CN115208697A - Adaptive data encryption method and device based on attack behavior - Google Patents
Adaptive data encryption method and device based on attack behavior Download PDFInfo
- Publication number
- CN115208697A CN115208697A CN202211118391.8A CN202211118391A CN115208697A CN 115208697 A CN115208697 A CN 115208697A CN 202211118391 A CN202211118391 A CN 202211118391A CN 115208697 A CN115208697 A CN 115208697A
- Authority
- CN
- China
- Prior art keywords
- encryption
- encryption key
- key
- transmission data
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000003044 adaptive effect Effects 0.000 title claims description 39
- 230000005540 biological transmission Effects 0.000 claims abstract description 107
- 230000006854 communication Effects 0.000 claims abstract description 28
- 238000004891 communication Methods 0.000 claims abstract description 27
- 230000006399 behavior Effects 0.000 claims description 32
- 230000003993 interaction Effects 0.000 claims description 7
- 230000016571 aggressive behavior Effects 0.000 claims description 4
- 206010001488 Aggression Diseases 0.000 claims 2
- 208000012761 aggressive behavior Diseases 0.000 claims 2
- 230000006870 function Effects 0.000 description 57
- 238000004590 computer program Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005336 cracking Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Abstract
The embodiment of the invention discloses a self-adaptive data encryption method and a self-adaptive data encryption device based on an attack behavior, wherein the method comprises the following steps: determining a transmission data type and an application function scene under the condition that the first device and the second device establish communication connection, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels; determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene; under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link; and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment. According to the scheme, the information transmission safety is improved, and meanwhile, the equipment processing efficiency and the power consumption are considered.
Description
Technical Field
The embodiment of the application relates to the technical field of security chips, in particular to an adaptive data encryption method and device based on an attack behavior.
Background
With the popularization of informatization, the security of data transmission and storage becomes an important issue of information security. In order to ensure that the data security is not tampered and leaked, the transmitted data can be encrypted in an encryption mode in the information transmission process, and the corresponding receiving end correspondingly decrypts to obtain the decryption information and then correspondingly processes the decryption information.
In the related art, for example, patent document CN103905183B discloses a method for improving communication transmission security of an embedded encryption chip, the method includes: the encryption chip and the main controller carry out session key negotiation; the encryption chip encrypts a random number communication key list generated inside by using the session key and uploads the random number communication key list to the main controller; the main controller decrypts the random number communication key list ciphertext by using the session key to obtain a list copy; the main controller and the encryption chip encrypt the issued operation command data and response data by using the communication key randomly selected from the list, and extract the key decryption data from the random number communication key list through the communication key identifier. However, the transmission security is increased only by the way of key randomness, and the way selects the key by using the way of list randomness, the way of key processing is single, and the method cannot be well adapted to various network environments and application scenarios.
Disclosure of Invention
The embodiment of the invention provides an attack behavior-based adaptive data encryption method and device, which solve the problems that in the related art, the transmission security is increased only by a key randomness mode, the keys are selected by the mode of list randomness, the key processing mode is single, and the method cannot be well adapted to various different network environments and application scenes, improve the information transmission security, and simultaneously give consideration to the equipment processing efficiency and the power consumption.
In a first aspect, an embodiment of the present invention provides an adaptive data encryption method based on an attack behavior, where the method includes:
determining a transmission data type and an application function scene under the condition that the first device and the second device establish communication connection, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels;
determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene;
under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link;
and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment.
Optionally, the determining the transmission data type and the application function scenario includes:
determining the type of transmission data according to the received instruction information of the second equipment; and the number of the first and second groups,
and determining an application function scene according to the interaction information of the first equipment and the user.
Optionally, the determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scenario includes:
determining a first encryption algorithm to be used according to the corresponding relation between different set application function scenes and the encryption algorithm, wherein a plurality of encryption algorithms with different security levels are stored in the first equipment;
if the transmission data type is a sensitive type, using a pre-stored encryption key with first complexity as a first encryption key;
and if the transmission data type is a non-sensitive type, using a pre-stored encryption key with a second complexity as a first encryption key, wherein the first complexity is higher than the second complexity.
Optionally, in the case that an attack event is detected, if the attack event satisfies an encryption update condition, generating a second encryption key includes:
under the condition that an attack event is detected, recording attack times and attack types;
and generating a random key as a second encryption key under the condition that the attack type meets a preset type and the attack times reach the preset times.
Optionally, the encrypting transmission data by the first encryption key and the second encryption key, and sending the encrypted data to the first device includes:
generating a third encryption key based on the first encryption key, the second encryption key and a key generation rule, wherein the key generation rule is recorded in the second device;
and encrypting the transmission data through the third encryption key, and sending the encrypted data to the first equipment.
Optionally, the generating a third encryption key based on the first encryption key, the second encryption key and a key generation rule includes:
and combining the first encryption key and the second encryption key to obtain a third encryption key.
Optionally, after sending the encrypted data to the second device, the method further includes:
and after receiving the second encryption key, the second device generates a third encryption key based on the stored key generation rule, the first encryption key and the received second encryption key, and decrypts the received encrypted data through the third encryption key, wherein the first encryption algorithm is a symmetric encryption algorithm.
In a second aspect, an embodiment of the present invention further provides an adaptive data encryption apparatus based on an attack behavior, including:
the information determining module is configured to determine a transmission data type and an application function scene under the condition that the first device and the second device establish communication connection, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels;
the encryption determining module is configured to determine a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene;
the encryption updating module is configured to generate a second encryption key if the attack event meets an encryption updating condition under the condition that the attack event is detected, and send the second encryption key to the second device in a secure link;
and the encryption processing module is configured to encrypt transmission data through the first encryption key and the second encryption key and send the encrypted data to the second device.
In a third aspect, an embodiment of the present invention further provides an adaptive data encryption device based on an attack behavior, where the adaptive data encryption device includes:
one or more processors;
storing adaptive data encryption means based on the attack behaviour for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the adaptive data encryption method based on the attack behavior according to the embodiment of the present invention.
In a fourth aspect, the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the adaptive data encryption method based on attack behavior according to the present invention.
In a fifth aspect, the present application further provides a computer program product, where the computer program product includes a computer program, where the computer program is stored in a computer-readable storage medium, and at least one processor of the device reads from the computer-readable storage medium and executes the computer program, so that the device executes the method for adaptive data encryption based on attack behavior according to the present application.
In the embodiment of the invention, the transmission data type and the application function scene are determined under the condition that the first device and the second device establish communication connection, the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels; determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene; under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link; and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment. According to the scheme, the problem that in the related technology, the transmission safety is increased only through a key randomness mode, the keys are selected in a list randomness mode in the key processing mode, the key processing mode is single, and the device can not well adapt to various different network environments and application scenes is solved, the information transmission safety is improved, and meanwhile, the device processing efficiency and the power consumption are considered.
Drawings
Fig. 1 is a flowchart of an adaptive data encryption method based on an attack behavior according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for encrypting data based on a first encryption key and a second encryption key according to an embodiment of the present invention;
fig. 3 is a flowchart of another adaptive data encryption method based on an attack behavior according to an embodiment of the present invention;
fig. 4 is a block diagram of a structure of an adaptive data encryption apparatus based on an attack behavior according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an adaptive data encryption device based on an attack behavior according to an embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the embodiments of the invention and do not delimit the embodiments. It should be further noted that, for convenience of description, only some structures, not all structures, relating to the embodiments of the present invention are shown in the drawings.
Fig. 1 is a flowchart of an adaptive data encryption method based on an attack behavior according to an embodiment of the present invention, where an embodiment of the present invention specifically includes the following steps:
step S101, under the condition that the first device and the second device establish communication connection, determining a transmission data type and an application function scene, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels.
The first device and the second device are devices integrated with a security chip, and data can be encrypted and decrypted based on the security chip, such as car networking devices, video monitoring devices or other intelligent devices.
The first device and the second device can establish communication connection to carry out data communication, and data transmission is carried out in the data communication process. In one embodiment, when data is transmitted, the type of data transmitted and the application function scenario are determined. The transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels.
Optionally, the determining the transmission data type and the application function scenario includes: determining the type of transmission data according to the received instruction information of the second equipment; and determining an application function scene according to the interaction information of the first equipment and the user. In one embodiment, the first device responds to a connection establishment request with the second device and establishes a communication connection with the second device accordingly, and selects the fed-back data based on the instruction information when transmitting the data to the second device. When the data type is determined to be transmitted, the data type is determined based on the instruction information, optionally, if the instruction information is a data query instruction, query data is fed back at this time, the data type to be transmitted is determined to be sensitive data, if the instruction information is a data storage instruction, data storage is performed at this time, and data which is successfully received and stored is fed back and is non-sensitive data. When the application function scene is determined, determining based on the interaction information of the first device and the user, for example, when the user performs gesture by opening a camera of the first device or performs voice interaction, determining that the application function scene is a scene containing user information; and if the user clicks the screen of the first device through a finger for interaction, determining that the application function scene is a scene without user information.
In one embodiment, after the first device and the other device establish a communication connection, the encryption algorithm and the encryption key are re-determined based on the above steps. Or, when the disconnection with the second device exceeds the preset time, or a new round of transmission is established after the communication transmission in the round is finished, the encryption algorithm and the encryption key are determined again.
Step S102, determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene.
In one embodiment, after the data type and the application function scenario are transmitted, a first encryption algorithm and a corresponding first encryption key are determined accordingly. Optionally, the following may be: determining a first encryption algorithm to be used according to the corresponding relation between different set application function scenes and the encryption algorithm, wherein a plurality of encryption algorithms with different security levels are stored in the first equipment; if the transmission data type is a sensitive type, using a pre-stored encryption key with first complexity as a first encryption key; and if the transmission data type is a non-sensitive type, using a pre-stored encryption key with a second complexity as a first encryption key, wherein the first complexity is higher than the second complexity. Where the complexity may be the key length. The encryption algorithms with different security levels can be the security levels given based on the industry standard and the corresponding encryption algorithms of the security levels. The corresponding relation between the application function scene and the encryption algorithm is preset and can be changed. Optionally, an encryption algorithm with a high security level is used for a scene containing user information, and conversely, an encryption algorithm with a low security level is used.
Step S103, under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link.
In one embodiment, the attack event is detected in real time, and the second encryption key is generated when the attack event is judged to meet the encryption updating condition. Optionally, in the case that an attack event is detected, if the attack event satisfies an encryption updating condition, generating a second encryption key includes: under the condition that an attack event is detected, recording attack times and attack types; and generating a random key as a second encryption key under the condition that the attack type meets a preset type and the attack times reach the preset times. The attack frequency illustratively reaches 50 times, and the attack frequency is judged to reach the preset frequency. The attack type is a type set in advance for different attack situations, such as cracking attack on login information, cracking attack on a secret key, cracking attack on stored data and the like, and when the set type is met and the attack times reach the preset times, the encryption updating condition is judged to be met. And when the condition is met, generating a second encryption key correspondingly.
Step S104, encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second device.
After the second encryption key is generated, the transmission data is encrypted by using the first encryption key and the second encryption key, and the encrypted data is sent to the second device.
According to the above, the type of the transmission data and the application function scene are determined under the condition that the first device and the second device establish communication connection, the type of the transmission data comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels; determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene; under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link; and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment. According to the scheme, the problem that in the related technology, the transmission safety is increased only through a key randomness mode, the keys are selected in a list randomness mode in the key processing mode, the key processing mode is single, and the device can not well adapt to various different network environments and application scenes is solved, the information transmission safety is improved, and meanwhile, the device processing efficiency and the power consumption are considered.
Fig. 2 is a flowchart of a method for encrypting data based on a first encryption key and a second encryption key according to an embodiment of the present invention, as shown in fig. 2, specifically including:
step S201, determining a transmission data type and an application function scenario under the condition that the first device and the second device establish a communication connection, where the transmission data type includes a sensitive type and a non-sensitive type, and different application function scenarios correspond to different information security levels.
Step S202, determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene.
Step S203, in the case that an attack event is detected, if the attack event satisfies an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second device in a secure link.
Step S204, generating a third encryption key based on the first encryption key, the second encryption key and a key generation rule, wherein the key generation rule is recorded in the second equipment, encrypting transmission data through the third encryption key, and sending the encrypted data to the first equipment.
The key generation rule records a specific manner of generating a third encryption key based on the first encryption key and the second encryption key. Optionally, the combination may be a specific operation rule for data recorded in the key, or a direct combination rule, where the combination may be to concatenate two encryption keys together to obtain a third encryption key, and the concatenation sequence is preset.
According to the above, the type of the transmission data and the application function scene are determined under the condition that the first device and the second device establish communication connection, the type of the transmission data comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels; determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene; under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link; and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment. According to the scheme, the problem that in the related technology, the transmission safety is increased only through a key randomness mode, the keys are selected in a list randomness mode in the key processing mode, the key processing mode is single, and the device can not well adapt to various different network environments and application scenes is solved, the information transmission safety is improved, and meanwhile, the device processing efficiency and the power consumption are considered.
Fig. 3 is a flowchart of another algorithm adaptive data encryption method according to an embodiment of the present invention, and as shown in fig. 3, the method specifically includes:
step S301, under the condition that the first device and the second device establish communication connection, determining a transmission data type and an application function scene, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels.
Step S302, determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene.
Step S303, in a case that an attack event is detected, if the attack event satisfies an encryption update condition, generating a second encryption key, and sending the second encryption key to the second device in a secure link.
Step S304, generating a third encryption key based on the first encryption key, the second encryption key and a key generation rule, wherein the key generation rule is recorded in the second equipment, the transmission data is encrypted through the third encryption key, and the encrypted data is sent to the first equipment.
Step S305, after receiving the second encryption key, the second device generates a third encryption key based on the stored key generation rule, the first encryption key and the received second encryption key, and decrypts the received encrypted data through the third encryption key, where the first encryption algorithm is a symmetric encryption algorithm.
After receiving the second encryption key through the secure link, the second device combines the pre-stored first encryption key and the received second encryption key based on the same stored key generation rule to obtain a third encryption key, and decrypts the received encrypted data through the third encryption key. The first encryption algorithm is a symmetric encryption algorithm, and the used encryption key and the decryption key are the same.
According to the above, the type of the transmission data and the application function scene are determined under the condition that the first device and the second device establish communication connection, the type of the transmission data comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels; determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene; under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link; and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment. According to the scheme, the problem that in the related technology, the transmission safety is increased only through a key randomness mode, the keys are selected in a list randomness mode in the key processing mode, the key processing mode is single, and the device can not well adapt to various different network environments and application scenes is solved, the information transmission safety is improved, and meanwhile, the device processing efficiency and the power consumption are considered.
Fig. 4 is a block diagram of a structure of an attack behavior-based adaptive data encryption device according to an embodiment of the present invention, where the attack behavior-based adaptive data encryption device is configured to execute an attack behavior-based adaptive data encryption method provided by the data receiving end embodiment, and has corresponding functional modules and beneficial effects of the execution method. As shown in fig. 4, the adaptive data encryption apparatus based on attack behavior specifically includes: the information determining module 101 is configured to determine a transmission data type and an application function scenario when the first device and the second device establish a communication connection, where the transmission data type includes a sensitive type and a non-sensitive type, and different application function scenarios correspond to different information security levels;
an encryption determining module 102 configured to determine a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scenario;
an encryption updating module 103 configured to, in a case that an attack event is detected, generate a second encryption key if the attack event satisfies an encryption updating condition, and send the second encryption key to the second device in a secure link;
an encryption processing module 104 configured to encrypt transmission data by the first encryption key and the second encryption key, and send the encrypted data to the second device.
According to the scheme, the transmission data type and the application function scene are determined under the condition that the first device and the second device are in communication connection, the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels; determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene; under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link; and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment. According to the scheme, the problem that in the related technology, the transmission safety is increased only through a key randomness mode, the keys are selected in a list randomness mode in the key processing mode, the key processing mode is single, and the device can not well adapt to various different network environments and application scenes is solved, the information transmission safety is improved, and meanwhile, the device processing efficiency and the power consumption are considered. Correspondingly, the functions executed by the modules are respectively as follows:
in one possible embodiment, the determining the transmission data type and the application function scenario includes:
determining the type of transmission data according to the received instruction information of the second equipment; and the number of the first and second groups,
and determining an application function scene according to the interaction information of the first equipment and the user.
In one possible embodiment, the determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scenario includes:
determining a first encryption algorithm to be used according to the corresponding relation between different set application function scenes and the encryption algorithm, wherein a plurality of encryption algorithms with different security levels are stored in the first equipment;
if the transmission data type is a sensitive type, using a pre-stored encryption key with first complexity as a first encryption key;
and if the transmission data type is a non-sensitive type, using a pre-stored encryption key with a second complexity as a first encryption key, wherein the first complexity is higher than the second complexity.
In a possible embodiment, said generating a second encryption key if the attack event satisfies an encryption update condition in case of detecting the attack event comprises:
under the condition that an attack event is detected, recording attack times and attack types;
and generating a random key as a second encryption key under the condition that the attack type meets a preset type and the attack times reach the preset times.
In a possible embodiment, the encrypting transmission data by the first encryption key and the second encryption key and sending the encrypted data to the first device includes:
generating a third encryption key based on the first encryption key, the second encryption key and a key generation rule, wherein the key generation rule is recorded in the second device;
and encrypting the transmission data through the third encryption key, and sending the encrypted data to the first equipment.
In one possible embodiment, the generating a third encryption key based on the first encryption key, the second encryption key, and a key generation rule includes:
and combining the first encryption key and the second encryption key to obtain a third encryption key.
In a possible embodiment, after sending the encrypted data to the second device, the method further includes:
and after receiving the second encryption key, the second device generates a third encryption key based on the stored key generation rule, the first encryption key and the received second encryption key, and decrypts the received encrypted data through the third encryption key, wherein the first encryption algorithm is a symmetric encryption algorithm.
Fig. 5 is a schematic structural diagram of an adaptive data encryption device based on attack behavior according to an embodiment of the present invention, as shown in fig. 5, the device includes a processor 201, a memory 202, an input device 203, and an output device 204; the number of the processors 201 in the device may be one or more, and one processor 201 is taken as an example in fig. 5; the processor 201, the memory 202, the input device 203 and the output device 204 in the apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example. The memory 202, which is a computer-readable storage medium, may be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the adaptive data encryption method based on attack behavior in the embodiment of the present invention. The processor 201 executes various functional applications of the device and data processing by running software programs, instructions and modules stored in the memory 202, i.e., implements the above-described adaptive data encryption method based on the attack behavior. The input device 203 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the apparatus. The output device 204 may include a display device such as a display screen.
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a method for adaptive data encryption based on aggression, the method comprising:
determining a transmission data type and an application function scene under the condition that the first device and the second device establish communication connection, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels;
determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene;
under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link;
and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment.
From the above description of the embodiments, it is obvious for those skilled in the art that the embodiments of the present invention can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better implementation in many cases. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions to make a computer device (which may be a personal computer, a service, or a network device) perform the methods described in the embodiments of the present invention.
It should be noted that, in the embodiment of the adaptive data encryption apparatus based on attack behavior, the included units and modules are only divided according to functional logic, but are not limited to the above division, as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the embodiment of the invention.
In some possible embodiments, various aspects of the methods provided by the present application may also be implemented in the form of a program product including program code for causing a computer device to perform the steps in the methods according to various exemplary embodiments of the present application described above in this specification when the program product runs on the computer device, for example, the computer device may perform the adaptive data encryption method based on attack behavior described in the embodiments of the present application. The program product may be implemented using any combination of one or more readable media.
It should be noted that the foregoing is only a preferred embodiment of the present invention and the technical principles applied. Those skilled in the art will appreciate that the embodiments of the present invention are not limited to the specific embodiments described herein, and that various obvious changes, adaptations, and substitutions are possible, without departing from the scope of the embodiments of the present invention. Therefore, although the embodiments of the present invention have been described in more detail through the above embodiments, the embodiments of the present invention are not limited to the above embodiments, and many other equivalent embodiments can be included without departing from the concept of the embodiments of the present invention, and the scope of the embodiments of the present invention is determined by the scope of the appended claims.
Claims (10)
1. The adaptive data encryption method based on the attack behavior is characterized by comprising the following steps:
determining a transmission data type and an application function scene under the condition that the first device and the second device establish communication connection, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels;
determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene;
under the condition that an attack event is detected, if the attack event meets an encryption updating condition, generating a second encryption key, and sending the second encryption key to the second equipment in a secure link;
and encrypting transmission data through the first encryption key and the second encryption key, and sending the encrypted data to the second equipment.
2. The adaptive data encryption method based on attack behavior according to claim 1, wherein the determining the transmission data type and the application function scenario comprises:
determining the type of transmission data according to the received instruction information of the second equipment; and the number of the first and second groups,
and determining an application function scene according to the interaction information of the first equipment and the user.
3. The adaptive data encryption method based on attack behavior according to claim 1, wherein the determining a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scenario comprises:
determining a first encryption algorithm to be used according to the corresponding relation between different set application function scenes and the encryption algorithm, wherein a plurality of encryption algorithms with different security levels are stored in the first equipment;
if the transmission data type is a sensitive type, using a pre-stored encryption key with first complexity as a first encryption key;
and if the transmission data type is a non-sensitive type, using a pre-stored encryption key with a second complexity as a first encryption key, wherein the first complexity is higher than the second complexity.
4. The adaptive data encryption method based on attack behavior according to any one of claims 1-3, wherein the generating a second encryption key if the attack event satisfies an encryption update condition in case of detecting the attack event comprises:
under the condition that an attack event is detected, recording attack times and attack types;
and generating a random key as a second encryption key under the condition that the attack type meets a preset type and the attack times reach the preset times.
5. The adaptive data encryption method based on the attack behavior according to any one of claims 1 to 3, wherein the encrypting the transmission data by the first encryption key and the second encryption key and sending the encrypted data to the first device comprises:
generating a third encryption key based on the first encryption key, the second encryption key and a key generation rule, wherein the key generation rule is recorded in the second device;
and encrypting the transmission data through the third encryption key, and sending the encrypted data to the first equipment.
6. The method according to claim 5, wherein generating a third encryption key based on the first encryption key, the second encryption key, and a key generation rule comprises:
and combining the first encryption key and the second encryption key to obtain a third encryption key.
7. The adaptive data encryption method based on aggressive behavior according to claim 6, further comprising, after sending the encrypted data to the second device:
and after receiving the second encryption key, the second device generates a third encryption key based on the stored key generation rule, the first encryption key and the received second encryption key, and decrypts the received encrypted data through the third encryption key, wherein the first encryption algorithm is a symmetric encryption algorithm.
8. An adaptive data encryption device based on attack behavior, comprising:
the information determining module is configured to determine a transmission data type and an application function scene under the condition that the first device and the second device establish communication connection, wherein the transmission data type comprises a sensitive type and a non-sensitive type, and different application function scenes correspond to different information security levels;
the encryption determining module is configured to determine a first encryption algorithm and a corresponding first encryption key according to the transmission data type and the application function scene;
the encryption updating module is configured to generate a second encryption key if the attack event meets an encryption updating condition under the condition that the attack event is detected, and send the second encryption key to the second equipment in a secure link;
and the encryption processing module is configured to encrypt transmission data through the first encryption key and the second encryption key and send the encrypted data to the second device.
9. An adaptive data encryption device based on aggressive behavior, the device comprising: one or more processors; storing an adaptive data encryption apparatus based on an attack behavior, for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the adaptive data encryption method based on an attack behavior according to any one of claims 1 to 7.
10. A storage medium containing computer executable instructions for performing the adaptive data encryption method based on aggression according to any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211118391.8A CN115208697A (en) | 2022-09-15 | 2022-09-15 | Adaptive data encryption method and device based on attack behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211118391.8A CN115208697A (en) | 2022-09-15 | 2022-09-15 | Adaptive data encryption method and device based on attack behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115208697A true CN115208697A (en) | 2022-10-18 |
Family
ID=83572895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211118391.8A Pending CN115208697A (en) | 2022-09-15 | 2022-09-15 | Adaptive data encryption method and device based on attack behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115208697A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115577352A (en) * | 2022-11-24 | 2023-01-06 | 广州万协通信息技术有限公司 | Vehicle gauge chip switching control method and device |
| CN116132035A (en) * | 2023-02-03 | 2023-05-16 | 广州万协通信息技术有限公司 | High-performance password operation method and device based on multi-parameter dynamic adjustment |
| CN116384702A (en) * | 2023-04-17 | 2023-07-04 | 点米(北京)科技有限公司 | Enterprise personnel management method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120278345A1 (en) * | 2009-11-16 | 2012-11-01 | Jackson-Smith Alexander | Variable Substitution Data Processing Method |
| CN103209072A (en) * | 2013-04-27 | 2013-07-17 | 杭州华三通信技术有限公司 | MACsec (Multi-Access Computer security) key updating method and equipment |
| CN112653705A (en) * | 2020-12-29 | 2021-04-13 | 中国农业银行股份有限公司 | Data encryption transmission method, device and equipment |
| WO2021237542A1 (en) * | 2020-05-27 | 2021-12-02 | 深圳市大疆创新科技有限公司 | Data processing, encryption, and decryption methods, device, and storage medium |
| CN114513533A (en) * | 2021-12-24 | 2022-05-17 | 北京理工大学 | Classified and graded fitness and health big data sharing system and method |
| CN114915457A (en) * | 2022-04-27 | 2022-08-16 | 烽台科技(北京)有限公司 | Message transmission method, dynamic encryption method, device, electronic equipment and medium |
-
2022
- 2022-09-15 CN CN202211118391.8A patent/CN115208697A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120278345A1 (en) * | 2009-11-16 | 2012-11-01 | Jackson-Smith Alexander | Variable Substitution Data Processing Method |
| CN103209072A (en) * | 2013-04-27 | 2013-07-17 | 杭州华三通信技术有限公司 | MACsec (Multi-Access Computer security) key updating method and equipment |
| WO2021237542A1 (en) * | 2020-05-27 | 2021-12-02 | 深圳市大疆创新科技有限公司 | Data processing, encryption, and decryption methods, device, and storage medium |
| CN112653705A (en) * | 2020-12-29 | 2021-04-13 | 中国农业银行股份有限公司 | Data encryption transmission method, device and equipment |
| CN114513533A (en) * | 2021-12-24 | 2022-05-17 | 北京理工大学 | Classified and graded fitness and health big data sharing system and method |
| CN114915457A (en) * | 2022-04-27 | 2022-08-16 | 烽台科技(北京)有限公司 | Message transmission method, dynamic encryption method, device, electronic equipment and medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115577352A (en) * | 2022-11-24 | 2023-01-06 | 广州万协通信息技术有限公司 | Vehicle gauge chip switching control method and device |
| CN115577352B (en) * | 2022-11-24 | 2023-03-14 | 广州万协通信息技术有限公司 | Vehicle gauge chip switching control method and device |
| CN116132035A (en) * | 2023-02-03 | 2023-05-16 | 广州万协通信息技术有限公司 | High-performance password operation method and device based on multi-parameter dynamic adjustment |
| CN116132035B (en) * | 2023-02-03 | 2024-04-12 | 广州万协通信息技术有限公司 | High-performance password operation method and device based on multi-parameter dynamic adjustment |
| CN116384702A (en) * | 2023-04-17 | 2023-07-04 | 点米(北京)科技有限公司 | Enterprise personnel management method and system |
| CN116384702B (en) * | 2023-04-17 | 2023-12-29 | 点米(北京)科技有限公司 | Enterprise personnel management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3324572B1 (en) | Information transmission method and mobile device | |
| CN115208697A (en) | Adaptive data encryption method and device based on attack behavior | |
| CN115065472B (en) | Security chip encryption and decryption method and device based on multi-key encryption and decryption | |
| CN113923655B (en) | Data decryption receiving method and device based on adjacent nodes | |
| CN115208705B (en) | Encryption and decryption method and device based on link data self-adaptive adjustment | |
| CN111741268B (en) | Video transmission method, device, server, equipment and medium | |
| CN112003697B (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| CN114520727B (en) | Security chip data protection method and system | |
| CN114760056B (en) | Secure communication method and device for dynamically updating key | |
| CN114531239B (en) | Data transmission method and system for multiple encryption keys | |
| CN113992427B (en) | Data encryption sending method and device based on adjacent nodes | |
| CN114528602A (en) | Security chip operation method and device based on attack detection behavior | |
| CN105022965A (en) | Data encryption method and apparatus | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN115085925B (en) | Security chip processing method and device for key information combination encryption | |
| CN111246407A (en) | Data encryption and decryption method and device for short message transmission | |
| CN113434837B (en) | Method and device for equipment identity authentication and smart home system | |
| CN114417309A (en) | Bidirectional identity authentication method, device, equipment and storage medium | |
| CN108154037A (en) | Data transmission method and device between process | |
| CN111654731A (en) | Key information transmission method and device, electronic equipment and computer storage medium | |
| CN115529131B (en) | Data encryption and decryption method and device based on dynamic key | |
| CN115208569B (en) | Encryption and decryption method and device for dynamic key distribution | |
| CN115118523B (en) | Security chip encryption processing method and device for adjusting encryption strategy by terminal equipment | |
| CN115065843B (en) | Video encryption and decryption processing method and system under security authentication | |
| CN111431846B (en) | Data transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221018 |
|
| RJ01 | Rejection of invention patent application after publication |