CN114221801A - Network security communication method and device - Google Patents
Network security communication method and device Download PDFInfo
- Publication number
- CN114221801A CN114221801A CN202111516317.7A CN202111516317A CN114221801A CN 114221801 A CN114221801 A CN 114221801A CN 202111516317 A CN202111516317 A CN 202111516317A CN 114221801 A CN114221801 A CN 114221801A
- Authority
- CN
- China
- Prior art keywords
- node
- nodes
- message
- network
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 44
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000012545 processing Methods 0.000 claims abstract description 6
- 238000012544 monitoring process Methods 0.000 claims abstract description 4
- 230000003993 interaction Effects 0.000 claims description 3
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/26—Special purpose or proprietary protocols or architectures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of communication protocols, and particularly provides a network security communication method which is characterized by comprising the following steps: s1, starting the nodes, opening the ports as the KCP protocol communication ports among the nodes, and opening the ports of the node discovery mechanism; s2, through node discovery mechanism, the node in block chain obtains IP, KCP protocol monitoring port of peer node in network; s3, establishing a KCP protocol connection based on UDP between nodes; s4, negotiating and establishing an encryption channel between nodes; s5, sending messages between nodes; s6, the node sends a message to the block chain service layer for processing; and S7, sequentially disconnecting the KCP between the nodes. Compared with the prior art, the invention adopts the encrypted channel, ensures the safety of data communication and has good popularization value.
Description
Technical Field
The invention relates to the technical field of communication protocols, and particularly provides a network security communication method and device.
Background
TCP and UDP are two main transport protocols of a transport layer, TCP is a transport protocol oriented to a connection byte stream, and provides reliable service to an application layer, and UDP is a transport protocol oriented to Packet (as in IP Packet, when a peer-to-peer protocol stack communicates, a connection does not need to be established in advance), unreliable, and deliver best-effort (best-effort). In order to achieve the goal, the TCP designs modules of message numbering, confirmation, overtime retransmission, sliding windows, congestion control and the like, so that the TCP needs to pay a large cost in work.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a network security communication method with strong practicability.
The invention further aims to provide a network security communication device which is reasonable in design, safe and applicable.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a network security communication method comprises the following steps:
s1, starting the nodes, opening the ports as the KCP protocol communication ports among the nodes, and opening the ports of the node discovery mechanism;
s2, through node discovery mechanism, the node in block chain obtains IP, KCP protocol monitoring port of peer node in network;
s3, establishing a KCP protocol connection based on UDP between nodes;
s4, negotiating and establishing an encryption channel between nodes;
s5, sending messages between nodes;
s6, the node sends a message to the block chain service layer for processing;
s7, the KCP connection is disconnected between the nodes at one time.
Further, in step S2, the node discovery mechanism is completed by using kademlia algorithm, and when the node a is started for the first time, a unique node ID is generated and recorded as a node ID;
and the node A carries out ping-pong interaction with the public-related node through the hard-coded public-related node address, and if the public node survives, the public node is added into the K bucket.
Further, the NODE A initiates a FIND _ NODE request to the public gateway NODE, acquires the NODE closest to the NODE A, and adds the acquired NODE with the closest distance into the K bucket, the NODE A sends the FIND _ NODE request again to the NODE which is acquired just before, acquires the information of the NODE adjacent to the NODE A, and adds the information into the K bucket, and the steps are repeated to construct a routing table.
Preferably, the node a starts a timer and refreshes the K buckets at intervals.
Further, in step S3, data communication is established with the IP of the node in the blockchain network and the open port obtained in step S2.
Further, in step S4, the nodes use Diffie-Hellman algorithm to perform key exchange, the node a selects a large prime number p, a base number g, and a random number a, calculates a ═ g ^ amod p, and sends the values of p, g, and a to the node b;
b, after receiving, generating a random number B, calculating B ═ g ^ B mod p, and then calculating s ^ A bmod p; b sends B to A, and A calculates s1 ═ B ^ a mod p. Here s1 will equal s as the key for the two-party communication;
both parties start communication using a preset symmetric encryption algorithm and s as a key.
Further, in step S5, the node a encrypts the message using the key obtained in step S4 and sends the message to the node b via the network communication data link in step S3.
Further, in step S6, after receiving the message through the network communication data link in step S3, the node b decrypts the message by using the key generated in step S4, and then forwards the message to the blockchain service layer for processing.
A network security communication device, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine readable program to perform a network security communication method.
Compared with the prior art, the network security communication method and the network security communication device have the following outstanding beneficial effects:
under the condition of network fluctuation, the block chain network using the KCP protocol can reduce the network delay by about 30% -40% compared with the block chain network using the TCP/IP protocol, namely, the number of the transmitted data packets in unit time is increased by 43% -67%, namely, the theoretical TPS on the network level is increased by 43% -67%. The penetrability of the network is enhanced, and the probability of intercepting network data by network equipment such as a firewall is reduced. And an encrypted channel is adopted, so that the safety of data communication is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow diagram of a network security communication method;
fig. 2 is a schematic architecture diagram of a network security communication method.
Detailed Description
The present invention will be described in further detail with reference to specific embodiments in order to better understand the technical solutions of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A preferred embodiment is given below:
as shown in fig. 1-2, a network security communication method in this embodiment includes the following steps:
s1, starting the node, wherein the open 12345 port is a communication port of the KCP protocol between the nodes, and the open 12346 port is a port of a node discovery mechanism.
S2, through node discovery mechanism, the node in block chain obtains the IP and KCP protocol monitoring port of the peer node in the network.
Node discovery is completed by adopting a kademlia algorithm. When the node A is started for the first time, a unique node ID is generated and recorded as the node ID. And the node A carries out ping-pong interaction with the public node A through the hard-coded public node address, and if the public node survives, the public node is added into the K bucket. The NODE A initiates a FIND _ NODE request to the public NODE, acquires the NODEs closest to the NODE A, and adds the NODEs into the K bucket. NODE a sends the FIND _ NODE request again to the NODE that was just obtained, acquires information of NODEs adjacent to it and joins the K bucket. This is repeated until a sufficiently large routing table is constructed.
Wherein node a starts a timer, refreshing K buckets every several hours.
S3, establishing UDP-based KCP protocol connection between the nodes.
The node acquires the IP and open port of other nodes in the blockchain network, and establishes data communication therewith, through step S2. It should be noted that the communication protocol between the nodes is the KCP protocol carried over UDP.
And S4, negotiating and establishing the encrypted channel between the nodes.
First, key exchange is performed between nodes. The key exchange uses the Diffie-Hellman algorithm. The node A selects a large prime number p, a base number g and a random number a, calculates A ^ g ^ a mod p, and sends the values of p, g and A to the node B; b, generating a random number B after receiving B, calculating B ═ g ^ B mod p, and then calculating s ^ A ^ B mod p; b sends B to A, and A calculates s1 ═ B ^ a mod p. Here s1 will equal s as the key for the two-party communication.
Both parties start communication using a preset symmetric encryption algorithm and s as a key.
And S5, sending the message, wherein the node A encrypts the message by using the key obtained in the step S4 and then sends the message to the node B through the network communication data link in the step S3.
And S6, receiving the message, after the node B receives the message through the network communication data link in the step S3, decrypting the message by using the key generated in the step S4, and then transferring the message to a block chain service layer for processing.
And S7, disconnecting, and sequentially disconnecting KCP among the nodes.
A network security communication device, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine readable program to perform a network security communication method.
The above embodiments are only specific cases of the present invention, and the protection scope of the present invention includes but is not limited to the above embodiments, and any suitable changes or substitutions that are consistent with the claims of a network security communication method and apparatus of the present invention and are made by those skilled in the art should fall within the protection scope of the present invention.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (9)
1. A network security communication method, comprising the steps of:
s1, starting the nodes, opening the ports as the KCP protocol communication ports among the nodes, and opening the ports of the node discovery mechanism;
s2, through node discovery mechanism, the node in block chain obtains IP, KCP protocol monitoring port of peer node in network;
s3, establishing a KCP protocol connection based on UDP between nodes;
s4, negotiating and establishing an encryption channel between nodes;
s5, sending messages between nodes;
s6, the node sends a message to the block chain service layer for processing;
and S7, sequentially disconnecting the KCP between the nodes.
2. The method according to claim 1, wherein in step S2, the node discovery mechanism is implemented by using kademlia algorithm, and when node a is first started, a unique node ID is generated and recorded as node ID;
and the node A carries out ping-pong interaction with the public-related node through the hard-coded public-related node address, and if the public node survives, the public node is added into the K bucket.
3. The network security communication method according to claim 2, wherein the NODE a initiates a FIND _ NODE request to the public gateway NODE, acquires the NODE closest to itself, and adds the acquired NODE close to itself into the K bucket, the NODE a sends the FIND _ NODE request again to the NODE that has been acquired, acquires the information of the NODE adjacent to it, and adds the information into the K bucket, and so on, and constructs a routing table.
4. The method according to claim 3, wherein the node A starts a timer and refreshes the K buckets at intervals.
5. The method of claim 4, wherein in step S3, data communication is established through the IP and open port of the node in the blockchain network obtained in step S2.
6. The method of claim 5, wherein in step S4, the nodes exchange keys using Diffie-Hellman algorithm, node a selects a large prime number p, base number g, random number a, calculates a ═ g ^ a mod p, and sends p, g, a value to node b;
b, after receiving, generating a random number B, calculating B ═ g ^ B mod p, and then calculating s ^ A bmod p; b sends B to A, and A calculates s1 ═ B ^ a mod p. Here s1 will equal s as the key for the two-party communication;
both parties start communication using a preset symmetric encryption algorithm and s as a key.
7. The method of claim 6, wherein in step S5, the node A uses the key obtained in step S4 to encrypt the message and sends the message to the node B through the network communication data link in step S3.
8. The method according to claim 7, wherein in step S6, after the node b receives the message through the network communication data link in step S3, the node b decrypts the message by using the key generated in step S4, and then forwards the message to the blockchain service layer for processing.
9. A network security communication apparatus, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111516317.7A CN114221801A (en) | 2021-12-08 | 2021-12-08 | Network security communication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111516317.7A CN114221801A (en) | 2021-12-08 | 2021-12-08 | Network security communication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114221801A true CN114221801A (en) | 2022-03-22 |
Family
ID=80701223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111516317.7A Pending CN114221801A (en) | 2021-12-08 | 2021-12-08 | Network security communication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114221801A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115190162A (en) * | 2022-06-27 | 2022-10-14 | 杭州溪塔科技有限公司 | Proxy service configuration method and proxy service system in block chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7181014B1 (en) * | 1999-09-10 | 2007-02-20 | Cisco Technology, Inc. | Processing method for key exchange among broadcast or multicast groups that provides a more efficient substitute for Diffie-Hellman key exchange |
| CN109005194A (en) * | 2018-09-04 | 2018-12-14 | 厦门安胜网络科技有限公司 | Portless shadow communication means and computer storage medium based on KCP agreement |
| CN112104517A (en) * | 2020-11-23 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Data processing method based on block chain network and related device |
-
2021
- 2021-12-08 CN CN202111516317.7A patent/CN114221801A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7181014B1 (en) * | 1999-09-10 | 2007-02-20 | Cisco Technology, Inc. | Processing method for key exchange among broadcast or multicast groups that provides a more efficient substitute for Diffie-Hellman key exchange |
| CN109005194A (en) * | 2018-09-04 | 2018-12-14 | 厦门安胜网络科技有限公司 | Portless shadow communication means and computer storage medium based on KCP agreement |
| CN112104517A (en) * | 2020-11-23 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Data processing method based on block chain network and related device |
| CN112737916A (en) * | 2020-11-23 | 2021-04-30 | 腾讯科技(深圳)有限公司 | Data processing method based on block chain network and related device |
Non-Patent Citations (1)
| Title |
|---|
| 任伟: "现代密码学第2版", 31 December 2014, 北京邮电大学出版社, pages: 140 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115190162A (en) * | 2022-06-27 | 2022-10-14 | 杭州溪塔科技有限公司 | Proxy service configuration method and proxy service system in block chain |
| CN115190162B (en) * | 2022-06-27 | 2023-11-28 | 杭州溪塔科技有限公司 | Proxy service configuration method and proxy service system in block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0998799B1 (en) | Security method and system for transmissions in telecommunication networks | |
| US20080141020A1 (en) | Method and Apparatus for Providing Secure Streaming Data Transmission Facilities Using Unreliable Protocols | |
| US9832175B2 (en) | Group member recovery techniques | |
| WO1998032065A2 (en) | Improved network security device | |
| EP3208989A1 (en) | Secure shell (ssh2) protocol data collection method and device | |
| WO2009082889A1 (en) | A method for internet key exchange negotiation and device, system thereof | |
| CN101442403B (en) | Self-adapting method for exchanging composite cipher key and managing session cipher key | |
| CN113364811B (en) | Network layer safety protection system and method based on IKE protocol | |
| JP2017085559A (en) | System and method for efficient and semantically secure symmetric encryption over channels with limited bandwidth | |
| Rabiah et al. | A lightweight authentication and key exchange protocol for IoT | |
| EP1374533A2 (en) | Facilitating legal interception of ip connections | |
| CN115766172B (en) | Message forwarding method, device, equipment and medium based on DPU and national cipher | |
| CN118338291B (en) | Emergency communication wireless Mesh ad hoc network identity authentication and data security transmission method | |
| US8094634B2 (en) | Sender and/or helper node modifications to enable security features in cooperative wireless communications | |
| CN101861712A (en) | Security method of mobile internet protocol based server | |
| CN113746861B (en) | Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology | |
| Mosko et al. | Mobile sessions in content-centric networks | |
| CN114221801A (en) | Network security communication method and device | |
| JP2001177514A (en) | Method and device for communication | |
| Burgstaller et al. | Anonymous communication in the browser via onion-routing | |
| Hong et al. | SEAL: Secure and Efficient Authentication using Linkage for Blockchain Networks | |
| Zimmermann et al. | RFC 6189: ZRTP: Media Path Key Agreement for Unicast Secure RTP | |
| Callas et al. | ZRTP: Media path key agreement for unicast secure RTP | |
| Marksteiner et al. | On the Resilience of a QKD Key Synchronization Protocol for IPsec | |
| CN117792796B (en) | Self-adaptive one-time pad data protection method for fusing quantum keys in IPSec |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |