CN109510825A - Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base - Google Patents
Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base Download PDFInfo
- Publication number
- CN109510825A CN109510825A CN201811346999.XA CN201811346999A CN109510825A CN 109510825 A CN109510825 A CN 109510825A CN 201811346999 A CN201811346999 A CN 201811346999A CN 109510825 A CN109510825 A CN 109510825A
- Authority
- CN
- China
- Prior art keywords
- dynamic
- dynamic base
- check code
- data
- library file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base, suitable for intelligent substation plant stand end, wherein dynamic base encryption method is the following steps are included: (1) reads in dynamic library file in array, and calculates MD5 check code;(2) growth data is added in the front or behind of the array, includes the MD5 check code in the growth data, the dynamic base data added with the growth data form encrypted dynamic library file.Due to the corresponding MD5 check code of each dynamic library file in this method, this relationship is unique, therefore dynamic base is encrypted by adding the growth data comprising MD5 check code, method is simple and effective, and anti-abduction is carried out by MD5 check code and verifies the risk that can also be effectively reduced dynamic base and be kidnapped by hacker, the further safety for increasing system.
Description
Technical field
The present invention relates to a kind of dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base, are suitable for intelligence
Substation's plant stand end.
Background technique
For the safe operation for ensureing power grid, security protection inspection is being carried out to all kinds of power plant at different levels, substation in recent years
Shi Faxian plant stand system safety prevention measure and ability are lower than main station system, and plant stand security protection becomes electric power monitoring system grid
In shape security protection system increasingly apparent " short slab ", such as: manufacturer's operation maintenance personnel safety management is not in place, move media and equipment
Access is random and lacks necessary monitoring means, and the configuration of equipment safety prevention policies is improper, or even individual plant stands produce control great Qu
With external network interconnection etc. in violation of rules and regulations, it is big into production control system, production control to there is the malicious codes such as virus, wooden horse " ferry-boat "
The serious safeties risks such as the external networks such as area and internet are connected directly, and the above problem is not included in security monitoring range, deposits
In major safety risks.In view of the above-mentioned problems, plan carries out a series of function based on electric power monitoring system intranet security monitoring platform
It can be promoted and be expanded, realize third party's security monitoring to power plant, substation, taken precautions against because plant stand is by malicious attack or violation operation
The risk of electric power monitoring system global safety is influenced, ensures electric power monitoring system safe and stable operation.
As what the universal and O&M of intelligent substation automated is widely used, the network security problem of entire network system
Aobvious is even more important.If result caused by attack of the network system by network hacker will be catastrophic.Based on this
Reason, it is necessary to which strict requirements are proposed to the network security of network system.For application system in the substation of C/S framework,
Client is often the springboard for breaking through server-side, so the safe safety to whole system of the application of client is most important
's.Dynamic base abduction is a kind of common and has the infiltration means of very havoc power to hold very much if dynamic base does not encrypt
It is easily kidnapped by hacker, entire FTP client FTP is equal to open hacker, to can cause greatly to the safety of whole system
Influence, moreover, there is also the serious safety wind that the malicious codes such as virus, wooden horse enter production control system for existing dynamic base
Danger.
Summary of the invention
The purpose of the present invention is to provide a kind of dynamic base encryption method and device, do not encrypt for solving dynamic base
The problem of words are easy to be kidnapped by hacker, will cause very serious security risk, while a kind of anti-abduction side of dynamic base being also provided
Method and device cause very serious security risk for solving the problem of that dynamic base is easily kidnapped by hacker.
To achieve the above object, the present invention proposes a kind of dynamic base encryption method and device.
A kind of dynamic base encryption method, comprising the following steps:
(1) dynamic library file is read in array, and calculates MD5 check code;
(2) growth data is added in the front or behind of array, includes the MD5 check code, addition in growth data
There are the dynamic base data of the growth data to form encrypted dynamic library file.
Due to the corresponding MD5 check code of each dynamic library file, this relationship is unique, therefore includes by addition
The growth data of MD5 check code encrypts dynamic base, and method is simple and effective, and carries out anti-abduction by MD5 check code
Verification can also effectively reduce the risk that dynamic base is kidnapped by hacker, the further safety for increasing system.
