CN110191052B - Cross-protocol network transmission method and system - Google Patents
Cross-protocol network transmission method and system Download PDFInfo
- Publication number
- CN110191052B CN110191052B CN201910330482.XA CN201910330482A CN110191052B CN 110191052 B CN110191052 B CN 110191052B CN 201910330482 A CN201910330482 A CN 201910330482A CN 110191052 B CN110191052 B CN 110191052B
- Authority
- CN
- China
- Prior art keywords
- transmission unit
- transmitting
- protocol
- paths
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 296
- 238000000034 method Methods 0.000 title claims abstract description 85
- 230000008569 process Effects 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 17
- 230000004044 response Effects 0.000 claims description 10
- 230000006855 networking Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 2
- 238000006467 substitution reaction Methods 0.000 claims description 2
- 238000012546 transfer Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/14—Multichannel or multilink protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a cross-protocol network transmission method and a cross-protocol network transmission system. The method comprises the following steps: the first transmission unit and the second transmission unit respectively sense available paths and protocols for transmitting data packets by themselves; establishing a plurality of paths for transmitting data packets of different protocols through negotiation between a first transmission unit and a second transmission unit; and transmitting the data packets between the first transmission unit and the second transmission unit by utilizing a plurality of paths for transmitting the data packets with different protocols. The invention establishes a plurality of paths with different protocols among different transmission units, so that a data packet generated by the content requested by a user can dynamically select a plurality of paths and protocols for transmitting the data packet, and simultaneously, information such as a serial number contained in the data packet is also confused, and the rule for transmitting the data packet is pointedly designed in a multi-dimensional way instead of single path forwarding, thereby greatly improving the difficulty of an attacker in eavesdropping the content of the user.
Description
Technical Field
The present invention relates to the field of wireless network communication technologies, and in particular, to a method and a system for cross-protocol network transmission.
Background
The current internet content transmission mode can be divided into plaintext transmission and ciphertext transmission. The plaintext transmission is exemplified by HTTP (Hyper Text Transfer Protocol), which transfers content data based on TCP/IP communication Protocol. The HTTP working process can be divided into the following steps:
step 1: when a user clicks a certain hyperlink of the browser, HTTP starts to work, and the client of the user is connected with the server.
Step 2: after the connection is established, the client sends a request to the server, and the format of the request content is as follows: the system comprises a uniform resource identifier, a protocol version number and multifunctional internet mail extension information, wherein the multifunctional internet mail extension information comprises a request modifier, client information and other contents.
And step 3: after receiving the request, the server gives corresponding response information to the request, wherein the format of the response information is as follows: a status line, multi-function internet mail extension information, wherein the status line includes a protocol version number and a successful or wrong status code, and the multi-function internet mail extension information includes server information, entity information and other contents.
And 4, step 4: and the client receives the response information returned by the server, displays the response information through the browser, and then disconnects the client from the server.
On one hand, when a client requests content from the HTTP server through the browser, the client only needs to transmit a request method and a request path, and after receiving the request, the server sends response information to the client. On the other hand, HTTP allows the transfer of any Type of data object, the Type of data being transferred can be tagged with a Content-Type field value. However, HTTP transmits both the user request content and the server response content information in clear text, which is easily eavesdropped by an attacker to obtain the user sensitive information.
For the security vulnerability of HTTP, a ciphertext transmission manner, for example, HTTPs (Hyper Text Transfer Protocol over Secure Socket Layer), arises. The HTTPS adds SSL (Secure Socket Layer) protocol on the basis of HTTP, and SSL verifies the identity of a server by means of a certificate and encrypts communication between a client and the server. The HTTPS working process can be divided into three phases:
stage 1: and (4) an authentication server. The server provides a Certificate issued by a CA (Certificate Authority), and if the Certificate exists in the client's list of trusted CA authorities and the information in the Certificate is consistent with the website currently being accessed, the client considers the server as trusted and obtains the public key from the Certificate for subsequent processes. Otherwise, the client end prompts the user and determines whether to continue according to the selection of the user.
And (2) stage: a session key is negotiated. After the client authenticates the server and acquires the public key information, the client uses the public key to carry out encryption communication with the server, and negotiates a symmetric key for data transmission, wherein the symmetric key is respectively used for encrypting data sent by the client to the server and data sent by the server to the client.
And (3) stage: and (5) encrypting communication. The client and the server both store the session key of the communication, and all the HTTP contents transmitted later are encrypted by the session key.
While the HTTPS inherits most advantages of HTTP, it encrypts the content of the user request and the server response, so that an eavesdropper cannot obtain the original plaintext content. However, HTTPS has a problem in that if it encounters man-in-the-middle attacks during the negotiation of keys, an eavesdropper can also obtain user-sensitive information. Specifically, on the client side, the man-in-the-middle pretends to be an HTTPS server and negotiates a key with the client; on the server side, the man-in-the-middle pretends to be a client exchanging data with the HTTPS server. The reason for eavesdropping on plaintext transmission and ciphertext transmission is that the current internet has a relatively single data packet transmission mode.
In the prior art, a cross-protocol network transmission method is as follows: a content transmission method based on multipath MPTCP (multi-connection TCP connection). The method comprises the following steps: the network management system acquires the IP address of the first network node and the IP address of the second network node; the network management system determines a tunnel between the first network node and the second network node according to the IP address of the first network node and the IP address of the second network node, and the network management system prestores information of the tunnel configured according to the IP addresses of the network nodes managed by the network management system; the network management system sends information of a target tunnel to at least one of the first network node and the second network node, so that the first network node and the second network node establish connection on the target tunnel according to the information of the target tunnel, and the target tunnel is a tunnel between the first network node and the second network node. By adopting the embodiment of the invention, the establishment efficiency of the tunnel connection can be improved.
The content transmission method based on the multipath MPTCP has the following disadvantages: on one hand, the method cannot guarantee the requirement of safe transmission of the user content in use. Because the tunnel forwarding rule is single, an attacker can obtain all contents of the user through single-point eavesdropping, and then can obtain the sensitive information of the user through a proper decryption mechanism. On the other hand, the method cannot meet the requirement of expandability in use. The technology can not be used only for a tunnel supporting IP address configuration and for newly developed addresses of Internet development such as IPv6, content identification and ZigBee.
A second cross-protocol network transmission method in the prior art is a method for securely transmitting network information, and the method includes the following steps: (1) respectively connecting the encryption machines at the two user ends, and establishing network communication connection between the user end, the encryption machine and the user end according to the identification numbers of the encryption machines at the two user ends; (2) the two user ends firstly determine the identity of the other side and then negotiate an encryption key; (3) one of the user terminals sends information to the encryption machine of the user terminal, the encryption machine uses the encryption key to encrypt the information after receiving the information, then the information is transmitted to the other encryption machine through the network to be decrypted, and the decrypted information is transmitted to the other user terminal to be received. The invention adopts the end-to-end encryption mode to encrypt the network information to be transmitted, so that the information is transmitted from one user end to another user end in an encrypted form, and the two user ends adopt dynamic encryption keys for encryption and decryption, thereby effectively preventing the attack of a network uplink and a switch, and ensuring that the transmission of the network information can achieve the purposes of no attack, no removal, no understanding and no damage.
The above method for securely transmitting network information has the following disadvantages: on one hand, the method uses a single forwarding rule, needs a dynamic negotiation key, is easy to be attacked by a man-in-the-middle, and an attacker can acquire all user request contents by single-point eavesdropping, so that the requirement of safe transmission of the user contents cannot be reliably guaranteed. On the other hand, the method needs to mutually authenticate identities and negotiate a key in the using process, so that larger calculation and time expenses are brought, and the QoS experience of the user is reduced.
Disclosure of Invention
The embodiment of the invention provides a cross-protocol network transmission method and a cross-protocol network transmission system, which are used for overcoming the problems in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme.
In a first aspect, the present invention provides a method for transmitting across a protocol network, which implements multipath multi-protocol content transmission, and includes:
the first transmission unit and the second transmission unit respectively sense available paths and protocols for transmitting data packets by themselves;
establishing a plurality of paths for transmitting data packets of different protocols through negotiation between the first transmission unit and the second transmission unit;
and transmitting the data packets between the first transmission unit and the second transmission unit by utilizing the plurality of paths for transmitting the data packets with different protocols.
In a possible implementation manner, the checking, by the first transmission unit and the second transmission unit, the available path for transmitting the data packet by the current self device through a system command respectively includes: wired ethernet port, wireless WIFI port, 3G port, 4G port, zigBee port, Bluetooth port.
In another possible implementation manner, the acquiring, by the first transmission unit and the second transmission unit through background listening, a protocol available for transmitting a data packet by the current self device includes: IPv4 protocol, IPv6 protocol, ZigBee protocol, Bluetooth protocol and Named Data Networking protocol.
In yet another possible implementation manner, the first transmission unit selects a corresponding path according to second transmission unit protocol configuration information solidified by a local register, and sends out specific packets of the second transmission unit configuration protocol, including an ICMP packet and an ICMPv6 packet.
In another possible implementation manner, the configuration information of the protocol for transmitting the data packet includes: IPv4 address, IPv6 address, Named Data Networking address, ZigBee device address and Bluetooth device address.
By executing the steps, the first transmission unit and the second transmission unit respectively sense the available path and protocol of the data packet transmitted by the first transmission unit and the second transmission unit, and the first transmission unit initiates a negotiation request to the second transmission unit according to the path protocol information of the self equipment and the protocol configuration information of the second transmission unit solidified by the local register, so that a foundation is laid for the first transmission unit and the second transmission unit to establish a plurality of paths with different protocols.
In a second aspect, the present invention provides a cross-protocol network transmission method, which implements multi-path multi-protocol content transmission, and includes: a plurality of paths for transmitting data packets of different protocols are established between the first transmission unit and the second transmission unit through negotiation.
In a possible implementation manner, the second transmission unit obtains and stores configuration information of a path and a protocol of a data packet transmitted by the corresponding first transmission unit by receiving and responding to a specific data packet sent by the first transmission unit.
In yet another possible implementation manner, multiple paths for transmitting data packets of different protocols are established and maintained between the first transmission unit and the second transmission unit through requests and responses of multiple groups of specific data packets, where different paths respectively correspond to different protocols, and each path respectively corresponds to one port type.
In yet another possible implementation, the path includes an IPv4 tunnel, an IPv6 tunnel, a VXLAN tunnel, and a GRE tunnel, the protocols include an IPv4 protocol, an IPv6 protocol, a ZigBee protocol, a Bluetooth protocol, and a Named Data Networking protocol, and the port types include a wired ethernet port, a wireless WIFI port, a 3G port, a 4G port, a ZigBee port, and a Bluetooth port.
By executing the steps, a plurality of paths for transmitting data packets with different protocols are established and maintained between the first transmission unit and the second transmission unit, the different paths respectively correspond to different protocols, and each path respectively corresponds to one port type, so that a foundation is laid for customizing a diversified data packet transmission method.
In a third aspect, the present invention provides a cross-protocol network transmission method, which implements multipath multi-protocol content transmission, and includes: and the data packets are transmitted between the first transmission unit and the second transmission unit by utilizing a plurality of paths for transmitting the data packets with different protocols.
In a possible implementation manner, when the first transmission unit needs to transmit a data packet to an opposite side, in an operation process of a data packet input port, the first transmission unit selects a path for transmitting the data packet corresponding to a specified protocol from a plurality of paths, and in an operation process of a data packet output port, the first transmission unit confuses sequence number information of each data packet.
In another possible implementation manner, the selecting, by the first transmission unit, a path for transmitting the data packet corresponding to the specified protocol from the multiple paths includes: the first transmission unit dynamically selects a path for transmitting the data packet from a plurality of paths; or, the first transmission unit polls and selects a path for transmitting the data packet from a plurality of paths in sequence; or, the first transmission unit selects a path for transmitting the data packet from the multiple paths according to the path utilization rate.
In yet another possible implementation manner, the first transmission unit uses a permutation obfuscation method and/or an alternative obfuscation method to obfuscate sequence number information of each data packet, where the sequence number information of the data packet includes: TCP sequence number, ACK sequence number, TCP port number, and UDP port number.
By executing the steps, a data packet generated by the content requested by the user can dynamically select a plurality of forwarding paths and protocols, and simultaneously information such as a serial number contained in the data packet is also confused, so that a data packet forwarding rule is designed in a multi-dimensional and targeted manner instead of single path forwarding, and the difficulty of eavesdropping the user content by an attacker is greatly improved. In a fourth aspect, the present invention provides a cross-protocol network transmission system, including: the device comprises a first transmission unit, a second transmission unit and an intelligent control unit.
In a possible implementation manner, the first transmission unit is configured to sense an available path and protocol for transmitting a data packet, send configuration information of the path and protocol for transmitting the data packet selected by the first transmission unit to the intelligent control unit, or receive configuration information of the path and protocol for transmitting the data packet selected by the second transmission unit; the sending or receiving method comprises the steps that the first transmission unit establishes Socket connection with the intelligent control unit, Socket communication is established, and Socket connection is disconnected.
In yet another possible implementation manner, the second transmission unit is configured to sense a path and a protocol available for transmitting a packet by itself, send configuration information of the path and the protocol of the transmission packet selected by itself to the intelligent control unit, or receive configuration information of the path and the protocol of the transmission packet selected by the first transmission unit; the sending or receiving method comprises the steps that the first transmission unit establishes Socket connection with the intelligent control unit, Socket communication is established, and Socket connection is disconnected.
In yet another possible implementation manner, the intelligent control unit is configured to establish a plurality of paths for transmitting packets of different protocols between the first transmission unit and the second transmission unit through negotiation between the first transmission unit and the second transmission unit, and transmit packets between the first transmission unit and the second transmission unit by using the plurality of paths for transmitting packets of different protocols.
In yet another possible implementation manner, the intelligent control unit dynamically updates the forwarding path selection rule used by the first transmission unit and the second transmission unit according to the path and protocol configuration information between the first transmission unit and the second transmission unit; the rule standard format includes, but is not limited to: commands, keys, values, wherein the commands include but are not limited to add, delete, update; the key comprises a path selection table name to be used; the values include the path selection rules specifically used.
In yet another possible implementation manner, the intelligent control unit dynamically updates an information confusion algorithm for transmitting data packet serial numbers and the like by the first transmission unit and the second transmission unit; the obfuscation algorithm is shipped, i.e., solidified, locally to the device, which includes, but is not limited to, a replacement obfuscation and a replacement obfuscation; the update obfuscation algorithm formats include, but are not limited to, commands, keys, values, where commands include updates; the key comprises a name of a confusion algorithm table to be used; the values include the obfuscation algorithm that is specifically needed to be used.
It can be seen from the technical solutions provided by the embodiments of the present invention that, in the embodiments of the present invention, a plurality of paths with different protocols can be established between different transmission units, so that a data packet generated by a user requesting content can dynamically select a plurality of paths and protocols for transmitting the data packet, and simultaneously, information such as a serial number included in the data packet is also confused, and a rule for transmitting the data packet is pointedly designed in a multidimensional manner instead of forwarding through a single path, thereby greatly improving the difficulty of an attacker in eavesdropping the user content.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a processing flow chart of a cross-protocol network transmission method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a cross-protocol network transmission system according to an embodiment of the present invention;
fig. 3 is a schematic view of an application scenario of a cross-protocol network transmission method according to an embodiment of the present invention,
fig. 4 is a schematic view of an application scenario of a cross-protocol network transmission method according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the convenience of understanding the embodiments of the present invention, the following description will be further explained by taking several specific embodiments as examples in conjunction with the drawings, and the embodiments are not to be construed as limiting the embodiments of the present invention.
Example one
The invention designs a cross-protocol network transmission method and a cross-protocol network transmission system aiming at the problems that the current internet data packet forwarding rule is single and is easy to be intercepted by an attacker, ensures the content security of a user by customizing diversified transmission data packet rules such as multipath, multiprotocol and the like, realizes the 'interception incompleteness', 'interception irrecoverability' and 'interception irrecoverability', and meets the development requirement of internet information security.
The cross-protocol network transmission method provided by the embodiment of the invention realizes multi-path multi-protocol content transmission, and the processing flow of the method is shown in figure 1, and comprises the following processing steps:
step S10, the first transmission unit and the second transmission unit respectively sense the available path and protocol for transmitting the data packet.
The first transmission unit and the second transmission unit respectively check available paths of the data packets transmitted by the current self-equipment through system commands, and respectively acquire available protocols of the data packets transmitted by the current self-equipment through background monitoring;
and the first transmission unit and the second transmission unit respectively select a path and a protocol for transmitting the data packet according to the values of the local path and the protocol register. The path and protocol information stored in the protocol register are all fixed in the local of the transmission unit. For example, when the first transmission unit wants to determine whether the IPv4 protocol of a certain network card is available, it only needs to send a specific data packet of the IPv4 protocol to the second transmission unit through the network card (the IPv4 protocol information of the second transmission unit is also fixed in the register of the transmission unit), and if the specific data packet is responded, the IPv4 protocol representing the path is available, and the protocol of the path is selected.
Step S20, establishing multiple paths for transmitting packets of different protocols between the first transmission unit and the second transmission unit through negotiation.
And the second transmission unit acquires and stores configuration information of a corresponding transmission data packet path and protocol of the first transmission unit by receiving and responding to the specific data packet sent by the first transmission unit.
And establishing and maintaining a plurality of paths for transmitting data packets of different protocols between the first transmission unit and the second transmission unit through requests and responses of a plurality of groups of specific data packets, wherein the different paths respectively correspond to different protocols, and each path respectively corresponds to one port type.
By executing the steps, a plurality of paths with different protocols are established between the first transmission unit and the second transmission unit, the transmission data packet rule can be designed in a multi-dimensional targeted manner instead of single path forwarding, and the difficulty of eavesdropping the user content by an attacker is greatly improved.
Step S30, transmitting the data packet between the first transmission unit and the second transmission unit by using the plurality of paths for transmitting the data packet with different protocols.
When a first transmission unit needs to transmit a data packet to an opposite side, in an operation process of a data packet input port, the first transmission unit selects a path corresponding to a designated protocol for transmitting the data packet from a plurality of paths, and in an operation process of a data packet output port, the first transmission unit confuses sequence number information of each data packet.
By executing the steps, a data packet generated by the content requested by the user can dynamically select a plurality of paths and protocols for transmitting the data packet, and simultaneously information such as a serial number contained in the data packet is also confused, so that the rule for transmitting the data packet is designed in a multi-dimensional and targeted manner instead of single path forwarding, and the difficulty of eavesdropping the user content by an attacker is greatly improved.
In a possible implementation manner, the first transmission unit senses an available path for transmitting a packet by the current device, where the path corresponds to a port including, but not limited to: wired ethernet port, wireless WIFI port, 3G port, 4G port, zigBee port and Bluetooth port.
In yet another possible implementation manner, the first transmission unit senses available protocols for the current device to transmit the data packet, and the protocols include, but are not limited to: IPv4 protocol, IPv6 protocol, ZigBee protocol, Bluetooth protocol and Named Data Networking protocol.
In yet another possible implementation, the transmission unit determines a path for transmitting the Data packet, and configuration information of a protocol peer (second transmission unit), where the configuration information includes, but is not limited to, IPv4 address, IPv6 address, Named Data Networking address, ZigBee device address, Bluetooth device address, and other variable-length identification addresses.
In yet another possible implementation manner, a plurality of end-to-end paths for transmitting the data packets are established between the first transmission unit and the second transmission unit, and the paths include, but are not limited to: IPv4 tunnel, IPv6 tunnel, VXLAN tunnel, and GRE tunnel.
In a possible implementation manner, in the process of packet ingress port operation, the first transmission unit first selects a path and a protocol for transmitting a packet, where the method for selecting a path and a protocol for transmitting a packet includes a path and a protocol polling method, and the polling method can uniformly allocate a packet to each path and protocol for transmitting a packet.
In another possible implementation manner, in a packet ingress port operation process, the first transmission unit first selects a path and a protocol for transmitting a packet, where the method for selecting a path and a protocol for transmitting a packet includes a path utilization method, and the method includes: the first transmission unit acquires the path utilization rate of each transmission data packet; the path utilization includes but is not limited to path bandwidth occupation and path delay; the transmission unit distributes data packets according to the path utilization rate in a balanced manner; the method for allocating data packets evenly comprises but is not limited to allocating data packets as little as possible with large path utilization rate and allocating data packets as much as possible with small path utilization rate;
in yet another possible implementation, the transmission unit obfuscates information such as packet sequence number during packet egress port operation, and the obfuscating method is fixed locally to the transmission unit, and includes a permutation obfuscating method. The permutation obfuscation includes, but is not limited to, S-Box permutation, matrix permutation.
In yet another possible implementation, the transmission unit obfuscates information such as packet sequence number during packet egress port operation, and the obfuscating method is fixed locally to the transmission unit, which includes replacing the obfuscating method. Such alternative obfuscations include, but are not limited to, the Caesar password, the Vigene password.
In yet another possible implementation, during the packet egress port operation process, the transmission unit obfuscates information such as packet sequence number, including but not limited to TCP sequence number, ACK sequence number, TCP port number, UDP port number.
In another aspect, a schematic structural diagram of a cross-protocol network transmission system according to an embodiment of the present invention is shown in fig. 2, and the system includes an intelligent control unit 20 and transmission units, where the transmission units include, but are not limited to, a first transmission unit 30 and a second transmission unit 40.
The first transmission unit is used for sensing available paths and protocols for transmitting data packets by the first transmission unit and sending configuration information of the paths and protocols for transmitting the data packets selected by the first transmission unit to the intelligent control unit;
the second transmission unit is used for sensing available paths and protocols for transmitting data packets by the second transmission unit and sending configuration information of the paths and protocols for transmitting the data packets selected by the second transmission unit to the intelligent control unit;
the intelligent control unit is used for establishing a plurality of paths for transmitting data packets with different protocols between the first transmission unit and the second transmission unit through negotiation between the first transmission unit and the second transmission unit, and transmitting the data packets between the first transmission unit and the second transmission unit by utilizing the plurality of paths for transmitting the data packets with different protocols.
The method is specifically configured to establish Socket connection and communication with the first transmission unit and the second transmission unit, and when data packets need to be transmitted between the first transmission unit and the second transmission unit, select a path for transmitting the data packets corresponding to a specified protocol from among multiple paths in an operation process of a data packet ingress port, and confuse sequence number information of each data packet in the operation process of the data packet egress port.
The intelligent control unit dynamically updates the path selection rule of the transmission data packet used by the transmission unit according to the path between the transmission units and the protocol configuration information; the intelligent control unit dynamically updates information confusion algorithms such as the data packet serial number of the transmission unit.
By operating the units, a data packet generated by a user request content can dynamically select a plurality of paths and protocols for transmitting the data packet, and information such as a serial number contained in the data packet is also confused, so that a transmission data packet rule is pointedly designed in a multi-dimensional manner instead of single path forwarding, and the difficulty of eavesdropping the user content by an attacker is greatly improved.
In a possible implementation manner, the first transmission unit transmits path and protocol configuration information to the intelligent control unit, and the transmission method includes that the first transmission unit establishes Socket connection, Socket communication and disconnects the Socket connection with the intelligent control unit.
In another possible implementation manner, the intelligent control unit transmits configuration information to the second transmission unit, where the configuration information is a path and protocol configuration information transmitted from the first transmission unit to the intelligent control unit, and the method for the intelligent control unit to transmit the configuration information to the second transmission unit includes the intelligent control unit establishing a Socket connection with the second transmission unit, Socket communication, and disconnecting the Socket connection.
In another possible implementation manner, the intelligent control unit dynamically updates the routing rule of the transmission data packet used by the transmission unit according to the routing and protocol configuration information between the transmission units, and the method for transmitting the update rule includes establishing Socket connection, Socket communication and disconnecting the Socket connection between the intelligent control unit and the transmission unit. The rule standard format includes, but is not limited to: commands, keys, values, wherein the commands include but are not limited to add, delete, update; the key comprises a path selection table name to be used; the values include the path selection rules specifically used.
In another possible implementation manner, the intelligent control unit dynamically updates an information confusion algorithm such as a data packet sequence number of the transmission unit, and the method for transferring the updated confusion algorithm includes establishing Socket connection, Socket communication and disconnecting the Socket connection between the intelligent control unit and the transmission unit. The obfuscation algorithm is shipped, i.e., fixed locally to the device, which includes, but is not limited to, replacement obfuscation and replacement obfuscation. The update obfuscation algorithm formats include, but are not limited to, commands, keys, values, where commands include updates; the key comprises a name of a confusion algorithm table to be used; the values include the obfuscation algorithm that is specifically needed to be used.
The specific process of performing cross-protocol network transmission by using the system of the embodiment of the present invention is similar to the foregoing method embodiment, and is not described here again.
Example two
Fig. 3 is a schematic view of an application scenario of a cross-protocol network transmission method according to an embodiment of the present invention, as shown in fig. 3, a user carries a first transmission unit with him, a second transmission unit is disposed at an edge of an operator core network, and when the user accesses the internet, the first transmission unit needs to be first accessed to the network, and then terminals of the user, such as a laptop computer and a mobile phone, can be accessed to the first transmission unit through a wired or wireless connection. This embodiment can ensure the relative security of the transmission channel from the user to the operator.
The first transmission unit is the first transmission unit 101 in fig. 3 or the first transmission unit 102. If the number is 101, the user and the second transmission unit are in the same access network; if 102, it means that the user and the second transmission unit are not in the same access network. The second transmission unit is the second transmission unit 105 in fig. 3, and the access networks are the access network 103 and the access network 104 in fig. 3. Wherein the second transmission unit 105 is deployed in the access network 103. The second transmission unit 105 needs to have specific path and protocol configuration information after being deployed to the access network 103, where the path and protocol configuration information includes, but is not limited to, an IPv4 address and an IPv6 address. The first transmission unit needs to locally save the configuration information of the second transmission unit 105. When a user accesses the internet, the first transmission unit needs to be accessed into the network firstly, and then terminals of the user, such as a notebook computer, a mobile phone and the like, can be accessed into the first transmission unit through wires or wirelessly.
EXAMPLE III
Fig. 4 is a schematic view of an application scenario of a cross-protocol network transmission method according to an embodiment of the present invention, as shown in fig. 4, when a first user carrying a first transmission unit communicates with a second user carrying a second transmission unit, an intelligent control unit is required to interact path and protocol configuration information of each transmission unit, so as to establish a multipath and protocol channel between the first transmission unit and the second transmission unit, thereby ensuring secure communication between the first user and the second user.
The first user is the first user 201 in fig. 4, and the first transmission unit connected to the first user 201 is the first transmission unit 203. The second user is the second user 202 in fig. 4, and the second transmission unit connected to the second user 202 is the second transmission unit 204. The first transmission unit 203 and the second transmission unit 204 are respectively connected to an access network 205 and an access network 206, where the access network 205 and the access network 206 may be the same operator network or different operator networks. The first transmission unit 203 and the second transmission unit 204 respectively interact with the intelligent control unit 207 with path and protocol configuration information, which includes but is not limited to IPv4 address, IPv6 address, etc. After acquiring the configuration information of each transmission unit, the intelligent control unit 207 establishes a multipath and protocol channel between the first transmission unit 203 and the second transmission unit 204, thereby ensuring the secure communication between the first user 201 and the second user 202.
In summary, in the embodiments of the present invention, multiple paths with different protocols can be established between different transmission units, so that a data packet generated by a user requesting content can dynamically select multiple paths and protocols for transmitting the data packet, and information such as a sequence number included in the data packet is also confused, so that a rule for transmitting the data packet is pointedly designed in multiple dimensions instead of forwarding the data packet through a single path, thereby greatly improving the difficulty of an attacker in eavesdropping the user content.
The invention provides a cross-protocol network transmission method and a system, which realize multi-path multi-protocol content transmission, and enable a data packet generated by user request content to dynamically select a plurality of paths and protocols for transmitting the data packet by establishing a plurality of paths with different protocols among transmission units, and simultaneously information such as a serial number and the like contained in the data packet is also confused, and a rule for transmitting the data packet is pointedly designed in a multi-dimensional way instead of single path forwarding, thereby greatly improving the difficulty of an attacker in eavesdropping the user content. From this point of view, it is difficult to find other alternatives to accomplish the objective of the present invention, but some other schemes should be proposed in the specific implementation process.
Those of ordinary skill in the art will understand that: the figures are merely schematic representations of one embodiment, and the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, they are described in relative terms, as long as they are described in partial descriptions of method embodiments. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A method for cross-protocol network transmission, comprising:
the first transmission unit and the second transmission unit respectively sense available paths and protocols for transmitting data packets by themselves;
establishing a plurality of paths for transmitting data packets of different protocols through negotiation between the first transmission unit and the second transmission unit;
transmitting data packets between the first transmission unit and the second transmission unit by using the plurality of paths for transmitting the data packets with different protocols; the first transmission unit and the second transmission unit respectively sense the available paths and protocols for transmitting the data packets, and the method comprises the following steps:
the first transmission unit and the second transmission unit respectively check available paths for transmitting the data packets by the current self equipment through system commands, and respectively acquire available protocols for transmitting the data packets by the current self equipment through background monitoring;
the first transmission unit and the second transmission unit respectively select a path and a protocol for transmitting a data packet according to values of a local path and a protocol register, the first transmission unit sends a specific data packet from the corresponding path by using the corresponding protocol, and judges whether the corresponding path and the protocol are available according to whether feedback exists or not;
the first transmission unit and the second transmission unit respectively sense the available path and protocol of own transmission data packet, the first transmission unit initiates a negotiation request to the second transmission unit according to the path protocol information of own equipment and the protocol configuration information of the second transmission unit solidified by a local register, and lays a foundation for establishing a plurality of paths with different protocols for the first transmission unit and the second transmission unit;
the establishing of multiple paths for transmitting data packets of different protocols through negotiation between the first transmission unit and the second transmission unit includes:
the second transmission unit acquires and stores configuration information of a corresponding transmission data packet path and protocol of the first transmission unit by receiving and responding to the specific data packet sent by the first transmission unit;
and establishing and maintaining a plurality of paths for transmitting data packets of different protocols between the first transmission unit and the second transmission unit through requests and responses of a plurality of groups of specific data packets, wherein the different paths respectively correspond to different protocols, and each path respectively corresponds to one port type.
2. The method of claim 1, wherein the configuration information of the protocol for transmitting the data packet comprises: IPv4 address, IPv6 address, Named Data Networking address, ZigBee device address and Bluetooth device address.
3. The method of claim 1, wherein the path comprises an IPv4 tunnel, an IPv6 tunnel, a VXLAN tunnel, and a GRE tunnel, wherein the protocols comprise an IPv4 protocol, an IPv6 protocol, a ZigBee protocol, a Bluetooth protocol, and a Named Data Networking protocol, and wherein the port types comprise a wired ethernet port, a wireless WIFI port, a 3G port, a 4G port, a ZigBee port, and a Bluetooth port.
4. The method according to any one of claims 1 to 3, wherein the transmitting of the data packets between the first transmission unit and the second transmission unit by using the plurality of paths for transmitting the data packets of different protocols comprises:
when a first transmission unit needs to transmit a data packet to an opposite side, in an operation process of a data packet input port, the first transmission unit selects a path corresponding to a designated protocol for transmitting the data packet from a plurality of paths, and in an operation process of a data packet output port, the first transmission unit confuses sequence number information of each data packet.
5. The method of claim 4, wherein the selecting, by the first transmission unit, a path for transmitting the data packet corresponding to the specified protocol from the plurality of paths comprises:
the first transmission unit dynamically selects a path for transmitting the data packet from a plurality of paths;
or,
the first transmission unit polls and selects a path for transmitting the data packet from a plurality of paths in sequence;
or,
the first transmission unit selects a path for transmitting the data packet from the plurality of paths according to the path utilization rate.
6. The method of claim 5, wherein the first transmission unit obfuscates sequence number information of each packet, comprising:
the first transmission unit uses a replacement confusion method and/or a substitution confusion method to confuse sequence number information of each data packet, wherein the sequence number information of the data packet comprises: TCP sequence number, ACK sequence number, TCP port number, and UDP port number.
7. A cross-protocol network transmission system, comprising: a first transmission unit, a second transmission unit, and an intelligent control unit, by which the cross-protocol network transmission method according to any one of claims 1 to 6 is executed;
the first transmission unit is used for sensing available paths and protocols for transmitting data packets by the first transmission unit and sending configuration information of the paths and protocols for transmitting the data packets selected by the first transmission unit to the intelligent control unit;
the second transmission unit is used for sensing available paths and protocols for transmitting data packets by the second transmission unit and sending configuration information of the paths and protocols for transmitting the data packets selected by the second transmission unit to the intelligent control unit;
the intelligent control unit is used for establishing a plurality of paths for transmitting data packets with different protocols between the first transmission unit and the second transmission unit through negotiation between the first transmission unit and the second transmission unit, and transmitting the data packets between the first transmission unit and the second transmission unit by utilizing the plurality of paths for transmitting the data packets with different protocols.
8. The system of claim 7, wherein:
the intelligent control unit is specifically used for establishing Socket connection and communication with the first transmission unit and the second transmission unit, when data packets need to be transmitted between the first transmission unit and the second transmission unit, a path of the transmission data packet corresponding to a specified protocol is selected from multiple paths in the operation process of a data packet input port, and sequence number information of each data packet is confused in the operation process of the data packet output port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910330482.XA CN110191052B (en) | 2019-04-23 | 2019-04-23 | Cross-protocol network transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910330482.XA CN110191052B (en) | 2019-04-23 | 2019-04-23 | Cross-protocol network transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110191052A CN110191052A (en) | 2019-08-30 |
| CN110191052B true CN110191052B (en) | 2021-05-14 |
Family
ID=67714908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910330482.XA Active CN110191052B (en) | 2019-04-23 | 2019-04-23 | Cross-protocol network transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110191052B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111294385B (en) * | 2020-01-02 | 2023-01-31 | 北京字节跳动网络技术有限公司 | Data transmission method and device, readable medium and electronic equipment |
| CN111327379B (en) * | 2020-02-03 | 2021-04-23 | 清华大学 | Channel allocation method and device based on cross-protocol signals |
| CN111416770B (en) * | 2020-02-21 | 2021-05-14 | 北京交通大学 | Self-adaptive scheduling system and method for cross-protocol convergence transmission |
| CN113904976A (en) * | 2021-09-28 | 2022-01-07 | 新乡学院 | Multi-path data transmission method and device for lossy network based on RDMA |
| CN114513312B (en) * | 2022-04-19 | 2022-06-28 | 北京天维信通科技有限公司 | Data transmission method and device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6628649B1 (en) * | 1999-10-29 | 2003-09-30 | Cisco Technology, Inc. | Apparatus and methods providing redundant routing in a switched network device |
| CN101110830A (en) * | 2007-08-24 | 2008-01-23 | 张建中 | Method, device and system for creating multidimensional address protocol |
| CN104202255A (en) * | 2014-08-26 | 2014-12-10 | 浪潮(北京)电子信息产业有限公司 | Efficient multi-link data transmission implementation method |
| CN104618236A (en) * | 2015-01-21 | 2015-05-13 | 网宿科技股份有限公司 | Parallel data transmission system and method of acceleration network |
| CN107113239A (en) * | 2015-02-27 | 2017-08-29 | 华为技术有限公司 | Bag is obscured and wraps forwarding |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515840B (en) * | 2009-03-09 | 2011-08-03 | 北京交通大学 | Route selecting method of multipath parallel transmission and delivery |
| CN101719918A (en) * | 2009-11-27 | 2010-06-02 | 北京交通大学 | Improved multi-joint and multi-path transmission method |
| WO2015032087A1 (en) * | 2013-09-09 | 2015-03-12 | 华为技术有限公司 | Method, device, and system for multi-stream multiplexing |
-
2019
- 2019-04-23 CN CN201910330482.XA patent/CN110191052B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6628649B1 (en) * | 1999-10-29 | 2003-09-30 | Cisco Technology, Inc. | Apparatus and methods providing redundant routing in a switched network device |
| CN101110830A (en) * | 2007-08-24 | 2008-01-23 | 张建中 | Method, device and system for creating multidimensional address protocol |
| CN104202255A (en) * | 2014-08-26 | 2014-12-10 | 浪潮(北京)电子信息产业有限公司 | Efficient multi-link data transmission implementation method |
| CN104618236A (en) * | 2015-01-21 | 2015-05-13 | 网宿科技股份有限公司 | Parallel data transmission system and method of acceleration network |
| CN107113239A (en) * | 2015-02-27 | 2017-08-29 | 华为技术有限公司 | Bag is obscured and wraps forwarding |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110191052A (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11930126B2 (en) | System and method for secure relayed communications from an implantable medical device | |
| CN110191052B (en) | Cross-protocol network transmission method and system | |
| Mukherjee et al. | End-to-end IoT security middleware for cloud-fog communication | |
| CN107113319B (en) | Method, device and system for responding in virtual network computing authentication and proxy server | |
| US8510549B2 (en) | Transmission of packet data over a network with security protocol | |
| CN107005400B (en) | Service processing method and device | |
| US11736304B2 (en) | Secure authentication of remote equipment | |
| JP2012213036A (en) | Communication apparatus and communication system | |
| KR101688118B1 (en) | Security communication apparatus of internet of things environment and method thereof | |
| US20120246473A1 (en) | Encryption information transmitting terminal | |
| US20090327730A1 (en) | Apparatus and method for encrypted communication processing | |
| Antonioli et al. | Nearby Threats: Reversing, Analyzing, and Attacking Google’s' Nearby Connections' on Android | |
| KR100948604B1 (en) | Security method of mobile internet protocol based server | |
| JP2011176395A (en) | IPsec COMMUNICATION METHOD AND IPsec COMMUNICATION SYSTEM | |
| CN109450849B (en) | Cloud server networking method based on block chain | |
| Han et al. | Security offloading network system for expanded security coverage in IPv6-based resource constrained data service networks | |
| JP2013077957A (en) | Relay device, encryption communication system, encryption communication program, and encryption communication method | |
| Han et al. | A back-end offload architecture for security of resource-constrained networks | |
| Mohamed et al. | Extending hybrid approach to secure Trivial File Transfer Protocol in M2M communication: a comparative analysis | |
| CN113225298A (en) | Message verification method and device | |
| Rasmussen et al. | Nearby threats: Reversing, analyzing, and attacking Google’s ‘nearby connections’ on Android | |
| US20230412371A1 (en) | Quantum cryptography in an internet key exchange procedure | |
| Ahammed et al. | An Approach to Secure Communication in IoT (Internet of Things) | |
| KR101594897B1 (en) | Secure Communication System and Method for Building a Secure Communication Session between Lightweight Things | |
| EP3832949A1 (en) | Method for securing a data communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |