CN111698212B - Unidirectional transmission method based on virtual receiving end - Google Patents

Unidirectional transmission method based on virtual receiving end Download PDF

Info

Publication number
CN111698212B
CN111698212B CN202010401431.4A CN202010401431A CN111698212B CN 111698212 B CN111698212 B CN 111698212B CN 202010401431 A CN202010401431 A CN 202010401431A CN 111698212 B CN111698212 B CN 111698212B
Authority
CN
China
Prior art keywords
receiving end
way
virtual
client
virtual receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010401431.4A
Other languages
Chinese (zh)
Other versions
CN111698212A (en
Inventor
阳建军
邓金祥
代先勇
牟一林
胥雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Fengwei Technology Co ltd
Original Assignee
Chengdu Shensi Science & Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Shensi Science & Technology Co ltd filed Critical Chengdu Shensi Science & Technology Co ltd
Priority to CN202010401431.4A priority Critical patent/CN111698212B/en
Publication of CN111698212A publication Critical patent/CN111698212A/en
Application granted granted Critical
Publication of CN111698212B publication Critical patent/CN111698212B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0061Error detection codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9057Arrangements for supporting packet reassembly or resequencing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Abstract

The invention discloses a one-way transmission method based on a virtual receiving end, wherein a client is connected with the virtual receiving end and the one-way receiving end through a light splitting device, the client establishes two-way connection with the virtual receiving end, namely the client initiates TCP connection to the virtual receiving end, the client establishes one-way connection with the one-way receiving end, information transmission from the client to the one-way receiving end is one-way, the one-way receiving end does not have any active data communication to the client and the virtual receiving end, and the one-way receiving end is favorable for preventing data leakage.

Description

Unidirectional transmission method based on virtual receiving end
Technical Field
The invention relates to the technical field of data transmission safety, in particular to a one-way transmission method based on a virtual receiving end.
Background
File transfer is a network function that is widely needed in the Internet at present, for example: uploading and downloading files to a cloud disk, uploading document attachments to an application system, transmitting files in an internal and external network isolation scene and the like.
However, when network file transmission is performed through the internet, some network security problems are often caused due to the openness of the network, such as: malicious transmission of illegal files, man-in-the-middle attack, interception and interception of transmitted files, tampering of transmitted files and the like, and even attack and control on the server after tracking to the server. In some scenarios with high requirements on data security, it is necessary to ensure that a file is confidential for others, that a file transmitted to a server is trusted, and that the server is secure and cannot be tracked. It is desirable that the transmission system have the capability to cope with these network security issues. Existing file transfer systems are prone to expose these weaknesses.
Disclosure of Invention
The present invention is directed to a unidirectional transmission method based on a virtual receiver to solve the above problems.
In order to achieve the above object, the present disclosure provides a unidirectional transmission method based on a virtual receiving end, including the following:
s1, the client establishes a bidirectional connection with the virtual receiving end, and the client establishes a unidirectional connection with the unidirectional receiving end;
s2, encrypting the key of the client by the public key built in the client to obtain encrypted content A, sending A to the virtual receiving end, and sending A to the one-way receiving end;
s3, the virtual receiving end and the one-way receiving end verify the A, if the verification fails, the virtual receiving end conducts S6, the one-way receiving end discards the subsequent data, and the process is ended;
if the verification is successful, the virtual receiving end and the one-way receiving end decrypt the A through a built-in private key, the key is obtained through restoration, and the virtual receiving end feeds back the key to the client;
s4, after receiving the feedback of the virtual receiving end, the client reads the transmission file, encrypts the transmission file by using the key to obtain an encrypted file B, and sends B to the virtual receiving end, and simultaneously sends B to the one-way receiving end;
s5, the virtual receiving end and the one-way receiving end verify the B, if the verification fails, the virtual receiving end conducts S6, the one-way receiving end discards the subsequent data, and the process is ended;
if the verification is successful, the virtual receiving end and the one-way receiving end decrypt the B through the key pair obtained by the restoration in the S3 to obtain a transmission file, the virtual receiving end compares the obtained transmission file with the transmission file of the client, if the comparison result is consistent, the virtual receiving end feeds back the transmission file to the client, and the one-way receiving end stores the transmission file;
and S6, disconnecting the client from the virtual receiving end.
The invention has the beneficial effects that:
the one-way transmission method based on the virtual receiving end, which is related by the invention, has the advantages that the information transmission from the client to the one-way receiving end is one-way, and the one-way receiving end can not have any active data communication to the client and the virtual receiving end, thereby being beneficial to preventing the data from leaking.
On the basis of the technical scheme, the invention can be further improved as follows:
optionally, after reading the transmission file, the client integrates and subdivides the transmission file, encrypts and sequences the divided data segments, and sends the encrypted and sequenced data segments to the virtual receiving end and the one-way receiving end, and the virtual receiving end and the one-way receiving end decrypt and reassemble the data segments in sequence.
Optionally, the client integrates the number, name, size, and content of the transmission files into a whole and then divides the transmission files, and after the virtual receiving end and the one-way receiving end reassemble the transmission files in sequence, the virtual receiving end compares the number, name, size, and content of the reassembled files with the number, name, size, and content of the transmission files one by one.
Optionally, the client is connected with the virtual receiving end and the one-way receiving end through the optical splitting device.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a diagram of a one-way transmission architecture based on a virtual receiver according to the present invention;
fig. 2 is a flowchart of a unidirectional transmission method based on a virtual receiving end according to the present invention.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
As shown in fig. 1 and fig. 2, the present invention relates to a unidirectional transmission method based on a virtual receiver.
In order to achieve the above object, the present disclosure provides a one-way transmission method based on a virtual receiving end, in which a set of public key and private key asymmetrically encrypted by RSA is generated, a public key file is built in a client of a transmission system, and a private key file is built in the virtual receiving end and the one-way receiving end. The unidirectional receiving end obtains the light-splitting flow data packet through a packet capturing technology, and performs CRC (cyclic redundancy check) verification, data decryption, data decompression and data assembly after protocol analysis, quintuple flow association and TCP (transmission control protocol) flow recombination to finally form a file and store the file in a disk.
The client encrypts a segment of 256-bit random data by using a public key through an RSA asymmetric encryption algorithm and sends the segment of 256-bit random data to the network, and the one-way receiving end decrypts the received segment of data by using a private key. The two parties use the decrypted 256-bit random data as a key of an AES encryption algorithm for encrypting file data. AES key validity period until the end of the current TCP stream requires re-keying every time a group of files is transferred.
The method specifically comprises the following steps:
s1, the client is connected with the virtual receiving end and the one-way receiving end through the light splitting equipment, the client establishes two-way connection with the virtual receiving end, namely the client initiates TCP connection to the virtual receiving end, and the client establishes one-way connection with the one-way receiving end;
s2, the client randomly generates an AES key, the key of the client is encrypted through an RSA public key built in the client, a CRC check code is calculated to obtain an encrypted content A, the A is sent to a virtual receiving end, and meanwhile the A is sent to a one-way receiving end;
s3, the virtual receiving end and the one-way receiving end all carry out CRC check on the A, if the check fails, the virtual receiving end carries out S6, the one-way receiving end discards subsequent data and regards the subsequent data as invalid data, and the flow of the one-way receiving end is finished;
if the verification is successful, the virtual receiving end and the one-way receiving end decrypt the A through the built-in RSA private key, the key is obtained through restoration, and the virtual receiving end feeds back the obtained key to the client;
s4, after receiving the feedback of the virtual receiving end, the client reads a plurality of transmission files, integrates the file number, name, size and content of the transmission files into a whole, then compresses the data, then segments the data into a plurality of data segments, encrypts the data segments by using a key, then numbers the data segments, calculates CRC check codes to obtain encrypted files B dispersed in a plurality of data packets, and sends the encrypted files B to the virtual receiving end in sequence, and simultaneously sends the encrypted files B to the one-way receiving end in sequence;
s5, the virtual receiving end and the one-way receiving end all carry out CRC check on the B, if the check fails, the virtual receiving end carries out S6, the one-way receiving end discards subsequent data and regards the subsequent data as invalid data, and the flow of the one-way receiving end is finished;
if the verification is successful, the virtual receiving end and the one-way receiving end decrypt, decompress and recombine the file pair B in sequence through the key pair B obtained by restoring in the S3 to obtain the transmission files, the virtual receiving end compares the obtained transmission files, namely the file number, the name, the size and the content of the recombination files with the file number, the name, the size and the content of the transmission files of the client one by one, if the comparison result is consistent, the virtual receiving end feeds back to the client to transmit the next file, and the one-way receiving end writes the file into a specified directory to be stored.
And S6, the client and the virtual receiving end are disconnected from the TCP.
The invention can quickly compress data through the lz4 algorithm, the performance loss of the program is basically negligible, but the network bandwidth can be greatly saved. If illegal behavior of tracking the IP address of the data center server through the traffic occurs, the purpose cannot be achieved. The real data center server IP is not represented in the traffic and may not even have a communicable IP address at all. With the ability to hide IP addresses. The information transmission from the client to the one-way receiving end is one-way, the one-way receiving end cannot have any active data communication between the client and the virtual receiving end, the one-way receiving end is limited by the optical splitter, the action of trying to do the data communication is not successful, and the data of the data center server is prevented from being leaked. And a mode of combining symmetric encryption and asymmetric encryption is used to ensure that the file cannot be stolen and tampered, and the file transmitted to the virtual receiving end is trusted.
The one-way transmission method based on the virtual receiving end, which is related by the invention, has the advantages that the information transmission from the client to the one-way receiving end is one-way, and the one-way receiving end can not have any active data communication to the client and the virtual receiving end, thereby being beneficial to preventing the data from leaking. The problem that the IP address of the server is exposed in the traditional TCP file transmission process is solved. The problem of in file transmission system in the past, because the openness of network leads to the server to have the risk of data leakage is solved. The problems that data are hijacked, tampered, intercepted and the like in the conventional file transmission system are solved. The problem that network bandwidth is high in a traditional TCP file transmission system is solved.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (4)

1. The unidirectional transmission method based on the virtual receiving end is characterized by comprising the following contents:
s1, the client establishes a bidirectional connection with the virtual receiving end, and the client establishes a unidirectional connection with the unidirectional receiving end;
s2, encrypting the key of the client by the public key built in the client to obtain encrypted content A, sending A to the virtual receiving end, and sending A to the one-way receiving end;
s3, the virtual receiving end and the one-way receiving end verify the A, if the verification fails, the virtual receiving end conducts S6, the one-way receiving end discards the subsequent data, and the process is ended;
if the verification is successful, the virtual receiving end and the one-way receiving end decrypt the A through a built-in private key, the key is obtained through restoration, and the virtual receiving end feeds back the key to the client;
s4, after receiving the feedback of the virtual receiving end, the client reads the transmission file, encrypts the transmission file by using the key to obtain an encrypted file B, and sends B to the virtual receiving end, and simultaneously sends B to the one-way receiving end;
s5, the virtual receiving end and the one-way receiving end verify the B, if the verification fails, the virtual receiving end conducts S6, the one-way receiving end discards the subsequent data, and the process is ended;
if the verification is successful, the virtual receiving end and the one-way receiving end decrypt the B through the key pair obtained by the restoration in the S3 to obtain a transmission file, the virtual receiving end compares the obtained transmission file with the transmission file of the client, if the comparison result is consistent, the virtual receiving end feeds back the transmission file to the client, and the one-way receiving end stores the transmission file;
and S6, disconnecting the client from the virtual receiving end.
2. The one-way transmission method based on the virtual receiving end as claimed in claim 1, wherein the client reads the transmission file, integrates and re-divides the transmission file, encrypts and sequences the divided data segments, and sends the data segments to the virtual receiving end and the one-way receiving end in sequence, and the virtual receiving end and the one-way receiving end decrypt and reassemble the data segments in sequence.
3. The one-way transmission method based on the virtual receiving end as claimed in claim 2, wherein the client integrates the number, name, size and content of the transmitted files into a whole and then divides the whole, and after the virtual receiving end and the one-way receiving end reassemble the transmitted files in sequence, the virtual receiving end compares the number, name, size and content of the reassembled files with the number, name, size and content of the transmitted files one by one.
4. The unidirectional transmission method based on the virtual receiver according to claim 1, wherein the client is connected with the virtual receiver and the unidirectional receiver through an optical splitter.
CN202010401431.4A 2020-05-13 2020-05-13 Unidirectional transmission method based on virtual receiving end Active CN111698212B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010401431.4A CN111698212B (en) 2020-05-13 2020-05-13 Unidirectional transmission method based on virtual receiving end

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010401431.4A CN111698212B (en) 2020-05-13 2020-05-13 Unidirectional transmission method based on virtual receiving end

Publications (2)

Publication Number Publication Date
CN111698212A CN111698212A (en) 2020-09-22
CN111698212B true CN111698212B (en) 2022-08-02

Family

ID=72477754

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010401431.4A Active CN111698212B (en) 2020-05-13 2020-05-13 Unidirectional transmission method based on virtual receiving end

Country Status (1)

Country Link
CN (1) CN111698212B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166958B (en) * 2013-02-26 2016-01-20 深圳创维数字技术有限公司 A kind of guard method of file and system
CN107169374B (en) * 2017-05-11 2020-04-28 四川长虹电器股份有限公司 Encryption and decryption system and method based on voiceprint and voice recognition technology
CN110535868A (en) * 2019-09-05 2019-12-03 山东浪潮商用系统有限公司 Data transmission method and system based on Hybrid Encryption algorithm

Also Published As

Publication number Publication date
CN111698212A (en) 2020-09-22

Similar Documents

Publication Publication Date Title
KR100838556B1 (en) Efficient transmission of cryptographic information in secure real time protocol
Garman et al. Dancing on the lip of the volcano: Chosen ciphertext attacks on apple {iMessage}
CN109428867B (en) Message encryption and decryption method, network equipment and system
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
CN102118387A (en) System and method for secure transaction of data between wireless communication device and server
CN104023013A (en) Data transmission method, server side and client
US20200162434A1 (en) Secure and encrypted heartbeat protocol
CN113067828A (en) Message processing method and device, server, computer equipment and storage medium
CN105792190B (en) Data encryption, decryption and transmission method in communication system
WO2020170225A2 (en) System and method for securing data
Yao et al. Enhancing RC4 algorithm for WLAN WEP protocol
CN112187757A (en) Multilink privacy data circulation system and method
CN109005151A (en) A kind of encryption of information, decryption processing method and processing terminal
Saxena et al. BVPSMS: A batch verification protocol for end-to-end secure SMS for mobile users
GB2488753A (en) Encrypted communication
Caneill et al. Attacks against the WiFi protocols WEP and WPA
CN110832806A (en) ID-based data plane security for identity-oriented networks
CN111698212B (en) Unidirectional transmission method based on virtual receiving end
Petroni et al. The dangers of mitigating security design flaws: a wireless case study
CN210839642U (en) Device for safely receiving and sending terminal data of Internet of things
CN114614984A (en) Time-sensitive network secure communication method based on state cryptographic algorithm
CN114039812A (en) Data transmission channel establishing method and device, computer equipment and storage medium
Lin et al. Deanonymizing tor in a stealthy way
Kamel et al. Secure model for SMS exchange over GSM
Hartl et al. Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 610041 No. 2119, unit 1, building 7, No. 1700, north section of Tianfu Avenue, high tech Zone, Chengdu, Sichuan

Patentee after: Chengdu Fengwei Technology Co.,Ltd.

Address before: 610041 No. 2119, unit 1, building 7, No. 1700, north section of Tianfu Avenue, high tech Zone, Chengdu, Sichuan

Patentee before: CHENGDU SHENSI SCIENCE & TECHNOLOGY Co.,Ltd.