CN102571754A - Method for protecting security of visualized information system - Google Patents
Method for protecting security of visualized information system Download PDFInfo
- Publication number
- CN102571754A CN102571754A CN2011104002750A CN201110400275A CN102571754A CN 102571754 A CN102571754 A CN 102571754A CN 2011104002750 A CN2011104002750 A CN 2011104002750A CN 201110400275 A CN201110400275 A CN 201110400275A CN 102571754 A CN102571754 A CN 102571754A
- Authority
- CN
- China
- Prior art keywords
- data
- carried out
- security
- information system
- security protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for protecting the security of a visualized information system, belonging to the technical field of information security. The method comprises the following steps of: protecting the security of a first-level monitoring center, protecting the security of a second-level intranet and protecting the security of a third-level data acquisition end. The invention has the advantages that: (1) the visualized information system can be effectively directed to implement a security policy; (2) the method not only is applicable to the visualized information system, but also is effective to pure RFID (Radio Frequency Identification Devices) security and video security; and (3) a perfect security system can be established when the visualized information system can be widely applied to the logistics industry, so that the storage and application of data become more reliable.
Description
Technical field
The invention belongs to field of information security technology, particularly a kind of method that the visual information system is carried out security protection comprises the visual information system is set up safety prevention measure from inside to outside.
Background technology
The visual information system class is similar to present video monitoring system, but aspect being applied to logistics the time, stresses the function that safe early warning and product are traced to the source more, and not only is confined to the monitoring of video and checks.This system is used for the supervision of government and enterprise more, can monitor the quality of food or other products, and the tracking after helping ging wrong is traced to the source.The realization of function requires the fail safe of visual information system to be protected seeing that safe early warning and product are traced to the source.
The visual information system is based on technology of Internet of things and produces, and there is certain potential safety hazard in present technology of Internet of things.These potential safety hazards may be distorted two the important information in the visual information system: video information and data message.If the information of this two aspect is distorted, just destroyed the one-to-one relationship of video and data message, thereby making to follow the trail of traces to the source and can't realize, also just can not realize the supervision of government and enterprise.
Internet of Things refers to various information sensing equipment, combines and a network forming like all devices such as radio frequency identification, infrared inductor, global positioning system, laser scanner and the Internet.From the notion of Internet of Things, can know; Internet of Things is the novel system of a kind of virtual network and real world real-time, interactive; Its core and basis remain the Internet; Be extension and the expansion on the basis, the Internet, be characterized in ubiquitous data perception, be main message transmission, intelligentized information processing with wireless that user side can extend and expand between any two items.Because just there are many safety problems already in the Internet that combines with Internet of Things itself; The sensing net is compared with general networking with wireless network and is existed special safety problem; And Internet of Things is a core technology with sensing net, wireless network; This provides wide soil for especially various attacks to Internet of Things, and the safety problem that Internet of Things is faced is severe more.
The visual information system can apply to RFID wireless radio-frequency, sensor network based on technology of Internet of things, simultaneously since visual be important function very wherein, so a very important link during to the encryption of video needs primary study.Next is exactly the encryption of data transmission procedure, and the safety of database, and the robustness of wireless sensor network and confidentiality all are the parts that influences whole system safety.
In the visual information system, can gather the video information of key point, these video information data volumes are big, therefore before transmission, need carry out video compression.Simultaneously because this video information integrated logistics information and corresponding video image, can realize that product follows the trail of and false proof tracing to the source, so need encrypt, guarantee that video information do not distorted and steal by the people in transmission course to video information.At present the encryption technology of video is ripe, and the video compression software and hardware adopts certain international compression standard usually, and commonly used have a M-JPEG, MPEG-1, and MPEG-2, MPEG-4, H.263, H.264 etc.The development of video compression technology has promoted the development of video monitoring system, but video monitoring system is also increasingly high to the requirement of video compression technology simultaneously.H.263, MPEG-1 and MPEG-2 gradually by MPEG-4, wait standard to replace in supervisory control system.MPEG-4 and MPEG-4ASP use more in video monitoring system at present.As a kind of new compression standard, H.264 all obtained success at aspects such as code efficiency, picture quality, network-adaptive property and anti-error code property.Though complex algorithm H.264 realizes difficulty, along with integrated circuit technique and development of Communication Technique, and himself continue to optimize, its application will be more and more widely.
To H.264, MPEG-4, M-JPEG compare, and sees following form:
Table 1H.264, MPEG-4, M-JPE are relatively
| Project | H.264 | MPEG4 | MJPEG |
| With the code check image quality | Excellent | In | Difference |
| Complexity | High | In | Low |
| Network transfer speeds | Hurry up | In | Slowly |
| Cost | High | In | Low |
H.264 standard is looked one of best implementation method of doing coding and decoding video application of future generation, is generally believed it can is in the future more competitive standard.This standard will be accepted more widely, becomes the global standards of uniformity, can reduce project overall application cost.H.264 the whole world supports producer numerous, and industrial chain is ripe, has reached the condition that large-scale commercial applications is disposed, and adopts this standard the most convenient concerning the selection of system's relevant device and following upgrading.
The potential safety hazard of data message appears at the FRID label, transportation and network.
The RFID technology is a kind of contactless automatic identification technology.It is through radiofrequency signal recognition objective object and obtain related data, and identification work need not manual intervention, can work in various adverse circumstances.The RFID technology can be discerned high-speed moving object and can discern a plurality of labels simultaneously, and is swift and convenient to operate.The original intention of RFID technology is open convenient, but the facility of design is always brought potential safety hazard.Because the frequency range of label is specific, the electromagnetic wave that then uses read write line to send this frequency range just can receive the information of label.But some label contains Direct Recognition information, and label information will be easy to stolen by the external world so.Even label is encrypted, and the read write line of goods and materials process when at every turn changing the place (as at the gate inhibition place) all will stay such as information such as Item Title, quantity, positions, because ID is static, also followed the tracks of easily in the case.In addition for rewriteeing label. also exist label information by the danger of malice change.
In fields such as logistic industries, the application of RFID not merely relates to RFID technology itself, but a great system engineering relates to many aspects such as the technology of comprising, management, hardware, software, network, system safety, radio frequency.The research of current RFID mainly launches around side such as safety and secret protection problem, RFID technical standard, RFID label cost, RFID technical research and RFID application system.From present present situation, at least in several years, RFID and face a lot of problems and need to solve, particularly safety and secret protection problem, typical problem and label cost problem etc.
In wireless sensor network, because influences such as finite energy property, environmental factor and artificial destructions, wireless sensor network node damages easily.This system must guarantee that network function does not receive the influence of individual node, and then increases real-time, fault-tolerance, the robustness of system, prolongs network lifetime.
More than relate to the concrete technological layer of visual information system safety; And since the visual information system applies in the supervision of business and government; Therefore the visual information system should divide rank to set safety standard, and safety standard of each grade and security system have certain stressing.And in the former research, do not carry out such analysis.
At present, the safety of information system and the safety of Internet of Things all there are undue other research, draw some solutions; But because the visual information system is the complication system of aggregate information system, technology of Internet of things and video-encryption; And because the content of company computer's network system relates to national security, some data belongs to secret; In the consideration of network security, must be complete and careful.So research in the past can not be applicable to the visual information system fully.
Summary of the invention
The present invention is directed to above-mentioned defective and disclose a kind of method that the visual information system is carried out security protection, it comprises carries out security protection, second level Intranet is carried out security protection and third level data acquisition end is carried out security protection first order Surveillance center;
First order Surveillance center is carried out security protection to be comprised database security is encrypted and made to system data;
Second level Intranet is carried out security protection be meant the end to end security mode that adopts;
Third level data acquisition end is carried out security protection to be comprised assurance RFID safety, guarantee video safety and guarantees sensor network security.
Said system data is encrypted is meant employing DES symmetric encipherment algorithm, and its concrete steps are following:
Use the Feistel cryptography architecture, with the text block of wherein encrypting in two, use sub-key, will export text then and second half text block is carried out nonequivalence operation half text block application cycle function wherein; Then exchange this two halves text block, this process can continue, but last circulation does not exchange; Use 16 circulations, and adopt XOR, displacement, replacement and four kinds of basic operations of shifting function.
Saidly database security is meant take following measure: the data that need protection in the database and other data are separated by, are adopted authorization rule, are stored in database after data are encrypted and adopt oracle database to back up and recover.
The concrete steps of said employing end to end security mode are following:
1) source node is encrypted the data that contain control information that transmit;
2) set up a Public key for every pair of node, and the data that comprise node transmission itself between adjacent node are encrypted;
3) when data through the K intermediate node when next node transmits, use the secret key decryption of a pair of node earlier, again with the down secret key encryption of a pair of node, K is 1-N immediately;
4) after the data arrives destination node, decipher again;
5) the end-to-end encryption of the sensor network of enterprises is chosen in transport layer or the application layer and realizes.
Said assurance RFID safety comprises:
1) before the label generation transfer of data on read write line and article, takes to verify the legitimacy of both sides' identity based on the safety certification of hash algorithm;
2) employing realizes the data encryption transmission based on the A5 algorithm of LFSR stream cipher arithmetic;
3) adopt based on RFID middleware security strategy.
Said employing comprises to read write line authentication and access control, to operating personnel's authentication and access control, to conduct interviews control and use the storage safety standard of upper layer application based on RFID middleware security strategy.
Said read write line authentication and access control are meant: each read write line all has its unique read write line ID number, and the scope of the numbering of valid reader, purposes, the label that can visit and the operation that can carry out all are stored in the database as data; Like this when read write line visit middleware, through with database in the data of storing compare the legitimacy of verifying the read write line identity;
Said authentication and access control to operating personnel is meant: in the visual information system its legal operating personnel's of registration ID, its operable read write line ID number and the operational order that can carry out; Thereby the personnel to the operation read write line carry out authentication; The RFID middleware also will be verified message that each read write line sends whether in its working range, and violation operation will not accepted;
Said the control that conducts interviews is meant to upper layer application: the owner of cargo has administrative power and access right to the RFID data of its goods, and other user acquiescence does not have access right to these information, has only the mandate through the owner of cargo, and other user just can visit the owner of cargo's RFID information; Use the communication mode of encrypting between the user of RFID middleware and upper layer application; For the RFID middleware and the user that link to each other through Internet, the technology of socket layer safe in utilization (SSL) is to guarantee that user profile is not by person's intercepting and capturing or reading without permission;
Said use storage safety standard is meant: in the just logistics information of article of label the inside storage, other data will be placed in the database, in the time of other data of needs, obtain to visit the right of these data through the authentication mechanism of tag read-write equipment.
Said assurance video safety is meant: in based on encryption method H.264, choose entropy coding and carry out video compression and encryption.
Saidly guarantee that sensor network security comprises adopt maintaining secrecy and protect with authentication measures with to media access control layer.
Said employing is maintained secrecy and is comprised the shared key of foundation and adopt the uTESLA agreement with authentication measures.
Beneficial effect of the present invention is:
1) combined the technology of information system security and the technology of Internet of Things safety,, drawn the efficient public security system of this complication system of visual information system through comprehensive study to two aspects.This security system can instruct visual information system implementation security strategy effectively.
2) through comparison and selection be more suitable for the concrete technology of the safety of visual information system; Comprise that RFID and video safety wants accepted standard and AES; Be not only in the visual information system, same effectively with suitable in simple RFID safety and video safety.
3) through implementing, can guarantee that the safety of the data of visual information system is gathered, transmit and storage according to this security system and safety approach.When the visual information system can be widely used in logistic industry, can set up perfect security system, make the storage of data and use more reliable.
Description of drawings:
Fig. 1 is the security system sketch map of first order Surveillance center;
Fig. 2 is a second level Intranet security system sketch map;
Fig. 3 is a third level data acquisition end security system sketch map;
Fig. 4 is the end to end security sketch map;
Fig. 5 is the fundamental diagram of stream cipher encrypting system.
Embodiment
Below in conjunction with accompanying drawing the present invention is done further explain:
A kind of method that the visual information system is carried out security protection, it comprises carries out security protection, second level Intranet (it specifically is meant each Intranet management system in the cold chain flow process) is carried out security protection and third level data acquisition end (the data acquisition end that refers to video data, humiture data, article RFID data message) is carried out security protection first order Surveillance center (Surveillance center of third party government is a first order Surveillance center); In the design of visual information system, the high reliability of system, availability, performance and interconnected all done sufficient consideration.The present invention is the efficient public security system of the confidentiality that can guarantee terminal security, communication security, data effectively, integrality, authenticity.
As shown in Figure 1, first order Surveillance center is carried out security protection comprise database security is encrypted and made to system data;
Encrypt in the face of system data down and describe:
System data safety has the implication of two aspects of opposition: the one, the safety of data itself for this respect, mainly adopts the modern password algorithm that data are carried out active protection, as data maintain secrecy, data integrity, bidirectional identity authentication etc.; The 2nd, the safety of data protection; For this respect; The main present information storage means that adopt are carried out the active protection to data; As guarantee the safety of data through means such as disk array, data backups, data security is a kind of safeguard measure of active, and the safety of data itself must be based on reliable AES and security system.
Because of the present invention relates to the collection of mass data; Should take measures on customs clearance and guarantee the safety of data processing; Promptly effectively prevent database damage or loss of data phenomenon that data cause owing to hardware fault, outage, deadlock, artificial misoperation, bugs, virus or hacker etc. in typing, processing, statistics or printing, and guarantee that some responsive or secret data is not by unqualified personnel or operator's reading etc.
The present invention is a safety of guaranteeing significant data, generally will formulate according to state's laws and pertinent regulations, is fit to the data security system of our unit, and the basic principle that data security enforcement should be followed is following:
(1) medium or the data the application system being used, produces are classified by its importance; To depositing the medium of significant data; Should back up necessary umber; And leave different security place (fire prevention, anti-high temperature, shockproof, antimagnetic, antistatic and antitheft) respectively in, set up strict secret rules for storage.
(2), confirm user of service's access right, access mode and examination and approval procedures according to the security stipulation and the purposes of data.
(3) significant data (medium) storehouse should be established the special messenger and is responsible for the registration keeping, without approval, must not arbitrarily divert significant data (medium).During using significant data (medium), should strictly lend or duplicate by national security stipulation control, need the subject to ratification that uses or duplicate.
(4) should make regular check on all significant datas (medium), consider the safe pot-life of medium, upgrade in time and duplicate.Damage, discarded or out-of-date significant data (medium) should be responsible for demagnetization by the special messenger and handle, and the significant data (medium) more than the confidential will in time be destroyed spending secret phase or when passing into disuse.
When (5) the confidential data processing operation finishes, should in time remove on memory, on-line magnetic tape, disk and other medium program and data about operation.
(6) confidential and above secret information memory device must not be incorporated the Internet into.Significant data must not leak, and the input of significant data and modification should be accomplished by the special messenger.The printout of significant data and external memory medium should leave safe place in, and the waste paper that prints should in time be destroyed.
Encryption is meant and adopts the DES symmetric encipherment algorithm to system data, and its concrete steps are following:
Use the Feistel cryptography architecture, with the text block of wherein encrypting in two, use sub-key, will export text then and second half text block is carried out nonequivalence operation half text block application cycle function wherein; Then exchange this two halves text block, this process can continue, but last circulation does not exchange; Use 16 circulations, and adopt XOR, displacement, replacement and four kinds of basic operations of shifting function.
Down in the face of database security is described:
Database security comprises two layers of meaning: ground floor is meant system's security of operation; The threat that system's security of operation receives usually is following: some network lawless persons can't normally start system through approach such as network, local area network (LAN)s through the invasion computer; Or excess load lets loom move big quantity algorithm and closes cpu fan, makes that CPU is overheated destructive activity such as to burn out; The second layer is meant system information safety, and the threat that system safety receives usually is following: the hacker is to Database Intrusion and steal the data of wanting.
In the present invention; Database security is meant takes following measure: the data that need protection in the database and other data are separated by, are adopted authorization rule (like access control methods such as account, password and controls of authority), are stored in database after data are encrypted and adopt oracle database to back up and recover; Because a large amount of video datas is arranged in the data that the present invention need gather; So data volume is very huge; Data quantity stored is also very huge accordingly in the database, is necessary so adopt oracle database to back up with recovering.
RMAN is a kind of special backup tool that Oracle company provides after the Oracle8i version; Can the fulfillment database customization backup, function such as automated back-up; Backup and recovery operation have been simplified; Reduce the complexity and the risk of manual backup, improved the reliability and the restorability of backup operation.It is following to adopt oracle database to back up with the concrete steps of recovering:
1) will be installed in database client by the RMAN backup tool that RMAN command executer, target database and the example, recovery catalogue and medium management storehouse four parts constitute.
2) rationally write DB Backup and recover script, effectively implement the oracle database backup and resume operation.
3) adopt Differential incremental backup mode, backup data quantity is little, memory space requires lower.
4) when the Differential incremental backup that to carry out rank be n, RMAN only can back up the data block of change (incremental backup that is equal to or less than n with the last rank is compared).
5) implement Differential mode RMAN incremental backup strategy, be set on every Sundays, carry out 0 grade data library backup (being equivalent to full backup) Wednesday and the archive log backup.
6) set and to carry out Monday, Tuesday, Thursday, Friday, Saturday 1 grade of incremental backup and archive log backup.
7) send the special messenger that database is managed, data are backed up and safeguard regularly is with the safety of the middle significant data of guaranteeing database.
As shown in Figure 2, second level Intranet is carried out security protection be meant the end to end security mode that adopts;
Be elaborated in the face of second level Intranet safety down:
In the visual information system, because how the diversity and the complexity of image data realize data acquisition by wireless senser, so safety is generally compared in the transmission of enterprises cable network, so potential safety hazard is mainly reflected in the wireless sensor network part.In the radio sensing network; Because influences such as finite energy property, environmental factor and artificial destruction; Radio sensing network node damages easily, and therefore, the visual information system must guarantee that network function does not receive the influence of individual node; And then real-time, fault-tolerance and the robustness of increase system, and prolong network lifetime.
Encryption technology in the computer network mainly adopts kind modes such as link encryption, node encrytion and end to end security.Comprehensive safety property and cost consideration, the present invention adopts end to end security mode (it is to carry out omnidistance a kind of encryption technology of encrypting between source node and terminal note, transmitting each section link that data experienced with each intermediate node).
As shown in Figure 4, adopt the concrete steps of end to end security mode following:
1) source node is encrypted the data that contain control information that transmit;
2) set up a Public key for every pair of node, and the data that comprise node transmission itself between adjacent node are encrypted;
3) when data through the K intermediate node when next node transmits, use the secret key decryption of a pair of node earlier, again with the down secret key encryption of a pair of node, K is 1-N immediately;
4) after the data arrives destination node, decipher again;
5) the end-to-end encryption of the sensor network of enterprises is chosen in transport layer or higher level middle the realization; If being chosen in transport layer encrypts, safety measure is transparent to the user, just needn't independent safety protecting mechanism be provided for each user; If being chosen in application layer encrypts, then the user can select for use different according to the particular requirement of oneself.
As shown in Figure 3, third level data acquisition end is carried out security protection comprise assurance RFID safety, guarantee video safety and guarantee sensor network security.
Security system in the face of third level data acquisition end describes down:
The visual information system need carry out data acquisition if be used in the logistic industry, and these all will be as false proof foundation of tracing to the source.The information that needs to gather comprises video and the logistics data information of gathering through RFID, and these data can be transmitted in enterprises through wireless sensor network.The safety measure that the data acquisition aspect need be taked comprises the safety that guarantees RFID, the safety of video and the safety of sensor network.
After product is sticked two-dimension code,, all need use the RFID technology no matter be that logistics information is write the logistics information on label or the reading tag.The safety of RFID can guarantee the safety and the accuracy of logistics information so, can not become false proof effective information of tracing to the source thereby do not distort.The security threat of modern visual information systems face is changeable, and the strategy of taking should be comprehensive, and scheme relates to authentication, data encryption, based on the security strategy of RFID middleware.
Guarantee that RFID safety comprises:
1) before the label generation transfer of data on read write line and article, takes to verify the legitimacy of both sides' identity based on the safety certification of hash algorithm; Specify as follows:
Because between label and the read write line is radio communication channel, exists more potential security risks, comprise illegally read, eavesdrop, reset, deception etc., therefore must carry out authentication.At first; Be attached to label on the article with before read write line is communicated by letter; Must be sure of that read write line is legal, otherwise the listener-in utilizes the information of illegal read write line in just can reading tag, perhaps illegally follows the tracks of according to label ID; Even revise the information of the inside, bring risk for the visual information system.Simultaneously, read write line must be sure of that also label is legal, and illegal label feed into system through puppet else if, gains read write line by cheating sensitive information is provided, and also will bring loss to the visual information system.
For solving both sides' in data communication identity problems, before communication, must confirm the legitimacy of communicating pair identity, can utilize symmetrical safety certification mode can solve the problem of this aspect.The safety certification that is based on hash that this visual information system takes; Safety certification based on the hash algorithm is that fail safe is than higher safety approach; For adopting this safety certifying method; The hardware that needs to be bought satisfies certain requirement, requires read write line and label can carry out in hash computing, XOR, these functions of generation random number one or several, so when carrying out product purchasing, need note.
2) employing realizes the data encryption transmission based on the A5 algorithm of LFSR stream cipher arithmetic; Specify as follows:
In the RFID of native system, adopt symmetric encipherment algorithm to carry out information encryption.In symmetric encipherment algorithm, select the stream cipher encrypting system.
As shown in Figure 5; The operation principle of stream cipher encrypting system is following: key k (make random element and be a spot of) carries out certain complex calculations (cryptographic algorithm) through the first key stream generator; Thereby produce a large amount of key sequences; Key sequence with binary system expressly sequence carry out computing and obtain secret civilian sequence, thereby be used for encryption to the plaintext bit stream.Deciphering is meant through hidden passageway 1 and produces the key k identical with ciphering process with the second key stream generator, in order to reduction plaintext bit stream.(in decrypting process, having adopted cryptographic algorithm identical and key sequence) with ciphering process
Operation principle by above-mentioned stream cipher system can know that key sequence has determined the fail safe of stream cipher system, and the algorithm that produces key sequence is the key of stream cipher.Key sequence in the practical application utilizes linear shift register (LFSR) to generate mostly, and this is that the speed of service is fast because LFSR is simple in structure.This visual information system has adopted the A5 algorithm based on the stream cipher arithmetic of LFSR; This algorithm is made up of 3 LFSR; Be a kind of cross complaint and clock model that stops walking of integrating, output is the result of these register XOR (XOR) logical operations, is applicable to that this system is used for the encryption to data.
3) adopt based on RFID middleware security strategy; Specify as follows:
Based on the safety of RFID middleware being core to the RFID Data Protection.Read write line conduct and label communicate the underlying hardware with data acquisition, communication interface just, and itself does not have applied logic.How read write line and labels numerous in the system should be operated on earth; Transmit any information; All should be by of the demand unified distribution management of RFID middleware according to upper layer application, the RFID middleware could obtain the result that the user hopes to the corresponding data collection and treatment then.
In authentication protocol, realized following target: label is believed the legitimacy of read write line, the legitimacy that read write line is believed label, the legitimacy of RFID middleware read write line.But because RFID middleware unique position in system; The RFID middleware except and read write line, beyond the database direct communication, also link to each other with different application system; So only realize above-mentioned target not enough, must guarantee the fail safe of communicating by letter between middleware and other application systems.
Employing comprises to read write line authentication and access control, to operating personnel's authentication and access control, to conduct interviews control and use the storage safety standard of upper layer application based on RFID middleware security strategy;
Said read write line authentication and access control are meant: in modern visual information system based on the RFID technology; Each read write line all has its unique read write line ID number, and the scope of the numbering of valid reader, purposes, the label that can visit and the operation that can carry out all are stored in the database as data; Like this when read write line visit middleware, through with database in the data of storing compare the legitimacy of verifying the read write line identity;
Said authentication and access control to operating personnel is meant: in fact not only will verify the legitimacy of read write line identity; In the visual information system its legal operating personnel's of registration ID, its operable read write line ID number and the operational order that can carry out; Thereby the personnel to the operation read write line carry out authentication; The RFID middleware also will be verified message that each read write line sends whether in its working range, and violation operation will not accepted;
Said to upper layer application conduct interviews control be meant: contain individual privacy information and company's confidential information in the label data information of RFID middleware processes.Visit these information and must pass through certain licensing scheme.Because the RFID middleware is handled label information to process through network real-time ground and is sent in the enterprise information system.So must limit the access rights of upper layer application user to data, the user can only visit to one's name relevant RFID data or system's shared data of article, the private data that can not visit other people.
To upper layer application conduct interviews control carry out according to following rule: the owner of cargo has administrative power and access right to the RFID data of its goods; Other user's acquiescence does not have access right to these information; Have only the mandate through the owner of cargo, other user just can visit the owner of cargo's RFID information; Use the communication mode of encrypting between the user of RFID middleware and upper layer application; For the RFID middleware and the user that link to each other through Internet, the technology of socket layer safe in utilization (SSL) is to guarantee that user profile is not by person's intercepting and capturing or reading without permission;
Said use storage safety standard is meant: the realization of a lot of functions of RFID middleware all needs the support of background data base, therefore when storage, need consider the confidentiality issue of data.Because consider in practical application; The capacity of label and read write line, computing capability are all limited, thus the storage principle be as far as possible with storage in background data base, the just logistics information of article of label the inside storage; The for example attribute of product, state and physical environment parameter (temperature, humidity etc.); Other data will be placed in the database (to be set up related with master data), in the time of other data of needs, obtains to visit the right of these data through the authentication mechanism of tag read-write equipment.
Said assurance video safety is meant: in based on encryption method H.264, choose entropy coding and carry out video compression and encryption.Specify as follows:
After video collect, carry out video compression and encryption through encoder.In based on encryption method H.264, choose entropy coding and carry out the video compression encryption.Reason such as following table based on H.264 AES comparison and selective entropy coding:
Table 2H.264 video-encryption algorithm classification and performance are relatively
From table, can find that the fail safe of entropy coding is higher, enciphering rate is fast, and is little to the compression influence of video, and data are had operability.For the visual information system; Because visual is an one of which important characteristic; So the video data that needs to gather is a magnanimity, so enciphering rate must be fast, and must be little to the compression influence; Take all factors into consideration, the video-encryption of entropy coding is best suited for the visual information system.
Saidly guarantee that sensor network security comprises adopt maintaining secrecy and protect with authentication measures with to media access control layer.
Said employing is maintained secrecy and is comprised the shared key of foundation and adopt the uTESLA agreement with authentication measures.
Following to setting up the explanation of sharing key: two sensor nodes will be set up and maintain secrecy and the authentication link, need set up a shared key.Through the authentication between information encryption and node, the information flow that guarantees whole system is in the border of a sealing that is made up of encryption technology, thereby makes malicious persons can not revise, eavesdrop and make information wherein.
Adopt the explanation of uTESLA agreement following: concerning many sensor network protocols, broadcasting and multicast are absolutely necessary.In broadcasting and multicast, the uTESLA agreement of using Purring to propose under time synchronized condition loose between the supposition sensor node, provides safe broadcast authentication.The uTESLA basic thought is to adopt the method for Hash chain to generate key chain in the base station, and each node is preserved last key of key chain in advance as authentication information; It is loose synchronous that whole network need keep, and the secret key encryption message authentication code (MAC) on the key chain is used successively by the period in the base station, and announces this key in next period; The key that node comes authentication to announce through authentication information, and checking message authentication code.This scheme is used symmetric key algorithm and is realized safe multicasting, can satisfy the requirement of the resource-constrained particular surroundings of wireless sensor network.
Explanation to media access control layer (MAC) protects is following:
The availability of wireless sensor network is meant that sensor network can both move in whole life, promptly guarantee the stability of the operation of sensor network, can resist network attack.Deny that service (DOS) attack usually causes losing of availability.Dos attack exists in data link layer or medium access control (MAC) layer usually; In some mac-layer protocol, use the method for carrier sense to come to coordinate to use channel with adjacent node; When channel confliction took place, node used the binary value index algorithm that falls back to confirm to resend opportunity of data.The conflict that the assailant only need produce a byte just can destroy the transmission of whole packet.The method that solves is exactly that speed limit is carried out in the access control of MAC, and network is ignored too much request automatically, thereby needn't all reply for each request, saves the expense of communication.
The present invention assembles as a whole framework with the technology of these aspects such as the safety of the safety of information system, Internet of Things and video-encryption.And this is an importance that is different from existing technical scheme.The security system of visual information system is more pointed.
Claims (9)
1. the method that the visual information system is carried out security protection is characterized in that, comprises first order Surveillance center is carried out security protection, second level Intranet is carried out security protection and third level data acquisition end is carried out security protection;
First order Surveillance center is carried out security protection to be comprised database security is encrypted and made to system data;
Second level Intranet is carried out security protection be meant the end to end security mode that adopts;
Third level data acquisition end is carried out security protection to be comprised assurance RFID safety, guarantee video safety and guarantees sensor network security.
2. a kind of method of the visual information system being carried out security protection according to claim 1; It is characterized in that; Said system data is encrypted is meant employing DES symmetric encipherment algorithm, and its concrete steps are following: use the Feistel cryptography architecture, with the text block of wherein encrypting in two; Use sub-key to half text block application cycle function wherein, will export text then and second half text block is carried out nonequivalence operation; Then exchange this two halves text block, this process can continue, but last circulation does not exchange; Use 16 circulations, and adopt XOR, displacement, replacement and four kinds of basic operations of shifting function;
Saidly database security is meant take following measure: the data that need protection in the database and other data are separated by, are adopted authorization rule, are stored in database after data are encrypted and adopt oracle database to back up and recover.
3. a kind of method that the visual information system is carried out security protection according to claim 1 is characterized in that, the concrete steps of said employing end to end security mode are following:
1) source node is encrypted the data that contain control information that transmit;
2) set up a Public key for every pair of node, and the data that comprise node transmission itself between adjacent node are encrypted;
3) when data through the K intermediate node when next node transmits, use the secret key decryption of a pair of node earlier, again with the down secret key encryption of a pair of node, K is 1-N immediately;
4) after the data arrives destination node, decipher again;
5) the end-to-end encryption of the sensor network of enterprises is chosen in transport layer or the application layer and realizes.
4. a kind of method that the visual information system is carried out security protection according to claim 1 is characterized in that, said assurance RFID safety comprises:
1) before the label generation transfer of data on read write line and article, takes to verify the legitimacy of both sides' identity based on the safety certification of hash algorithm;
2) employing realizes the data encryption transmission based on the A5 algorithm of LFSR stream cipher arithmetic;
3) adopt based on RFID middleware security strategy.
5. a kind of method of the visual information system being carried out security protection according to claim 4; It is characterized in that said employing comprises to read write line authentication and access control, to operating personnel's authentication and access control, to conduct interviews control and use the storage safety standard of upper layer application based on RFID middleware security strategy.
6. a kind of method of the visual information system being carried out security protection according to claim 5; It is characterized in that; Said read write line authentication and access control are meant: each read write line all has its unique read write line ID number, and the scope of the numbering of valid reader, purposes, the label that can visit and the operation that can carry out all are stored in the database as data; Like this when read write line visit middleware, through with database in the data of storing compare the legitimacy of verifying the read write line identity;
Said authentication and access control to operating personnel is meant: in the visual information system its legal operating personnel's of registration ID, its operable read write line ID number and the operational order that can carry out; Thereby the personnel to the operation read write line carry out authentication; The RFID middleware also will be verified message that each read write line sends whether in its working range, and violation operation will not accepted;
Said the control that conducts interviews is meant to upper layer application: the owner of cargo has administrative power and access right to the RFID data of its goods, and other user acquiescence does not have access right to these information, has only the mandate through the owner of cargo, and other user just can visit the owner of cargo's RFID information; Use the communication mode of encrypting between the user of RFID middleware and upper layer application; For the RFID middleware and the user that link to each other through Internet, the technology of socket layer safe in utilization is to guarantee that user profile is not by person's intercepting and capturing or reading without permission;
Said use storage safety standard is meant: in the just logistics information of article of label the inside storage, other data will be placed in the database, in the time of other data of needs, obtain to visit the right of these data through the authentication mechanism of tag read-write equipment.
7. a kind of method that the visual information system is carried out security protection according to claim 1 is characterized in that, said assurance video safety is meant: in based on encryption method H.264, choose entropy coding and carry out video compression and encryption.
8. a kind of method that the visual information system is carried out security protection according to claim 1 is characterized in that, saidly guarantees that sensor network security comprises adopt maintaining secrecy and protects with authentication measures with to media access control layer.
9. a kind of method that the visual information system is carried out security protection according to claim 8 is characterized in that, said employing is maintained secrecy and comprised the shared key of foundation and adopt the uTESLA agreement with authentication measures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110400275.0A CN102571754B (en) | 2011-12-05 | 2011-12-05 | Method for protecting security of visualized information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110400275.0A CN102571754B (en) | 2011-12-05 | 2011-12-05 | Method for protecting security of visualized information system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571754A true CN102571754A (en) | 2012-07-11 |
| CN102571754B CN102571754B (en) | 2014-11-19 |
Family
ID=46416234
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110400275.0A Expired - Fee Related CN102571754B (en) | 2011-12-05 | 2011-12-05 | Method for protecting security of visualized information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571754B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103905469A (en) * | 2014-04-30 | 2014-07-02 | 电子科技大学 | Safety control system and method applied to smart power grid wireless sensor network and cloud computing |
| CN104639543A (en) * | 2015-01-29 | 2015-05-20 | 南京三宝科技股份有限公司 | Method for checking legality of collected data of sensor based on radio frequency identification tag ID (identity) |
| CN106447143A (en) * | 2015-08-06 | 2017-02-22 | 宁波福玛特金属制品实业有限公司 | Intelligent material evidence management system |
| CN106998475A (en) * | 2017-03-24 | 2017-08-01 | 浙江宇视科技有限公司 | Video transmission path tracking and device |
| CN107908574A (en) * | 2017-11-22 | 2018-04-13 | 深圳华中科技大学研究院 | The method for security protection of solid-state disk data storage |
| CN108345801A (en) * | 2018-02-09 | 2018-07-31 | 南京邮电大学 | A kind of middleware dynamic user authentication method and system towards ciphertext database |
| CN111563274A (en) * | 2020-04-30 | 2020-08-21 | 城云科技(中国)有限公司 | Security guarantee system based on government affair big data |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109873696A (en) * | 2019-01-18 | 2019-06-11 | 天津大学 | It is a kind of to be able to achieve the video encryption method for distorting frame alignment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101943905A (en) * | 2010-09-08 | 2011-01-12 | 云南大红山管道有限公司 | Network-based dangerous source area remote safety monitoring system |
| CN201898525U (en) * | 2010-08-24 | 2011-07-13 | 北京兵港科技发展有限公司 | IOT (Internet of Things) network architecture with safety system |
| CN102147597A (en) * | 2010-02-10 | 2011-08-10 | 广州大学 | Health monitoring system for structures of great building and bridge |
-
2011
- 2011-12-05 CN CN201110400275.0A patent/CN102571754B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102147597A (en) * | 2010-02-10 | 2011-08-10 | 广州大学 | Health monitoring system for structures of great building and bridge |
| CN201898525U (en) * | 2010-08-24 | 2011-07-13 | 北京兵港科技发展有限公司 | IOT (Internet of Things) network architecture with safety system |
| CN101943905A (en) * | 2010-09-08 | 2011-01-12 | 云南大红山管道有限公司 | Network-based dangerous source area remote safety monitoring system |
Non-Patent Citations (1)
| Title |
|---|
| 杨彦: "《VEMIS系统在企业安全管理中的应用》", 《铁路节能环保与安全卫生》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103905469A (en) * | 2014-04-30 | 2014-07-02 | 电子科技大学 | Safety control system and method applied to smart power grid wireless sensor network and cloud computing |
| CN103905469B (en) * | 2014-04-30 | 2017-01-04 | 电子科技大学 | It is applied to intelligent grid radio sensing network and the safety control system of cloud computing and method |
| CN104639543A (en) * | 2015-01-29 | 2015-05-20 | 南京三宝科技股份有限公司 | Method for checking legality of collected data of sensor based on radio frequency identification tag ID (identity) |
| CN106447143A (en) * | 2015-08-06 | 2017-02-22 | 宁波福玛特金属制品实业有限公司 | Intelligent material evidence management system |
| CN106998475A (en) * | 2017-03-24 | 2017-08-01 | 浙江宇视科技有限公司 | Video transmission path tracking and device |
| CN106998475B (en) * | 2017-03-24 | 2019-11-05 | 浙江宇视科技有限公司 | Video transmission path tracking and device |
| CN107908574A (en) * | 2017-11-22 | 2018-04-13 | 深圳华中科技大学研究院 | The method for security protection of solid-state disk data storage |
| CN107908574B (en) * | 2017-11-22 | 2021-09-10 | 深圳华中科技大学研究院 | Safety protection method for solid-state disk data storage |
| CN108345801A (en) * | 2018-02-09 | 2018-07-31 | 南京邮电大学 | A kind of middleware dynamic user authentication method and system towards ciphertext database |
| CN108345801B (en) * | 2018-02-09 | 2021-09-28 | 南京邮电大学 | Ciphertext database-oriented middleware dynamic user authentication method and system |
| CN111563274A (en) * | 2020-04-30 | 2020-08-21 | 城云科技(中国)有限公司 | Security guarantee system based on government affair big data |
| CN111563274B (en) * | 2020-04-30 | 2021-04-23 | 城云科技(中国)有限公司 | Security guarantee system based on government affair big data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571754B (en) | 2014-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102571754B (en) | Method for protecting security of visualized information system | |
| Xiaohui | Study on security problems and key technologies of the internet of things | |
| CN102036231B (en) | Network architecture security system for Internet of Things and security method thereof | |
| CN101882197B (en) | RFID (Radio Frequency Identification Device) inquiring-response safety certificate method based on grading key | |
| CN102394753A (en) | RFID (Radio Frequency Identification Device) mutual authentication method based on secret key and cache mechanism | |
| CN101980241B (en) | Method, system and device for authenticating radio frequency tag | |
| CN109376543A (en) | A kind of database encryption method based on aes algorithm | |
| CN108537537A (en) | A kind of safe and reliable digital cash Wallet System | |
| CN102984125B (en) | A kind of system and method for Mobile data isolation | |
| CN114254269B (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| CN102904723B (en) | Privacy protection method of radio frequency identification device (RFID) system | |
| Vashisht et al. | Security and privacy issues in IoT systems using blockchain | |
| Evsutin et al. | Algorithm for embedding digital watermarks in wireless sensor networks data with control of embedding distortions | |
| Kim et al. | Single tag sharing scheme for multiple-object RFID applications | |
| CN110492992A (en) | A kind of data encryption and transmission method based on radio RF recognition technology | |
| Mahinderjit-Singh et al. | Trust in RFID-enabled supply-chain management | |
| CN105406971A (en) | RFID security authentication method for intelligent electricity consumption information collection system terminal | |
| Peng et al. | A hybrid encryption algorithm in the application of equipment information management based on Internet of things | |
| Phommasan et al. | Research on Internet of Things Privacy Security and Coping Strategies | |
| Singh et al. | Various Attacks and their Countermeasure on all Layers of RFID System | |
| Tian et al. | UHF RFID Information Security Transmission Technology and Application Based on Domestic Cryptographic Algorithm | |
| Sanaullah et al. | Information Security Challenges in the Internet of Things (IoT) Ecosystem | |
| Chen et al. | Construction of the enterprise-level RFID security and privacy management using role-based key management | |
| JP2005151004A (en) | Radio tag privacy protection method, radio tag device, security server, program for radio tag device, and program for security server | |
| Du et al. | A safe radio frequency identification system (RFID) authentication protocol for Internet of Things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141119 Termination date: 20151205 |
|
| EXPY | Termination of patent right or utility model |