Further, growth data includes MD5 check code and the first data.
The extension of data, the further guarantor for reinforcing dynamic base are carried out by calculated MD5 check code and the first data
Close degree.
Further, growth data addition is behind the array.
By growth data addition behind array, in the case where guaranteeing the identical situation of secrecy effect, this method is simpler, holds
It is easy to identify.
Further, the first data are first added behind the array, then add the MD5 check code being calculated
To behind the array of added excessively described first data.
It is added growth data in this order, when carrying out anti-abduction verification, is more easier to identify.
Further, the second data are added again behind the array for adding the MD5 check code.
By adding the second data, further reinforce confidentiality.
Further, the first data and the second data are a certain number of random numbers.
The mode of random number is simple and reliable, strong security.
A kind of dynamic base encryption device, including memory, processor and storage are in the memory and can be described
The computer program run on processor, the treatment process that the processor is realized when executing the computer program includes upper
State the treatment process of dynamic base encryption method.
Due to the corresponding MD5 check code of each dynamic library file, this relationship is unique, therefore includes by addition
The growth data of MD5 check code encrypts dynamic base, and method is simple and effective, and carries out anti-abduction by MD5 check code
Verification can also effectively reduce the risk that dynamic base is kidnapped by hacker, the further safety for increasing system.
In addition, the present invention also proposes a kind of anti-abduction method and apparatus of dynamic base.
A kind of anti-abduction method of dynamic base, comprising the following steps:
(1) the MD5 check code in encrypted dynamic library file in growth data is extracted, the first MD5 check code is obtained, and
Remove growth data, obtains actual dynamic library file;
(2) corresponding MD5 check code is calculated according to obtained actual dynamic library file, obtains the 2nd MD5 verification
Code;
(3) compare the first MD5 check code and the 2nd MD5 check code, if the two is consistent, verification passes through, and allows to load
Otherwise dynamic base determines that dynamic base is held as a hostage.
Due to the corresponding MD5 check code of each dynamic library file, this relationship is unique, therefore encrypted dynamic base
File removes i.e. actual dynamic library file after growth data, by the calculated MD5 check code of actual dynamic library file with
The MD5 check code extracted in encrypted dynamic library file be compared it can be learnt that the dynamic library file whether be tampered or
Person kidnaps, and judgment method is simply accurate, and can also reduce the risk that dynamic base is kidnapped by hacker, further increases system
Safety.
Further, before step (1), the anti-abduction method of dynamic base is further comprising the steps of: after calculating encryption
Dynamic library file size, and compared with the size of the growth data in the encrypted dynamic library file that is previously stored
Compared with if the size of encrypted dynamic library file is greater than the spreading number in the encrypted dynamic library file being previously stored
According to size, then carry out the step (1), otherwise determine dynamic base be tampered or do not encrypt.
It before loading dynamic library file, needs to verify dynamic library file, so that being tampered or not encrypting
Dynamic library file cannot be loaded by CLIENT PROGRAM, the further safety for guaranteeing dynamic library file in program operation process.
A kind of dynamic base antihijacking device, including memory, processor and storage are in the memory and can be in institute
The computer program run on processor is stated, the treatment process that the processor is realized when executing the computer program includes
The treatment process of the above-mentioned anti-abduction method of dynamic base.
Due to the corresponding MD5 check code of each dynamic library file, this relationship is unique, therefore encrypted dynamic base
File removes i.e. actual dynamic library file after growth data, by the calculated MD5 check code of actual dynamic library file with
The MD5 check code extracted in encrypted dynamic library file be compared it can be learnt that the dynamic library file whether be tampered or
Person kidnaps, and judgment method is simply accurate, and can also reduce the risk that dynamic base is kidnapped by hacker, further increases system
Safety.
Detailed description of the invention
Fig. 1 is dynamic base encryption flow figure of the present invention;
Fig. 2 is dynamic base cryptographic check tool drawing of the present invention;
Fig. 3 is the anti-abduction flow chart of dynamic base of the present invention;
Fig. 4 is that dynamic base of the present invention is held as a hostage schematic diagram.
Specific embodiment
Dynamic base encryption method embodiment:
Dynamic base encryption method as shown in Figure 1, encrypted by visual tool as shown in Figure 2 to dynamic library file,
The following steps are included:
1) dynamic library file encrypted is read in a manner of binary stream first, by the content of dynamic library file
It is stored in array, that is, reads in the array, and calculate the MD5 check code of the dynamic library file, MD5 check code is saved;
2) growth data is added in the front or behind of array, includes MD5 check code in growth data, added with extension
The dynamic base data of data save to form encrypted dynamic library file.
Growth data is added in the present embodiment behind array, growth data includes MD5 check code, the first data and the
Two data can also add growth data as other embodiments before array, and growth data can also continue to
Increase, only continue growing growth data and will lead to system and ran slowly, whole efficiency is lower, naturally it is also possible to reduce spreading number
According to, such as growth data only includes MD5 check code and the first data or MD5 check code and the second data, specific growth data
Specific embodiment here without limitation.
In the present embodiment, the order of addition of MD5 check code, the first data and the second data is to add first in growth data
And then first data add MD5 check code, finally add the second data, each in growth data as other embodiments
Data order of addition with no restrictions, as long as encryption may be implemented.
In the present embodiment, the first data and the second data are a certain number of random numbers, as other embodiments, first
Data and the second data are also possible to the check code by being calculated, and only the mode of random number is not only simple but also practical.
Dynamic base encryption device embodiment:
Dynamic base encryption device includes memory, processor and storage in memory and can run on a processor
Computer program, the treatment process that processor is realized when executing computer program include processed in dynamic base encryption method
Journey, specific treatment process by the agency of in above-mentioned dynamic base encryption method embodiment, is not described herein.
The anti-abduction embodiment of the method for dynamic base:
The anti-abduction method of dynamic base as shown in figure 3, the present embodiment the following steps are included:
1) before dynamic library file is loaded, dynamic library file is read in a manner of binary stream first, by dynamic base
File is saved in data and calculates its size, if the size of dynamic library file is no more than size of data (this of expected addition
In expected addition data, that is, no dynamic library file data before encrypting), then determine the dynamic library file be tampered or
Person does not encrypt, and is prompted and is exited the program;
2) if the size of dynamic library file is greater than the size of data of expected addition, then it represents that the dynamic library file is encryption
Dynamic library file afterwards determines that the initial position of MD5 check code, position are the size and the first data of dynamic library file itself
The sum of size location, then extract the MD5 check code in encrypted dynamic library file growth data, obtain first
MD5 check code, and remove the data word joint number (i.e. growth data) of addition, actual dynamic library file is obtained, the reality that will be obtained
In the dynamic library file data deposit array on border;
3) corresponding MD5 check code is calculated according to obtained actual dynamic library file, obtains the 2nd MD5 verification
Code;
4) compare the first MD5 check code and the 2nd MD5 check code, if the two is consistent, verification passes through, and allows to load dynamic
Otherwise state library determines that dynamic base is held as a hostage (dynamic library file and dynamic library file before encrypting actually obtained is different).
5) encrypted dynamic library file will pop up prompting frame as shown in Figure 4 if it find that being held as a hostage in use,
Then confirmed backed off after random program.
Dynamic library file is judged and handled in step 1), as other embodiments, is guaranteeing all dynamic bases
In the case that file encryption is errorless, this step can also not have.
It include that the judgement to the initial position of the first MD5 check code can not also as other embodiments in step 2)
Judged.
Dynamic base antihijacking device embodiment:
Dynamic base antihijacking device includes memory, processor and storage in memory and can run on a processor
Computer program, the treatment process that processor is realized when executing computer program includes the place in the anti-abduction method of dynamic base
Reason process, specific treatment process by the agency of in the anti-abduction embodiment of the method for above-mentioned dynamic base, is not described herein.
Claims (10)
1. a kind of dynamic base encryption method, which comprises the following steps:
(1) dynamic library file is read in array, and calculates MD5 check code;
(2) growth data is added in the front or behind of the array, includes the MD5 check code in the growth data,
Dynamic base data added with the growth data form encrypted dynamic library file.
2. dynamic base encryption method according to claim 1, which is characterized in that the growth data includes the school MD5
Test code and the first data.
3. dynamic base encryption method according to claim 2, which is characterized in that the growth data addition is in the array
Behind.
4. dynamic base encryption method according to claim 3, which is characterized in that described in first being added behind the array
Then the MD5 check code being calculated is added to behind the array of added excessively described first data by the first data.
5. dynamic base encryption method according to claim 4, which is characterized in that in the number for adding the MD5 check code
The second data are added again behind group.
6. dynamic base encryption method according to claim 5, which is characterized in that first data and the second data are
A certain number of random numbers.
7. a kind of anti-abduction method of dynamic base, which comprises the following steps:
(1) the MD5 check code in encrypted dynamic library file in growth data is extracted, obtains the first MD5 check code, and remove
Growth data obtains actual dynamic library file;
(2) corresponding MD5 check code is calculated according to obtained actual dynamic library file, obtains the 2nd MD5 check code;
(3) compare the first MD5 check code and the 2nd MD5 check code, if the two is consistent, verification passes through, and allows to load dynamic
Otherwise library determines that dynamic base is held as a hostage.
8. the anti-abduction method of dynamic base according to claim 7, which is characterized in that before step (1), the dynamic base
Anti- abduction method is further comprising the steps of: calculating the size of encrypted dynamic library file, and encrypted with being previously stored
The size of growth data in dynamic library file is compared, if the size of encrypted dynamic library file is prior greater than described
The size of growth data in the encrypted dynamic library file of storage, then carry out the step (1), otherwise determines dynamic base quilt
It distorts or does not encrypt.
9. a kind of dynamic base encryption device, including memory, processor and storage are in the memory and can be at the place
The computer program run on reason device, which is characterized in that the processing that the processor is realized when executing the computer program
Process includes treatment process as claimed in any one of claims 1 to 6.
10. a kind of dynamic base antihijacking device, including memory, processor and storage are in the memory and can be described
The computer program run on processor, which is characterized in that the place that the processor is realized when executing the computer program
Reason process includes treatment process described in claim 7-8 any one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811346999.XA CN109510825A (en) | 2018-11-13 | 2018-11-13 | Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811346999.XA CN109510825A (en) | 2018-11-13 | 2018-11-13 | Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109510825A true CN109510825A (en) | 2019-03-22 |
Family
ID=65748305
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811346999.XA Pending CN109510825A (en) | 2018-11-13 | 2018-11-13 | Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109510825A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110046134A (en) * | 2019-04-09 | 2019-07-23 | 北京信安世纪科技股份有限公司 | Database journal recording method and system and database log recording detection method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104268468A (en) * | 2014-09-25 | 2015-01-07 | 福建升腾资讯有限公司 | Protecting method and system of dynamic link library of Android system |
CN104751048A (en) * | 2015-01-29 | 2015-07-01 | 中国科学院信息工程研究所 | Dynamic link library integrity measuring method under perlink mechanism |
CN105447349A (en) * | 2015-11-20 | 2016-03-30 | 珠海多玩信息技术有限公司 | Method and device for protecting derived symbol in so file |
CN106560830A (en) * | 2016-07-01 | 2017-04-12 | 哈尔滨安天科技股份有限公司 | Linux embedded system safety protection method and system |
CN107368536A (en) * | 2017-06-22 | 2017-11-21 | 深圳市金立通信设备有限公司 | The optimization method and terminal of a kind of installation kit |
CN107786504A (en) * | 2016-08-26 | 2018-03-09 | 腾讯科技(深圳)有限公司 | ELF file publishing methods, ELF file verifications method, server and terminal |
CN108199827A (en) * | 2018-01-09 | 2018-06-22 | 武汉斗鱼网络科技有限公司 | Client code integrity checking method, storage medium, electronic equipment and system |
US10122742B1 (en) * | 2016-06-23 | 2018-11-06 | EMC IP Holding Company LLC | Classifying software modules based on comparisons using a neighborhood distance metric |
-
2018
- 2018-11-13 CN CN201811346999.XA patent/CN109510825A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104268468A (en) * | 2014-09-25 | 2015-01-07 | 福建升腾资讯有限公司 | Protecting method and system of dynamic link library of Android system |
CN104751048A (en) * | 2015-01-29 | 2015-07-01 | 中国科学院信息工程研究所 | Dynamic link library integrity measuring method under perlink mechanism |
CN105447349A (en) * | 2015-11-20 | 2016-03-30 | 珠海多玩信息技术有限公司 | Method and device for protecting derived symbol in so file |
US10122742B1 (en) * | 2016-06-23 | 2018-11-06 | EMC IP Holding Company LLC | Classifying software modules based on comparisons using a neighborhood distance metric |
CN106560830A (en) * | 2016-07-01 | 2017-04-12 | 哈尔滨安天科技股份有限公司 | Linux embedded system safety protection method and system |
CN107786504A (en) * | 2016-08-26 | 2018-03-09 | 腾讯科技(深圳)有限公司 | ELF file publishing methods, ELF file verifications method, server and terminal |
CN107368536A (en) * | 2017-06-22 | 2017-11-21 | 深圳市金立通信设备有限公司 | The optimization method and terminal of a kind of installation kit |
CN108199827A (en) * | 2018-01-09 | 2018-06-22 | 武汉斗鱼网络科技有限公司 | Client code integrity checking method, storage medium, electronic equipment and system |
Non-Patent Citations (1)
Title |
---|
刘光: "可执行文件*.exe(*.dll)剖析", 《编码的法则 C++程序员不可不知的101条实用经验》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110046134A (en) * | 2019-04-09 | 2019-07-23 | 北京信安世纪科技股份有限公司 | Database journal recording method and system and database log recording detection method |
CN110046134B (en) * | 2019-04-09 | 2021-08-31 | 北京信安世纪科技股份有限公司 | Database log recording method and system and database log recording detection method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104778141B (en) | A kind of TPCM modules based on control system trusted infrastructure and credible detection method | |
CN112685682B (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
Matsuda et al. | Cyber security risk assessment on industry 4.0 using ics testbed with ai and cloud | |
CN103530559A (en) | Integrity protection system of Android system | |
CN109564609A (en) | It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform | |
CN109447651A (en) | Business air control detection method, system, server and storage medium | |
CN107122685A (en) | A kind of big data method for secure storing and equipment | |
CN109753796B (en) | Big data computer network safety protection device and use method | |
Myung et al. | ICS malware Triton attack and countermeasures | |
CN101719846A (en) | Security monitoring method, device and system | |
CN110675150A (en) | Federation chain-based compliance management and supervision method and device | |
CN107612927B (en) | Safety detection method for power dispatching automation system | |
CN109784055A (en) | A kind of method and system of quick detection and preventing malice software | |
CN109510825A (en) | Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base | |
CN114266081A (en) | Operation and maintenance computer safety protection system and method of power monitoring system | |
CN114095228A (en) | Safe access method, system and device for data of Internet of things based on block chain and edge calculation and storage medium | |
CN110611659B (en) | Method, device and system for protecting service essence of power monitoring system | |
CN103607378A (en) | Access control method | |
CN117032831A (en) | Trusted DCS upper computer system, starting method thereof and software starting method thereof | |
CN113132310A (en) | Safe access method and system for power distribution terminal and power distribution master station | |
CN108509796A (en) | A kind of detection method and server of risk | |
CN105912945A (en) | Safety reinforcing device and operation method of operating system | |
WO2007074992A1 (en) | Method for detecting malicious code changes from hacking of program loaded and executed on memory through network | |
CN105933303A (en) | File tempering detection method and device | |
KR102530083B1 (en) | Virtualization apparatus, system for detecting malicious based on cloud and management method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190322 |
|
RJ01 | Rejection of invention patent application after publication |