CN105516204A - Method for high-security network data storage - Google Patents
Method for high-security network data storage Download PDFInfo
- Publication number
- CN105516204A CN105516204A CN201610055626.1A CN201610055626A CN105516204A CN 105516204 A CN105516204 A CN 105516204A CN 201610055626 A CN201610055626 A CN 201610055626A CN 105516204 A CN105516204 A CN 105516204A
- Authority
- CN
- China
- Prior art keywords
- data
- block
- check code
- file
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method for high-security network data storage and belongs to the technical field of network security. According to the method, encryption is performed on random keys for encryption and acquired network data on the basis of an encryption technology of combining an asymmetric key and a symmetric key so as to guarantee data security, network flow data is stored in a block encryption storage mode through the SPCAP storage format; by verification of a data block and full text, data is prevented from being tampered, and data integrity and correctness are guaranteed. Compared with the prior art, according to the method, the problems that in a current network package real-time capture storage method, user data is leaked easily when data plaintext storage is performed and stored files can be tampered and cannot be perceived after being tampered are solved effectively, and the requirements for high security, non-repudiation and real-time performance of network flow collection are met.
Description
Technical field
The invention belongs to technical field of network security, relate to a kind of method that real-time storage captures network data flow, particularly a kind of have fail safe and anti-tamper network packet storage means based on symmetrical and asymmet-ric encryption method and verify calculation.
Background technology
The Internet is as the maximum information centre in the whole world, and network node spreads all over the world.The Internet brings people communication way and resource acquisition efficiently easily, but grow rapidly along with network and develop, many network securitys and problem of management also produce thereupon, and the solution of these problems needs the flow information in collection network.
Information required for these comes from the network packet of actual transmissions in network usually, by catching these data in a network, can analyze after storage to it.But the packet that existing method gets is stored in clear, cannot ensure the confidentiality of data, easily be revealed, data can not be prevented to be tampered simultaneously, therefore, there is very large hidden danger in the fail safe that data store.
Present existing network packet storage means mainly collection network data is also directly saved in PCAP formatted file, and concrete grammar is, first creates the file of a PCAP form, for storing the packet information of catching; Afterwards, often catch a packet, store the header packet information comprising timestamp and packet length, and packet content is expressly deposited in PCAP file.Another method is collection network data and is stored in next generation PC AP formatted file, concrete grammar is, the institutional framework of PCAP file is changed to and becomes file by dissimilar block (Block) according to certain regular weaves, improve mainly for extensibility, portability and merging and additional data three aspect.But for the fail safe of packet and the reliability of data, these two kinds of methods not clear and definite measure ensure, cannot ensure that data are what not to be tampered, also cannot guarantee data security and do not revealed.
The present invention relates to a kind of packet with fail safe to catch in real time and processing method, provide a kind of storage format reliably, prevent leaking data and data to be tampered, ensure confidentiality and the non-repudiation (non repudiation) of data.The high security network date storage method proposed relates generally to following two problems:
(1) storage is encrypted to the packet of catching in real time, ensures the confidentiality of data;
(2) method stored by block stores packet, forms the method for calibration of associating multiple pieces, ensures the non-repudiation of data, prevents data to be tampered.
Summary of the invention
The object of the invention is the safety defect in order to overcome data with existing bag storage means, information is caused easily to be revealed to solve existing method in the data clear text storage carrying out network data Packet capturing and exist in storing, and the storage content of packet can by without defects such as distorting of discovering, propose a kind ofly to carry out the method for safe storage to capture-data bag in network, i.e. a kind of high security network date storage method.
Thought of the present invention being the encryption technology that combines based on unsymmetrical key and symmetric key to the keyword for verifying, being encrypted thus improving the fail safe of data for the random key encrypted and the data captured, carrying out verification to the packet content of piecemeal storage prevents data to be tampered, thus meets high security and the non repudiation requirement of network traffics collection.
Based on the real-time encrypted storage means of network data being encrypted and verifying anti-tamper high security non repudiation to the packet of catching in network, its basic implementation process is as follows:
The present invention is divided into two parts, and Part I is network data storing process, i.e. ciphering process, and Part II is network data processing process, i.e. decrypting process;
Part I network data storing process, i.e. ciphering process, concrete steps are as follows:
Step 1, creates an empty file and is used for the network data after storage encryption and required keyword as PKI, random key; Arrange the buffering area being used for storing data clear text, its size is for can receive maximum data packet quantity N;
Step 2, using the PKI that uses in ciphering process as keyword stored in file;
In ciphering process, PKI is open, is used for encrypted random keys keyword; In decrypting process, have corresponding private key, for user is privately owned, be used for decrypted random key and check code keyword, thus obtain random key, for decryption network packet and checking data.
Step 3, obtains random key, is used for encrypting the network packet of catching in real time; Random key is stored hereof as keyword after public key encryption;
Random key is generated, for encrypting the network packet of catching in real time by timestamp during beginning capture-data and hardware information such as mac address; Using random key as keyword by public key encryption, store hereof.
Step 4, by catching the packet number that a bag number variable Counter real-time statistics captures, and in strict accordance with order stored in clear in buffering area, until the maximum quantity N that the quantity of catching bag is a buffering area can be deposited or user stop terminating current procedures when catching;
Data now in this buffering area as a data block (Section) for follow-up encryption or verification.Record precise time stamp (timestamps) when first bag and last bag are captured in this buffering area simultaneously, record the size (SectionLength) of whole data block, facilitate the operation needing to skip whole data block during follow-up reading file, total number (Counter) of bag caught in record, be generally N number of, if user stops not filling up buffering area when catching, then record current bag number.By total number of the size of data block, precise time stamp, bag in order stored in file.
Step 5, calculates keyword in this data block according to the clear data in the data block that step 4 gets: the value of this block check code Check_Section and in full check code Check_ALL, is stored in file.
Concrete grammar is, calculates the check code (Check_Section) of this blocks of data of verification, be stored in file according to the data clear text in block, is used for verifying at decrypting process the correctness of packet in this data block.The full text check code Check_ALL of current data block is calculated by this block check code Check_Section of packet in the full text check code Check_ALL of previous data block and current data block; If current data block is first data block, then only calculates according to this block check code Check_Section of current data block, be stored in file.
Step 6, the clear data in the data block get step 4, uses random key encryption and the data sequence after encryption is stored in the position after this block check code and full text check code keyword.
By the end of this step, a complete data block, comprises data block size, and precise time stabs, and block catches bag number, this block check code, the network data in full after check code and encryption, just by full storage hereof.
Step 7, as judged, user does not stop capture-data, then reseting Counter is 0, gets back to step 4 and continues to catch and encrypted stored data; Otherwise terminate to catch and storing step.
Part II network data processing process, i.e. decrypting process, step is as follows:
Step 8, user, when file reading, first needs to decipher random key keyword with corresponding private key, obtains random key;
Step 9, random key is used to be decrypted all data blocks, by recalculating this block check code new and new check code in full of obtaining each data block, and verify integrality and the correctness of data in individual data block and whole file with the contrast of original checksums code, if by the end of the new full text check code of certain block and original full text check code inconsistent, then all pieces before this block do not occur to lose and out of order; If this block check code new recalculated after data decryption and original block check code inconsistent, then the data of this block and initial data inconsistent.
Beneficial effect
The inventive method, contrast prior art, effectively can solve current network bag to catch in storage means data clear text in real time and store and easily reveal user data, storage file can be distorted, the problem cannot discovered after distorting, and reasonably store all keywords and encrypt data by this new storage format of SPCAP, pass through asymmetric cryptography data, the method of asymmetric encryption keyword ensures the fail safe of data, data are prevented to be tampered by the method for data being carried out to calculation check code, ensure that the non repudiation of storage file, by ensure that real-time to data block storage.
Accompanying drawing explanation
Fig. 1 is a kind of high security network date storage method (ciphering process) schematic flow sheet of the embodiment of the present invention.
Fig. 2 is a kind of high security network date storage method (decrypting process) schematic flow sheet of the embodiment of the present invention.
Fig. 3 is SPCAP form overall structure schematic diagram.
Fig. 4 is SPCAP form SPCAPHeader structural representation.
Fig. 5 is SPCAP formatted data block build part-structure schematic diagram.
Embodiment
For making the object of invention, technical scheme and advantage clearly, below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.The present embodiment is implemented premised on technical solution of the present invention, gives detailed embodiment and specific operation process, but protection scope of the present invention is not limited to following embodiment.
The present invention is a kind of network data real-time storage method based on being encrypted and verifying anti-tamper high security non repudiation to capture-data bag in network, its concrete steps are divided into two parts, Figure 1 shows that Part I, network data storing process (ciphering process), Figure 2 shows that Part II, network data processing process (decrypting process).
The concrete steps of Part I network data storing process (ciphering process) comprising:
Step 1, creates an empty file and is used for the network data after storage encryption and comprise the keyword of PKI, random key and check code, described network data with block (Section) for unit stores.
Arrange this file in the present embodiment to be made up of file header and data content two parts, file header is used for storage key, and data division is used for storing the network packet captured; File header at least comprises PKI, random key binomial, data content portion stores data by dividing multiple data block, each data block is divided into build and blocks of data two parts, build part is used for the keywords such as the check code storing each data block, and blocks of data part is used for storing the network packet after the encryption captured.Arranging the receivable maximum data packet quantity of each block buffer is N, and the maximum quantity namely can preserving bag in each blocks of data is N.
In order to support the storage of data and key data in the present invention, the present invention uses a kind of file of SPCAP form as data storage file type, those skilled in the art will know that, this is not unique type, according to its principle, can also propose any SPCAP formatted file that other improves, the SPCAP file format used in the present invention specifically describes as follows:
(1) overall structure of SPCAP form as shown in Figure 3.SPCAP file is made up of SPCAP file header (SPCAPHeader) and several data blocks.File header identifies this article part and deposits related keyword information.Each data block comprises the data of N number of packet (Packet), and be divided into build (SectionHeader) and blocks of data (SectionData) two parts, build part for depositing the keyword message about this data block portions, the packet of catching after blocks of data part deposits encryption.
(2) primary structure of SPCAP file header part is as shown in Figure 4, considers the extensibility of this structure, sets 8 contents that it comprises PKI, random key, specific as follows:
Flag bit (magic): be SPCAP file for identifying this file, length is 4Bytes;
Version number: for identifying the version of this SPCAP file, comprise major version number (version_major) and minor version number (version_minor) two contents, data length is 2Bytes;
The time that zone time (thiszone) and precise time stamp (sigfigs) create for log file, data length is 4Bytes;
Individual data bag maximum length (snaplen): for setting the maximum number of byte of the individual data bag captured, data length is 4Bytes, can catch the bag of all length when settings are 65535;
Link layer type (linktype): for identifying the type of link layer, the type is determined by the link layer packet header of packet, and data length is 4Bytes;
PKI plaintext (Public_Key): for depositing PKI expressly, PKI is expressly used for encrypted random keys, and data length depends on the concrete length of PKI;
Random key ciphertext (Random_Key_Encrypted): for depositing the random key after by public key encryption.Random key is generated at random automatically by system, is used for encrypting the packet of catching, and data length depends on the concrete length of the random key after encryption.
(3) primary structure of build (SectionHeader) part as shown in Figure 5.Set five contents that it comprises check code, specific as follows:
Data block size (SectionLength): for depositing the memory word joint number of current data block, conveniently skip this data block when searching packet, data length is 4Bytes;
Precise time stamp (sigfigs): the time of advent for recording first bag in this Section is convenient to the packet selected in certain hour section and processes, and data length is 4Bytes;
Capture-data bag number (Counter): for recording the number of packet (Packet) in this data block, data length is 4Bytes.
This block check code (Check_Section) of data block: for depositing the check code of this blocks of data, whether be tampered to verify this blocks of data partial content when usage data, data length depends on the check code length that specific algorithm generates;
The full text check code (Check_All) of cut-off current data block: generated to the check code in all data blocks (comprising current data block) of current data block by cut-off, this value is for verifying correctness and the integrality of file contents all till this data block, and data length depends on the check code length that specific algorithm generates;
(4) blocks of data (SectionData) part is dark parts in Fig. 5.
Dark parts represents that this position data is encrypted.Suppose N=100, namely 100 packets are deposited at most in a data block, if the capture-data bag number in a block Sectionn reaches 100, show that this data block is full, then create next block Sectionn+1 and continue to deposit the bag data of next catching.If a data block less than time interrupt trap bag operation, so direct by the packet number statistics that captures stored in current block head part, and stop catching.
In the present embodiment, network data being carried out in units of data block real-time encrypted storage is that not only efficiency is low finally to carry out data encryption at file, is also unfavorable for that part is deciphered, fetching portion data because usually very huge by the data volume of network acquisition.The method of this piecemeal supports " real-time " feature proposed by the invention.
Step 2, using the PKI that uses in ciphering process as keyword stored in file.
PKI is open, is used for encrypted random keys keyword.Private key is that user is privately owned, is used for decrypted random key for decryption network packet.Adopt asymmetric encryption techniques to carry out encryption and decryption to random key herein, not only there is high security, as long as the private key that user holds is not leaked, just can ensure the fail safe of random key keyword; And there is PKI can random disclosed convenience.
Step 3, generates random key, is used for encrypting the network packet of catching in real time, stores after random key encryption hereof with PKI.
By timestamp during beginning capture-data and hardware information, as MAC Address generates random key, for encrypting real-time traffic data.Random key is stored hereof as keyword by after public key encryption.
In this example, be 14488520086928419CD21E41EA3F by the random key produced that the precise time obtained when starting capture-data stamp 1448852008.692841 and the MAC Address 9CD21E41EA3F of the machine are combined, do not limit the acquisition methods of random key herein, it both can be default, also can be stochastic generation, certain stochastic generation also can adopt any one Random Generation.
Use the public key encryption random key keyword preserved in step 2.
Step 4, by catching the packet number that bag number variable (Counter) real-time statistics captures, and it is temporary expressly to buffering area in strict accordance with order, when meeting buffer memory termination condition, calculate this block check code of data in buffering area, calculate the full text check code of current data block in conjunction with the full text check code of this block check code and previous data block and use random key to obtain enciphered data by cryptographic algorithm encrypted buffer district data, three is appended in file and emptying buffer as a data block; Repeat step 4, until catching of packet is terminated, now close file.
Described buffer memory termination condition is that buffering area is full, and the packet that namely buffering area stores reaches maximum quantity N or user stops catching of packet.
The calculating of check code can use existing any one can calculate the data summarization algorithm of its check code according to one section of data-oriented, as MD5, SHA etc.; MD5 algorithm is used in the present embodiment.What adopt can be the same or different for the data summarization algorithm calculating this block check code and full text check code.
SPCAP form described in integrating step one, adding of data block is completed by following process:
1, each element content in SPCAPHeader is set and stores;
Store default flag bit (magic) information successively, the version number information that major version number (version_major) and minor version number (version_minor) form, current region time (thiszone) and precise time stamp (sigfigs) information, packet maximum length (snaplen) information, link layer type (linktype) information, PKI is (Public_Key) information and random key (Random_Key_Encrypted) information after encrypting that uses public-key expressly.
2, at the end of each buffer memory, setting data block message also stores;
Obtain the number of packet in precise time stamp when this block first packet arrives, buffering area, the length of enciphered data, the check code of buffering area clear data and check code in full, and using the data sequence that is made up of above keyword as build part;
Using enciphered data as blocks of data part;
Both build part and blocks of data part are appended to current file afterbody as a data block jointly;
Emptying buffer, repeats step 4.
In the present embodiment, plaintext temporarily storage can effectively be avoided leaking data in the buffer and is tampered the security risk brought.
Preferably, time data cached, arrange a counting variable and be used for adding up in current buffer the packet number stored, often catch a new packet, counting variable quantity adds 1.If user does not stop catching, then counting variable value and buffering area can the value of maximum preservation bag quantity consistent; If user stops not filling up buffering area when catching, the value of counting variable is then the number-of-packet of current storage, and current block capture-data bag number is then the value of counting variable.
In this example, use SPCAP formatted file stores packet, and the key position that build part is corresponding is preserved the number of packet in precise time stamp when first bag is captured in this buffering area, buffering area, the length of enciphered data, the check code of buffering area clear data and full text check code.
2 check codes are stored: this block check code and in full check code in the present embodiment, be respectively used to the full text verification of current block School Affairs till current block, this is because: because flow memory space is usually very large, adopt block-by-block storage mode effectively can reduce the mortality of large files storage, and when storing the uncertain destruction of generation, the data integrity judgement of each data block can be carried out according to this block check code, verify data in this data block and whether be modified or destroy; Whether there is lost block according to full text check code to all data by current data block in file and out of orderly to verify, thus ensureing the integrality by all data of current data block in each data block data and file.The acquisition methods of this block check code and in full check code is as follows:
According to the data clear text in buffering area, calculated the check code of these data by digest algorithm, obtain this block check code;
The full text check code of previous data block and this block check code of current data block is used to calculate the full text check code (if current data block is first block, then only calculating according to this block check yardage of current data block) of current data block by digest algorithm.
The acquisition of this block check code and in full check code is not limited to said process, as long as it can be respectively used to current block and data completeness check in full.
In conjunction with symmetric cryptosystem and asymmetric encryption techniques, storage is encrypted to the network flow data of catching in the present embodiment, instead of simple use a kind of encryption technology be because: on the one hand, symmetric cryptosystem is faster compared to asymmetric encryption techniques encryption/decryption speed, on the other hand, asymmetric encryption techniques adopts different encryption and decryption keys, more safer than symmetric cryptosystem in practice.Specifically, from performance perspective, for the network flow data of large quantity, use symmetric cryptography more suitable; But symmetric encipherment algorithm uses same key when encrypt and decrypt, Key Exposure risk and the harm brought will significantly increase; therefore asymmetric encryption techniques is adopted, by the key of encryption and decryption separately, public encipherment key; only protect decruption key, significantly promote the fail safe of data.Therefore, Bindery security and arithmetic speed two aspect are considered, adopt symmetric cryptosystem to utilize random key to carry out large data encryption, use asymmetric encryption techniques to be encrypted protection to this random key, effectively can solve the problem of fail safe and performance balance.
The concrete steps of Part II network data processing process (decrypting process) comprising:
Step 5, user, when file reading, first needs to decipher random key keyword with corresponding private key, obtains random key.
Step 6, random key is used to be decrypted current data block, by recalculating this block check code new and new check code in full of obtaining each data block, and verify integrality and the correctness of data in individual data block and whole file with the contrast of original checksums code.
Use random key to be decrypted all data blocks and the process of its integrality and correctness of verifying is as follows, be divided into twice traversal:
First time travels through, and obtains original block check code (Check_Section_Old) and the original full text check code (Check_All_Old) of each data block;
To each data block, original block check code of use current block and the new full text check code of previous piece calculate the new full text check code (Check_All_new) of current block, when current data block is first data block in file, original block check yardage is only used to calculate its new full text check code;
To each data block, judge original full text check code and new whether check code is consistent in full, as inconsistent, then by the end of last piece of current block, in file, the order of block and quantity are correct.This time traversal is quick ergodic process, the content in process in non-decrypting data block, only for judging that whether blocks of files is complete and order is correct.
Second time traversal, uses random key to be decrypted each blocks of data and obtains data clear text (Data), calculate its new block check code (Check_Section_New) according to data clear text;
Judge that in each data block, whether original block check code be consistent with new this block check code, as inconsistent, then this data block is destroyed, and continues process subsequent data chunk; Otherwise data are not modified and damage.
Conclusion
The present invention carries out data encryption storage primarily of SPCAP file (the present invention incidentally proposes) and reads SPCAP file and checking data integrity two parts composition.By arranging PKI, private key and random key and use symmetric cryptosystem and asymmetric encryption techniques to ensure the fail safe of data simultaneously, the full text check code be associated by the check code and whole document calculating individual data block ensures the integrality of whole file.To data be encrypted store mainly through random key to the clear data cryptographic storage read, prevent leaking data; By the random key keyword in public key encryption file header part, ensure the fail safe of keyword, prevent keyword from revealing and cause random key to reveal; The random key crossed by public key encryption is deciphered, by random key decrypted packet data to the deciphering of data mainly through private key; The data of high safety store by above process implementation.
Since then, the network packet real-time storage with fail safe and non repudiation based on symmetric cryptography, asymmetric encryption and method of calibration and data processing is just completed.
Drawings describe embodiments of the present invention although combine, to those skilled in the art, under the premise without departing from the principles of the invention, can also make some improvement, these also should be considered as belonging to protection scope of the present invention.
Claims (7)
1. a high security network date storage method, is characterized in that, comprises network data storing process and network data processing process; The concrete treatment step of network data storing process is as follows:
Step 1, create an empty file file and be used for the network data after storage encryption and required keyword as PKI, random key; Arrange the buffering area being used for storing data clear text, its size is for can receive maximum data packet quantity N;
Step 2, using the PKI that uses in ciphering process as keyword stored in file;
Step 3, acquisition random key, be used for encrypting the network packet of catching in real time; Random key is stored in file as keyword after public key encryption;
Step 4, by catching the packet number that bag number variable Counter real-time statistics captures, and in strict accordance with order stored in clear in buffering area, until reach buffer memory termination condition;
Step 5, calculates keyword in this data block according to the clear data in the data block that step 4 gets: the value of this block check code Check_Section and in full check code Check_ALL, is stored in file;
Step 6, the clear data in the data block get step 4, uses random key encryption and the data sequence after encryption is stored in this block check code in file and the position in full after check code keyword.
Step 7, as judged, user does not stop capture-data, then reseting Counter is 0, gets back to step 4 and continues to catch and encrypted stored data; Otherwise terminate to catch and storing step;
The concrete treatment step of network data processing process is as follows:
Step 8, user, when file reading, first needs to decipher random key keyword with corresponding private key, obtains random key;
Step 9, random key is used to be decrypted all data blocks, by recalculating this block check code new and new check code in full of obtaining each data block, and verify integrality and the correctness of data in individual data block and whole file with the contrast of original checksums code, if by the end of the new full text check code of certain block and original full text check code inconsistent, then all pieces before this block do not occur to lose and out of order; If this block check code new recalculated after data decryption and original block check code inconsistent, then the data of this block and initial data inconsistent.
2. a kind of high security network date storage method according to claim 1, it is characterized in that: keyword described in step 1 also comprises version number that flag bit, major version number and minor version number form, zone time and precise time stamp, packet maximum length, supplementary that link layer type 5 is relevant in full to file, and data block timestamp, the number of packet, enciphered data length 3 supplementary relevant to data block;
Described flag bit is for identifying this file type;
Described version number is for identifying the version of this file;
Described zone time and precise time stamp are used for the time that log file creates;
Described packet maximum length is for setting the maximum number of byte of the individual data bag captured;
Described link layer type is for identifying the link layer type of the packet of catching;
Described data block timestamp is for recording precise time stamp (sigfigs) when first bag is captured in this data block;
The number of described packet is for recording the number of packet in this block;
The length of described enciphered data is for identifying the size of enciphered data in this data block.
3. a kind of high security network date storage method according to claim 2, it is characterized in that: described file is made up of file header and data content two parts, file header is used for storing the keyword message relevant in full to file, comprise flag bit, the version number of major version number and minor version number composition, zone time and precise time stamp, packet maximum length, link layer type, PKI and random key, data content portion is made up of multiple data block, each data block comprises build and blocks of data, build is used for storing the keyword message relevant to this blocks of data, comprise the length of enciphered data, data block timestamp, the number of packet, this block check code and in full check code, blocks of data is used for the data after storage encryption, this enciphered data be to all Data Packet Encryptions comprised in current data block after data.
4. a kind of high security network date storage method according to claim 1, is characterized in that: buffer memory termination condition described in step 4 is that buffering area is expired or user stops catching of packet.
5. according to the arbitrary described a kind of high security network date storage method of claim 1-4, it is characterized in that: described block check code and in full check code are by following Procedure Acquisition:
According to the data clear text in buffering area, calculated the check value of this data block by data summarization algorithm, obtain this block check code;
The full text check code of previous data block and this block check code of current data block is used to calculate the full text check code of current data block by data summarization algorithm, if current data block is first data block, then only calculate check code in full according to this block check code of current data block.
6. a kind of high security network date storage method according to claim 5, is characterized in that: the data summarization algorithm calculating described check value and check value use in full can be the same or different.
7. a kind of high security network date storage method according to claim 1, is characterized in that: use random key to be decrypted all data blocks described in step 9 and the process of its integrality and correctness of verifying is as follows, is divided into twice traversal:
First time travels through, and obtains original block check code (Check_Section_Old) and the original full text check code (Check_All_Old) of each data block;
To each data block, the data summarization algorithm consistent with calculating full text check code described in step 5 is adopted to use original block check code of current block and the new full text check code of previous piece to calculate the new full text check code (Check_All_new) of current block, when current data block is first data block in file, original block check yardage is only used to calculate its new full text check code;
To each data block, judge original full text check code and new whether check code is consistent in full, as inconsistent, then by the end of last piece of current block, in file, the order of block and quantity are correct;
Second time traversal, using random key to be decrypted each blocks of data and obtain data clear text (Data), adopting the data summarization algorithm consistent with calculating this block check code described in step 5 to calculate its new block check code (Check_Section_New) according to data clear text;
Judge that in each data block, whether original block check code be consistent with new this block check code, as inconsistent, then this data block is destroyed, and continues process subsequent data chunk; Otherwise data are not modified and damage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610055626.1A CN105516204B (en) | 2016-01-27 | 2016-01-27 | A kind of high security network date storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610055626.1A CN105516204B (en) | 2016-01-27 | 2016-01-27 | A kind of high security network date storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105516204A true CN105516204A (en) | 2016-04-20 |
| CN105516204B CN105516204B (en) | 2018-09-28 |
Family
ID=55723839
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610055626.1A Active CN105516204B (en) | 2016-01-27 | 2016-01-27 | A kind of high security network date storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516204B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107180195A (en) * | 2017-05-18 | 2017-09-19 | 北京计算机技术及应用研究所 | Electronic document Life cycle safety protecting method based on safety label |
| CN107872532A (en) * | 2017-11-27 | 2018-04-03 | 北京天诚安信科技股份有限公司 | A kind of storage of third party cloud storage platform, the method and system downloaded |
| CN108667566A (en) * | 2018-04-24 | 2018-10-16 | 天津芯海创科技有限公司 | TCP flow data matching device |
| CN109815710A (en) * | 2018-12-14 | 2019-05-28 | 开放智能机器(上海)有限公司 | A kind of guard method of intelligent algorithm model file |
| CN109948347A (en) * | 2017-12-21 | 2019-06-28 | 中移(杭州)信息技术有限公司 | A kind of date storage method and device, server and readable storage medium storing program for executing |
| CN111416788A (en) * | 2019-01-04 | 2020-07-14 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmitted data from being tampered |
| CN113901503A (en) * | 2021-10-26 | 2022-01-07 | 北京云迹科技有限公司 | Encryption method, encryption device, decryption method and decryption device |
| CN116383781A (en) * | 2023-06-06 | 2023-07-04 | 中航信移动科技有限公司 | Control method for software operation parameters, electronic equipment and storage medium |
| CN117195300A (en) * | 2023-09-20 | 2023-12-08 | 全拓科技(杭州)股份有限公司 | Big data safety protection method, device and system |
| CN118586020A (en) * | 2024-08-07 | 2024-09-03 | 杭州泛海科技有限公司 | PLC program data protection method, medium and equipment |
| CN118764542A (en) * | 2024-08-28 | 2024-10-11 | 武汉博易讯信息科技有限公司 | A full-flow data storage method, related methods and devices |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442409A (en) * | 2007-11-23 | 2009-05-27 | 东方钢铁电子商务有限公司 | Encipher method and system for B2B data exchange |
| CN102387152A (en) * | 2011-11-03 | 2012-03-21 | 北京锐安科技有限公司 | Preset-key-based symmetric encryption communication method |
| CN103929428A (en) * | 2014-04-24 | 2014-07-16 | 吴刚 | Method for achieving communication safety of vehicle-mounted electronic information system |
| CN104408381A (en) * | 2014-11-27 | 2015-03-11 | 大连理工大学 | Protection method of data integrity in cloud storage |
-
2016
- 2016-01-27 CN CN201610055626.1A patent/CN105516204B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442409A (en) * | 2007-11-23 | 2009-05-27 | 东方钢铁电子商务有限公司 | Encipher method and system for B2B data exchange |
| CN102387152A (en) * | 2011-11-03 | 2012-03-21 | 北京锐安科技有限公司 | Preset-key-based symmetric encryption communication method |
| CN103929428A (en) * | 2014-04-24 | 2014-07-16 | 吴刚 | Method for achieving communication safety of vehicle-mounted electronic information system |
| CN104408381A (en) * | 2014-11-27 | 2015-03-11 | 大连理工大学 | Protection method of data integrity in cloud storage |
Non-Patent Citations (1)
| Title |
|---|
| 高凯等: "PCAP 文件格式网络数据包分析软件设计与实现", 《软件导刊》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107180195A (en) * | 2017-05-18 | 2017-09-19 | 北京计算机技术及应用研究所 | Electronic document Life cycle safety protecting method based on safety label |
| CN107872532B (en) * | 2017-11-27 | 2020-09-25 | 北京天诚安信科技股份有限公司 | Method and system for storing and downloading third-party cloud storage platform |
| CN107872532A (en) * | 2017-11-27 | 2018-04-03 | 北京天诚安信科技股份有限公司 | A kind of storage of third party cloud storage platform, the method and system downloaded |
| CN109948347B (en) * | 2017-12-21 | 2021-03-05 | 中移(杭州)信息技术有限公司 | Data storage method and device, server and readable storage medium |
| CN109948347A (en) * | 2017-12-21 | 2019-06-28 | 中移(杭州)信息技术有限公司 | A kind of date storage method and device, server and readable storage medium storing program for executing |
| CN108667566B (en) * | 2018-04-24 | 2020-12-01 | 天津芯海创科技有限公司 | TCP stream data matching device |
| CN108667566A (en) * | 2018-04-24 | 2018-10-16 | 天津芯海创科技有限公司 | TCP flow data matching device |
| CN109815710A (en) * | 2018-12-14 | 2019-05-28 | 开放智能机器(上海)有限公司 | A kind of guard method of intelligent algorithm model file |
| CN111416788A (en) * | 2019-01-04 | 2020-07-14 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmitted data from being tampered |
| CN111416788B (en) * | 2019-01-04 | 2023-08-08 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmission data from being tampered |
| CN113901503A (en) * | 2021-10-26 | 2022-01-07 | 北京云迹科技有限公司 | Encryption method, encryption device, decryption method and decryption device |
| CN116383781A (en) * | 2023-06-06 | 2023-07-04 | 中航信移动科技有限公司 | Control method for software operation parameters, electronic equipment and storage medium |
| CN117195300A (en) * | 2023-09-20 | 2023-12-08 | 全拓科技(杭州)股份有限公司 | Big data safety protection method, device and system |
| CN117195300B (en) * | 2023-09-20 | 2024-03-29 | 全拓科技(杭州)股份有限公司 | Big data safety protection method, device and system |
| CN118586020A (en) * | 2024-08-07 | 2024-09-03 | 杭州泛海科技有限公司 | PLC program data protection method, medium and equipment |
| CN118764542A (en) * | 2024-08-28 | 2024-10-11 | 武汉博易讯信息科技有限公司 | A full-flow data storage method, related methods and devices |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105516204B (en) | 2018-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516204B (en) | A kind of high security network date storage method | |
| Dutta et al. | Securing the deluge network programming system | |
| Bernstein et al. | The security impact of a new cryptographic library | |
| CN102339370B (en) | The security method of electronic document, safety system and verification system | |
| CN103595525B (en) | Desynchronization resistant lightweight RFID bidirectional authentication method | |
| CN103746962B (en) | GOOSE electric real-time message encryption and decryption method | |
| CN110224808B (en) | Bank data sharing method and device based on block chain, computer equipment and storage medium | |
| CN105656920B (en) | A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery | |
| HU225077B1 (en) | Method and apparatus for providing for the recovery of a cryptographic key | |
| CN105338120A (en) | Electronic evidence fixing security method based on cloud storage | |
| CN101594229A (en) | A kind of trusted network connection system and method based on combined public key | |
| CN105338119A (en) | Electronic evidence fixing security system based on cloud storage | |
| CN104809407A (en) | Method and system for encrypting, decrypting and verifying cloud storage front end data | |
| CN113312608A (en) | Electric power metering terminal identity authentication method and system based on timestamp | |
| CN112654037A (en) | Industrial network security encryption processing method based on 5G communication technology | |
| CN112235382B (en) | Transaction management system and method based on block chain fragmentation | |
| Wesemeyer et al. | Extensive security verification of the LoRaWAN key-establishment: Insecurities & patches | |
| CN111741034B (en) | Data transmission method, first terminal and second terminal | |
| CN113489589A (en) | Data encryption and decryption method and device and electronic equipment | |
| CN114244635B (en) | Encryption type data coding method of communication equipment | |
| CN116975875A (en) | Firmware transmission authentication protection method and system based on cryptographic algorithm | |
| CN105187379A (en) | Multi-party distrust-based password split managing method | |
| Hayden et al. | Multi-channel security through data fragmentation | |
| CN116781265A (en) | Data encryption method and device | |
| Geihs et al. | Propyla: privacy preserving long-term secure storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |