.2;
v=DecVerK(e, l) performing decryption verification operation on the ciphertext e and the value l of the message control calculator by using the session key K, giving a result plaintext to v, and giving a symbol of 'T' to v if the result plaintext fails;
step 3.7, outputting the messages send, sid and v and sending to the entity PSSending the success identifier ack, the session identifier sid and the value l of the message control counter, and executing the step 3.1;
and 3.8, ending the session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910119539 CN101834832B (en) | 2009-03-13 | 2009-03-13 | Method and system for safe transmission of network data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910119539 CN101834832B (en) | 2009-03-13 | 2009-03-13 | Method and system for safe transmission of network data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101834832A CN101834832A (en) | 2010-09-15 |
| CN101834832B true CN101834832B (en) | 2013-07-10 |
Family
ID=42718764
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910119539 Expired - Fee Related CN101834832B (en) | 2009-03-13 | 2009-03-13 | Method and system for safe transmission of network data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101834832B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368814B (en) * | 2012-03-27 | 2016-12-28 | 北京百度网讯科技有限公司 | data push method, system and mobile terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6151676A (en) * | 1997-12-24 | 2000-11-21 | Philips Electronics North America Corporation | Administration and utilization of secret fresh random numbers in a networked environment |
| CN1351789A (en) * | 1999-05-21 | 2002-05-29 | 国际商业机器公司 | Method and apparatus for initializing secure communications among and for exclusively pairing wireless devices |
| CN1656769A (en) * | 2002-04-12 | 2005-08-17 | 汤姆森许可贸易公司 | Method for the anonymous authentication of a data transmitter |
-
2009
- 2009-03-13 CN CN 200910119539 patent/CN101834832B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6151676A (en) * | 1997-12-24 | 2000-11-21 | Philips Electronics North America Corporation | Administration and utilization of secret fresh random numbers in a networked environment |
| CN1351789A (en) * | 1999-05-21 | 2002-05-29 | 国际商业机器公司 | Method and apparatus for initializing secure communications among and for exclusively pairing wireless devices |
| CN1656769A (en) * | 2002-04-12 | 2005-08-17 | 汤姆森许可贸易公司 | Method for the anonymous authentication of a data transmitter |
Non-Patent Citations (5)
| Title |
|---|
| The Tag Secrecy of Authentication and its Application to Implementing Secure Channels;Zhenyu Hu等;《Asian Journal of Information Technology》;20061231;第298-305页 * |
| Zhenyu Hu等.The Tag Secrecy of Authentication and its Application to Implementing Secure Channels.《Asian Journal of Information Technology》.2006,第298-305页. |
| 基于加密算法的数据安全传输的研究与设计;张效强等;《计算机与数字工程》;20080531(第5期);第107-109页 * |
| 张效强等.基于加密算法的数据安全传输的研究与设计.《计算机与数字工程》.2008,(第5期),第107-109页. |
| 胡振宇等.利用IND-CVA实现安全信道.《中国科学 F辑:信息科学》.2009,第39卷(第12期),第1248-1257页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101834832A (en) | 2010-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107196763B (en) | SM2 algorithm collaborative signature and decryption method, device and system | |
| Nguyen et al. | Authentication protocols based on low-bandwidth unspoofable channels: a comparative survey | |
| Canetti et al. | Analysis of key-exchange protocols and their use for building secure channels | |
| Bersani et al. | The EAP-PSK protocol: A pre-shared key extensible authentication protocol (EAP) method | |
| Unger et al. | Improved strongly deniable authenticated key exchanges for secure messaging | |
| Li et al. | Applying biometrics to design three‐factor remote user authentication scheme with key agreement | |
| US8621210B2 (en) | Ad-hoc trust establishment using visual verification | |
| KR20210055719A (en) | Utilization of multiple devices to strengthen biometric authentication security | |
| EP4066434B1 (en) | Password-authenticated public key establishment | |
| US20060179319A1 (en) | Method and structure for challenge-response signatures and high-performance secure diffie-hellman protocols | |
| CN113038468A (en) | Method for distributing and negotiating quantum key of wireless terminal of Internet of things | |
| CN110635901B (en) | Local Bluetooth dynamic authentication method and system for Internet of things equipment | |
| JP2008503966A (en) | Anonymous certificate for anonymous certificate presentation | |
| Bergsma et al. | Multi-ciphersuite security of the Secure Shell (SSH) protocol | |
| KR20060132026A (en) | Deploying and provisioning wireless handheld devices | |
| CN114900304B (en) | Digital signature method and apparatus, electronic device, and computer-readable storage medium | |
| WO2010023506A1 (en) | Methods, apparatuses, computer program products, and systems for providing secure pairing and association for wireless devices | |
| CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
| WO2016082401A1 (en) | Conversation method and apparatus, user terminal and computer storage medium | |
| Niu et al. | A novel user authentication scheme with anonymity for wireless communications | |
| CN114362946B (en) | Key agreement method and system | |
| Nam et al. | Password‐Only Authenticated Three‐Party Key Exchange with Provable Security in the Standard Model | |
| TW201628370A (en) | Network group authentication system and method | |
| Sandoval et al. | Pakemail: authentication and key management in decentralized secure email and messaging via pake | |
| CN101834832B (en) | Method and system for safe transmission of network data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130710 Termination date: 20160313 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |