CN114338215A - Network link security encryption system - Google Patents
Network link security encryption system Download PDFInfo
- Publication number
- CN114338215A CN114338215A CN202111680937.4A CN202111680937A CN114338215A CN 114338215 A CN114338215 A CN 114338215A CN 202111680937 A CN202111680937 A CN 202111680937A CN 114338215 A CN114338215 A CN 114338215A
- Authority
- CN
- China
- Prior art keywords
- chip
- module
- data
- network port
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 claims abstract description 30
- 239000013078 crystal Substances 0.000 claims abstract description 12
- 238000012545 processing Methods 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Abstract
The invention provides a network link security encryption system, which comprises: the system comprises a data communication module, an FPGA chip and a crystal oscillator chip. The data communication module includes: the system comprises a PHY chip, a first data network port and a second data network port, wherein the first data network port and the second data network port are respectively connected with the PHY chip. The FPGA chip comprises a PL end, and the PHY chip is connected with the PL end of the FPGA chip. The crystal oscillator chip provides clock signals for the FPGA chip and the PHY chip respectively. When the first data network port receives data and the second data network port sends data, the PL side encrypts the data, and when the second data network port receives data and the first data network port sends data, the PL side decrypts and intercepts the data. The network link security encryption system can encrypt, decrypt and intercept network communication data, so that the security coefficient of Ethernet communication is improved.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a network link security encryption system.
Background
With the development of information technology, people have higher and higher requirements on the transmission capability of information equipment, and the corresponding attention on information security is higher and higher. In the local ethernet networking of devices, a large amount of data is transmitted through network cables and switches, accompanied by a great risk of information leakage. Hackers can steal information by intercepting data of the switch or a single link, and can also send a large amount of data to attack the whole network or a single node, so that network communication is paralyzed, and the normal use effect of users is further influenced.
The existing security encryption system has poor adaptability, and when the data throughput or the network bandwidth is improved, the network link cannot be effectively encrypted and protected. Meanwhile, the traditional secure encryption system cannot intercept specific data frames, so that obvious loopholes exist.
Disclosure of Invention
In view of the above, the present invention is directed to a network link security encryption system to solve the above technical problems.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a network link security encryption system comprising: data communication module, FPGA chip and crystal oscillator chip, data communication module includes: the system comprises a PHY chip, a first data network port and a second data network port, wherein the first data network port and the second data network port are respectively connected with the PHY chip; the FPGA chip comprises a PL end, the PL end realizes encryption, decryption and interception of data through a programmable logic gate, and the PHY chip is connected with the PL end of the FPGA chip; the crystal oscillator chip provides clock signals for the FPGA chip and the PHY chip respectively; and when the second data network port receives data and the first data network port sends data, the PL terminal of the FPGA chip carries out decryption processing and interception processing on the data.
Further, the PL end of the FPGA chip includes: the device comprises a first MAC module, a second MAC module, a protocol identification module, an encryption module, a decryption module, an interception module and a recalculation and verification module; the first MAC module and the second MAC module are respectively connected with the PHY chip through an XGMII interface, the first MAC module is used for providing MAC for the first data network port, and the second MAC module is used for providing MAC for the second data network port; the first MAC module, the protocol identification module, the encryption module, the recalculation check module and the second MAC module are sequentially connected to form a data encryption link, and the second MAC module, the protocol identification module, the decryption module, the interception module, the recalculation check module and the first MAC module are sequentially connected to form a data decryption interception link.
Further, the data communication module further comprises a configuration network port, and the configuration network port is connected with the PHY chip.
Further, the FPGA chip includes a PS terminal, the PS terminal is used for implementing command reception and status upload, and the PS terminal sends command information and key information to the PL terminal through the FPGA communication bus.
Furthermore, the PS end of the FPGA chip comprises an ARM main controller and a KSZ9031R chip, the KSZ9031R chip and the FPGA communication bus are respectively connected with the ARM main controller, and the KSZ9031R chip is connected with the PHY chip; the ARM main controller comprises a decoding module and an encryption and decryption module, the decoding module is used for providing MAC for the configuration network port, and the encryption and decryption module is used for carrying out encryption communication with the upper computer and receiving command information and key information.
Furthermore, the PS end of the FPGA chip also comprises a USB3320 chip, the USB3320 chip is connected with the ARM main controller, and the USB3320 chip is connected with the expanded USB control interface.
Further, the first data port, the second data port and the configuration port are all RJ45 ports.
Furthermore, the security encryption system further comprises a power chip, wherein the power chip is used for supplying power to the crystal oscillator chip, the PHY chip and the FPGA chip.
Compared with the prior art, the network link security encryption system has the following advantages:
the network link safety encryption system can encrypt and communicate network cable data under the condition of not damaging normal communication of the Ethernet, not only can adapt to larger data throughput and network bandwidth, but also can filter and intercept specific data, thereby improving the safety coefficient of network communication.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the invention without limitation. In the drawings:
fig. 1 is a schematic diagram of a secure encryption system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of the PL terminal of the FPGA chip according to the embodiment of the present invention;
FIG. 3 is a schematic diagram of the PS terminal of the FPGA chip according to the embodiment of the present invention;
fig. 4 is a schematic diagram of an exemplary application of the secure encryption system according to the embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in the orientation or positional relationship indicated in the drawings, which are merely for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be construed as limiting the invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.
In the description of the invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted", "connected" and "connected" are to be construed broadly, e.g. as being fixed or detachable or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art through specific situations.
The invention will be described in detail with reference to the following embodiments with reference to the attached drawings.
A network link security encryption system comprising: the system comprises a data communication module, an FPGA chip and a crystal oscillator chip. Fig. 1 is a schematic diagram of a secure encryption system, and as shown in the figure, a data communication module includes: the system comprises a PHY chip, a first data network port and a second data network port, wherein the first data network port and the second data network port are respectively connected with the PHY chip. The FPGA chip comprises a PL end, the PL end realizes encryption, decryption and interception of data through a programmable logic gate, and the PHY chip is connected with the PL end of the FPGA chip. The crystal oscillator chip provides clock signals for the FPGA chip and the PHY chip respectively, and when the crystal oscillator chip works, the clock signals can provide reference standards for data transmission among different systems, so that the data transmission work is facilitated.
Because the security encryption system is provided with two data network ports, when the security encryption system works, different processing effects can be obtained when data enters the security encryption system along different data network ports. Specifically, when the first data network port receives data and the second data network port sends data, the PL end of the FPGA chip encrypts the data. And when the second data network port receives data and the first data network port sends data, the PL end of the FPGA chip carries out decryption processing and interception processing on the data.
To implement the above functions, the PL terminal of the FPGA chip in this embodiment includes: the device comprises an MAC module, a second MAC module, a protocol identification module, an encryption module, a decryption module, an interception module and a recalculation and verification module. The first MAC module and the second MAC module are respectively connected with the PHY chip through the XGMII interface, and when the wireless sensor network works, the first MAC module is used for providing MAC for the first data network port, and the second MAC module is used for providing MAC for the second data network port.
As shown in fig. 2, a first MAC module, a protocol identification module, an encryption module, a recalculation check module and a second MAC module inside the PL end are sequentially connected to form a data encryption link, and the second MAC module, the protocol identification module, a decryption module, an interception module, the recalculation check module and the first MAC module are sequentially connected to form a data decryption interception link. When data enters the link for encryption or decryption, the system can not damage the communication protocol of the normal Ethernet, so that the safety factor of the network link can be improved while the data structures of the IP head, the TCP head, the ARP frame and the like of the original data are kept. In addition, as the decryption interception link can filter and intercept specific data, the system can also defend against specific nodes, so that hackers can be prevented from attacking the specific nodes of the network link.
Optionally, in order to facilitate configuration of specific working parameters of the system by a worker, the data communication module further includes a configuration port, and the configuration port is connected to the PHY chip. Before working, the staff can adjust the internal parameters of the FPGA chip through the configuration network port, so that the system is matched with the practical application environment.
In order to facilitate the system to realize command receiving and state uploading, the FPGA chip further comprises a PS terminal. Fig. 3 is a schematic diagram of the PS terminal of the FPGA chip, and as shown in the figure, the PS terminal of the FPGA chip includes an ARM main controller and a KSZ9031R chip. The KSZ9031R chip and the FPGA communication bus are respectively connected with the ARM main controller, and the KSZ9031R chip is connected with the PHY chip. When the system works, the configuration network port is connected with an upper computer or a switch, and the KSZ9031R chip acquires configuration parameter information of the configuration network port through the PHY chip, so that a worker can configure parameters of the system. In addition, ARM main control unit includes decoding module and encryption/decryption module, and wherein decoding module is used for providing MAC for the configuration net gape, and encryption/decryption module is used for carrying out encryption communication with the host computer, receives command information and key information. After the PS terminal obtains the command information and the key information, the FPGA communication bus can send the command information and the key information to the interior of the PL terminal, so that the system encrypts, decrypts and intercepts data according to the command information and the key information.
Optionally, in order to improve a parameter configuration mode of the FPGA chip, the PS terminal of the FPGA chip may further include a USB3320 chip. Specifically, the USB3320 chip is connected with the ARM main controller, and the USB3320 chip is connected with the expanded USB control interface. When the system is used, the USB control interface is expanded to enable the system to perform data interaction with other equipment in a USB connection mode, so that the information interaction mode of the system and external equipment is enriched.
Fig. 4 is a schematic diagram of a typical application of the system, and as shown in the drawing, when in use, a worker can connect each device requiring ethernet communication with a network link security encryption system through a network cable, and the network link security encryption system can be directly connected through the network cable or connected through a switch/router in the middle.
As an optional implementation manner of this embodiment, the first data network port, the second data network port, and the configuration network port may all be RJ45 network ports, and the secure encryption system further includes a power chip, where the power chip can supply power to the crystal oscillator chip, the PHY chip, and the FPGA chip when the secure encryption system operates, so that the secure encryption system obtains electric energy required by operation.
The following explains the effects of the above-described scheme:
the embodiment provides a network link security encryption system, which can encrypt and communicate network cable data without destroying normal communication of an ethernet, and not only can adapt to larger data throughput and network bandwidth, but also can filter and intercept specific data, thereby improving the security coefficient of network communication.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the invention, so that any modifications, equivalents, improvements and the like, which are within the spirit and principle of the present invention, should be included in the scope of the present invention.
Claims (8)
1. A network link security encryption system, comprising: data communication module, FPGA chip and crystal oscillator chip, data communication module includes: the system comprises a PHY chip, a first data network port and a second data network port, wherein the first data network port and the second data network port are respectively connected with the PHY chip; the FPGA chip comprises a PL end, the PL end realizes encryption, decryption and interception of data through a programmable logic gate, and the PHY chip is connected with the PL end of the FPGA chip; the crystal oscillator chip provides clock signals for the FPGA chip and the PHY chip respectively; and when the second data network port receives data and the first data network port sends data, the PL terminal of the FPGA chip carries out decryption processing and interception processing on the data.
2. The network link security encryption system of claim 1, wherein: the PL end of the FPGA chip comprises: the device comprises a first MAC module, a second MAC module, a protocol identification module, an encryption module, a decryption module, an interception module and a recalculation and verification module; the first MAC module and the second MAC module are respectively connected with the PHY chip through an XGMII interface, the first MAC module is used for providing MAC for the first data network port, and the second MAC module is used for providing MAC for the second data network port; the first MAC module, the protocol identification module, the encryption module, the recalculation check module and the second MAC module are sequentially connected to form a data encryption link, and the second MAC module, the protocol identification module, the decryption module, the interception module, the recalculation check module and the first MAC module are sequentially connected to form a data decryption interception link.
3. The network link security encryption system of claim 1, wherein: the data communication module also comprises a configuration network port, and the configuration network port is connected with the PHY chip.
4. A network link security encryption system according to claim 3, wherein: the FPGA chip comprises a PS end, wherein the PS end is used for realizing command receiving and state uploading, and sends command information and key information to a PL end through an FPGA communication bus.
5. The network link security encryption system of claim 4, wherein: the PS end of the FPGA chip comprises an ARM main controller and a KSZ9031R chip, the KSZ9031R chip and the FPGA communication bus are respectively connected with the ARM main controller, and the KSZ9031R chip is connected with the PHY chip; the ARM main controller comprises a decoding module and an encryption and decryption module, the decoding module is used for providing MAC for the configuration network port, and the encryption and decryption module is used for carrying out encryption communication with the upper computer and receiving command information and key information.
6. The system of claim 5, wherein: the PS end of the FPGA chip also comprises a USB3320 chip, the USB3320 chip is connected with the ARM main controller, and the USB3320 chip is connected with the expanded USB control interface.
7. A network link security encryption system according to claim 3, wherein: and the first data network port, the second data network port and the configuration network port are all RJ45 network ports.
8. The network link security encryption system of claim 1, wherein: the safety encryption system further comprises a power supply chip, and the power supply chip is used for supplying power to the crystal oscillator chip, the PHY chip and the FPGA chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111680937.4A CN114338215A (en) | 2021-12-30 | 2021-12-30 | Network link security encryption system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111680937.4A CN114338215A (en) | 2021-12-30 | 2021-12-30 | Network link security encryption system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338215A true CN114338215A (en) | 2022-04-12 |
Family
ID=81022346
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111680937.4A Pending CN114338215A (en) | 2021-12-30 | 2021-12-30 | Network link security encryption system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338215A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116743504A (en) * | 2023-08-14 | 2023-09-12 | 佳瑛科技有限公司 | Safe transmission method and system for digital data in network cable |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871894A (en) * | 2016-05-17 | 2016-08-17 | 华南理工大学 | IEC61850 communication protocol conversion SOC chip with encryption and decryption functions and implementing method |
| CN205901787U (en) * | 2016-05-17 | 2017-01-18 | 华南理工大学 | IEC61850 communication protocol converter with encryption and decryption function |
| CN210274109U (en) * | 2019-11-19 | 2020-04-07 | 深圳市风云实业有限公司 | Ethernet card device supporting encryption function |
| CN210469376U (en) * | 2019-09-20 | 2020-05-05 | 西安瑞思凯微电子科技有限公司 | Data encryption and decryption equipment based on ZYNQ7020 and security chip |
-
2021
- 2021-12-30 CN CN202111680937.4A patent/CN114338215A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871894A (en) * | 2016-05-17 | 2016-08-17 | 华南理工大学 | IEC61850 communication protocol conversion SOC chip with encryption and decryption functions and implementing method |
| CN205901787U (en) * | 2016-05-17 | 2017-01-18 | 华南理工大学 | IEC61850 communication protocol converter with encryption and decryption function |
| CN210469376U (en) * | 2019-09-20 | 2020-05-05 | 西安瑞思凯微电子科技有限公司 | Data encryption and decryption equipment based on ZYNQ7020 and security chip |
| CN210274109U (en) * | 2019-11-19 | 2020-04-07 | 深圳市风云实业有限公司 | Ethernet card device supporting encryption function |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116743504A (en) * | 2023-08-14 | 2023-09-12 | 佳瑛科技有限公司 | Safe transmission method and system for digital data in network cable |
| CN116743504B (en) * | 2023-08-14 | 2023-10-17 | 佳瑛科技有限公司 | Safe transmission method and system for digital data in network cable |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109842585B (en) | Network information safety protection unit and protection method for industrial embedded system | |
| US9003199B2 (en) | Modular cryptographic device providing multi-mode wireless LAN operation features and related methods | |
| CN202856781U (en) | Industrial control system main station safety device | |
| EP1580934A2 (en) | Methods and modular cryptographic device with enhanced interface protocol | |
| CN1883154B (en) | Method and apparatus of communicating security/encryption information to a physical layer transceiver | |
| EP1580921B1 (en) | Modular cryptographic device and related method | |
| CN104658090B (en) | A kind of smart lock of built-in security module and ZigBee wireless communication modules | |
| CN105391751A (en) | REMOTELY CONTROLLABLE ELECTRONIC DEVICE, NETWORK SYSTEM and REMOTE CONTROL METHOD THEREOF | |
| CN109344639A (en) | A kind of distribution automation double protection safety chip, data transmission method and equipment | |
| EP1580923A1 (en) | Modular cryptographic device and coupling therefor and related methods | |
| EP1580932A2 (en) | Methods and modular cryptographic device with status determination | |
| CN114338215A (en) | Network link security encryption system | |
| EP1580922A2 (en) | Methods and modular cryptographic davice with enhanched communication control | |
| CN110417706B (en) | Switch-based secure communication method | |
| CN208063238U (en) | Data encryption security ViGap | |
| US20070058654A1 (en) | Arrangement and coupling device for securing data access | |
| US11032250B2 (en) | Protective apparatus and network cabling apparatus for the protected transmission of data | |
| CN207573392U (en) | For the safe data transmission terminal of the Big Dipper of power information acquisition | |
| KR101845776B1 (en) | MACsec adapter apparatus for Layer2 security | |
| CN108234461A (en) | A kind of encrypted blinded communication system and method based on USB pairings | |
| CN215934875U (en) | Safety isolation VPN host device | |
| CN213547855U (en) | Data encryption pass-through terminal and communication system based on 4G/5G network | |
| Qu et al. | Research and application of encrypted data transmission based on IPSec | |
| CN114007283A (en) | Safety access gateway applied to data safety of smart community | |
| CN202535388U (en) | Serial port isolation remote-driven communication security gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |