CN113542269A - Network security monitoring method and monitoring network element for computer communication - Google Patents
Network security monitoring method and monitoring network element for computer communication Download PDFInfo
- Publication number
- CN113542269A CN113542269A CN202110794224.4A CN202110794224A CN113542269A CN 113542269 A CN113542269 A CN 113542269A CN 202110794224 A CN202110794224 A CN 202110794224A CN 113542269 A CN113542269 A CN 113542269A
- Authority
- CN
- China
- Prior art keywords
- network
- key
- encrypted data
- monitoring
- tampered
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a network security monitoring method and a monitoring network element for computer communication, because a first monitoring network element can decrypt network encrypted data by using a first key set and determine a first key which is used for successfully decrypting the network encrypted data in the first key set; therefore, the first monitoring network element can effectively determine whether the network encrypted data is tampered under the condition that the second network device cannot sense whether the network encrypted data is tampered due to the leakage of the private key based on the characteristics of the first secret key, and timely inform the second network device of discarding the network encrypted data after the network encrypted data is determined to be tampered, so that the safety is ensured.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a network security monitoring method and a monitoring network element for computer communication.
Background
In the current network era, the network is closely related to the life of people, and people can live in the network in all aspects of life such as taxi taking, shopping, dining, entertainment and the like. Therefore, how to ensure the data security of each user in the network is especially important in the current era.
Specifically, in the current technology, the originating terminal may encrypt data using a public key and then send the encrypted data to the terminating terminal. Correspondingly, after receiving the encrypted data, the receiving end decrypts the encrypted data by using the private key. If the encrypted data is tampered in the transmission process, the receiving end cannot decrypt the encrypted data by using the private key, so that the receiving end can discard the encrypted data to ensure safety.
However, once the private key is revealed, a third party can decrypt and tamper with the encrypted data using the private key, and then encrypt the tampered data using the public key. Therefore, the receiving end can decrypt the encrypted tampered data, and the encrypted tampered data cannot be discarded due to incapability of decryption, so that safety cannot be guaranteed.
Disclosure of Invention
The embodiment of the application provides a network security monitoring method and a monitoring network element for computer communication, which can ensure that the protection of a security policy is thinner and cannot meet the current security requirement.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, a network security monitoring method for computer communication is provided, which is applied to a first monitoring network element, and includes: the first monitoring network element collects network encryption data from the first network equipment from a receiving port of the second network equipment; the first monitoring network element determines a first key set corresponding to the first network equipment according to the identifier of the first network equipment carried by the network encrypted data; the first monitoring network element decrypts the network encrypted data by using the first key set, so as to determine a first key in the first key set, which successfully decrypts the network encrypted data; the first monitoring network element determines whether the network encryption data is tampered according to the characteristics of the first secret key; if so, the first monitoring network element sends a first message to the second network device, so that the second network device discards the network encrypted data.
According to the method of the first aspect, the first monitoring network element may decrypt the network encrypted data by using the first key set, and determine a first key in the first key set that successfully decrypts the network encrypted data; therefore, the first monitoring network element can effectively determine whether the network encrypted data is tampered under the condition that the second network device cannot sense whether the network encrypted data is tampered due to the leakage of the private key based on the characteristics of the first secret key, and timely inform the second network device of discarding the network encrypted data after the network encrypted data is determined to be tampered, so that the safety is ensured.
Optionally, the determining, by the first monitoring network element, whether the network encrypted data is tampered according to the characteristic of the first key includes: and the first monitoring network element determines whether the network encryption data is tampered according to the number of the first keys, wherein if the number of the first keys is smaller than a preset first number, the network encryption data is tampered, and the first number is smaller than the number of elements in the first key set.
It should be understood that, since each key in the first set of keys may correspond to a part of the decrypted network encrypted data, for example, key a may decrypt part of data 1 in the network encrypted data, and key B may decrypt part of data 2 in the network encrypted data. Thus, once at least a portion of the network encrypted data has been tampered with, the number of first keys that can successfully decrypt the network encrypted data is affected. Therefore, whether the network encryption data is tampered or not can be accurately determined according to the number of the first keys.
Optionally, the determining, by the first monitoring network element, whether the network encrypted data is tampered according to the characteristic of the first key includes: the first monitoring network element determines whether the network encrypted data is tampered or not according to the corresponding sequence number of the first key in the first key set; if the sequence number of the first key in the first key set is different from a preset first sequence number, it indicates that the network encrypted data is tampered.
It should be understood that, since the first partial key in the first key set can decrypt the network encrypted data, and the second partial key in the first key set cannot decrypt the network encrypted data, the first partial key also has the preset first sequence number. Thus, once at least a part of the network encrypted data is tampered, at least one of the first partial keys cannot decrypt the network encrypted data. Therefore, whether the network encrypted data is tampered or not can be accurately determined according to whether the sequence number of the first key in the first key set is the same as the preset first sequence number or not.
Optionally, a sequence number corresponding to the first key in the first key set represents an arrangement order of the first key in the first key set, or represents a key number of an interval between the first key and a first anchor key preset in the first key set, where the first anchor key is an element in the first key set.
It should be understood that the first anchor key may serve as a reference point for one sequence number, so that the relative position of each key in the first key set can be accurately located by the first anchor key, so that whether the corresponding sequence number of the first key in the first key set is the same as the preset first sequence number can be accurately determined by the relative position.
Optionally, the method is further applied to a second monitoring network element, and the method further includes: the second monitoring network element collects the network encryption data from a sending port of the first network equipment; the first monitoring network element determines, according to the identifier, a second key set corresponding to the first network device, where elements in the second key set are at least partially different from elements in the first key set, and communication levels of the second key set and the first key set are also different; the second monitoring network element decrypts the network encrypted data by using the second key set, so as to determine a second key in the second key set, which successfully decrypts the network encrypted data; the second monitoring network element determines whether the network encrypted data is tampered according to the characteristics of the second key; if so, the second monitoring network element sends a second message to the second network device, so that the second network device discards the network encrypted data.
It should be understood that, since the second monitoring network element may also detect whether the network encrypted data is tampered with through the second key set from the sending port of the second network device, in this way, the second monitoring network element may cooperate with the first monitoring network element to further improve the security.
Optionally, the determining, by the second monitoring network element, whether the network encrypted data is tampered according to the characteristic of the second key includes: and the second monitoring network element determines whether the network encryption data is tampered according to the number of the second keys, wherein if the number of the second keys is larger than a preset second number, the network encryption data is tampered, and the second number is smaller than the number of elements in the second key set.
It should be appreciated that the network encrypted data may not be decrypted because only the second number of keys in the second set of keys. In this way, once at least a portion of the network encrypted data is tampered with, a new key in the second key set may be caused to decrypt the network encrypted data, and the number of the second keys may be larger than the preset second number. Therefore, whether the network encrypted data is tampered or not can be accurately determined according to the number of the second keys.
Optionally, the determining, by the second monitoring network element, whether the network encrypted data is tampered according to the characteristic of the second key includes: the second monitoring network element determines whether the network encrypted data is tampered according to the corresponding sequence number of the second key in the second key set; and if the sequence number of the second key in the second key set is the same as a preset second sequence number, the network encryption data is tampered.
It should be understood that the keys that cannot decrypt the network encrypted data in the second set of keys also have a preset second sequence number. Thus, once at least a part of the network encrypted data is tampered with, the serial number of the key that cannot decrypt the network encrypted data may be changed, for example, if a new key cannot decrypt the network encrypted data, the serial number may be increased. Therefore, whether the network encrypted data is tampered or not can be accurately determined according to whether the sequence number of the second key in the first key set is the same as the preset second sequence number or not.
Optionally, a sequence number corresponding to the second key in the second key set represents an arrangement order of the second key in the second key set, or represents a key number of an interval between the second key and a second anchor key preset in the second key set, where the second anchor key is an element in the second key set.
It should be understood that the second anchor key may serve as a reference point for one sequence number, and thus, the relative position of each key in the second key set can be accurately located by the second anchor key, so that whether the corresponding sequence number of the second key in the second key set is the same as the preset second sequence number can be accurately determined by the relative position.
In a second aspect, there is provided a monitoring network element, including: the system comprises a transceiving module and a processing module, wherein the transceiving module is used for acquiring network encryption data from first network equipment from a receiving port of second network equipment; the processing module is configured to determine a first key set corresponding to the first network device according to the identifier of the first network device carried in the network encrypted data; decrypting the network encrypted data using the first set of keys to determine a first key of the first set of keys that successfully decrypts the network encrypted data; determining whether the network encryption data is tampered according to the characteristics of the first key; if so, the transceiver module is further configured to send a first message to the second network device, so that the second network device discards the network encrypted data.
Optionally, the processing module is further configured to determine, by the first monitoring network element, whether the network encrypted data is tampered according to the number of the first keys, where if the number of the first keys is smaller than a preset first number, it indicates that the network encrypted data is tampered, and the first number is smaller than the number of elements in the first key set.
Optionally, the processing module is further configured to determine, by the first monitoring network element, whether the network encrypted data is tampered according to a sequence number corresponding to the first key in the first key set; if the sequence number of the first key in the first key set is different from a preset first sequence number, it indicates that the network encrypted data is tampered.
Optionally, a sequence number corresponding to the first key in the first key set represents an arrangement order of the first key in the first key set, or represents a key number of an interval between the first key and a first anchor key preset in the first key set, where the first anchor key is an element in the first key set.
Optionally, the method is further applied to a second monitoring network element, where the second monitoring network element includes: the system comprises a transceiver module and a processing module, wherein the transceiver module is used for collecting the network encryption data from a sending port of the first network equipment; the processing module is configured to determine, by the first monitoring network element according to the identifier, a second key set corresponding to the first network device, where elements in the second key set are at least partially different from elements in the first key set, and communication levels of the second key set and the first key set are also different; the second monitoring network element decrypts the network encrypted data by using the second key set, so as to determine a second key in the second key set, which successfully decrypts the network encrypted data; the second monitoring network element determines whether the network encrypted data is tampered according to the characteristics of the second key; if so, the transceiver module is further configured to send, by the second monitoring network element, a second message to the second network device, so that the second network device discards the network encrypted data.
Optionally, the processing module is further configured to determine, by the second monitoring network element, whether the network encrypted data is tampered according to the number of the second keys, where if the number of the second keys is greater than a preset second number, it indicates that the network encrypted data is tampered, and the second number is smaller than the number of elements in the second key set.
Optionally, the processing module is further configured to determine, by the second monitoring network element, whether the network encrypted data is tampered according to a sequence number corresponding to the second key in the second key set; and if the sequence number of the second key in the second key set is the same as a preset second sequence number, the network encryption data is tampered.
Optionally, a sequence number corresponding to the second key in the second key set represents an arrangement order of the second key in the second key set, or represents a key number of an interval between the second key and a second anchor key preset in the second key set, where the second anchor key is an element in the second key set.
In a third aspect, a computer-readable storage medium is provided, the computer-readable storage medium comprising: computer program or instructions for causing a computer to perform the method according to the first aspect when the computer program or instructions is run on the computer.
Drawings
Fig. 1 is a schematic architecture diagram of a communication system according to an embodiment of the present application;
fig. 2 is a first schematic flow chart of a method provided in an embodiment of the present application;
fig. 3 is a second flowchart illustrating a method according to an embodiment of the present disclosure;
FIG. 4 is a first schematic structural diagram of an apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a device according to an embodiment of the present application.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
The technical solution of the embodiment of the present application may be applied to various communication systems, for example, a wireless fidelity (WiFi) system, a vehicle to any object (V2X) communication system, a device-to-device (D2D) communication system, an internet of vehicles communication system, a 4th generation (4G) mobile communication system, such as a Long Term Evolution (LTE) system, a Worldwide Interoperability for Microwave Access (WiMAX) communication system, a fifth generation (5G) mobile communication system, such as a new radio, NR) system, and a future communication system, such as a sixth generation (6G) mobile communication system.
This application is intended to present various aspects, embodiments or features around a system that may include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, a combination of these schemes may also be used.
In addition, in the embodiments of the present application, words such as "exemplarily", "for example", etc. are used for indicating as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term using examples is intended to present concepts in a concrete fashion.
In the embodiment of the present invention, "information", "signal", "message", "channel", "signaling" may be used in combination, and it should be noted that the meaning to be expressed is consistent when the difference is not emphasized. "of", "corresponding", and "corresponding" may sometimes be used in combination, it being noted that the intended meaning is consistent when no distinction is made.
In the embodiment of the present application, sometimes a subscript such as W1 may be mistaken for a non-subscript form such as W1, and its intended meaning is consistent when the distinction is not emphasized.
The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
For the convenience of understanding the embodiments of the present application, a communication system applicable to the embodiments of the present application will be first described in detail by taking the communication system shown in fig. 1 as an example. Fig. 1 is a schematic structural diagram of a communication system to which the method provided in the embodiment of the present application is applied.
As shown in fig. 1, the communication system includes a network device and a terminal device.
The network device is a device located on the network side of the communication system and having a wireless transceiving function or a chip system that can be installed on the device. The network devices include, but are not limited to: an Access Point (AP) in a wireless fidelity (WiFi) system, such as a home gateway, a router, a server, a switch, a bridge, etc., an evolved Node B (eNB), a Radio Network Controller (RNC), a Node B (NB), a Base Station Controller (BSC), a Base Transceiver Station (BTS), a home base station (e.g., home evolved Node B, or home Node B, HNB), a Base Band Unit (BBU), a wireless relay Node, a wireless backhaul Node, a transmission point (transmission and reception point, TRP or transmission point, etc.), and may be 5G, such as a new radio interface (NR) system, a TP, a Transmission Point (TP), a group of antennas including one or more antenna panels (antenna panels) in the system, alternatively, the network node may also be a network node forming a gNB or a transmission point, such as a baseband unit (BBU), or a Distributed Unit (DU), a roadside unit (RSU) having a base station function, or the like.
The terminal device is a terminal which is accessed to the communication system and has a wireless transceiving function or a chip system which can be arranged on the terminal. The terminal device can also be called a user equipment, access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user device. The terminal device in the embodiment of the application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), and a wireless terminal in smart home (smart home).
It should be noted that the method provided in the embodiment of the present application may be applied to the device shown in fig. 1, and for specific implementation, reference may be made to the following method embodiment, which is not described herein again.
It should be noted that the scheme in the embodiment of the present application may also be applied to other communication systems, and the corresponding names may also be replaced with names of corresponding functions in other communication systems.
It should be appreciated that fig. 1 is a simplified schematic diagram of an example for ease of understanding only, and that other network devices, and/or other terminal devices, not shown in fig. 1, may also be included in the communication system.
The method provided by the embodiment of the present application will be specifically described below with reference to fig. 2.
Exemplarily, fig. 2 is a schematic flowchart of a method for constructing a computer security knowledge graph according to an embodiment of the present application. The communication method may be applied to communication between the network device and the terminal device shown in fig. 1.
As shown in fig. 2, the method comprises the steps of:
s201, the first monitoring network element collects network encryption data from first network equipment from a receiving port of second network equipment, and determines a first key set corresponding to the first network equipment according to an identifier of the first network equipment carried by the network encryption data.
The message header of the network encrypted data carries the identifier of the first network device, and the message load of the network encrypted data carries the encrypted data. Thus, the first monitoring network element can obtain the identifier of the first network device in the message header by decapsulating. Further, the first monitoring network element may determine, according to the identifier, a first key set corresponding to the identifier from preset key sets.
S202, the first monitoring network element decrypts the network encrypted data by using the first key set, so as to determine a first key in the first key set, which successfully decrypts the network encrypted data, and determine whether the network encrypted data is tampered with according to a characteristic of the first key.
As a manner, the first monitoring network element may determine whether the network encrypted data is tampered with according to the number of the first keys, where if the number of the first keys is smaller than a preset first number, it indicates that the network encrypted data is tampered with, and the first number is smaller than the number of elements in the first key set.
It should be understood that, since each key in the first set of keys may correspond to a part of the decrypted network encrypted data, for example, key a may decrypt part of data 1 in the network encrypted data, and key B may decrypt part of data 2 in the network encrypted data. Thus, once at least a portion of the network encrypted data has been tampered with, the number of first keys that can successfully decrypt the network encrypted data is affected. Therefore, whether the network encryption data is tampered or not can be accurately determined according to the number of the first keys.
As another mode, the first monitoring network element determines whether the network encrypted data is tampered according to a sequence number corresponding to the first key in the first key set; if the sequence number of the first key in the first key set is different from a preset first sequence number, it indicates that the network encrypted data is tampered.
It should be understood that, since the first partial key in the first key set can decrypt the network encrypted data, and the second partial key in the first key set cannot decrypt the network encrypted data, the first partial key also has the preset first sequence number. Thus, once at least a part of the network encrypted data is tampered, at least one of the first partial keys cannot decrypt the network encrypted data. Therefore, whether the network encrypted data is tampered or not can be accurately determined according to whether the sequence number of the first key in the first key set is the same as the preset first sequence number or not.
In addition, the sequence number of the first key in the first key set may represent an arrangement order of the first key in the first key set, or may represent a number of keys spaced between the first key and a first anchor key preset in the first key set, where the first anchor key is an element in the first key set.
It should be understood that the first anchor key may serve as a reference point for one sequence number, so that the relative position of each key in the first key set can be accurately located by the first anchor key, so that whether the corresponding sequence number of the first key in the first key set is the same as the preset first sequence number can be accurately determined by the relative position.
S203, if yes, the first monitoring network element sends a first message to the second network device, so that the second network device discards the network encrypted data.
The second network device may initiate a subscription service to the first monitoring network element in advance. Accordingly, the first monitoring network element may send the first message to the second network device based on the subscription service after determining that the data is tampered.
As shown in fig. 3, the method provided in this embodiment of the present application may also be applied to a second monitoring network element.
Specifically, the method may further include:
s301, the second monitoring network element acquires the network encryption data from the sending port of the first network device, and determines a second key set corresponding to the first network device according to the identifier.
Wherein elements in the second set of keys are at least partially different from elements in the first set of keys, and the second set of keys are also different from the first set of keys with respect to a communication hierarchy.
S302, the second monitoring network element decrypts the network encrypted data by using the second key set, so as to determine a second key in the second key set, which successfully decrypts the network encrypted data, and determine whether the network encrypted data is tampered according to a characteristic of the second key.
As a mode, the second monitoring network element determines whether the network encrypted data is tampered according to the number of the second keys, wherein if the number of the second keys is greater than a preset second number, it indicates that the network encrypted data is tampered, and the second number is smaller than the number of elements in the second key set.
It should be understood that the network encrypted data may not be decrypted by only the keys of the second data in the second set of keys. In this way, once at least a portion of the network encrypted data is tampered with, a new key in the second key set may be caused to decrypt the network encrypted data, and the number of the second keys may be larger than the preset second number. Therefore, whether the network encrypted data is tampered or not can be accurately determined according to the number of the second keys.
As another mode, the determining, by the second monitoring network element, whether the network encrypted data is tampered according to the characteristic of the second key includes: the second monitoring network element determines whether the network encrypted data is tampered according to the corresponding sequence number of the second key in the second key set; and if the sequence number of the second key in the second key set is the same as a preset second sequence number, the network encryption data is tampered.
It should be understood that the keys that cannot decrypt the network encrypted data in the second set of keys also have a preset second sequence number. Thus, once at least a part of the network encrypted data is tampered with, the serial number of the key that cannot decrypt the network encrypted data may be changed, for example, if a new key cannot decrypt the network encrypted data, the serial number may be increased. Therefore, whether the network encrypted data is tampered or not can be accurately determined according to whether the sequence number of the second key in the first key set is the same as the preset second sequence number or not.
The sequence number of the second key in the second key set represents an arrangement order of the second key in the second key set, or represents a key number of an interval between the second key and a second anchor key preset in the second key set, where the second anchor key is an element in the second key set.
It should be understood that the second anchor key may serve as a reference point for one sequence number, and thus, the relative position of each key in the second key set can be accurately located by the second anchor key, so that whether the corresponding sequence number of the second key in the second key set is the same as the preset second sequence number can be accurately determined by the relative position.
S303, if yes, the second monitoring network element sends a second message to the second network device, so that the second network device discards the network encrypted data.
The second network device may also initiate a subscription service to the second monitoring network element in advance. Accordingly, the second monitoring network element may send the first message to the second network device based on the subscription service after determining that the data is tampered.
It should be understood that, since the second monitoring network element may also detect whether the network encrypted data is tampered with through the second key set from the sending port of the second network device, in this way, the second monitoring network element may form a cooperation of forward monitoring and reverse monitoring with the first monitoring network element, so as to further improve the security.
Referring to fig. 4, an embodiment of the present application provides a monitoring network element 400. The monitoring network element 400 may include: a transceiver module 402 and a processing module 401.
In some possible designs, the monitoring network element 400 may be a first monitoring network element.
Specifically, the transceiver module 402 is configured to collect network encryption data from a first network device from a receiving port of a second network device;
the processing module 401 is configured to determine, according to the identifier of the first network device carried in the network encrypted data, a first key set corresponding to the first network device; decrypting the network encrypted data using the first set of keys to determine a first key of the first set of keys that successfully decrypts the network encrypted data; determining whether the network encryption data is tampered according to the characteristics of the first key; if yes, the transceiver module 402 is further configured to send a first message to the second network device, so that the second network device discards the network encrypted data.
Optionally, the processing module 401 is further configured to determine, by the first monitoring network element, whether the network encrypted data is tampered according to the number of the first keys, where if the number of the first keys is smaller than a preset first number, it indicates that the network encrypted data is tampered, and the first number is smaller than the number of elements in the first key set.
Optionally, the processing module 401 is further configured to determine, by the first monitoring network element, whether the network encrypted data is tampered according to a sequence number corresponding to the first key in the first key set; if the sequence number of the first key in the first key set is different from a preset first sequence number, it indicates that the network encrypted data is tampered.
Optionally, a sequence number corresponding to the first key in the first key set represents an arrangement order of the first key in the first key set, or represents a key number of an interval between the first key and a first anchor key preset in the first key set, where the first anchor key is an element in the first key set.
In other possible designs, the monitoring network element 400 may be a second monitoring network element.
Specifically, the transceiver module 402 is configured to collect the network encrypted data from a sending port of the first network device;
the processing module 401 is configured to determine, by the first monitoring network element according to the identifier, a second key set corresponding to the first network device, where elements in the second key set are at least partially different from elements in the first key set, and communication levels of the second key set and the first key set are also different; the second monitoring network element decrypts the network encrypted data by using the second key set, so as to determine a second key in the second key set, which successfully decrypts the network encrypted data; the second monitoring network element determines whether the network encrypted data is tampered according to the characteristics of the second key; if so, the transceiver module 402 is further configured to send, by the second monitoring network element, a second message to the second network device, so that the second network device discards the network encrypted data.
Optionally, the processing module 401 is further configured to determine, by the second monitoring network element, whether the network encrypted data is tampered according to the number of the second keys, where if the number of the second keys is greater than a preset second number, it indicates that the network encrypted data is tampered, and the second number is smaller than the number of elements in the second key set.
Optionally, the processing module 401 is further configured to determine, by the second monitoring network element, whether the network encrypted data is tampered according to a sequence number corresponding to the second key in the second key set; and if the sequence number of the second key in the second key set is the same as a preset second sequence number, the network encryption data is tampered.
Optionally, a sequence number corresponding to the second key in the second key set represents an arrangement order of the second key in the second key set, or represents a key number of an interval between the second key and a second anchor key preset in the second key set, where the second anchor key is an element in the second key set.
Exemplarily, fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present application. The apparatus may be a network device, or may be a chip (system) or other component or assembly disposed on the network device. As shown in fig. 5, the apparatus 500 may include a processor 501. Optionally, the apparatus 500 may further comprise a memory 502 and/or a transceiver 503. The processor 501 is coupled to the memory 502 and the transceiver 503, such as may be connected via a communication bus.
The following describes the various components of the apparatus 500 in detail with reference to fig. 4:
the processor 501 is a control center of the apparatus 500, and may be a single processor or a collective term for multiple processing elements. For example, the processor 501 is one or more Central Processing Units (CPUs), or may be an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application, such as: one or more microprocessors (digital signal processors, DSPs), or one or more Field Programmable Gate Arrays (FPGAs).
Alternatively, the processor 501 may perform various functions of the apparatus 500 by running or executing software programs stored in the memory 502, and calling data stored in the memory 502.
In particular implementations, processor 501 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 5, as one embodiment.
In particular implementations, apparatus 500 may also include multiple processors, such as processor 501 and processor 504 shown in FIG. 2, for example, as an example. Each of these processors may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 502 is configured to store a software program for executing the scheme of the present application, and the processor 501 controls the execution of the software program.
Alternatively, memory 502 may be a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 502 may be integrated with the processor 501 or may be independent and coupled to the processor 501 through an interface circuit (not shown in fig. 4) of the apparatus 500, which is not particularly limited in this embodiment.
A transceiver 503 for communication with other devices.
Optionally, the transceiver 503 may include a receiver and a transmitter (not separately shown in fig. 5). Wherein the receiver is configured to implement a receive function and the transmitter is configured to implement a transmit function.
Alternatively, the transceiver 503 may be integrated with the processor 501, or may be separate and coupled to the processor 501 through an interface circuit (not shown in fig. 5) of the apparatus 500, which is not specifically limited in this embodiment of the present application.
It should be noted that the structure of the apparatus 500 shown in fig. 5 does not constitute a limitation of the apparatus, and an actual apparatus may include more or less components than those shown, or combine some components, or arrange different components.
In addition, the technical effects of the method described in the above method embodiment can be referred to for the technical effects of the apparatus 500, and are not described herein again.
It should be understood that the processor in the embodiments of the present application may be a Central Processing Unit (CPU), and the processor may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will also be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DR RAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In addition, the "/" in this document generally indicates that the former and latter associated objects are in an "or" relationship, but may also indicate an "and/or" relationship, which may be understood with particular reference to the former and latter text.
In the present application, "at least one" means one or more, "a plurality" means two or more. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A network security monitoring method for computer communication, applied to a first monitoring network element, the method comprising:
the first monitoring network element collects network encryption data from the first network equipment from a receiving port of the second network equipment;
the first monitoring network element determines a first key set corresponding to the first network equipment according to the identifier of the first network equipment carried by the network encrypted data;
the first monitoring network element decrypts the network encrypted data by using the first key set, so as to determine a first key in the first key set, which successfully decrypts the network encrypted data;
the first monitoring network element determines whether the network encryption data is tampered according to the characteristics of the first secret key;
if so, the first monitoring network element sends a first message to the second network device, so that the second network device discards the network encrypted data.
2. The network security monitoring method of computer communication according to claim 1, wherein the determining, by the first monitoring network element, whether the network encrypted data is tampered with according to the characteristic of the first key comprises:
and the first monitoring network element determines whether the network encryption data is tampered according to the number of the first keys, wherein if the number of the first keys is smaller than a preset first number, the network encryption data is tampered, and the first number is smaller than the number of elements in the first key set.
3. The network security monitoring method of computer communication according to claim 1, wherein the determining, by the first monitoring network element, whether the network encrypted data is tampered with according to the characteristic of the first key comprises:
the first monitoring network element determines whether the network encrypted data is tampered or not according to the corresponding sequence number of the first key in the first key set; if the sequence number of the first key in the first key set is different from a preset first sequence number, it indicates that the network encrypted data is tampered.
4. The method of monitoring network security of computer communication of claim 3,
the sequence number of the first key in the first key set represents an arrangement order of the first key in the first key set, or represents a key number of an interval between the first key and a first anchor key preset in the first key set, where the first anchor key is an element in the first key set.
5. The method for monitoring network security of computer communication according to claims 1-4, wherein the method is further applied to a second monitoring network element, the method further comprising:
the second monitoring network element collects the network encryption data from a sending port of the first network equipment;
the first monitoring network element determines, according to the identifier, a second key set corresponding to the first network device, where elements in the second key set are at least partially different from elements in the first key set, and communication levels of the second key set and the first key set are also different;
the second monitoring network element decrypts the network encrypted data by using the second key set, so as to determine a second key in the second key set, which successfully decrypts the network encrypted data;
the second monitoring network element determines whether the network encrypted data is tampered according to the characteristics of the second key;
if so, the second monitoring network element sends a second message to the second network device, so that the second network device discards the network encrypted data.
6. The network security monitoring method of computer communication according to claim 5, wherein the determining, by the second monitoring network element, whether the network encrypted data is tampered with according to the characteristic of the second key comprises:
and the second monitoring network element determines whether the network encryption data is tampered according to the number of the second keys, wherein if the number of the second keys is larger than a preset second number, the network encryption data is tampered, and the second number is smaller than the number of elements in the second key set.
7. The network security monitoring method of computer communication according to claim 6, wherein the determining, by the second monitoring network element, whether the network encrypted data is tampered with according to the characteristics of the second key comprises:
the second monitoring network element determines whether the network encrypted data is tampered according to the corresponding sequence number of the second key in the second key set; and if the sequence number of the second key in the second key set is the same as a preset second sequence number, the network encryption data is tampered.
8. The method of monitoring network security of computer communication of claim 7,
the sequence number of the second key in the second key set represents an arrangement order of the second key in the second key set, or represents a key number of an interval between the second key and a second anchor key preset in the second key set, where the second anchor key is an element in the second key set.
9. A monitoring network element, comprising: a transceiver module and a processing module, wherein,
the receiving and sending module is used for collecting network encryption data from the first network equipment from a receiving port of the second network equipment;
the processing module is configured to determine a first key set corresponding to the first network device according to the identifier of the first network device carried in the network encrypted data; decrypting the network encrypted data using the first set of keys to determine a first key of the first set of keys that successfully decrypts the network encrypted data; determining whether the network encryption data is tampered according to the characteristics of the first key;
if so, the transceiver module is further configured to send a first message to the second network device, so that the second network device discards the network encrypted data.
10. A computer-readable storage medium, the computer-readable storage medium comprising: computer program or instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110794224.4A CN113542269A (en) | 2021-07-14 | 2021-07-14 | Network security monitoring method and monitoring network element for computer communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110794224.4A CN113542269A (en) | 2021-07-14 | 2021-07-14 | Network security monitoring method and monitoring network element for computer communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113542269A true CN113542269A (en) | 2021-10-22 |
Family
ID=78127894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110794224.4A Withdrawn CN113542269A (en) | 2021-07-14 | 2021-07-14 | Network security monitoring method and monitoring network element for computer communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542269A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118101350A (en) * | 2024-04-26 | 2024-05-28 | 中国人民解放军总医院第一医学中心 | Wearable device for monitoring vital signs and control method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050226420A1 (en) * | 2002-05-17 | 2005-10-13 | Jakke Makela | Method and system in a digital wireless data communication network for arranging data encryption and corresponding server |
| CN108123804A (en) * | 2017-12-29 | 2018-06-05 | 广州汇智通信技术有限公司 | The execution method, apparatus and medium of a kind of data deciphering |
| CN108880787A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of processing method and relevant device of information key |
| CN112069487A (en) * | 2020-04-21 | 2020-12-11 | 杭州绿鲸科技有限公司 | Intelligent equipment network communication safety implementation method based on Internet of things |
| CN112333698A (en) * | 2020-11-18 | 2021-02-05 | 深圳大师科技有限公司 | Encryption authentication method and device for mobile game terminal |
-
2021
- 2021-07-14 CN CN202110794224.4A patent/CN113542269A/en not_active Withdrawn
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050226420A1 (en) * | 2002-05-17 | 2005-10-13 | Jakke Makela | Method and system in a digital wireless data communication network for arranging data encryption and corresponding server |
| CN108880787A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of processing method and relevant device of information key |
| CN108123804A (en) * | 2017-12-29 | 2018-06-05 | 广州汇智通信技术有限公司 | The execution method, apparatus and medium of a kind of data deciphering |
| CN112069487A (en) * | 2020-04-21 | 2020-12-11 | 杭州绿鲸科技有限公司 | Intelligent equipment network communication safety implementation method based on Internet of things |
| CN112333698A (en) * | 2020-11-18 | 2021-02-05 | 深圳大师科技有限公司 | Encryption authentication method and device for mobile game terminal |
Non-Patent Citations (2)
| Title |
|---|
| 吴旭: "《云环境下的面向多用户的信任决策技术 第1版》", 30 April 2020 * |
| 郝尧等: "《信息安全主动防护技术 第1版》", 31 December 2018 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118101350A (en) * | 2024-04-26 | 2024-05-28 | 中国人民解放军总医院第一医学中心 | Wearable device for monitoring vital signs and control method |
| CN118101350B (en) * | 2024-04-26 | 2024-07-16 | 中国人民解放军总医院第一医学中心 | Wearable device for monitoring vital signs and control method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113225176B (en) | Key obtaining method and device | |
| CN109729524B (en) | RRC (radio resource control) connection recovery method and device | |
| WO2018219181A1 (en) | Method and device for determining identifier of terminal device | |
| CN110621016B (en) | User identity protection method, user terminal and base station | |
| CN111355575A (en) | Communication encryption method, electronic device and readable storage medium | |
| CN114389795A (en) | Quantum cloud key negotiation method, device and system, quantum and quantum cloud server | |
| CN114584969B (en) | Information processing method and device based on associated encryption | |
| CN110730447B (en) | User identity protection method, user terminal and core network | |
| CN112866981B (en) | Method and device for managing subscription data | |
| CN113542269A (en) | Network security monitoring method and monitoring network element for computer communication | |
| WO2021083012A1 (en) | Method and device for protecting parameters in authentication process | |
| CN113556340A (en) | Portable VPN terminal, data processing method and storage medium | |
| CN110831247A (en) | Communication method and device | |
| CN115623483B (en) | Integrity protection method and device for working information of bonding wire equipment | |
| US20220174490A1 (en) | System, method, storage medium and equipment for mobile network access | |
| CN117320002A (en) | Communication method and device | |
| CN113783833A (en) | Method and device for constructing computer security knowledge graph | |
| CN115277037A (en) | Communication method, network device, and computer-readable storage medium | |
| CN108513324B (en) | Data transmission method and device | |
| CN113630393A (en) | Information anti-leakage and anti-theft management method and device in computer network security | |
| CN102487505B (en) | Access authentication method of sensor node, apparatus thereof and system thereof | |
| CN113285805B (en) | Communication method and device | |
| CN116528234B (en) | Virtual machine security and credibility verification method and device | |
| CN114640988B (en) | Information processing method and device based on implicit indication encryption | |
| CN114172738B (en) | DDoS attack resisting method and device based on intelligent security box and intelligent security box |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211022 |