Disclosure of Invention
The embodiment of the application provides a data transmission method for anonymous communication, which is used for reducing data heads and improving transmission efficiency.
The embodiment of the application provides a data transmission method of anonymous communication, which is executed by a communication node in an anonymous communication system, and comprises the following steps:
when the communication node is used as an entry node, a first encrypted data packet sent by a source node is received;
decrypting the first encrypted data packet by using the private key of the user to obtain a first path tag and a real data packet;
finding a relay node identification of the next hop according to the first path label;
shifting the first path label to obtain a second path label;
and encrypting the second path tag and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwarding the second encrypted data packet to the relay node corresponding to the relay node identifier.
In an embodiment, the finding the relay node identifier of the next hop according to the first path tag includes:
and determining the relay node identification of the next hop according to the highest bit value of the first path label and the node connection diagram.
In an embodiment, the offsetting the first path tag to obtain a second path tag includes:
and moving the highest bit value of the first path label to the lowest bit, and sequentially shifting the values of the rest bits to the highest bit to obtain the second path label.
In an embodiment, before the receiving the first encrypted data packet sent by the source node, the method further includes:
receiving path tag acquisition information sent by the source node;
forwarding the path tag acquisition information to a path node, and forwarding an optimal path tag returned by the path node to the source node, so that the source node sends the first encrypted data packet according to the optimal path tag.
In an embodiment, before the receiving the path tag acquisition information sent by the source node, the method further includes:
and responding to the login information sent by the source node, sending direct connection node information to the path node, and enabling the path node to add the entry node into the node connection diagram according to the direct connection node information.
In an embodiment, the method further comprises:
when the communication node is used as a source node, selecting an entry node and sending login information to the entry node;
after receiving the login success message, sending path tag acquisition information to the entry node, so that the entry node forwards the path tag acquisition information to the path node;
and receiving an optimal path label returned by the path node, and sending the first encrypted data packet according to the optimal path label.
In an embodiment, the method further comprises:
sending path query information to the path node, and receiving a plurality of path labels returned by the path node;
selecting any one target mode from the balanced, random, timing and optimal multiple transmission modes, and determining a target path label according to the selected target mode;
and generating the first encrypted data packet according to the target path label and forwarding the first encrypted data packet to the entry node.
In an embodiment, the method further comprises:
when the communication node is used as a relay node, receiving a third encrypted data packet, and decrypting the received third encrypted data packet by using a private key of the communication node to obtain a third path tag and a real data packet;
according to the third path label, finding a relay node identifier of the next hop after the relay node, and shifting the third path label to obtain a fourth path label;
encrypting the fourth path tag and the real data packet by using a public key corresponding to a relay node identifier of the next hop after the relay node to generate a fourth encrypted data packet;
and forwarding the fourth encrypted data packet to a relay node corresponding to the relay node identifier of the next hop after the relay node.
In an embodiment, the method further comprises:
and if the highest bit of the third path label is a designated value, the relay node is an exit node, and the real data packet is forwarded to a destination node corresponding to the destination address according to the destination address in the real data packet.
The embodiment of the application also provides electronic equipment, which comprises:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the data transmission method of anonymous communication described above.
According to the technical scheme provided by the embodiment of the application, when the communication node is used as an entry node, a first encrypted data packet sent by a source node is received; decrypting the first encrypted data packet by using the private key of the user to obtain a first path tag and a real data packet; according to the first path label, finding the relay node identification of the next hop; shifting the first path label to obtain a second path label; and encrypting the second path label and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwarding the second encrypted data packet to the relay node corresponding to the relay node identifier. Therefore, the relay node can continue to offset and encrypt and forward the path label based on the second path label, and the label mode is used for replacing the IP address to represent the data transmission path, so that the length of the data header is compressed, and the data transmission rate is improved.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Fig. 1 is an application scenario schematic diagram of a data transmission method for anonymous communication according to an embodiment of the present application. As shown in fig. 1, the application scenario includes a plurality of communication nodes, which form an anonymous communication system, and in a data transmission process, the plurality of communication nodes may be divided into a source node 101, a path node 102, an ingress node 103, a relay node 104, an egress node 105, and a destination node 106 based on differences in roles of the respective communication nodes. Source node 101 is connected to ingress node 103, destination node 106 is connected to egress node 105, path node 102 is connected to ingress node 103, and relay node 104 is connected to ingress node 103 and egress node 105. The communication node may be an intelligent terminal such as a smart phone, a tablet computer, a desktop computer, or a server.
The source node 101 is used as a sender of data, the destination node 106 is used as a receiver of the data, the path node 102 is used for calculating path labels from the source node 101 to the destination node 106, and the source node 101 can query from the path node 102 to obtain a plurality of path labels as the path from the source node 101 to the destination node 106 is more than one and the forwarding times are the least and can be considered as the optimal path labels. The source node can select a target transmission mode from four transmission modes of equalization, random, timing and optimal, so as to determine a target path label corresponding to the target transmission mode,
in an embodiment, the source node 101 may encrypt the target path label and the real data packet with the public key of the ingress node 103 to generate a first encrypted data packet, and forward the first encrypted data packet to the ingress node 103.
The ingress node 103 decrypts the first encrypted data packet using its own private key to obtain the target path tag and the real data packet. Finding a relay node identification of the next hop according to the first path label; shifting the first path label to obtain a second path label; and encrypting the second path label and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwarding the second encrypted data packet to the relay node 104 corresponding to the relay node identifier.
Assuming that there are a plurality of relay nodes 104, a first relay node 104 connected with the entry node 103 receives the second encrypted data packet, and decrypts the received second encrypted data packet by using the private key of the first relay node 104 to obtain a second path tag and a real data packet; according to the second path label, a relay node identification of the next hop after the first relay node 104 is found, and the second path label is shifted to obtain a third path label; encrypting the third path tag and the real data packet by using a public key corresponding to a relay node identifier of a next hop after the first relay node 104 to generate a third encrypted data packet; forwarding the third encrypted data packet to the second relay node 104 corresponding to the relay node identifier of the next hop after the first relay node 104.
The second relay node 104 receives the third encrypted data packet, decrypts the received third encrypted data packet by using the private key of the second relay node to obtain a third path tag and a real data packet; according to the third path label, finding a relay node identifier of the next hop after the second relay node 104, and shifting the third path label to obtain a fourth path label; encrypting the fourth path tag and the real data packet by using a public key corresponding to a relay node identifier of the next hop after the second relay node 104 to generate a fourth encrypted data packet; and forwarding the fourth encrypted data packet to a third relay node 104 corresponding to the relay node identifier of the next hop after the second relay node 104. And so on.
In an embodiment, if the most significant bit of the third path tag is a specified value (e.g. 1), the second relay node 104 is the egress node 105, and the egress node 105 forwards the real data packet to the destination node 106 corresponding to the destination address according to the destination address in the real data packet.
In the embodiment of the application, the label mode is used for replacing the IP address to represent the data transmission path, so that the length of the data header is compressed, and the data transmission rate is improved. The transmission path is selected by multiple modes, so that the confidentiality of data transmission is improved.
Fig. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device 200 may be used as the communication node, and the electronic device 200 may be used to perform the data transmission method for anonymous communication provided in the embodiments of the present application. As shown in fig. 2, the electronic device 200 includes: one or more processors 202, one or more memories 204 storing processor-executable instructions. Wherein the processor 202 is configured to perform a data transmission method for anonymous communication provided by the embodiments described below.
The processor 202 may be a device comprising a Central Processing Unit (CPU), an image processing unit (GPU) or other form of processing unit having data processing and/or instruction execution capabilities, may process data from other components in the electronic device 200, and may also control other components in the electronic device 200 to perform desired functions.
The memory 204 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on the computer readable storage medium that may be executed by the processor 202 to implement a data transmission method for anonymous communications as described below. Various applications and various data, such as various data used and/or generated by the applications, may also be stored in the computer readable storage medium.
In one embodiment, the electronic device 200 shown in FIG. 2 may also include an input device 206, an output device 208, and a data acquisition device 210, which are interconnected by a bus system 212 and/or other form of connection mechanism (not shown). It should be noted that the components and structures of the electronic device 200 shown in fig. 2 are exemplary only and not limiting, as the electronic device 200 may have other components and structures as desired.
The input device 206 may be a device used by a user to input instructions and may include one or more of a keyboard, mouse, microphone, touch screen, and the like. The output device 208 may output various information (e.g., images or sounds) to the outside (e.g., a user), and may include one or more of a display, a speaker, and the like. The data acquisition device 210 may acquire images of the subject and store the acquired images in the memory 204 for use by other components. The data acquisition device 210 may be a camera, for example.
In an embodiment, the devices in the example electronic apparatus 200 for implementing the web page processing method according to the embodiments of the present application may be integrally disposed, or may be separately disposed, such as integrally disposing the processor 202, the memory 204, the input device 206, and the output device 208, and separately disposing the data acquisition device 210.
In an embodiment, the example electronic device 200 for implementing the data transmission method of anonymous communication of embodiments of the present application may be implemented as a smart device such as a notebook computer, desktop computer, smart phone, or the like.
Fig. 3 is a flow chart of a data transmission method for anonymous communication according to an embodiment of the present application. The method may be performed by a communication node in the application scenario shown in fig. 1, as shown in fig. 3, and comprises the following steps S310-S340.
Step S310: when the communication node is used as an entry node, the entry node receives a first encrypted data packet sent by a source node.
The source node may also be referred to as a user node, representing a node to which the user is currently logged into an account of the anonymous communication system. The source node selects an entry node as an access point, connects to the entire network topology, and sends login information to the entry node.
After receiving the login success message returned by the entry node, the source node can send path tag acquisition information to the entry node, so that the entry node forwards the path tag acquisition information to the path node. The path tag acquisition information may include a source node address and a destination node address. The source node can receive the optimal path label returned by the path node and send the first encrypted data packet to the entry node according to the optimal path label.
The optimal path label may be a label sequence corresponding to a path with the least forwarding times from the source node to the destination node. As shown in fig. 4, assuming that a is an ingress node, I is an egress node, for example, path number values of a and B are denoted by 2, path number values of D and B are denoted by 3, and the optimal path label from node a to node I is 242361.
In an embodiment, the source node may encrypt the optimal path tag and the real data packet with the public key of the ingress node to obtain a first encrypted data packet, and send the first encrypted data packet to the ingress node.
In another embodiment, the source node may send path query information to the path node and receive multiple path labels returned by the path node; selecting any one target mode from the balanced, random, timing and optimal multiple transmission modes, and determining a target path label according to the selected target mode; and generating the first encrypted data packet according to the target path label and forwarding the first encrypted data packet to the entry node.
The path query information may include a source node address and a destination node address, among others. The path from the source node to the destination node can have other paths besides the optimal path, so the path node can also return a plurality of path labels to the source node.
The equalization mode refers to that each path label transmits a fixed file block number, and when the file block number reaches a threshold value, the next path label is switched. The random mode refers to a path tag used for randomly switching the current file block transmission. The timing mode refers to switching path labels within a fixed time. The optimal mode refers to selecting the optimal path tag transmission.
The source node may select one transmission mode from the four modes described above as the target mode. For example, assuming that the optimal mode is selected, the target path label is the optimal path label, and the target path label and the real data packet are encrypted by using the public key of the ingress node to generate the first encrypted data packet.
For example, assuming that there are four path tags in total, assuming that the timing mode is selected, each time a prescribed point in time is reached, the next path tag is switched to, which may be referred to as a target path tag. The source node may encrypt the target path tag and the real data packet with a public key of the ingress node to generate a first encrypted data packet, and send the first encrypted data packet to the ingress node.
Step S320: and the entry node decrypts the first encrypted data packet by using the private key of the entry node to obtain a first path tag and a real data packet.
The first path tag may include a tag length and tag data, the tag length occupying 1 byte, representing the tag data length in units (bytes), ranging from [2,255], the out-of-range representing a tag format error, and the data being discarded. Each 1 byte of the tag data represents a path number value, and the direct connection node information stored in the current node can be queried through the path number value, and then the corresponding public key and IP address are obtained. The lowest bit value of the tag data may be fixed to be 1, and when the node acquires the number value of 1, the current node is indicated as the destination node.
The real data packet includes the data content to be transmitted and the destination address. The first path label refers to a sequence of labels corresponding to the path from the ingress node to the egress node, and the last bit of the first path label may be a specified value (e.g., 1). The source node encrypts the first path tag and the real data packet by using the public key of the entry node to obtain a first encrypted data packet, so that the entry node can decrypt the first encrypted data packet by using the private key of the entry node to obtain the first path tag and the real data packet.
Step S330: and the entry node finds the relay node identification of the next hop according to the first path label.
Wherein the relay node identification of the next hop may be the ip address or node number of the relay node of the next hop after the ingress node.
In an embodiment, the ingress node may determine the relay node identifier of the next hop according to the highest bit value of the first path tag and the node connection diagram.
The node connection graph may be as shown in fig. 4. In an embodiment, the entry node may send, in response to the login information sent by the source node, direct connection node information to the path node, so that the path node adds the entry node to the node connection graph according to the direct connection node information.
The login information may be an account number and a password of the user of the source node. If the account number and the password are correct, the entry node can return a login success message to the source node and send own direct connection node information to the path node. The direct connection node information refers to information of a node directly connected to the ingress node, the information of the node includes a public key, an IP address, and a path number value between the ingress node and the direct connection node, the path number value may be recorded from 2, and is determined by an order in which the user nodes are accessed.
The path node can add the node to the node connection Graph (Graph) by receiving the direct connection node information reported by other nodes, the source node can send path query information to the path node before sending data, and the path node can calculate the optimal path from the source node to the destination node by using Dijkstra algorithm and return the optimal path to the source node initiating the query. The path node can also calculate a plurality of paths from the source node to the destination node by using a DFS (Depth First Search) algorithm, and the paths are used for multi-path block transmission of the file, so that the transmission efficiency is improved while the system confidentiality is ensured.
Assuming that the ingress node is node a, the egress node is node I, the first path tag is "242361", the highest bit value is "2", and node a will take the highest bit value 2 of the tag as the index value for obtaining the next hop node information, so as to find that node B is the relay node of the next hop.
Step S340: and the entry node shifts the first path label to obtain a second path label.
The second path label is a result of performing first offset on the first path label. Wherein, the offset refers to shifting the value on each bit in the first path tag one bit forward. In an embodiment, the most significant value of the first path tag may be shifted to the least significant value, and the values of the remaining bits are shifted to the most significant value in order to obtain the second path tag. Still referring to fig. 4, after node a determines that the next hop is node B, the first path tag "242361" may be shifted to obtain a second path tag "423612", i.e., value 2 is shifted to the lowest order and the remaining values are shifted to the highest order.
Step S350: and the entry node encrypts the second path tag and the real data packet by using the public key corresponding to the relay node identifier to obtain a second encrypted data packet, and forwards the second encrypted data packet to the relay node corresponding to the relay node identifier.
The relay node refers to a transit node between an ingress node and an egress node. Each relay node receives the encrypted data packet, decrypts the encrypted data packet to obtain a path label, analyzes the path label to obtain the node identification of the next hop node, can obtain the IP address and the public key of the next hop node through the node identification, and then uses the public key to continue encrypting the data and forwarding the data to the node corresponding to the IP address until forwarding to the exit node.
For distinction, the source node generates a first encrypted packet, the ingress node generates a second encrypted packet, the relay node connected to the ingress node generates a third encrypted packet, the next hop relay node generates a fourth encrypted packet, and so on.
Specifically, a first relay node connected with an entry node receives a second encrypted data packet, decrypts the received second encrypted data packet by using a private key of the first relay node, and obtains a second path tag and a real data packet; according to the second path label, a relay node identifier of the next hop after the first relay node is found, and the second path label is shifted to obtain a third path label; encrypting the third path label and the real data packet by using a public key corresponding to a relay node identifier of the next hop after the first relay node to generate a third encrypted data packet; and forwarding the third encrypted data packet to a second relay node corresponding to the relay node identifier of the next hop after the first relay node.
The second relay node receives the third encrypted data packet, and decrypts the received third encrypted data packet by using the private key of the second relay node to obtain a third path tag and a real data packet; according to the third path label, finding a relay node identifier of the next hop after the second relay node, and shifting the third path label to obtain a fourth path label; encrypting the fourth path tag and the real data packet by using a public key corresponding to a relay node identifier of the next hop after the second relay node to generate a fourth encrypted data packet; and forwarding the fourth encrypted data packet to a third relay node corresponding to the relay node identifier of the next hop after the second relay node. And so on, until forwarded to the egress node.
In an embodiment, if the most significant bit of the third path tag is a specified value (e.g. 1), the second relay node is an egress node, and the egress node forwards the real data packet to a destination node corresponding to the destination address according to the destination address in the real data packet.
That is, if the highest bit of the path label obtained by decryption of a certain node is 1, it indicates that the node is already the egress node, and the real data packet can be directly sent to the destination node corresponding to the destination address. The destination address may be the ip address of the destination node.
Still referring to fig. 4, after node a determines that the next hop is node B, the first path label is "242361" may be shifted to obtain a second path label "423612". The real data packet and the second path label are transmitted to the node B by the node A after being encrypted by the public key of the node B. The node B decrypts the encrypted data packet to obtain a second path tag 423612, determines that the next hop is the node C, and shifts the second path tag 423612 to obtain a third path tag 236124; and after the real data packet and the third path label are encrypted by the public key of the node C, the real data packet and the third path label are forwarded to the node C by the node B.
Similarly, until the data packet is sent to the node I, the node I decrypts the nth encrypted data packet to obtain a path label of '124236'. Since the highest value is 1 at this time, it indicates that node I is the egress node, and node I may send the real data packet to the destination node. Node I may flip the tag data as a whole to "632421". The label at this time is a path label returned from node I to node a.
Fig. 5 is a detailed flowchart of a data transmission method for anonymous communication according to an embodiment of the present application. As shown in fig. 5, the flow includes the steps of:
the first step: the node logs in, the user node (namely the source node) selects an entry node and sends own node information to the entry node;
and a second step of: after receiving the login information, the entry node returns a login success message to the user node and sends direct connection node information to the path node;
and a third step of: the path node adds the node into a Graph (Graph) according to the direct connection node information, and returns acknowledgement receiving information to the entry node;
fourth step: before transmitting data, the user node transmits path tag acquisition information (source address and destination address) to the entry node;
fifth step: after receiving the information obtained by the path label, the entrance node forwards the information to the path node, and the path node returns the calculated optimal path label to the user node after receiving the information; the user node can transmit data by using the obtained optimal path label, or can obtain a plurality of path labels from the path node, then the user node can select one of four transmission modes of equalization, random, timing and optimal to perform a target mode, and the target path label is determined based on the target mode.
Sixth step: the data forwarding is carried out, and the user node sends a first encrypted data packet to the entry node according to the target path label;
seventh step: the method comprises the steps that an entry node decrypts first decrypted data to obtain a first path tag and a real data packet, determines a next hop relay node for the first path tag, and performs offset processing on the first path tag to obtain a second path tag;
eighth step, the entrance node encrypts the second path label and the real data packet through the public key of the next hop relay node and forwards the encrypted second path label and the real data packet to the next hop relay node;
and ninth, when the relay node receives the data, firstly decrypting the data head by using the private key of the relay node to obtain a path label, indexing the direct-connected node of the relay node according to the highest bit value of the path label, finding out the information of the next hop node, shifting the label data, encrypting by using the public key in the information of the next hop node, and forwarding the IP address.
Tenth step: when data is transmitted to the exit node, the highest bit value of the path label is 1, and the exit node transmits the real data packet to the destination node according to the destination IP in the real data packet.
In an anonymous communication system, a label mode is used for representing a path between two nodes, and a label mode is used for representing a data transmission path instead of an IP address, so that the length of a data header is compressed, and the data transmission rate is improved. The transmission path is selected by multiple modes, so that the confidentiality of data transmission is improved.
The following is an embodiment of the apparatus of the present application, which may be used to perform the above-described embodiment of the data transmission method for anonymous communication of the present application. For details not disclosed in the device embodiments of the present application, please refer to the data transmission method embodiments of anonymous communication of the present application.
Fig. 6 is a block diagram of a data transmission apparatus for anonymous communication, which may be applied to a communication node in an anonymous communication system, according to an embodiment of the present application, the apparatus comprising: a data receiving module 610, a data decrypting module 620, a path finding module 630, a tag processing module 640, and a data forwarding module 650.
A data receiving module 610, configured to receive, when the communication node is an ingress node, a first encrypted data packet sent by a source node;
the data decryption module 620 is configured to decrypt the first encrypted data packet by using a private key of the data decryption module to obtain a first path tag and a real data packet;
a path searching module 630, configured to find a relay node identifier of a next hop according to the first path tag;
a tag processing module 640, configured to offset the first path tag to obtain a second path tag;
and the data forwarding module 650 is configured to encrypt the second path tag and the real data packet by using a public key corresponding to the relay node identifier, obtain a second encrypted data packet, and forward the second encrypted data packet to a relay node corresponding to the relay node identifier.
The implementation process of the functions and roles of each module in the device is specifically shown in the implementation process of the corresponding steps in the data transmission method of anonymous communication, and is not repeated here.
In the several embodiments provided in the present application, the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored on a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.