CN102571281B - A kind of secure network coding and transmission method and device that uses cache node - Google Patents

Abstract

The secure network coding method and the device that use cache node, specifically comprise: realize the confidentiality of network by encrypting information source information, realize the function of the integrity check of network by completeness check code. In source information encryption, only need to encrypt a part of information wherein and can realize the confidentiality function of network, indirect like this minimizing needs the information content encrypted. In device, intermediate node has caching function, and completeness check is to realize by the method that intermediate node is checked, intermediate node retransmits.

Description

A kind of secure network coding and transmission method and device that uses cache node

Technical field

The present invention relates to the communications field, particularly a kind of secure network coding and transmission method and dress that uses cache nodePut.

Background technology

Communication network at present, the effect of intermediate node is mainly storage forwarding, network is difficult to reach the maximum that Shannon proposesThe object of stream, until network code proposes, this situation is just changed. The original intention of network code is in order to increase networkLarge stream, but in research process, find, and network code has equally extraordinary prospect aspect network security.

For traditional multicast mode, if listener-in has an opportunity to intercept a certain road information in network, it can basisSteal audible information and recover initial data, because such information is " significant ", " meaningful " refers to the letter interceptingThe information that breath sends with information source is identical, and in the situation that security requirement is higher, traditional multicast anti-eavesdrop ability is just correspondingMore weak; And in coded data transmission means Network Based, coding nodes has mixes the information of different linksFunction, thereby " significant " information is transformed into " insignificant ", it is certain that this method has had network codeConfidentiality, however, listener-in is after intercepting the encoding and decoding building method of multiline message awareness network coding, stillCan recover raw information by the multiline message obtaining; In addition, can mix to information one just because of network codeThe information of dawn upstream link produces error code or by other assailant's altered datas, the information of downstream links just probably becomesMistake, can increase so wrong coverage, the network information security is produced to bad impact. Therefore, by network codeBe applied in network security, the confidentiality of information and integrality seem and are even more important.

Secure network coding has had multiple implementation, but still there are the following problems for these implementations: useThe method that cryptography is encrypted realizes the confidentiality of network, and this method no doubt can reach the effect of confidentiality, but needsThe quantity of encrypting is too large, in the process of encryption and decryption, can produce huge amount of calculation; Using unencrypted means to realize protectsClose property, this method need to be confined to some link listener-in's eavesdropping capability, for the strong listener-in of eavesdropping capability, usesThe confidentiality that non-encrypted means realize is likely destroyed. Therefore in the situation that ensureing network privacy, reduce encryption quanta, andAnd the eavesdropping scope that does not limit listener-in just becomes a study hotspot of secure network coding. The present invention is exactly for carrying aboveTwo actual conditions that arrive, with one safely and effectively method realize secret communication. Meanwhile, in network code, onceSuffer Tampering attack, will expand wrong coverage, the present invention takes into account the function of information integrity inspection, by networkThe function of confidentiality and integrity check is fused together.

Summary of the invention

The invention provides a kind of secure network coding and transmission method and device that uses cache node, can pass through letterSource information is encrypted the secrecy transmission of realizing network code, can use the intermediate node with caching function to realize number simultaneouslyAccording to the function of the completeness check wrapping, there is encryption quanta little, do not limit the advantage of listener-in's eavesdropping capability, can provide simultaneouslyThe function of integrity check.

For reaching foregoing invention target, there is following technical scheme at this:

Use the secure network coding and transmission method of cache node: random linear network encoding is the transmission that the present invention adoptsMode, random linear network encoding refers to that coding nodes carries out linear operation to the packet receiving, the coding vector of useIn finite field, choose at random. Due to node type difference, therefore in phases not of the operation of information source, intermediate node and the stay of two nightsWith.

Finite field: set F={a, b ..., the element definition to F two kinds of computings: "+" and " * ", and meet following 3Condition:

1, the element of F forms abelian group about computing "+", and establishing its identity element is 0.

2, F the element of 0} about computing " * " form abelian group. Be that in F, element is got rid of after element 0, form and hand over about " * "Change group.

3, apportionment ratio is set up, for arbitrary element a, and b, c ∈ F, perseverance has a* (b+c)=(b+c) * a=a*b+a*c

The element number in F territory has and is called finite field in limited time. Enough large in this hypothesis finite field.

The present invention is as follows at the concrete operation method of information source, intermediate node and the stay of two nights:

Information source: construction data bag, comprises coding vector, load and completeness check code three parts; Coding vector is to haveIn confinement, choose at random, be placed on packet before; Wherein one-dimension information to information source information is encrypted, and then uses HashFunction and computing formula are processed other information source information, obtain the information for Internet Transmission, use the volume of choosing at randomCode vector carries out encoding operation to the information for Internet Transmission and obtains load; According to check code formula, coding vector and loadCalculation of integrity check code.

Intermediate node: after receiving packet, first intermediate node carries out completeness check, if be not tampered, headFirst carry out network code operation, then calculate new completeness check code; If be tampered, need to apply for that upstream node retransmits,After obtaining correct packet, packet is carried out to encoding operation restructuring, construct new packet and new integralityCheck code, and transmission downwards. Because intermediate node has caching function, therefore when downstream packet is found after mistake, canRequest upstream node directly retransmits, and the complexity of intermediate node has increased like this, but can reduce possible retransmission processes takiesLink number.

The stay of two nights: after receiving packet, the stay of two nights completes the function of completeness check, if packet is tampered, soNeed to ask upstream node to retransmit, if be not tampered, directly decode.

Use the secure network coding transmission device of cache node: information source is the input unit of information and the structure of packetDevice, intermediate node is packet " storage-coding-forwarding " device, the stay of two nights is the device that receives the decode of packet.

As can be seen from the above technical solutions, the present invention has the following advantages:

In the present invention, only need encryption section information source information, obtained larger than the method for existing encryption information source informationSuperiority, the complexity of encrypting and decrypting also reduces greatly; Do not limit listener-in's eavesdropping capability, namely any chain of networkRoad can be ravesdropping, but listener-in has limited computing capability, can not obtain raw information by the method for exhaustion; ConfidentialityRealize with the function of completeness check simultaneously, can not produce interference.

Brief description of the drawings

In order to be illustrated more clearly in technical scheme of the present invention, the accompanying drawing to required use in embodiment is done to letter belowSingly introduce, apparently, the accompanying drawing in the following describes is flow chart of the present invention, in information source, intermediate node and the stay of two nightsInput information output map, for those of ordinary skill in the art, is not paying under the prerequisite of creative work, can also rootObtain other accompanying drawing according to these accompanying drawings.

Fig. 1 is flow chart of the present invention;

Fig. 2 is implement device figure of the present invention;

Detailed description of the invention

According to the description of summary of the invention, at this, embodiment is specialized.

Fig. 1 is flow chart of the present invention, and as shown in Figure 1, the transport process of packet is according to information source, intermediate node and letterIn sequence, and information source, intermediate node and the stay of two nights be different to the operation of packet, therefore divides three parts to this in placeInvention is introduced.

Information source: information source has the function of construction data bag and hiding information source information, and specific implementation is as follows:

S101: the data that information source sends can be expressed as X=(X₁X₂…X_j), total j dimension, the dimension is here appreciated thatFor total j dimension data needs to send, send successively wherein one-dimensional data; Wherein every one-dimensional data all corresponding n dimension information toAmount X_i＝(x_i1x_i2…x_in)^T, i=1 ... j, for convenience of operation, determines that in n dimension data, first information of every one-dimensional data is to needEncrypt, can be used but not limited to AES encryption method here, by x_i1Be encrypted as E_i。

S102: after obtaining enciphered data, the data of transmitting in network that structure information source is sent, in order to make to ownData all follow encrypted data to produce correlation, and guarantee information can not be deciphered simultaneously, uses hash function h () here, becauseHash function is unidirectional, according to input x, can be easy to calculate h (x), but according to h (x), obtains x on calculatingNot attainable. The process that uses hash function to process is as follows:

$\left\{\begin{array}{c}{x_{i1}}^{\′}=E_i+h\left({x_{i2}}^{\′}\right)\\ {x_{i2}}^{\′}=x_{i2}+h\left(x_{i1}\right)\\ {x_{i3}}^{\′}=x_{i3}+h\left(x_{i1}\right)\\ .\\ .\\ .\\ {x_{\mathrm{in}}}^{\′}=x_{\mathrm{in}}+h\left(x_{i1}\right)\end{array}\right.$ (i＝1…j)

And x_i1′＝E_i+h(x_i2') not only can ensure confidentiality, and just the data transmitted in network have identicalForm, is used X at this_i′＝(x_i1′x_i2′…x_in′)^T, i=1 ... j represents the data of transmitting in network, i=1 ... j represents dataThere is j group. After calculating the data of transmitting in network, suppose that coding vector method for expressing is D_i ¹＝(d_i1 ¹…d_in ¹)i＝1，…k，D¹＝(D₁ ¹D₂ ¹…D_k ¹)^T, be transmitted information for t group in network, calculate load Y_i ¹＝D_i ¹X_i′i＝1，...，k，Y_i ¹＝(y_i1 ¹y_i2 ¹…y_ij ¹) i=1 ..., k, the Y obtaining_i ¹Be exactly the load of packet. Multiple load can be alsoRow come in packet.

After having calculated load, information source needs calculation of integrity check code, passes through formula ${M_i}^1=\underset{m=1}{\overset{j}{\mathrm{\Σ}}}{\left(y_{\mathrm{im}}^1\right)}^{m+1}+\underset{m=1}{\overset{n}{\mathrm{\Σ}}}{\left(d_{\mathrm{im}}^1\right)}^{m+1}i=\mathrm{1,2}\·\·\·k,$ Can calculate.

S103: after obtaining coding vector, load and check code, information source just can be according to these data composition dataBag, for Internet Transmission. The form of the packet that information source is sent is as follows, and it is different in network that 1 of the upper right corner is expressed as differenceThe packet of position, adopts different superscripts to indicate, if the s using is below identical implication:

Intermediate node: after intermediate node receives data, need to first carry out completeness check, if confirmation has beenWhole, then construct new packet forwarding data bag, intermediate node is divided into two kinds, is respectively coding nodes and non-coding jointPoint, coding nodes can be carried out integrity check to the packet receiving, then encoding operation forwards, the docking of non-coding nodeThe packet of receiving carries out integrity check and directly forwards, and specific implementation process is:

For the intermediate node with caching function, first need the integrality S104 of check data bag, according to receivingPacket, use formulaCalculation of integrity check code, and and receiveCompleteness check code contrast, if identical proof packet is not tampered, use current network coding vectorCarry out network code operation, note, only coding vector and load are carried out, can not carry out network code to completeness check codeOperation, completeness check code is after obtaining new coding vector and load, recalculates to obtain, and constructs afterwards new numberAccording to bag, comprise coding vector, load and new completeness check code, and transmit S106 downwards; If not identical, proving so shouldPacket is tampered, and application upstream node retransmits S105 inspection, until receive complete packet, uses and works as afterwardsFront network code vector carries out network code operation, and same is carried out coding vector and load, can be not to completeness checkCode carries out network code operation, and completeness check code is after obtaining new coding vector and load, and recalculate and obtain,Construct afterwards new packet, comprise coding vector, load and new completeness check code, and transmit S106 downwards. Due inIntermediate node need to retransmit data, and therefore intermediate node must have caching function, namely the data to current transmissionCarry out buffer memory, in the time that downstream node needs upstream node to retransmit, directly call the data of the inside of buffer memory like this, because ofThis this retransmission mode is only suitable for electric network, for optical-fiber network and be not suitable for.

The form of the packet obtaining is still as follows, in network the form of packet be do not have vicissitudinous.

The stay of two nights: the stay of two nights, after receiving packet, need to be carried out completeness check and decode.

First the stay of two nights carries out completeness check, if packet is complete, is decrypted so decode operation; IfIncomplete, need so to ask upstream node to retransmit, after obtaining correct packet, start to decipher decode operation.

Completeness check: after receiving packet, the stay of two nights is according to the computing formula of completeness check code, check dataWhether bag is tampered, if packet is complete, is not tampered S108, and the stay of two nights starts decoding behaviour to the data that receive soDo; If the packet receiving is tampered, ask so upstream node to retransmit.

Decode procedure: S109 is after receiving packet, and the stay of two nights, according to the transmission mechanism of network code, can recoverCarry out the information for Internet Transmission that information source is sent, the in-degree of the stay of two nights is decided to be r, for decoding can normally be carried out, requires (r>=n). Concrete decode procedure and formula are as follows:

Because intermediate node can not recombinated to packet, and be only to carry out linear operation, packet each several part pairThe function of answering is with before just the same, and the form of the packet that the form of the packet that the stay of two nights obtains receives with intermediate node isIdentical, therefore can learn that the data that the stay of two nights obtains are:

According to the transmission mechanism of network code, and the constituted mode of packet, can obtain following formula:

Due to (r >=n), therefore only need r dimension function can obtain the information for Internet Transmission that information source is sent, X_i′＝(x_i1′x_i2′…x_in′)^T, i=1 ... j, according to X_i' construction process, can obtain E_i＝x_i1′-h(x_i2'), close according to sharingKey, can decipher E_iObtain x_i1, according to following formula, can calculate all information.

$\left\{\begin{array}{c}{x}_{i2}={x_{i2}}^{\′}-h\left(x_{i1}\right)\\ x_{i3}={x_{i3}}^{\′}-h\left(x_{i1}\right)\\ .\\ .\\ .\\ x_{\mathrm{in}}={x_{\mathrm{in}}}^{\′}-h\left(x_{i1}\right)\end{array}\right.$ (i＝1…j)

Therefore the stay of two nights can recover information source information.

The present invention is different in the function of information source, intermediate node and the stay of two nights, and information source mainly plays the work of construction data bagWith, intermediate node plays a part verification-forwarding-re-transmission, and the stay of two nights plays the integrality of check data bag and recovers information source and sendsThe function of information.

Fig. 2 is implement device figure of the present invention:

In the present invention, information source 201 is the input unit of information and the constructing apparatus of packet, corresponding step S101-S103,Information source is according to information and the check code formula calculation of integrity check code of input, and then encryption section information source information, passes through HashFunction and certain computing formula are carried out randomization to other information of information source, use coding vector to after randomizationData are carried out network code and are calculated load. According to the sequential configuration packet of coding vector, load and completeness check code,The packet of information source output afterwards.

Intermediate node 202 is packet " storage-coding-forwarding " devices, corresponding step S104-S107, intermediate nodeTo the packet from information source or other intermediate nodes, calculation of integrity check code, simultaneously with receiving the complete of packetProperty check code contrasts, if identical proof packet is complete, if not identical, proves that packet is to be tampered, can ask upstream node to retransmit, until receive correct packet. Intermediate node is to the correct packet receivingCoding vector and payload segment carry out network code operation, according to the fresh information calculation of integrity check code obtaining, composition is newPacket and forward downwards.

The stay of two nights 203 is the devices that receive the decode of packet, corresponding step S108-S109, and the input of information is that the stay of two nights connectsThe packet of receiving, after reception, the stay of two nights is carried out completeness check to packet, if packet is complete, so directDecoding deciphering; If packet is not complete, ask so upstream node to retransmit, until receive complete dataBag, then decoding deciphering obtains the information that information source sends.

The above, be only the common detailed description of the invention of the present invention, but protection scope of the present invention is not limited to this,Any be familiar with those skilled in the art the present invention disclose technical scope in, the variation that can expect easily or replacement,Within all should being encompassed in protection scope of the present invention. Therefore, protection scope of the present invention should be with the protection domain of claimBe as the criterion.

Claims (6)

1. a secure network coding and transmission method that uses cache node, is characterized in that, the method comprises the steps:

Step 1: the form of special provision packet, comprises coding vector, load and three parts of check code;

Step 2: in information source, encrypt the wherein one dimension of information source information, by remaining information is used to hash function and following meterCalculating formula processes: the data that information source sends are expressed as j dimension X=(X₁X₂…X_j), wherein all corresponding n of every one-dimensional dataThe information vector X of dimension_i＝(x_i1x_i2…x_in)^T, i=1 ... j, and by x_i1Be encrypted as E_i, each dimension data is converted into

Wherein, h (x) is hash function, and other information are all relevant with the information of encrypting like this, and each dimension data after treatment isThe information of transmitting in network, is used information assumed (specified) load and the completeness check code in network, transmitted, construction data bag;

Step 3: at intermediate node, packet is first carried out completeness check, is then operated by network code, and structure is new afterwardsCompleteness check code and new packet, and forward, namely intermediate node is operated under " verification-coding-forwarding " mode;

Step 4: in the stay of two nights, after receiving packet, first packet is carried out to completeness check, to be confirmed obtain completePacket after, it is decoded, obtain information source send data;

Step 5: in intermediate node and the stay of two nights, if completeness check finds that packet is not complete, need so in requestTrip node retransmits.

2. the method for claim 1, the formation step of packet mainly comprises following process:

Internet Transmission adopts the method for random network code, chooses at random coding vector in finite field, supposes that finite field is enoughGreatly; Use the information of transmitting in coding vector and network to calculate load; Use check code formula, load and coding vector meterCalculate completeness check code.

3. the method for claim 1, is characterized in that, the dimension of information vector is identical before and after encrypting, simultaneouslyOnly have the one dimension of each information source information vector to be encrypted, other information do not need to encrypt, and only need to carry out correlation placeReason.

4. the method for claim 1, because intermediate node has data buffer storage function, intermediate node and the stay of two nights are in inspectionProcess in, if find that data are tampered, request directly connected upstream node retransmit.

5. the method for claim 1, first the stay of two nights is used the information of the packet receiving to carry out completeness check, asFruit packet is complete, just carries out decode operation.

6. a secure network coding transmission device that uses cache node, is characterized in that, this device comprises information source, middle nodePoint and three parts of the stay of two nights:

Information source: the transmitting terminal of information, complete the calculating of completeness check code, hash function generates, information source coding and packetConformation function; Wherein, information source is according to the processing of the complete paired data of the following step: the data that information source sends are expressed as j dimension X=(X₁X₂…X_j), wherein all corresponding information vector X of n dimension of every one-dimensional data_i＝(x_i1x_i2…x_in)^T, i=1 ... j, and willx_i1Be encrypted as E_i, each dimension data is converted into

Wherein, h (x) is hash function, and each dimension data after treatment is the information of transmitting in network;

Intermediate node: the information that buffer memory receives, the data of the upstream node receiving are temporarily stored, and be sent to downstream jointPoint, while sending request, is directly sent to downstream node the information of buffer memory for downstream node reception wrong data; Have completeThe function of property verification;

The stay of two nights: the receiving terminal of information completes the function of completeness check, and packet is decrypted to decoding.