CN114553403B - Threat information sharing method and device conforming to data security - Google Patents
Threat information sharing method and device conforming to data security Download PDFInfo
- Publication number
- CN114553403B CN114553403B CN202210010348.3A CN202210010348A CN114553403B CN 114553403 B CN114553403 B CN 114553403B CN 202210010348 A CN202210010348 A CN 202210010348A CN 114553403 B CN114553403 B CN 114553403B
- Authority
- CN
- China
- Prior art keywords
- threat information
- information sharing
- threat
- address
- sharing party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 6
- 230000007123 defense Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/302—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Technology Law (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a threat information sharing method and device conforming to data security, comprising the steps of agreeing a big prime number; based on the large prime numbers, threat information sharing parties respectively encrypt IP addresses of a digital asset in a local threat information library, and exchange encrypted IP addresses E i,A And encrypted IP address E j,B The method comprises the steps of carrying out a first treatment on the surface of the Based on the large prime numbers, the exchanged encrypted IP addresses E are respectively obtained i,A Or encrypted IP address E j,B Encrypting and exchanging encrypted IP address D j,AB And encrypted IP address D i,BA The method comprises the steps of carrying out a first treatment on the surface of the Any threat information sharing party encrypts IP address D by comparison j,AB And encrypted IP address D i,BA And obtaining threat information sharing results. The invention solves the problem that threat information analysis can be performed under the condition that both parties do not know the threat information library of the other party.
Description
Technical Field
The invention relates to data security and cryptography, in particular to a threat information sharing method and device conforming to data security.
Background
Data security refers to the ability to ensure that data is in an effectively protected and legally utilized state and to ensure a continuous security state by taking necessary measures. Under the background of rapid development of novel technologies such as big data, cloud computing, internet of things and artificial intelligence, the threat of network space also presents a generalized and complicated trend. The future threat situation is prejudged, and the potential security risk is evaluated according to the future threat situation to guide the user to make an effective security decision, so that the network space defense capability can be systematically enhanced. Currently, threat intelligence is quite wide in scope and occupies an important position in network attack and defense. Threat information is a data source in network attack and defense, and ensuring the data security is an important subject at present. Because of the importance and sensitivity of threat intelligence, how to analyze the threat intelligence based on protecting the data security of threat intelligence libraries is a problem to be solved.
Disclosure of Invention
Aiming at the problems, the invention provides a threat information sharing method and device conforming to data security based on a Diffie-Hellman protocol, and threat information analysis is carried out under the condition that both parties are not aware of a threat information library.
In order to achieve the purpose, the invention adopts the following specific technical scheme:
a threat information sharing method conforming to data security includes the steps:
threat information sharing party A and threat information sharing party B agree on a big prime number;
based on the large prime numbers, respectively encrypting IP addresses of a digital asset in a local threat information library, and exchanging the encrypted IP addresses E i,A And encrypted IP address E j,B Wherein i is the number of the digital asset in the local threat information library of the threat information sharing party A, and j is the number of the digital asset in the local threat information library of the threat information sharing party B;
based on the large prime numbers, the exchanged encrypted IP addresses E are respectively obtained i,A Or encrypted IP address E j,B Encrypting and exchanging encrypted IP address D j,AB And encrypted IP address D i,BA ;
Any threat information sharing party encrypts IP address D by comparison j,AB And encrypted IP address D i,BA And obtaining threat information sharing results.
Further, the method for constructing the local threat information library comprises the following steps: based on socioeconomic data obtained and/or publicly revealed data.
Further, the digital asset comprises: malicious IP addresses and malicious domain names.
Further, the IP address is encryptedWherein alpha is i Data assets in a local threat information base of threat information sharing party A, n is large prime number, K A And a key obtained by the information sharing party A based on the large prime numbers.
Further, the IP address is encryptedWherein alpha is j Data assets in a local threat information base of threat information sharing party B, n is large prime number, K A For the information sharing party A to obtain the key based on the big prime number, K B And a key obtained for the information sharing party B based on the big prime number.
Further, the comparison encrypts the IP address E j,AB And encrypted IP address E i,BA Comprising: to the number of duplicate elements.
Further, the threat intelligence sharing result includes: and judging whether the shared data assets are the same data assets or not.
A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when run.
An electronic device comprising a memory and a processor, wherein the memory stores a program for performing the above-described method.
The invention has the following positive effects:
because the threat information library has important significance in network attack and defense, from the perspective of data security, both sides of the holder of the threat information library cannot share the content of the threat information library. The threat information analysis can be performed under the condition that both parties do not know the threat information library of the other party.
Drawings
Fig. 1 is an overall flow chart of the present method.
Detailed Description
In order to better understand the technical solutions in the embodiments of the present invention and to make the objects, features and advantages of the present invention more obvious, the present invention will be further described in detail below with reference to the accompanying drawings and the embodiments.
The threat information sharing method of the invention, as shown in figure 1, comprises the following steps:
1) Threat information sharing party agrees with large prime number n, and the information digital asset to be exchanged by threat information sharing party A is alpha i The digital asset to be exchanged by threat information sharing party B is alpha j ;
2) Party A threatening information sharing selects secret key K A E {2, …, n-2}, calculate IP address
3) Another party B threatening information sharing selects the secret key K B E {2, …, n-2}, calculate IP address
4) Threat intelligence sharing both parties exchange E i,A And E is j,B ;
5) Party a threatening information sharing to calculate IP address
6) Party B computing IP addresses for threat intelligence sharing
7) Threat information sharing two parties exchange IP addresses D j,AB And D i,BA ;
8) Threat information sharing two parties respectively compare D j,AB And D i,BA The number of repeating elements in the system can be known to the information digital asset alpha i And informative digital asset alpha j Whether the same data asset is used, that is, whether any threat information sharing party can know whether a certain digital asset exists in the threat information library of the opposite party.
In one embodiment of the invention, the threat intelligence library is established through socioeconomic, publicly revealed data.
In one embodiment of the invention, the digital asset is obtained by analyzing data in a threat intelligence library.
In one embodiment of the invention, the digital assets include, but are not limited to, malicious IP addresses and malicious domain names.
In one embodiment of the present invention, the threat intelligence sharing method is based on the Diffie-Hellman protocol.
In summary, the present invention can obtain whether the IP exists in the current threat information library through comparing and inquiring the new IP. Thus, the information exchange is carried out under the condition that the threat information library of the opposite party is not known;
finally, it should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail by using examples, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention, and all such modifications and equivalents are intended to be encompassed in the scope of the claims of the present invention.
Claims (5)
1. A threat information sharing method conforming to data security includes the steps:
threat information sharing party A and threat information sharing party B agree on a big prime number n, and make an information digital asset to be exchanged in a local threat information library of threat information sharing party A be alpha i The digital asset to be exchanged in the local threat information library of the threat information sharing party B is made to be alpha j ;
Threat information sharing party A selects key K A E {2, …, n-2}, calculate IP address
Threat information sharing party B selects key K B E {2, …, n-2}, calculate IP address
Threat information sharing party a and threat information sharing party B exchange IP addresses E i,A And IP address E j,B ;
Threat intelligence sharer A calculates IP address
Threat intelligence sharing party B computes IP addresses
Threat information sharing party a and threat information sharing party B exchange IP addresses D j,AB And IP address D i,BA ;
Threat intelligence sharer A and threat intelligence sharer B respectively compare IP addresses D j,AB And IP address D i,BA The number of repeating elements in a digital asset alpha is determined i With digital asset alpha j Whether it is the same digital asset.
2. The method of claim 1, wherein the method of constructing a local threat intelligence library comprises: based on socioeconomic data obtained and/or publicly revealed data.
3. The method of claim 1, wherein the digital asset comprises: malicious IP addresses and malicious domain names.
4. A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the method of any of claims 1-3 when run.
5. An electronic device comprising a memory, in which a computer program is stored, and a processor arranged to run the computer program to perform the method of any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210010348.3A CN114553403B (en) | 2022-01-06 | 2022-01-06 | Threat information sharing method and device conforming to data security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210010348.3A CN114553403B (en) | 2022-01-06 | 2022-01-06 | Threat information sharing method and device conforming to data security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114553403A CN114553403A (en) | 2022-05-27 |
| CN114553403B true CN114553403B (en) | 2024-02-13 |
Family
ID=81670003
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210010348.3A Active CN114553403B (en) | 2022-01-06 | 2022-01-06 | Threat information sharing method and device conforming to data security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553403B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116112294B (en) * | 2023-04-12 | 2023-07-18 | 鹏城实验室 | Network target range protection method, device, equipment and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112543196A (en) * | 2020-12-04 | 2021-03-23 | 国网山东省电力公司电力科学研究院 | Network threat information sharing platform based on block chain intelligent contract |
| KR20210045562A (en) * | 2019-10-16 | 2021-04-27 | 한국전자통신연구원 | Method of shareing cyber threat information based on anonymized network traffic and system using the same |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8402098B2 (en) * | 2009-08-13 | 2013-03-19 | Clark C. Dircz | System and method for intelligence gathering and analysis |
| US10469514B2 (en) * | 2014-06-23 | 2019-11-05 | Hewlett Packard Enterprise Development Lp | Collaborative and adaptive threat intelligence for computer security |
| US11290472B2 (en) * | 2019-09-25 | 2022-03-29 | International Business Machines Corporation | Threat intelligence information access via a DNS protocol |
-
2022
- 2022-01-06 CN CN202210010348.3A patent/CN114553403B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20210045562A (en) * | 2019-10-16 | 2021-04-27 | 한국전자통신연구원 | Method of shareing cyber threat information based on anonymized network traffic and system using the same |
| CN112543196A (en) * | 2020-12-04 | 2021-03-23 | 国网山东省电力公司电力科学研究院 | Network threat information sharing platform based on block chain intelligent contract |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114553403A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Al Hamid et al. | A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography | |
| Gupta et al. | Secure data storage and sharing techniques for data protection in cloud environments: A systematic review, analysis, and future directions | |
| Pereida García et al. | Make sure DSA signing exponentiations really are constant-time | |
| Sanka et al. | Secure data access in cloud computing | |
| Sousa et al. | Efficient and secure outsourcing of genomic data storage | |
| Alowolodu et al. | Elliptic curve cryptography for securing cloud computing applications | |
| Bakas et al. | The cloud we share: Access control on symmetrically encrypted data in untrusted clouds | |
| Athena et al. | Survey on public key cryptography scheme for securing data in cloud computing | |
| CN114553403B (en) | Threat information sharing method and device conforming to data security | |
| Zhang et al. | A Secure and Privacy‐Aware Smart Health System with Secret Key Leakage Resilience | |
| CN114528331A (en) | Data query method, device, medium and equipment based on block chain | |
| Arslan et al. | A study on the use of quantum computers, risk assessment and security problems | |
| Souza et al. | Client-side encryption for privacy-sensitive applications on the cloud | |
| Ahamed et al. | Secured Data Storage Using Deduplication in Cloud Computing Based on Elliptic Curve Cryptography. | |
| Naor et al. | Toward securing untrusted storage without public-key operations | |
| CN110677253A (en) | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC | |
| Srivastava et al. | Decentralization of Identities Using Blockchain | |
| Yu et al. | Secure Data Sharing for Cross-domain Industrial IoT Based on Consortium Blockchain | |
| Shrivastava et al. | Hybrid Confidentiality Framework for Secured Cloud Computing | |
| Prathapkumar et al. | DOUBLE SIGNATURE BASED CRYPTOGRAPHY USING DS-SHA256 IN CLOUD COMPUTING | |
| İşler et al. | Puppy: A Publicly Verifiable Watermarking Protocol | |
| CN117749527B (en) | Safety protection method and system based on big data analysis and cloud computing | |
| Filaly et al. | Hybrid Encryption Algorithm for Information Security in Hadoop | |
| Goyal et al. | MD5 and ECC Encryption based framework for Cloud Computing Services | |
| Liu et al. | Research Article Traceable Multiauthority Attribute-Based Encryption with Outsourced Decryption and Hidden Policy for CIoT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |