CN106850191B - Encryption and decryption method and device for communication protocol of distributed storage system - Google Patents
Encryption and decryption method and device for communication protocol of distributed storage system Download PDFInfo
- Publication number
- CN106850191B CN106850191B CN201710088017.0A CN201710088017A CN106850191B CN 106850191 B CN106850191 B CN 106850191B CN 201710088017 A CN201710088017 A CN 201710088017A CN 106850191 B CN106850191 B CN 106850191B
- Authority
- CN
- China
- Prior art keywords
- field
- message
- storage system
- receiving end
- distributed storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000010276 construction Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 238000005336 cracking Methods 0.000 abstract description 4
- 108091081062 Repeated sequence (DNA) Proteins 0.000 abstract description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001174 ascending effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
Abstract
The invention relates to the technical field of data security of a storage system and discloses an encryption and decryption method and device for a communication protocol of a distributed storage system, wherein the encryption method comprises the following steps: a sending end obtains original data to be encrypted; a sending end constructs a message of a communication protocol of a distributed storage system; a sending end obtains a shared key of an encryption algorithm; the sending end encrypts second fields to sixth fields in the message by using a shared key through an encryption algorithm; and the sending end encrypts a seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and sends the encrypted message to the receiving end. Aiming at the problem of an RC4 encryption algorithm, the invention designs an encryption method with variable length and no repeated sequence, thereby increasing the difficulty of cracking encrypted data and improving the security of data transmission.
Description
Technical Field
The invention relates to the technical field of data security of a storage system, in particular to an encryption and decryption method and device for a communication protocol of a distributed storage system.
Background
A distributed storage system is used for storing data on a plurality of independent devices in a distributed mode. Distributed storage systems often consist of a plurality of nodes, and large-scale distributed storage has the situation of transmitting control data and file data across machine rooms on a public network. Especially, in the internet environment, an attacker can presume the message content according to the message length, further crack the storage communication device and intercept the key content information. How to ensure the safe and reliable data transmission on the public network becomes a fundamental problem for constructing a distributed storage system.
The distributed storage communication protocol is the basis for forming the distributed storage system, ensures the consistency of state and metadata information among different nodes, and provides basic conditions for users to access and use the storage system. However, the information content is exposed on the public network, and the information security is greatly threatened, so certain measures must be taken to ensure the security of information transmission between each other.
The RC4 Encryption algorithm is a Symmetric Encryption algorithm (Symmetric Key Encryption) which is a variable Key length, byte-oriented operation stream cipher. The stream cipher belongs to a symmetric cipher, but is different from a block encryption algorithm in that the stream cipher does not block plaintext data, but encrypts the plaintext by using a cipher key to generate a cipher stream as long as the plaintext, and the same cipher key is used for encryption and decryption. The RC4 encryption algorithm is widely used in SSL/TLS (secure sockets layer/transport layer security) standards, which are established for communication between web browsers and servers.
The RC4 encryption algorithm is characterized in that: (1) the algorithm is simple and easy to realize by software, the encryption speed is high, and the safety is higher; (2) the key is variable in length and typically takes 256 bytes. Because the RC4 encryption algorithm has the advantages of simple implementation, high encryption speed, low consumption of hardware resources and the like, the RC4 encryption algorithm is ascending in the ranks of lightweight encryption algorithms. But the simple algorithm structure is also easy to crack and attack, the encryption strength of the RC4 encryption algorithm completely depends on the key, i.e. the generation of the pseudo-random sequence, while the true random sequence is impossible to realize and only the pseudo-random can be realized. This inevitably results in duplication of the key. The RC4 encryption algorithm only performs exclusive or operation regardless of whether it is encryption or decryption, which means that once the sequence of subkeys is repeated, the ciphertext is most likely to be cracked.
Therefore, it is necessary to design a high-security encryption and decryption method for distributed storage communication protocol to prevent an attacker from calculating the communication message format according to the message length and the repeated fields.
Disclosure of Invention
Aiming at the technical problems, the invention aims to provide an encryption and decryption method and device of a communication protocol of a distributed storage system, and designs an encryption method with variable length and no repeated sequence aiming at the problem of an RC4 encryption algorithm, thereby increasing the difficulty of cracking encrypted data and improving the safety of data transmission.
In order to achieve the purpose, the invention is realized by the following technical scheme:
the invention provides an encryption method of a communication protocol of a distributed storage system, which comprises the following steps:
a sending end obtains original data to be encrypted;
the method comprises the steps that a sending end constructs a message of a communication protocol of the distributed storage system, wherein the message of the communication protocol of the distributed storage system comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be encrypted on the sending end;
a sending end obtains a shared key of an encryption algorithm;
the sending end encrypts second fields to sixth fields in the message by using a shared key through an encryption algorithm;
and the sending end encrypts a seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and sends the encrypted message to the receiving end.
Further, the seven fields of the packet of the distributed storage system communication protocol are generated by a plurality of storage nodes of the distributed storage system.
Further, the temporary request key and the temporary response key are randomly generated by each storage node of the distributed storage system at regular intervals.
Further, the encryption algorithm is an RC4 encryption algorithm.
The invention also provides a decryption method of the communication protocol of the distributed storage system, which comprises the following steps:
a receiving end receives an encrypted message from a sending end;
the method comprises the steps that a receiving end constructs a message of a communication protocol of the distributed storage system, wherein the message of the communication protocol of the distributed storage system comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be decrypted on the receiving end;
a receiving end acquires a shared key of an encryption algorithm;
the receiving end decrypts the second field to the sixth field in the message by using the shared key through an encryption algorithm, and discards the contents of the first field to the fourth field;
and the receiving end decrypts the bytes after the sixth field in the message by using the temporary response key of the sixth field in the message through an encryption algorithm to obtain the decrypted original data.
Further, the receiving end decrypts the second field to the sixth field in the packet by using the shared key through the encryption algorithm, and discards the contents of the first field to the fourth field, further comprising:
when the receiving end reads the message, the first field is directly skipped and discarded;
the receiving end decrypts the second field in the message by using the shared key through an encryption algorithm, verifies whether the plaintext decrypted by the second field is a magic number, if so, performs the next step, and if not, discards the message;
reading a third field in the message by a receiving end to obtain a length value of a fourth field junk character in the message;
the receiving end decrypts the fourth field in the message by using the shared key through an encryption algorithm, and discards the decrypted junk characters of the fourth field;
and the receiving end decrypts the fifth field and the sixth field in the message by using the shared key through an encryption algorithm.
The invention provides an encryption device of a communication protocol of a distributed storage system based on the encryption method of the communication protocol of the distributed storage system, which comprises the following steps:
the original data acquisition unit is used for acquiring original data to be encrypted by the sending end;
the device comprises a sending end message construction unit, a sending end message construction unit and a sending end, wherein the sending end message construction unit is used for constructing a message of a distributed storage system communication protocol, the message of the distributed storage system communication protocol comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be encrypted on the sending end;
a shared key obtaining unit, configured to obtain, by a sending end, a shared key of an encryption algorithm;
the first encryption unit is used for encrypting the second field to the sixth field in the message by the sending end through an encryption algorithm by using a shared key;
and the second encryption unit is used for encrypting the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm by the sending end, and the sending end sends the encrypted message to the receiving end.
The invention also provides a decryption device of the communication protocol of the distributed storage system based on the decryption method of the communication protocol of the distributed storage system, which comprises the following steps:
a message receiving unit, configured to receive, by a receiving end, an encrypted message from a sending end;
a receiving end message construction unit, wherein the receiving end constructs a message of a distributed storage system communication protocol, the message of the distributed storage system communication protocol comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of the fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be decrypted on the receiving end;
the acquisition unit is used for acquiring the shared key of the encryption algorithm by the receiving end;
the first decryption unit is used for the receiving end to decrypt the second field to the sixth field in the message by using the shared key through an encryption algorithm and discard the contents of the first field to the fourth field;
and the receiving end of the second decryption unit decrypts the bytes after the sixth field in the message by using the temporary response key of the sixth field in the message through an encryption algorithm to obtain the decrypted original data.
Further, the first decryption unit further includes:
the first reading unit is used for directly skipping and discarding the first field when the receiving end reads the message;
the first decryption subunit is used for the receiving end to decrypt the second field in the message by using the shared key through an encryption algorithm and verify whether the plaintext decrypted by the second field is a magic number, if so, the next step is carried out, and if not, the message is discarded;
the second reading unit is used for reading the third field in the message by the receiving end to obtain the length value of the fourth field junk character in the message;
the second decryption subunit is used for the receiving end to decrypt the fourth field in the message by using the shared key through an encryption algorithm and discard the decrypted junk characters of the fourth field;
and the third decryption subunit is used for the receiving end to decrypt the fifth field and the sixth field in the message by using the shared key through the encryption algorithm.
Compared with the prior art, the encryption and decryption method of the communication protocol of the distributed storage system has the following beneficial effects:
1. the message of the communication protocol of the distributed storage system constructed by the invention comprises seven fields, wherein the fourth field is a junk character with random length and random content, the message of the communication protocol has no fixed length, even if the message is the same type, even the same data packet, the encrypted ciphertext content and the encrypted ciphertext length are different, the difficulty of cracking the encrypted data is increased, and the safety of data transmission is improved;
2. because the temporary request key and the temporary response key exist in the message of the communication protocol of the distributed storage system, and are randomly generated by each node of the distributed storage system at regular intervals, the effective time range is the current request-response pair, thus even if the ciphertext generated by encrypting the same plaintext at different moments is not repeated, the difficulty of cracking the encrypted data is also increased, and the safety of data transmission is improved;
the beneficial effects of the encryption and decryption device of the communication protocol of the distributed storage system are similar to those of the encryption and decryption method of the communication protocol of the distributed storage system, and are not described herein again.
Drawings
Fig. 1 is a flowchart illustrating an encryption method for a communication protocol of a distributed storage system according to the present invention.
Fig. 2 is a flowchart illustrating a decryption method of a communication protocol of a distributed storage system according to the present invention.
Fig. 3 is a schematic structural diagram of an encryption apparatus of a communication protocol of a distributed storage system according to the present invention.
Fig. 4 is a schematic structural diagram of a decryption apparatus according to a communication protocol of a distributed storage system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms and concepts appearing in the following examples are explained below:
the distributed storage system is to store data on several independent devices, and it adopts expandable system structure, uses several storage servers to share storage load, and uses position server to locate storage information. A distributed storage system comprises a plurality of storage nodes, which are typically storage servers (with controllers) interconnected by a high-speed network.
Currently, common communication protocols in the distributed storage system include a secure shell ssh (secure shell) protocol, a secure Socket layer ssl (secure Socket layer) protocol, and a secure electronic transaction set (secure electronic transaction) protocol.
The security of data in the distributed storage system needs to be protected by adopting a cryptographic technology, and the data encryption is the core of all data security technologies. Common encryption algorithms can be divided into three categories: symmetric Encryption algorithm (Symmetric Key Encryption), Asymmetric Encryption algorithm (Asymmetric Key Encryption), and hash algorithm. The performance of an encryption algorithm can be generally measured in terms of the complexity of the algorithm itself, the length of the key (the longer the key is, the more secure the key is), the encryption and decryption speed, and the like. Symmetric encryption algorithms require both encryption and decryption to use the same key, and typical symmetric encryption algorithms include DES (dataencryption standard), 3DES, Bloefish, IDEA, RC4, RC5, RC6, and aes (advanced encryption standard). The asymmetric encryption algorithm is that the encryption and decryption parties use different keys, and the encryption key and the decryption key cannot be derived from each other under the condition that the trapdoor information is unknown, and typical asymmetric encryption algorithms comprise RSA, ECC and DSA. The hash algorithm is used to check the integrity of data, and typical hash algorithms include MD2, MD4, MD5 (Message-DigestAlgorithm 5), and SHA-1.
The following describes a method and an apparatus for encrypting and decrypting a communication protocol of a distributed storage system according to the present invention with reference to the accompanying drawings and embodiments:
example 1
Referring to fig. 1, an encryption method for a communication protocol of a distributed storage system includes the following steps:
step S101: the sending end obtains original data to be encrypted.
Step S102: the method comprises the steps that a sending end constructs a message of a communication protocol of the distributed storage system, wherein the message of the communication protocol of the distributed storage system comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of the fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be encrypted on the sending end.
It is worth mentioning that seven fields of the message of the communication protocol of the distributed storage system are generated by a plurality of storage nodes of the distributed storage system, and the temporary request key and the temporary response key are randomly generated by each storage node of the distributed storage system at regular intervals, and the regular interval is recommended to be 2 hours. The random number of the first field is used to escape protocol identification, and an attacker cannot utilize the header to conclude that the message is a communication protocol of the distributed storage system. The magic number of the second field is 0x195E8FF1, which is used for judging whether the communication protocol of the distributed storage system is a communication protocol message or not, and if the protection is to be strengthened, the number of the magic numbers can be multiple. In order to defend some network managers or attackers from blocking our messages according to the message length, the protocol fills a section of garbage words with random length and random content in the fourth field, and the garbage words can be pure numbers and have the length of 10-100 bytes. The third field is the length of the random padding content. The fifth and sixth fields are one of encryption and decryption keys, the encryption and decryption key is generated randomly by each storage node, and the effective range is the current request-response pair, so that the ciphertext contents generated by the same message at different times are different.
The temporary request key is used for encrypting a sending end of a request message and decrypting a sending end of the request message; the temporary response key is used for encrypting the sending end of the response message and decrypting the receiving end of the response message.
Step S103: the sending end obtains a shared secret key of an encryption algorithm.
The shared secret key is a string of characters participating in encryption, the encryption algorithm operates under the control of the shared secret key, and the same encryption algorithm and the same plaintext can generate completely different ciphertexts corresponding to different secret keys.
The shared key of the encryption algorithm can be obtained by a key server, a U disk or an Email.
The encryption algorithm employed by the present invention is the RC4 encryption algorithm. The RC4 encryption algorithm and the data to be encrypted adopt exclusive or (XOR) operation to generate a ciphertext, and if the byte of the shared key is 01101100, and the plaintext byte of the data to be encrypted is 11001100, the obtained ciphertext byte is 10100000. In the same way, the decryption process is also to perform exclusive or (XOR) operation on the ciphertext and the shared secret key to obtain the corresponding original data plaintext.
Step S104: and the sending end encrypts the second field to the sixth field in the message by using the shared key through an encryption algorithm.
It is worth noting that the random number of the first field does not need to be encrypted.
Step S105: and the sending end encrypts a seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and sends the encrypted message to the receiving end.
Thus, after being encrypted by the encryption method, the second to seventh fields are all ciphertext except the first field is plaintext.
Example 2
Referring to fig. 2, a decryption method of a communication protocol of a distributed storage system includes the following steps:
step S201: the receiving end receives the encrypted message from the transmitting end.
Step S202: the method comprises the steps that a receiving end constructs a message of a distributed storage system communication protocol, wherein the message of the distributed storage system communication protocol comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number 0x195E8FF1 occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be decrypted on the receiving end.
Step S203: the receiving end obtains the shared key of the encryption algorithm.
Step S204: and the receiving end decrypts the second field to the sixth field in the message by using the shared key through an encryption algorithm, and discards the contents of the first field to the fourth field.
Step S205: and the receiving end decrypts the bytes after the sixth field by using the temporary response key of the sixth field through an encryption algorithm to obtain the decrypted original data.
The receiving end simultaneously stores the temporary request key for use when sending the response request.
The step S204 further includes:
step S2041: when the receiving end reads the message, the first field is directly skipped and discarded;
step S2042: the receiving end decrypts the second field in the message by using the shared key through an encryption algorithm, verifies whether the plaintext decrypted by the second field is a magic number 0x195E8FF1, if so, performs the next step S2043, and if not, discards the message;
step S2043: reading a third field in the message by a receiving end to obtain a length value of a fourth field junk character in the message, wherein the length of the fourth field junk character is k bytes;
step S2044: the receiving end decrypts the fourth field of the k bytes in the message by using the shared key through an encryption algorithm, and discards the decrypted junk characters of the fourth field;
step S2045: and the receiving end decrypts the fifth field and the sixth field in the message by using the shared key through an encryption algorithm.
Example 3
Referring to fig. 3, an encryption apparatus for a communication protocol of a distributed storage system includes the following units:
an original data obtaining unit 301, configured to obtain, by a sending end, original data to be encrypted;
a sending end message constructing unit 302, configured to construct a message of a distributed storage system communication protocol at a sending end, where the message of the distributed storage system communication protocol includes seven fields, a first field is a random number occupying one byte, a second field is a magic number occupying four bytes, a third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, a fifth field is a temporary request key, a sixth field is a temporary response key, and a seventh field is original data to be encrypted at the sending end;
a shared key obtaining unit 303, configured to obtain, by a sending end, a shared key of an encryption algorithm;
a first encryption unit 304, configured to encrypt, by an encryption algorithm, the second field to the sixth field in the packet by using a shared key at the sending end;
a second encrypting unit 305, configured to encrypt the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm by the sending end, and the sending end sends the encrypted message to the receiving end.
The original data obtaining unit 301 is sequentially connected to the sending-end message constructing unit 302, the shared key obtaining unit 303, the first encrypting unit 304, and the second encrypting unit 305.
Example 4
Referring to fig. 4, a decryption apparatus for a communication protocol of a distributed storage system includes the following units:
a message receiving unit 401, configured to receive, by a receiving end, an encrypted message from a sending end;
a receiving end message constructing unit 402, where the receiving end constructs a message of a distributed storage system communication protocol, where the message of the distributed storage system communication protocol includes seven fields, where a first field is a random number occupying one byte, a second field is a magic number occupying four bytes, a third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, a fifth field is a temporary request key, a sixth field is a temporary response key, and a seventh field is original data to be decrypted at the receiving end;
an obtaining unit 403, configured to obtain, by a receiving end, a shared key of an encryption algorithm;
a first decryption unit 404, configured to decrypt, by the receiving end through an encryption algorithm, the second field to the fourth field in the packet by using the shared key, and discard the contents of the first field to the fourth field;
the second decryption unit 405 is configured to decrypt, by the receiving end through the encryption algorithm, the bytes after the sixth field by using the temporary response key of the sixth field, so as to obtain decrypted original data.
The first decryption unit 404 further includes:
a first reading unit 4041, configured to directly skip and discard the first field when the receiving end reads the packet;
the first decryption subunit 4042 is configured to, at the receiving end, decrypt the second field in the packet by using the shared key through an encryption algorithm, and verify whether the plaintext obtained after decryption of the second field is a magic number, if yes, perform the second reading unit 4043, and if not, discard the packet;
a second reading unit 4043, configured to read, by the receiving end, the third field in the message to obtain a length value of a fourth field spam character in the message;
the second decryption subunit 4044 is configured to decrypt, by the receiving end through an encryption algorithm, the fourth field in the packet by using the shared key, and discard the decrypted spam text in the fourth field;
and a third decryption subunit 4045, configured to decrypt, by the receiving end through an encryption algorithm, the fifth field and the sixth field in the packet by using the shared key.
The message receiving unit 401 sequentially connects the receiving-end message constructing unit 402, the obtaining unit 403, the first decrypting unit 404, and the second decrypting unit 405, where the first decrypting unit 404 further includes a first reading unit 4041, a first decrypting sub-unit 4042, a second reading unit 4043, a second decrypting sub-unit 4044, and a third decrypting sub-unit 4045.
The device disclosed by the embodiment of the invention corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant parts can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The above description is only an exemplary embodiment of the present invention, and should not be taken as limiting the scope of the present invention, and any equivalent changes and modifications made by those skilled in the art without departing from the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. An encryption method for a communication protocol of a distributed storage system, comprising the steps of:
a sending end obtains original data to be encrypted;
the method comprises the steps that a sending end constructs a message of a communication protocol of the distributed storage system, wherein the message of the communication protocol of the distributed storage system comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be encrypted on the sending end; the length of the junk characters is 10-100 bytes;
a sending end obtains a shared key of an encryption algorithm;
the sending end encrypts second fields to sixth fields in the message by using a shared key through an encryption algorithm;
and the sending end encrypts a seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and sends the encrypted message to the receiving end.
2. The encryption method of the distributed storage system communication protocol according to claim 1, wherein seven fields of the message of the distributed storage system communication protocol are generated by a plurality of storage nodes of the distributed storage system.
3. The encryption method of the communication protocol of the distributed storage system according to claim 1, wherein the temporary request key and the temporary response key are randomly generated by each storage node of the distributed storage system at regular intervals.
4. The encryption method of the distributed storage system communication protocol according to claim 1, wherein the encryption algorithm is an RC4 encryption algorithm.
5. A decryption method for a communication protocol of a distributed storage system, comprising the steps of:
a receiving end receives an encrypted message from a sending end;
the method comprises the steps that a receiving end constructs a message of a communication protocol of the distributed storage system, wherein the message of the communication protocol of the distributed storage system comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be decrypted on the receiving end; the length of the junk characters is 10-100 bytes;
a receiving end acquires a shared key of an encryption algorithm;
the receiving end decrypts the second field to the sixth field in the message by using the shared key through an encryption algorithm, and discards the contents of the first field to the fourth field;
and the receiving end decrypts the bytes after the sixth field in the message by using the temporary response key of the sixth field in the message through an encryption algorithm to obtain the decrypted original data.
6. The decryption method of the communication protocol of the distributed storage system according to claim 5, wherein the receiving end decrypts the second to sixth fields in the packet by using the shared key through the encryption algorithm, and discards the contents of the first to fourth fields, further comprising:
when the receiving end reads the message, the first field is directly skipped and discarded;
the receiving end decrypts the second field in the message by using the shared key through an encryption algorithm, verifies whether the plaintext decrypted by the second field is a magic number, if so, performs the next step, and if not, discards the message;
reading a third field in the message by a receiving end to obtain a length value of a fourth field junk character in the message;
the receiving end decrypts the fourth field in the message by using the shared key through an encryption algorithm, and discards the decrypted junk characters of the fourth field;
and the receiving end decrypts the fifth field and the sixth field in the message by using the shared key through an encryption algorithm.
7. The encryption device of the communication protocol of the distributed storage system based on the encryption method of the communication protocol of the distributed storage system according to any one of claims 1 to 4, comprising:
the original data acquisition unit is used for acquiring original data to be encrypted by the sending end;
the device comprises a sending end message construction unit, a sending end message construction unit and a sending end, wherein the sending end message construction unit is used for constructing a message of a distributed storage system communication protocol, the message of the distributed storage system communication protocol comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of a fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be encrypted on the sending end; the length of the junk characters is 10-100 bytes;
a shared key obtaining unit, configured to obtain, by a sending end, a shared key of an encryption algorithm;
the first encryption unit is used for encrypting the second field to the sixth field in the message by the sending end through an encryption algorithm by using a shared key;
and the second encryption unit is used for encrypting the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm by the sending end, and the sending end sends the encrypted message to the receiving end.
8. The decryption apparatus of the communication protocol of the distributed storage system based on the decryption method of the communication protocol of the distributed storage system according to any one of claims 5 to 6, comprising:
a message receiving unit, configured to receive, by a receiving end, an encrypted message from a sending end;
a receiving end message construction unit, wherein the receiving end constructs a message of a distributed storage system communication protocol, the message of the distributed storage system communication protocol comprises seven fields, the first field is a random number occupying one byte, the second field is a magic number occupying four bytes, the third field is a length value of the fourth field occupying one byte, the fourth field is a random length and a junk text of random content, the fifth field is a temporary request key, the sixth field is a temporary response key, and the seventh field is original data to be decrypted on the receiving end; the length of the junk characters is 10-100 bytes;
the acquisition unit is used for acquiring the shared key of the encryption algorithm by the receiving end;
the first decryption unit is used for the receiving end to decrypt the second field to the sixth field in the message by using the shared key through an encryption algorithm and discard the contents of the first field to the fourth field;
and the receiving end decrypts the bytes after the sixth field in the message by using the temporary response key of the sixth field in the message through an encryption algorithm to obtain the decrypted original data.
9. The decryption apparatus according to claim 8, wherein the first decryption unit further comprises:
the first reading unit is used for directly skipping and discarding the first field when the receiving end reads the message;
the first decryption subunit is used for the receiving end to decrypt the second field in the message by using the shared key through an encryption algorithm and verify whether the plaintext decrypted by the second field is a magic number, if so, the next step is carried out, and if not, the message is discarded;
the second reading unit is used for reading the third field in the message by the receiving end to obtain the length value of the fourth field junk character in the message;
the second decryption subunit is used for the receiving end to decrypt the fourth field in the message by using the shared key through an encryption algorithm and discard the decrypted junk characters of the fourth field;
and the third decryption subunit is used for the receiving end to decrypt the fifth field and the sixth field in the message by using the shared key through the encryption algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710088017.0A CN106850191B (en) | 2017-02-19 | 2017-02-19 | Encryption and decryption method and device for communication protocol of distributed storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710088017.0A CN106850191B (en) | 2017-02-19 | 2017-02-19 | Encryption and decryption method and device for communication protocol of distributed storage system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850191A CN106850191A (en) | 2017-06-13 |
| CN106850191B true CN106850191B (en) | 2020-03-10 |
Family
ID=59127890
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710088017.0A Active CN106850191B (en) | 2017-02-19 | 2017-02-19 | Encryption and decryption method and device for communication protocol of distributed storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106850191B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108833086A (en) * | 2018-05-04 | 2018-11-16 | 深圳绿米联创科技有限公司 | Fingerprint lock and its working method |
| CN108540501B (en) * | 2018-07-18 | 2021-07-27 | 郑州云海信息技术有限公司 | Asymmetric encryption method and device |
| CN109474425B (en) * | 2018-12-25 | 2021-06-25 | 国科量子通信网络有限公司 | Method for obtaining derived key with any specified length based on multiple shared keys |
| CN109815713B (en) * | 2018-12-27 | 2020-10-02 | 郑州新大方重工科技有限公司 | Encryption method based on engineering machinery electrical system |
| CN112637225B (en) * | 2020-12-28 | 2023-04-14 | 厦门市美亚柏科信息股份有限公司 | Data sending method, data receiving method, client and server |
| CN113904789B (en) * | 2021-08-17 | 2024-03-29 | 卡斯柯信号有限公司 | Encryption method, equipment and storage medium of railway safety communication protocol |
| CN114500093A (en) * | 2022-02-24 | 2022-05-13 | 中国工商银行股份有限公司 | Safe interaction method and system for message information |
| CN117527238B (en) * | 2024-01-03 | 2024-03-19 | 成都新希望金融信息有限公司 | Key generation method, device, electronic equipment and storage medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100841411B1 (en) * | 2000-03-14 | 2008-06-25 | 소니 가부시끼 가이샤 | Transmission apparatus, reception apparatus, transmission method, reception method and recording medium |
| CN100550653C (en) * | 2005-12-14 | 2009-10-14 | 北京北大方正电子有限公司 | A kind of Code And Decode method of variable length structural information |
| US8437739B2 (en) * | 2007-08-20 | 2013-05-07 | Qualcomm Incorporated | Method and apparatus for generating a cryptosync |
| CN104156451A (en) * | 2014-08-18 | 2014-11-19 | 深圳市一五一十网络科技有限公司 | Data storage managing method and system |
| CN104796249B (en) * | 2015-03-19 | 2018-10-30 | 柳州市新科电脑衡器制造有限责任公司 | The encryption method of serial communication data for micro computer |
| CN105357004B (en) * | 2015-12-03 | 2018-10-16 | 万达信息股份有限公司 | A kind of method that medical treatment private data is encrypted and decrypted certainly |
| CN105847238B (en) * | 2016-03-16 | 2018-07-17 | 杭州狮说教育科技有限公司 | A kind of data safe transmission method based on RTMP connections |
-
2017
- 2017-02-19 CN CN201710088017.0A patent/CN106850191B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106850191A (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106850191B (en) | Encryption and decryption method and device for communication protocol of distributed storage system | |
| CN104023013B (en) | Data transmission method, server side and client | |
| Harba | Secure data encryption through a combination of AES, RSA and HMAC | |
| CN110096901B (en) | Electronic contract data encryption storage method and signing client | |
| CN112398651B (en) | Quantum secret communication method and device, electronic equipment and storage medium | |
| RU2638639C1 (en) | Encoder, decoder and method for encoding and encrypting input data | |
| CN111555872B (en) | Communication data processing method, device, computer system and storage medium | |
| CN104506483A (en) | Method for encrypting and decrypting information and managing secret key as well as terminal and network server | |
| US20150229621A1 (en) | One-time-pad data encryption in communication channels | |
| KR20210124368A (en) | End-to-end double ratchet encryption using epoch key exchange | |
| CN116321129B (en) | Lightweight dynamic key-based power transaction private network communication encryption method | |
| CN106330432A (en) | DES encryption algorithm based encryption method | |
| US20160359822A1 (en) | Sovereign share encryption protocol | |
| Cherifi et al. | A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol | |
| CN102045343B (en) | DC (Digital Certificate) based communication encrypting safety method, server and system | |
| Del Pozo et al. | CI: A new encryption mechanism for instant messaging in mobile devices | |
| GB2488753A (en) | Encrypted communication | |
| CN112738037B (en) | Data encryption communication method | |
| US20170070481A1 (en) | Communication channel security against packet sniffing | |
| Agosta et al. | Cyber-security analysis and evaluation for smart home management solutions | |
| CN111800784A (en) | Block chain cloud service system based on cloud computing | |
| KR20090124741A (en) | Method and apparatus of anti-replay attack over wireless network environment | |
| Hayden et al. | Multi-channel security through data fragmentation | |
| Straub et al. | OMEMO Encryption | |
| Yang et al. | RPIDA: recoverable privacy-preserving integrity-assured data aggregation scheme for wireless sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |