CN113162947A - System and method for testing sensor network password security protocol - Google Patents
System and method for testing sensor network password security protocol Download PDFInfo
- Publication number
- CN113162947A CN113162947A CN202110513178.6A CN202110513178A CN113162947A CN 113162947 A CN113162947 A CN 113162947A CN 202110513178 A CN202110513178 A CN 202110513178A CN 113162947 A CN113162947 A CN 113162947A
- Authority
- CN
- China
- Prior art keywords
- detection
- data
- protocol
- module
- offline
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a system and a method for testing a sensor network password security protocol. The invention designs a detection system of a secure transmission protocol cryptographic algorithm, and designs functional modules in the system in detail. And the IPSec safe transmission protocol password detection subsystem and the SSL safe transmission protocol password detection subsystem are respectively subjected to offline and online detection of a safe transmission protocol password algorithm, so that the detection on the compliance, the correctness and the integrity of a national password algorithm and a secret key contained in a protocol basic structure (a password suite, a protocol version, a protocol structure body and the like) in a safe protocol is realized. The method provides good extension for the national cryptographic algorithm detection of related products such as VPN and the like by the cryptographic evaluation detection tool, and perfects the cryptographic authentication system.
Description
Technical Field
The invention relates to the field of information security, in particular to a sensor network password security protocol testing method, and specifically relates to a sensor network password security protocol testing system and method.
Background
With the rapid development of internet technology, non-traditional security threats represented by cyber security continue to spread, cyber-space security risks continue to increase, and threat challenges become more severe. The password security is an important basis of information security, and with formal implementation of basic requirements of GBT 22239 plus 2019 information security technology for network security level protection, more local application password technologies exist, and the domestic password algorithm has larger application space. Meanwhile, with the implementation of the requirements of the cryptographic standard, the standardization and normalization of the application of the cryptographic algorithm are provided, so that a corresponding detection method is required to judge the compliance, the correctness and the integrity of the cryptographic algorithm. The application of cryptographic algorithms is very wide, and one of the very important applications is the use of secure transmission protocols, such as SSL, IPSec, etc., for cryptographic algorithms. However, the existing test methods cannot be compliant or use signatures correctly, lack security, and cannot be directed to efficient detection in online or offline mode.
Disclosure of Invention
Aiming at various irregular uses of a cryptographic algorithm in use, the invention provides a system and a method for testing a sensor network cryptographic security protocol, aiming at solving the problems of non-standardization, incorrectness and incompleteness in the application of the cryptographic algorithm.
According to the purpose of the invention, the invention provides a sensor network password security protocol testing system which comprises a client, a security transmission protocol detection module, an operating system and hardware equipment, wherein the client acquires the address and information of a user and sends the address and information to the security transmission protocol detection module, and the security transmission protocol detection module acquires an online data packet or offline data according to the acquired address and information so as to detect the SSL protocol and the IPSec protocol of the data; the operating system is one of linux and windows operating systems; the hardware equipment is the relevant equipment supporting the cryptographic security protocol test system.
Further, the client is an external interaction platform to select a corresponding detection mode.
Further, the security transport protocol detection module includes:
the data acquisition module is used for acquiring data in an off-line/on-line mode;
the detection interface module is used for enabling the acquired data to sequentially pass through the data extraction and analysis sub-module, the detection information acquisition sub-module and the detection report generation sub-module to complete receiving analysis, display of detection results and generation and display of detection reports;
and the detection core module is used for carrying out IPSec VPN detection and SSL VPN detection analysis on the extracted data of the detection interface module.
Furthermore, the IPSec VPN detection comprises an offline detection mode and an online detection mode, and the SSL VPN detection comprises the offline detection mode and the online detection mode.
According to an embodiment of the present invention, the present invention further provides a test method for a sensor network password security protocol test system, where the test method includes:
s101, a client acquires first data based on user address information and sends the first data to a security transmission protocol detection module;
s102, the security transmission protocol detection module judges whether off-line detection or on-line detection is carried out according to the acquired first data, if the off-line detection is carried out, the security transmission protocol detection module enters an off-line detection mode, and if the on-line detection is carried out, the security transmission protocol detection module enters an on-line detection mode. After the offline detection mode or online detection mode is detected in advance, a preprocessing service is started, and an offline data file stored by a server is read or an online data file is obtained to extract effective data; the process advances to step S103;
s103, analyzing and detecting services, setting a detection sequence, calling an IPSec VPN/SSL VPN password library, starting detection, organizing data packets into a standard IPSec/SSL data structure format according to GB/T0022-; in the detection process, a heartbeat monitoring mode is adopted, real-time detection information is generated and fed back to the collection display service;
s104, acquiring real-time detection information and detection result information by the convergence display service;
and S105, the convergence display service displays the detection result on a web interface in real time.
Further, the step of performing the pre-detection in the offline detection mode includes:
setting an offline detection mode, setting relevant parameters of an offline data path to be detected, storing an offline data file to a local PC (personal computer) terminal, and starting detection;
and reading off-line data of the local PC terminal, uploading the off-line data to a designated path of the server, and storing the off-line data in a file form.
Further, the step of performing the pre-detection in the online detection mode includes:
setting an online detection mode, setting an IP address to be detected and packet capturing depth information, and starting detection;
and starting an online packet capturing module, capturing IPSec/SSL protocol data sent by the client and the server, and storing the online data in a file form.
Further, the second data includes a protocol header, a cipher suite, a client and server certificate, and a cipher text.
Further, the preset detection information includes a detection type, detection time, detection personnel, a detection report path, and a detection result.
The invention has the following beneficial effects:
the complete detection of the security transmission protocol IPSec VPN cryptographic algorithm is realized:
compliance: the IPSec safety transmission protocol data information structure conforms to the GB/T0022-;
correctness: the certificate signature algorithm is used correctly, and a correct signature is verified; the abstract algorithm obtains a correct hash value; the encryption and decryption cryptographic algorithm is used correctly, and the ciphertext and the plaintext can be obtained correctly;
integrity: whether the acquired data is tampered and omitted is proved by detecting the hash value of the data.
Secondly, the complete detection of the SSL VPN cryptographic algorithm is realized:
compliance: the SSL secure transmission protocol data information structure conforms to the GB/T0024-;
correctness: the certificate signature algorithm is used correctly, and a correct signature is verified; the abstract algorithm obtains a correct hash value; the encryption and decryption cryptographic algorithm is used correctly, and the ciphertext and the plaintext can be obtained correctly;
integrity: the obtained data is not tampered and omitted, and the data is obtained by detecting the hash value of the data.
Drawings
FIG. 1 is a schematic diagram of a module structure according to the present invention.
Detailed Description
For the convenience of understanding, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a sensor network password security protocol test system, which comprises a client, a security transmission protocol detection module, an operating system and hardware equipment, wherein the client acquires the address and information of a user and sends the address and information to the security transmission protocol detection module, and the security transmission protocol detection module acquires online data packets or offline data according to the acquired address and information so as to detect SSL (secure socket layer) protocol and IPSec (Internet protocol security) protocol of the data; the operating system is one of linux and windows operating systems; the hardware equipment is the relevant equipment supporting the cryptographic security protocol test system.
The client side of the invention is an external interaction platform to realize the selection of a corresponding detection mode.
The secure transmission protocol detection module comprises:
the data acquisition module is used for acquiring data in an off-line/on-line mode;
the detection interface module is used for enabling the acquired data to sequentially pass through the data extraction and analysis sub-module, the detection information acquisition sub-module and the detection report generation sub-module to complete receiving analysis, display of detection results and generation and display of detection reports;
and the detection core module is used for carrying out IPSec VPN detection and SSL VPN detection analysis on the extracted data of the detection interface module.
The IPSec VPN detection comprises an offline detection mode and an online detection mode, and the SSL VPN detection comprises the offline detection mode and the online detection mode.
According to an embodiment of the present invention, the present invention further provides a test method for a sensor network password security protocol test system, where the test method includes:
s101, a client acquires first data based on user address information and sends the first data to a security transmission protocol detection module;
s102, the security transmission protocol detection module judges whether offline detection or online detection is carried out according to the acquired first data, if the offline detection is carried out, the security transmission protocol detection module enters an offline detection mode, if the online detection is carried out, the security transmission protocol detection module enters an online detection mode, after the offline detection mode or the online detection mode is pre-detected, preprocessing service is started, an offline data file stored by a server is read or an online data file is acquired, and effective data are extracted; the process advances to step S103;
s103, analyzing and detecting service, setting a detection sequence, calling an IPSec VPN/SSL VPN password library, starting detection, organizing the data packets into a standard IPSec/SSL data structure format according to the GB/T0022-. And detecting the correctness and the compliance of the second data, generating a detection report, storing the detection report in a server in a file form, and feeding back a detection result and preset detection information to the analysis and detection service, wherein the preset detection information comprises data information such as a detection type, detection time, detection personnel, a detection report path, a detection result and the like. The preset detection information is stored in a detection report database, detection result information is generated and fed back to the convergence display service; and in the detection process, a heartbeat monitoring mode is adopted, real-time detection information is generated and fed back to the collection display service.
The step of performing the pre-detection in the off-line detection mode comprises the following steps:
setting an offline detection mode, setting relevant parameters of an offline data path to be detected, storing an offline data file to a local PC (personal computer) terminal, and starting detection;
and reading off-line data of the local PC terminal, uploading the off-line data to a designated path of the server, and storing the off-line data in a file form.
The step of performing the pre-detection in the online detection mode comprises the following steps:
setting an online detection mode, setting an IP address to be detected and packet capturing depth information, and starting detection;
and starting an online packet capturing module, capturing IPSec/SSL protocol data sent by the client and the server, and storing the online data in a file form.
S104, acquiring real-time detection information and detection result information by the convergence display service;
and S105, the convergence display service displays the detection result on a web interface in real time.
It will be evident to those skilled in the art that the embodiments of the present invention are not limited to the details of the foregoing illustrative embodiments, and that the embodiments of the present invention are capable of being embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the embodiments being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. Several units, modules or means recited in the system, apparatus or terminal claims may also be implemented by one and the same unit, module or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention and not for limiting, and although the embodiments of the present invention are described in detail with reference to the above preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the embodiments of the present invention without departing from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. A sensor network password security protocol test system is characterized by comprising a client, a security transmission protocol detection module, an operating system and hardware equipment, wherein the client acquires an address and information of a user and sends the address and the information to the security transmission protocol detection module, and the security transmission protocol detection module acquires an online data packet or offline data according to the acquired address and information, so that the data is detected by an SSL protocol and an IPSec protocol; the operating system is one of a linux operating system and a windows operating system; the hardware equipment is related equipment supporting a cipher safety protocol test system.
2. The system for testing the cryptographic security protocol of the sensor network according to claim 1, wherein the client is an external interaction platform to select the corresponding detection mode.
3. The cryptographic security protocol test system of claim 2, wherein the security transport protocol detection module comprises:
the data acquisition module is used for acquiring data in an off-line/on-line mode;
the detection interface module is used for enabling the acquired data to sequentially pass through the data extraction and analysis sub-module, the detection information acquisition sub-module and the detection report generation sub-module to complete receiving analysis, display of detection results and generation and display of detection reports;
and the detection core module is used for carrying out IPSec VPN detection and SSL VPN detection analysis on the extracted data of the detection interface module.
4. The sensor network password security protocol test system of claim 3, wherein the IPSec VPN detection comprises off-line and on-line detection modes, and the SSL VPN detection comprises off-line and on-line detection modes.
5. The method for testing the cryptographic security protocol test system of the sensor network according to claim 4, wherein the detection method comprises:
s101, a client acquires first data based on user address information and sends the first data to a security transmission protocol detection module;
s102, the security transmission protocol detection module judges whether offline detection or online detection is carried out according to the acquired first data, if the offline detection is carried out, the security transmission protocol detection module enters an offline detection mode, if the online detection is carried out, the security transmission protocol detection module enters an online detection mode, after the offline detection mode or the online detection mode is pre-detected, preprocessing service is started, an offline data file stored by a server is read or an online data file is acquired, and effective data are extracted; the process advances to step S103;
s103, analyzing and detecting services, setting a detection sequence, calling an IPSec VPN/SSL VPN password library, starting detection, organizing the data packets into a standard IPSec/SSL data structure format according to GB/T0022-. The preset detection information is stored in a detection report database, detection result information is generated and fed back to the convergence display service; in the detection process, a heartbeat monitoring mode is adopted, real-time detection information is generated and fed back to the collection display service;
s104, acquiring real-time detection information and detection result information by the convergence display service;
and S105, the convergence display service displays the detection result on a web interface in real time.
6. The method as claimed in claim 5, wherein the step of performing the pre-detection in the offline detection mode comprises:
setting an offline detection mode, setting relevant parameters of an offline data path to be detected, storing an offline data file to a local PC (personal computer) terminal, and starting detection;
and reading off-line data of the local PC terminal, uploading the off-line data to a designated path of the server, and storing the off-line data in a file form.
7. The method for testing the cryptographic security protocol test system of the sensor network according to claim 5, wherein the step of performing the pre-test in the online test mode comprises:
setting an online detection mode, setting an IP address to be detected and packet capturing depth information, and starting detection;
and starting an online packet capturing module, capturing IPSec/SSL protocol data sent by the client and the server, and storing the online data in a file form.
8. The method for testing the cryptographic security protocol testing system of the sensor network according to claim 5, wherein the second data comprises a protocol header, a cryptographic suite, client and server certificates, and a ciphertext.
9. The method as claimed in claim 5, wherein the predetermined detection information includes detection type, detection time, detection personnel, detection report path, and detection result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110513178.6A CN113162947A (en) | 2021-05-11 | 2021-05-11 | System and method for testing sensor network password security protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110513178.6A CN113162947A (en) | 2021-05-11 | 2021-05-11 | System and method for testing sensor network password security protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113162947A true CN113162947A (en) | 2021-07-23 |
Family
ID=76874691
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110513178.6A Pending CN113162947A (en) | 2021-05-11 | 2021-05-11 | System and method for testing sensor network password security protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113162947A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116346688A (en) * | 2023-05-24 | 2023-06-27 | 江苏金盾检测技术股份有限公司 | SSL VPN security authentication gateway service compliance detection system and method based on active scanning |
-
2021
- 2021-05-11 CN CN202110513178.6A patent/CN113162947A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116346688A (en) * | 2023-05-24 | 2023-06-27 | 江苏金盾检测技术股份有限公司 | SSL VPN security authentication gateway service compliance detection system and method based on active scanning |
CN116346688B (en) * | 2023-05-24 | 2023-08-04 | 江苏金盾检测技术股份有限公司 | SSL VPN security authentication gateway service compliance detection system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106909847B (en) | Malicious code detection method, device and system | |
CN103685311B (en) | A kind of login validation method and equipment | |
CN108347361B (en) | Application program testing method and device, computer equipment and storage medium | |
US20160021111A1 (en) | Method, Terminal Device, and Network Device for Improving Information Security | |
CN107612698B (en) | Commercial password detection method, device and system | |
EP1990972A1 (en) | Method for testing safety access protocol conformity to identification service entity and system thereof | |
CN106302550A (en) | A kind of information security method for intelligent substation automatization and system | |
CN108989296A (en) | A kind of Internet of things system safety comprehensive assessment system and method | |
CN113315767B (en) | Electric power internet of things equipment safety detection system and method | |
CN112738121B (en) | Password security situation awareness method, device, equipment and readable storage medium | |
CN112651029B (en) | System and method for detecting application system loopholes, storage medium and electronic equipment | |
Chhabra et al. | Distributed network forensics framework: A systematic review | |
CN116980175A (en) | Enterprise privacy analysis and anomaly discovery method, device, equipment and storage medium | |
CN113162947A (en) | System and method for testing sensor network password security protocol | |
CN110636076A (en) | Host attack detection method and system | |
CN115604037B (en) | Communication safety test method of fault monitoring system | |
Wijayanto et al. | TAARA Method for Processing on the Network Forensics in the Event of an ARP Spoofing Attack | |
Singh et al. | Scalable Approach Towards Discovery of Unknown Vulnerabilities. | |
Mate et al. | Network Forensic Tool--Concept and Architecture | |
CN112087301A (en) | Gas meter safety certification system based on state cryptographic algorithm | |
Kotsiuba et al. | Basic forensic procedures for cyber crime investigation in smart grid networks | |
CN114640519B (en) | Encrypted flow detection method and device and readable storage medium | |
CN106130996B (en) | A kind of website attack protection verifying system and method | |
CN114301802A (en) | Confidential evaluation detection method and device and electronic equipment | |
CN114567469A (en) | Application password type detection method and platform based on B/S mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication |