CN112654037A - Industrial network security encryption processing method based on 5G communication technology - Google Patents
Industrial network security encryption processing method based on 5G communication technology Download PDFInfo
- Publication number
- CN112654037A CN112654037A CN202011494138.3A CN202011494138A CN112654037A CN 112654037 A CN112654037 A CN 112654037A CN 202011494138 A CN202011494138 A CN 202011494138A CN 112654037 A CN112654037 A CN 112654037A
- Authority
- CN
- China
- Prior art keywords
- key
- stream
- encryption
- synchronization
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 31
- 238000005516 engineering process Methods 0.000 title claims abstract description 17
- 238000003672 processing method Methods 0.000 title claims abstract description 17
- 230000005540 biological transmission Effects 0.000 claims abstract description 12
- 230000001360 synchronised effect Effects 0.000 claims description 44
- 238000000605 extraction Methods 0.000 claims description 12
- 238000000034 method Methods 0.000 claims description 11
- 238000003780 insertion Methods 0.000 claims description 9
- 230000037431 insertion Effects 0.000 claims description 9
- 238000009826 distribution Methods 0.000 claims description 3
- 238000003860 storage Methods 0.000 claims description 3
- 210000000689 upper leg Anatomy 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 abstract description 6
- 238000012360 testing method Methods 0.000 description 12
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000001172 regenerating effect Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002194 synthesizing effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Abstract
The invention discloses an industrial network security encryption processing method based on a 5G communication technology, which belongs to the field of industrial network security encryption processing methods, and is based on data encryption requirement analysis of a 5G factory data transmission system, a stream encryption algorithm with a simple structure and high encryption strength is adopted, and a low-delay stream encryption system is designed based on an FPGA (field programmable gate array); a key updating scheme is designed based on the key stream generator, the key stream generator is used for generating an updated key, the key of the key stream generator is updated regularly, the safety of the stream encryption system is guaranteed, and the factory data encryption transmission system does not need to generate and distribute the key in the data transmission process.
Description
Technical Field
The invention relates to the field of industrial network security encryption processing methods, in particular to an industrial network security encryption processing method based on a 5G communication technology.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted.
The existing technology for solving network security generally has the following three problems: different encryption security algorithms exist among various company departments, and are integrated in respective software modules before, so that repeated development and quality difference to a great extent exist, the coupling degree with application software is very high, and the security degree is different.
The existing common encryption transmission method has some disadvantages of different degrees, such as: when the certificate is transmitted in a certificate mode, the certificate can be sniffed and found and forged through a network, and meanwhile, certain cost is required for manufacturing the certificate.
The existing security gateway is often used to implement the transportation of high and low security areas of data, which is expensive and troublesome to deploy.
Disclosure of Invention
The invention provides an industrial network security encryption processing method based on a 5G communication technology to solve the problems.
In order to achieve the purpose, the invention adopts the following technical scheme:
an industrial network security encryption processing method based on 5G communication technology comprises the following steps:
s1, encoding and decoding the data by adopting an industrial data encoding and decoding chip, and completing data scheduling and multi-mode self-adaptive transmission;
s2, encrypting and decrypting the data in real time through an encryption algorithm, and updating the key and the initialization vector of the key stream generator by the key updating module according to the initial key generated by the software;
the encryption algorithm adopts a 128-bit key and a 96-bit initialization vector IV, and the internal state is 256 bits; the encryption algorithm mainly comprises a Linear Feedback Shift Register (LFSR), a Nonlinear Feedback Shift Register (NFSR) and a pre-output function;
wherein the LFSR's primitive feedback polynomial is:
f(x)=1+x32+x47+x58+x90+x121+x128;
the state update function for the corresponding LFSR is:
si+128=si+si+7+si+38+si+70+si+81+si+96;
the nonlinear feedback polynomial g (x) of NFSR is:
the state update function for the corresponding NFSR is:
the nonlinear filter function h (x) has 9 variables, 7 from the LFSR and 2 from the NFSR, as follows:
h(x)=x0x1+x2x3+x4x5+x6x7+x0x4x8;
wherein the variable x0,Λ,x8Corresponding to the state variables:
bi+12,si+8,si+13,si+20,bi+95,si+42,si+60,si+79and si+94The pre-output function is expressed as:
yi=h+si+93+bi+2+bi+15+bi+36+bi+45+bi+64+bi+73+bi+89;
and S3, starting a key synchronization function when the data are encrypted and decrypted by adopting an encryption algorithm, wherein the key synchronization function comprises a key synchronization signal insertion module at an encryption end, a key synchronization signal extraction module at a decryption end and a key stream synchronization module, and is responsible for recovering key stream synchronization under the condition of data packet loss.
Preferably, the algorithm supports two different working modes when encrypting: an encryption mode and an authentication encryption mode; by setting the last IV of the IV0When IV is below the threshold value to determine the mode of operation of the algorithm0When the value is equal to 0, the algorithm is in an encryption mode; when IV0When the algorithm is 1, the algorithm is in an authentication encryption mode, and the output of a pre-output function y (x) is required to be input as a message authentication code; the message authentication code module mainly comprises 1 32-bit accumulator and 1 32-bit shift register.
Preferably, when the key is updated, the key is divided into three levels of a master key, a key encryption key and a session key; the master key is a key at the highest level in a key hierarchy and is used for encrypting a key encryption key or deriving other keys;
the key encryption key is positioned between the master key and the session key in the key hierarchy and is used for encrypting the session key or the lower layer key thereof so as to ensure the confidentiality of the keys in the distribution or storage process; the key encryption key can be generated by a true random number generator or a pseudo random number generator, and can also be determined by a password administrator;
the session key is positioned at the bottommost layer of the key hierarchy and is used for encrypting communication data of two communication parties; the key life cycle of the session key is short, one session key can only be used once in principle, two communication parties use different session keys for data encryption in each communication session, and the used session key is destroyed after the communication is finished; the session key may be distributed by a key distribution center or generated by a key agreement, and also generated by a key encryption key controlling some encryption algorithm.
Preferably, the master key is a high quality true random sequence that can be generated from a reliable random source including mechanical or electronic based noise sources, and pole and coin throws.
Preferably, the key stream synchronization method adopts a method of regularly inserting a synchronization identifier into a key stream based on the synchronization identifier, so as to solve the key stream synchronization problem under the condition of data packet loss; including insertion of synchronization identifier, extraction of synchronization identifier and key stream synchronization
Preferably, the insertion of the synchronization identifier: the encryption module inserts a synchronous identifier in the output ciphertext stream at regular intervals; the synchronous identifier is composed of at least two parts, one part is a starting mark of the synchronous identifier and is used for identifying the beginning of the synchronous identifier; the other part is a synchronous serial number used for marking the position state of the ciphertext flow;
extraction of the synchronization identifier: at a decryption end, the synchronous identifier in the ciphertext stream is extracted, and then the ciphertext stream after the synchronous identifier is extracted is decrypted. In the synchronous identifier extraction module, continuously detecting the input ciphertext stream, if the input data is found to be the initial mark of the synchronous identifier, extracting the synchronous identifier according to the initial mark, and outputting the synchronous serial number to the key stream synchronization module; if the input data is the ciphertext, outputting the ciphertext to the data decryption module;
synchronization of the keystream: when the synchronous serial number is extracted from the ciphertext stream, comparing the position of the ciphertext stream recorded by the synchronous serial number with the position of the decryption key stream, if the positions are the same, indicating that the key stream is in a synchronous state, and normally performing decryption; if the positions are different, the key stream is identified to be in an out-of-synchronization state, whether the synchronization sequence numbers in the two synchronization identifiers are continuous or not can be compared, if the synchronization sequence numbers are discontinuous, the ciphertext stream data packet loss is shown, and the number of the lost ciphertext stream data packets can be known according to the difference value of the two synchronization sequence numbers; when the key stream is in the desynchronized state, the position of the decryption key stream is adjusted according to the length of the lost ciphertext stream, so that the positions of the ciphertext stream and the decryption key stream are aligned, and the key stream synchronization is recovered.
Compared with the prior art, the invention provides an industrial network security encryption processing method based on a 5G communication technology, which has the following beneficial effects:
1. the invention has the beneficial effects that: the invention analyzes the data encryption requirement based on a 5G factory data transmission system, adopts a stream encryption algorithm with simple structure and high encryption strength, and designs a low-delay stream encryption system based on FPGA; a key updating scheme is designed based on the key stream generator, the key stream generator is used for generating an updated key, the key of the key stream generator is updated regularly, the safety of the stream encryption system is guaranteed, and the factory data encryption transmission system does not need to generate and distribute the key in the data transmission process. Aiming at the application characteristic that a factory data encryption transmission system based on a 5G mobile network has data packet loss in the data transmission process, a key stream synchronization scheme is designed based on a synchronization identifier, the key stream synchronization can be recovered under the condition of data packet loss, and the normal decryption of a subsequent ciphertext stream is ensured. Analyzing the data packet loss condition of the mobile network according to the Gilbert packet loss model, determining parameters of the key stream synchronization scheme, and simulating the performance of the key stream synchronization scheme.
Drawings
Fig. 1 is a flowchart of an embodiment of a method for processing industrial network security encryption based on 5G communication technology according to the present invention;
fig. 2 is an algorithm flowchart of an embodiment of an industrial network security encryption processing method based on the 5G communication technology according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
Example 1:
referring to fig. 1-2, an industrial network security encryption processing method based on 5G communication technology includes the following steps:
s1, encoding and decoding the data by adopting an industrial data encoding and decoding chip, and completing data scheduling and multi-mode self-adaptive transmission;
s2, encrypting and decrypting the data in real time through an encryption algorithm, and updating the key and the initialization vector of the key stream generator by the key updating module according to the initial key generated by the software;
the encryption algorithm adopts a 128-bit key and a 96-bit initialization vector IV, and the internal state is 256 bits; the encryption algorithm mainly comprises a Linear Feedback Shift Register (LFSR), a Nonlinear Feedback Shift Register (NFSR) and a pre-output function;
wherein the LFSR's primitive feedback polynomial is:
f(x)=1+x32+x47+x58+x90+x121+x128;
the state update function for the corresponding LFSR is:
si+128=si+si+7+si+38+si+70+si+81+si+96;
the nonlinear feedback polynomial g (x) of NFSR is:
the state update function for the corresponding NFSR is:
the nonlinear filter function h (x) has 9 variables, 7 from the LFSR and 2 from the NFSR, as follows:
h(x)=x0x1+x2x3+x4x5+x6x7+x0x4x8;
wherein the variable x0,Λ,x8Corresponding to the state variables:
bi+12,si+8,si+13,si+20,bi+95,si+42,si+60,si+79and si+94The pre-output function is expressed as:
yi=h+si+93+bi+2+bi+15+bi+36+bi+45+bi+64+bi+73+bi+89;
and S3, starting a key synchronization function when the data are encrypted and decrypted by adopting an encryption algorithm, wherein the key synchronization function comprises a key synchronization signal insertion module at an encryption end, a key synchronization signal extraction module at a decryption end and a key stream synchronization module, and is responsible for recovering key stream synchronization under the condition of data packet loss.
Further, preferably, the algorithm supports two different operation modes when encrypting: an encryption mode and an authentication encryption mode; by setting the last IV of the IV0When IV is below the threshold value to determine the mode of operation of the algorithm0When the value is equal to 0, the algorithm is in an encryption mode; when IV0When the algorithm is 1, the algorithm is in an authentication encryption mode, and the output of a pre-output function y (x) is required to be input as a message authentication code; the message authentication code module mainly comprises 1 32-bit accumulator and 1 32-bit shift register.
Further, preferably, when the key is updated, the key is divided into three layers of a master key, a key encryption key and a session key; the master key is a key at the highest level in a key hierarchy and is used for encrypting a key encryption key or deriving other keys;
the key encryption key is positioned between the master key and the session key in the key hierarchy and is used for encrypting the session key or the lower layer key thereof so as to ensure the confidentiality of the keys in the distribution or storage process; the key encryption key can be generated by a true random number generator or a pseudo random number generator, and can also be determined by a password administrator;
the session key is positioned at the bottommost layer of the key hierarchy and is used for encrypting communication data of two communication parties; the key life cycle of the session key is short, one session key can only be used once in principle, two communication parties use different session keys for data encryption in each communication session, and the used session key is destroyed after the communication is finished; the session key may be distributed by a key distribution center or generated by a key agreement, and also generated by a key encryption key controlling some encryption algorithm.
Further, preferably, the master key is a high quality true random sequence that can be generated from a reliable random source, including mechanical or electronic based noise sources, including a true random sequence generated by a throw of a thigh and a throw of a coin.
Further, preferably, the key stream synchronization method adopts a method of regularly inserting a synchronization identifier into a key stream based on the synchronization identifier, so as to solve the key stream synchronization problem under the condition of data packet loss; including insertion of synchronization identifier, extraction of synchronization identifier and key stream synchronization
Further, preferably, the insertion of the synchronization identifier: the encryption module inserts a synchronous identifier in the output ciphertext stream at regular intervals; the synchronous identifier is composed of at least two parts, one part is a starting mark of the synchronous identifier and is used for identifying the beginning of the synchronous identifier; the other part is a synchronous serial number used for marking the position state of the ciphertext flow;
extraction of the synchronization identifier: at a decryption end, the synchronous identifier in the ciphertext stream is extracted, and then the ciphertext stream after the synchronous identifier is extracted is decrypted. In the synchronous identifier extraction module, continuously detecting the input ciphertext stream, if the input data is found to be the initial mark of the synchronous identifier, extracting the synchronous identifier according to the initial mark, and outputting the synchronous serial number to the key stream synchronization module; if the input data is the ciphertext, outputting the ciphertext to the data decryption module;
synchronization of the keystream: when the synchronous serial number is extracted from the ciphertext stream, comparing the position of the ciphertext stream recorded by the synchronous serial number with the position of the decryption key stream, if the positions are the same, indicating that the key stream is in a synchronous state, and normally performing decryption; if the positions are different, the key stream is identified to be in an out-of-synchronization state, whether the synchronization sequence numbers in the two synchronization identifiers are continuous or not can be compared, if the synchronization sequence numbers are discontinuous, the ciphertext stream data packet loss is shown, and the number of the lost ciphertext stream data packets can be known according to the difference value of the two synchronization sequence numbers; when the key stream is in the desynchronized state, the position of the decryption key stream is adjusted according to the length of the lost ciphertext stream, so that the positions of the ciphertext stream and the decryption key stream are aligned, and the key stream synchronization is recovered.
Example 2: the difference is based on example 1;
when the data encryption test is carried out, the bitmap data of the BMP format picture of the factory monitoring image is used as test data. During testing, binary bitmap data are extracted from a picture file in a BMP format as test data, and a file header, a bitmap information header and palette data are reserved. For a stream encryption system that employs a completely independent key stream synchronization scheme, the UDP packet size is uncertain, where the UDP packet size is set to 1024 bytes. During testing, a serial port transceiving program sends bitmap data to an encryption module through a serial port to be encrypted to obtain ciphertext data, the obtained ciphertext data are divided into a series of data packets according to 1024 bytes, the data packets are subjected to packet loss analysis through a Gilbert model, and packet loss of the data packets is recorded during Gilbert packet loss analysis. And then sending the data packets which are analyzed to be lost and not lost to be decrypted to a decryption module one by one through the serial port, and synthesizing the obtained plaintext data into total bitmap data. And comparing the total bitmap data with the original test bitmap data, referring to packet loss position information, and filling and replacing the missing and decryption error parts of the bitmap data caused by packet loss by 0. And finally, regenerating the picture in the BMP format by the obtained total bitmap data together with the original file header, the bitmap information header and the palette data, thereby obtaining the picture after the encryption test. And black lines in the picture after the encryption test are data loss and ciphertext decryption error parts caused by data packet loss. For a stream encryption system using a UDP-based key stream synchronization scheme, the length of the valid ciphertext in the UDP packet is equal to the synchronization identifier interval, which is equal to 1024 bytes. And dividing the test bitmap data into 1024-byte data packets, and sequentially sending the data packets to an encryption module for encryption to obtain corresponding ciphertext data packets. And after Gilbert packet loss analysis is carried out on the ciphertext data packet, sending the ciphertext data packet without packet loss to a decryption module for decryption, and obtaining total bitmap data. And finally, packing the total bitmap data and the original bitmap data, referring to packet loss position information, and filling and replacing all bit data loss and decryption error parts caused by packet loss by 0. And finally, regenerating the picture in the BMP format by the obtained total bitmap data together with the original file header, the bitmap information header and the palette data, thereby obtaining the picture after the encryption test. When a Gilbert packet loss model is used for packet loss analysis, packet loss analysis of various network environments is respectively carried out, and the used parameters of the Gilbert model are shown in a table 1.
TABLE 1 model parameters for different network environments
As can be seen from comparison between the network 1 and the network 3 in table 1, when the average packet loss rate is higher, the density of black lines in the picture after the encryption and decryption test is higher, which indicates that more packet loss events occur; as can be seen from comparison between the network 1 and the network 2, when the Gilbert parameter q is smaller, the thicker black lines in the picture after the encryption and decryption test are more, which indicates that more packet loss events with continuous packet loss occur. The contents of other pictures except the black line can be normally displayed, which shows that the key stream synchronization scheme can recover the key stream synchronization after the data packet is lost, and ensure that the data encryption and decryption are normally carried out after the data packet is lost.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (6)
1. A5G communication technology-based industrial network security encryption processing method is characterized by comprising the following steps:
s1, encoding and decoding the data by adopting an industrial data encoding and decoding chip, and completing data scheduling and multi-mode self-adaptive transmission;
s2, encrypting and decrypting the data in real time through an encryption algorithm, and updating the key and the initialization vector of the key stream generator by the key updating module according to the initial key generated by the software;
the encryption algorithm adopts a 128-bit key and a 96-bit initialization vector IV, and the internal state is 256 bits; the encryption algorithm mainly comprises a Linear Feedback Shift Register (LFSR), a Nonlinear Feedback Shift Register (NFSR) and a pre-output function;
wherein the LFSR's primitive feedback polynomial is:
f(x)=1+x32+x47+x58+x90+x121+x128;
the state update function for the corresponding LFSR is:
si+128=si+si+7+si+38+si+70+si+81+si+96;
the nonlinear feedback polynomial g (x) of NFSR is:
the state update function for the corresponding NFSR is:
the nonlinear filter function h (x) has 9 variables, 7 from the LFSR and 2 from the NFSR, as follows:
h(x)=x0x1+x2x3+x4x5+x6x7+x0x4x8;
wherein the variable x0,Λ,x8Corresponding to the state variables:
bi+12,si+8,si+13,si+20,bi+95,si+42,si+60,si+79and si+94The pre-output function is expressed as:
yi=h+si+93+bi+2+bi+15+bi+36+bi+45+bi+64+bi+73+bi+89;
and S3, starting a key synchronization function when the data are encrypted and decrypted by adopting an encryption algorithm, wherein the key synchronization function comprises a key synchronization signal insertion module at an encryption end, a key synchronization signal extraction module at a decryption end and a key stream synchronization module, and is responsible for recovering key stream synchronization under the condition of data packet loss.
2. The industrial network security encryption processing method based on the 5G communication technology as claimed in claim 1, wherein: the algorithm supports two different working modes during encryption: an encryption mode and an authentication encryption mode; by setting the last IV of the IV0When IV is below the threshold value to determine the mode of operation of the algorithm0When 0, the algorithm is additionA secret mode; when IV0When the algorithm is 1, the algorithm is in an authentication encryption mode, and the output of a pre-output function y (x) is required to be input as a message authentication code; the message authentication code module mainly comprises 1 32-bit accumulator and 1 32-bit shift register.
3. The industrial network security encryption processing method based on the 5G communication technology as claimed in claim 1, wherein: when the key is updated, the key is divided into three levels of a main key, a key encryption key and a session key; the master key is a key at the highest level in a key hierarchy and is used for encrypting a key encryption key or deriving other keys;
the key encryption key is positioned between the master key and the session key in the key hierarchy and is used for encrypting the session key or the lower layer key thereof so as to ensure the confidentiality of the keys in the distribution or storage process; the key encryption key can be generated by a true random number generator or a pseudo random number generator, and can also be determined by a password administrator;
the session key is positioned at the bottommost layer of the key hierarchy and is used for encrypting communication data of two communication parties; the key life cycle of the session key is short, one session key can only be used once in principle, two communication parties use different session keys for data encryption in each communication session, and the used session key is destroyed after the communication is finished; the session key may be distributed by a key distribution center or generated by a key agreement, and also generated by a key encryption key controlling some encryption algorithm.
4. The industrial network security encryption processing method based on the 5G communication technology as claimed in claim 3, wherein: the master key is a high quality true random sequence that can be generated from a reliable random source including mechanical or electronic based noise sources, thigh throws, and coin throws.
5. The industrial network security encryption processing method based on the 5G communication technology as claimed in claim 1, wherein: the key stream synchronization method adopts a method of regularly inserting synchronous identifiers into the key stream based on the synchronous identifiers, so as to solve the key stream synchronization problem under the condition of data packet loss; including the insertion of the synchronization identifier, the extraction of the synchronization identifier and the key stream synchronization.
6. The industrial network security encryption processing method based on the 5G communication technology according to claim 5, characterized in that: insertion of the synchronization identifier: the encryption module inserts a synchronous identifier in the output ciphertext stream at regular intervals; the synchronous identifier is composed of at least two parts, one part is a starting mark of the synchronous identifier and is used for identifying the beginning of the synchronous identifier; the other part is a synchronous serial number used for marking the position state of the ciphertext flow;
extraction of the synchronization identifier: at a decryption end, the synchronous identifier in the ciphertext stream is extracted, and then the ciphertext stream after the synchronous identifier is extracted is decrypted. In the synchronous identifier extraction module, continuously detecting the input ciphertext stream, if the input data is found to be the initial mark of the synchronous identifier, extracting the synchronous identifier according to the initial mark, and outputting the synchronous serial number to the key stream synchronization module; if the input data is the ciphertext, outputting the ciphertext to the data decryption module;
synchronization of the keystream: when the synchronous serial number is extracted from the ciphertext stream, comparing the position of the ciphertext stream recorded by the synchronous serial number with the position of the decryption key stream, if the positions are the same, indicating that the key stream is in a synchronous state, and normally performing decryption; if the positions are different, the key stream is identified to be in an out-of-synchronization state, whether the synchronization sequence numbers in the two synchronization identifiers are continuous or not can be compared, if the synchronization sequence numbers are discontinuous, the ciphertext stream data packet loss is shown, and the number of the lost ciphertext stream data packets can be known according to the difference value of the two synchronization sequence numbers; when the key stream is in the desynchronized state, the position of the decryption key stream is adjusted according to the length of the lost ciphertext stream, so that the positions of the ciphertext stream and the decryption key stream are aligned, and the key stream synchronization is recovered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011494138.3A CN112654037A (en) | 2020-12-17 | 2020-12-17 | Industrial network security encryption processing method based on 5G communication technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011494138.3A CN112654037A (en) | 2020-12-17 | 2020-12-17 | Industrial network security encryption processing method based on 5G communication technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112654037A true CN112654037A (en) | 2021-04-13 |
Family
ID=75355445
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011494138.3A Pending CN112654037A (en) | 2020-12-17 | 2020-12-17 | Industrial network security encryption processing method based on 5G communication technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112654037A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113852956A (en) * | 2021-09-28 | 2021-12-28 | 上海威固信息技术股份有限公司 | Encryption type transmission method for digital information transmission based on 5G network |
| CN114501435A (en) * | 2021-12-28 | 2022-05-13 | 中国航天空气动力技术研究院 | Communication link encryption system and method suitable for unmanned aerial vehicle |
| CN115208553A (en) * | 2022-07-15 | 2022-10-18 | 山东大学 | Chip implementation device and method for TRIAD lightweight stream cipher encryption algorithm |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020083438A1 (en) * | 2000-10-26 | 2002-06-27 | So Nicol Chung Pang | System for securely delivering encrypted content on demand with access contrl |
-
2020
- 2020-12-17 CN CN202011494138.3A patent/CN112654037A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020083438A1 (en) * | 2000-10-26 | 2002-06-27 | So Nicol Chung Pang | System for securely delivering encrypted content on demand with access contrl |
Non-Patent Citations (1)
| Title |
|---|
| 黄荫钊: "基于FPGA的低延迟Grain-128a算法设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113852956A (en) * | 2021-09-28 | 2021-12-28 | 上海威固信息技术股份有限公司 | Encryption type transmission method for digital information transmission based on 5G network |
| CN114501435A (en) * | 2021-12-28 | 2022-05-13 | 中国航天空气动力技术研究院 | Communication link encryption system and method suitable for unmanned aerial vehicle |
| CN115208553A (en) * | 2022-07-15 | 2022-10-18 | 山东大学 | Chip implementation device and method for TRIAD lightweight stream cipher encryption algorithm |
| CN115208553B (en) * | 2022-07-15 | 2024-02-27 | 山东大学 | Chip implementation device and method for TRIAD lightweight stream cipher encryption algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112654037A (en) | Industrial network security encryption processing method based on 5G communication technology | |
| US8687800B2 (en) | Encryption method for message authentication | |
| CN109218825B (en) | Video encryption system | |
| Mare et al. | Secret data communication system using Steganography, AES and RSA | |
| CN101789866B (en) | High-reliability safety isolation and information exchange method | |
| CN109151508B (en) | Video encryption method | |
| US6891952B1 (en) | Dynamic key generation and confidential synchronization of encryption components | |
| JP4650267B2 (en) | Transmitting apparatus and method, receiving apparatus and method, data transmission system, and data transmission method | |
| US11784985B2 (en) | Network security devices and method | |
| CN104639561A (en) | Method for safely obtaining secret key | |
| CN113872762B (en) | Quantum encryption communication system based on power distribution terminal equipment and use method thereof | |
| CN103428204A (en) | Data security implementation method capable of resisting timing attacks and devices | |
| CN105610837A (en) | Method and system for identity authentication between master station and slave station in SCADA (Supervisory Control and Data Acquisition) system | |
| KR100546375B1 (en) | Interdependent parallel processing hardware cryptographic engine providing for enhanced self fault-detecting and hardware encryption processing method thereof | |
| CN114915396B (en) | Hopping key digital communication encryption system and method based on national encryption algorithm | |
| CN117395474B (en) | Locally stored tamper-resistant video evidence obtaining and storing method and system | |
| CN114697082A (en) | Production and application method of encryption and decryption device in server-free environment | |
| Liu et al. | A data-aware confidential tunnel for wireless sensor media networks | |
| Suganya et al. | Medical image integrity control using joint encryption and watermarking techniques | |
| CN115834026A (en) | Safety encryption method based on industrial protocol | |
| CN114189359B (en) | Internet of things equipment capable of avoiding data tampering, data safety transmission method and system | |
| CN106878004B (en) | Verification method and device for preventing video inter-cut tampering | |
| CN114244635A (en) | Encryption type data coding method of communication equipment | |
| CN100544248C (en) | The key data receiving/transmission method | |
| CN112907247A (en) | Block chain authorization calculation control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210413 |