CN116260659A - Method for processing packet loss of ipsec data packet - Google Patents
Method for processing packet loss of ipsec data packet Download PDFInfo
- Publication number
- CN116260659A CN116260659A CN202310538265.6A CN202310538265A CN116260659A CN 116260659 A CN116260659 A CN 116260659A CN 202310538265 A CN202310538265 A CN 202310538265A CN 116260659 A CN116260659 A CN 116260659A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- sequence
- receiving end
- closed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000004364 calculation method Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 abstract description 15
- 230000000694 effects Effects 0.000 description 5
- 238000010276 construction Methods 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of data encryption transmission, in particular to a method for processing packet loss of an ipsec data packet, which comprises the following steps: obtaining an encryption object according to the ipsec data packet, and constructing a closed-loop chained key and an object sequence key according to the encryption object and a first preset length to obtain a data sequence to be encrypted of a target receiving end; and encrypting the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end to obtain a ciphertext sequence of the target receiving end, and transmitting the ciphertext sequence of each receiving end to each receiving end by the transmitting end in an ISAKMP negotiation stage. The invention realizes the encryption of the ipsec data packet of the target receiving end based on simple searching, judging and calculating, and has low cost, high encryption and decryption speed and higher security compared with the encryption transmission method and the asymmetric encryption transmission method based on the quantum key.
Description
Technical Field
The invention relates to the technical field of data encryption transmission, in particular to an ipsec data packet loss processing method.
Background
ipsec is an open standard framework, a long-term direction of secure networking, by using secure services of encrypted transmission methods to ensure secret and secure communication over the network. Before data transmission via ipsec, a connection needs to be established via the ISAKMP negotiation phase.
In the ISAKMP negotiation stage, a sender needs to transmit an ipsec data packet containing an encryption suite to a receiver, and the ipsec data packet is lost due to attack of an attacker in the transmission process, so that the attacker obtains the ipsec data packet, and further, the attacker breaks the subsequently transmitted data according to the encryption suite in the ipsec data packet, so that important information is leaked.
Therefore, the present invention needs to encrypt the ipsec packet for transmission, and the current encryption transmission method of the ipsec packet is various, including: an encryption transmission method and an asymmetric encryption transmission method based on a quantum key; the encryption transmission method based on the quantum key needs extremely expensive quantum key distribution equipment and has high cost; the asymmetric encryption transmission method is based on mathematical problems, and has high security, but has slow encryption and decryption speeds; therefore, it is necessary to provide an encrypted transmission method for ipsec packets, which is moderate in cost and fast, and which does not cause leakage of important information even if the ipsec packets are lost.
Disclosure of Invention
The invention provides a method for processing packet loss of an ipsec data packet, which aims to solve the existing problem.
The invention discloses a method for processing packet loss of an ipsec data packet, which adopts the following technical scheme:
the embodiment of the invention provides a method for processing the packet loss of an ipsec data packet, which comprises the following steps:
obtaining encryption objects according to the ipsec data packet, and recording the number of the encryption objects as a first preset length;
constructing a closed-loop chained key and an object sequence key according to the encrypted object and the first preset length, and distributing a closed-loop chained key and an object sequence key to each receiving end;
taking any receiving end as a target receiving end to obtain a data sequence to be encrypted of the target receiving end;
encrypting the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end to obtain a ciphertext sequence of the target receiving end, wherein the method comprises the following steps: for any one data to be encrypted in a data sequence to be encrypted of a target receiving end, acquiring an object of the data to be encrypted according to an object sequence key of the target receiving end, acquiring a closed loop chained sequence of the data to be encrypted, acquiring a first position and a second position of the data to be encrypted, acquiring ciphertext of the data to be encrypted according to the first position and the second position of the data to be encrypted, and updating the closed loop chained sequence of the data to be encrypted according to the data to be encrypted and the object of the data to be encrypted; sequentially encrypting each piece of data to be encrypted in a data sequence to be encrypted of a target receiving end according to the sequence to obtain a ciphertext of each piece of data to be encrypted, and marking a sequence formed by all pieces of ciphertext of data to be encrypted in the data sequence to be encrypted according to the sequence as a ciphertext sequence of the target receiving end;
in the ISAKMP negotiation stage, the data sequence to be encrypted of each receiving end is encrypted according to the closed-loop chained key and the object sequence key of each receiving end to obtain the ciphertext sequence of each receiving end, and the sending end transmits the ciphertext sequence of each receiving end to each receiving end.
Further, the method for obtaining the encrypted object according to the ipsec packet comprises the following specific steps:
and taking all capital English letters, all lowercase English letters, all numbers and 4 preset symbols contained in the ipsec data packet as encryption objects, wherein the 4 preset symbols comprise a first preset symbol, a second preset symbol, a third preset symbol and a fourth preset symbol.
Further, the construction method of the closed loop chained key comprises the following steps:
constructing an empty annular sequence with the length equal to the first preset length, randomly filling all the encrypted objects in the empty annular sequence, and enabling each encrypted object to only appear once in the annular sequence; and marking the filled annular sequence as a closed-loop chained key to obtain all different closed-loop chained keys meeting the conditions.
Further, the construction method of the object sequence key comprises the following steps:
constructing a null sequence with the length equal to the first preset length, randomly filling all the encrypted objects in the null sequence, marking the filled sequence as an object sequence key without limiting the frequency of each encrypted object in the annular sequence, and obtaining all different object sequence keys meeting the conditions.
Further, the obtaining the data sequence to be encrypted of the target receiving end includes the following specific steps:
all spaces in the ipsec data packet of the target receiving end are converted into a first preset symbol, a sequence formed by all converted data is recorded as a data sequence to be encrypted, and each data in the data sequence to be encrypted is recorded as data to be encrypted.
Further, the method for obtaining the object of the data to be encrypted according to the object sequence key of the target receiving end comprises the following specific steps:
for the t data to be encrypted in the data sequence to be encrypted of the target receiving end, the k data in the object sequence key of the target receiving end is recorded as the object of the t data to be encrypted, whereinC represents the length of the object sequence key, i.e., the first preset length,% represents the division margin.
Further, the method for obtaining the closed loop chained sequence of the data to be encrypted comprises the following specific steps:
regarding the 1 st data to be encrypted in the data sequence to be encrypted of the target receiving end, taking a closed-loop chained key of the target receiving end as a closed-loop chained sequence of the 1 st data to be encrypted; and regarding the t-th data to be encrypted in the data sequence to be encrypted of the target receiving end, taking the updated closed-loop chained sequence of the t-1-th data to be encrypted as the closed-loop chained sequence of the t-th data to be encrypted.
Further, the obtaining the first location and the second location of the data to be encrypted includes the following specific steps:
recording the corresponding position of the data which is the same as the data to be encrypted at the t on the closed loop chain sequence of the data to be encrypted at the t as the first position of the data to be encrypted at the t; and recording the corresponding position of the data which is the same as the object of the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted as the second position of the t data to be encrypted.
Further, the method for obtaining the ciphertext of the data to be encrypted according to the first position and the second position of the data to be encrypted comprises the following specific steps:
the distance between the t data to be encrypted and the object of the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted along the clockwise direction is recorded as ciphertext of the t data to be encrypted, and the ciphertext specifically comprises the following steps: when the t first position of the data to be encryptedA second location less than the t-th data to be encryptedWhen the calculation formula of the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chained sequence of the t data to be encrypted is as follows:the method comprises the steps of carrying out a first treatment on the surface of the When the t first position of the data to be encryptedA second location not less than the t-th data to be encryptedWhen the calculation formula of the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chained sequence of the t data to be encrypted is as follows:c represents the length of the object sequence key, namely a first preset length; and taking the obtained distance as the ciphertext of the t-th data to be encrypted.
Further, the updating the closed-loop chained sequence of the data to be encrypted according to the data to be encrypted and the object of the data to be encrypted comprises the following specific steps:
the data which is the same as the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted is recorded asClosed loop chained sequence of the t-th data to be encryptedThe data which is the same as the t-th data to be encrypted is recorded asWill beAnd (3) withAnd (3) exchanging, namely marking the closed loop chain sequence after the exchange as an updated closed loop chain sequence of the t-th data to be encrypted.
The technical scheme of the invention has the beneficial effects that:
1. the invention constructs the closed-loop chained key and the object sequence key according to the encrypted object and the first preset length, obtains the data sequence to be encrypted of the target receiving end according to the ipsec data packet, encrypts the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end, obtains the ciphertext sequence of the target receiving end, and realizes the encryption of the ipsec data packet of the target receiving end based on simple searching, judging and calculating.
2. The invention encrypts the data sequence to be encrypted of the target receiving end according to the closed loop chain sequence of the target receiving end, and because the updated closed loop chain sequence of the previous data to be encrypted is used as the closed loop chain sequence of the current data to be encrypted, the indistinguishable change of the ciphertext sequence can be caused by the subtle change of any one of the data sequences to be encrypted of all the target receiving ends, so the ciphertext sequence obtained by the encryption method has stronger avalanche effect, and the security of the ciphertext sequence obtained by the encryption method encrypts the data sequence to be encrypted of the target receiving end is higher.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of steps of a method for processing lost packets of ipsec data packets according to the present invention;
fig. 2 is a schematic diagram of a closed-loop chained key at a receiving end according to the present invention.
Detailed Description
In order to further describe the technical means and effects adopted by the present invention to achieve the preset purpose, the following detailed description refers to specific implementation, structure, characteristics and effects of an ipsec packet loss processing method according to the present invention with reference to the accompanying drawings and preferred embodiments. In the following description, different "one embodiment" or "another embodiment" means that the embodiments are not necessarily the same. Furthermore, the particular features, structures, or characteristics of one or more embodiments may be combined in any suitable manner.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following specifically describes a specific scheme of the method for processing the packet loss of the ipsec packet provided by the present invention in combination with the accompanying drawings.
Referring to fig. 1, a flowchart of a method for processing lost packets of ipsec packets according to an embodiment of the invention is shown, the method includes the following steps:
s001, obtaining an encryption object according to the ipsec data packet.
Because the ipsec packet is used to establish connection between the transmitting end and the receiving end in the ISAKMP negotiation stage, the ipsec packet includes a cookie value of the transmitting end and an encryption suite, where the encryption suite includes an encryption algorithm, a key period, a hash algorithm, an authentication algorithm, a lifetime, a shared key, and the like, and the cookie value and the encryption suite that form the transmitting end are numbers, english letters, spaces, and symbols ", symbols": "and symbol" - "are formed by using a first preset symbol to represent a space, marking the symbol" - "as a second preset symbol, and marking the symbol": the symbol "-" is recorded as a third preset symbol, and the symbol "-" is recorded as a fourth preset symbol, so that the encrypted object of the present invention is all english alphabets and all numbers, and 4 preset symbols, wherein all english alphabets include 26 uppercase english alphabets and 26 lowercase english alphabets, and all numbers include 0, 1, 2, 3, 4,5, 6, 7,8, 9, and therefore, the encrypted object of the present invention is 66 in total, and the number of the encrypted objects is recorded as a first preset length.
In this embodiment, the first preset symbol is "x", and in other embodiments, the implementation personnel may set the first preset symbol as required.
S002, constructing a closed-loop chained key and an object sequence key according to the encrypted object and the first preset length, and distributing a closed-loop chained key and an object sequence key to each receiving end.
1. And constructing a closed-loop chained key according to the encrypted object and the first preset length.
Constructing an empty annular sequence with the length equal to a first preset length, wherein the annular sequence refers to a sequence with the head end connected with the tail end, all encryption objects are randomly filled in the empty annular sequence, and each encryption object only appears once in the annular sequence; and marking the filled annular sequence as a closed-loop chained key to obtain all different closed-loop chained keys meeting the conditions.
For the closed-loop chained key, the corresponding position of the head end data of the closed-loop chained key on the closed-loop chained key is 1, the corresponding position of all other data on the closed-loop chained key is [2, c-1] according to the clockwise direction, the corresponding position of the tail end data of the closed-loop chained key on the closed-loop chained key is c, and c represents the length of the closed-loop chained key, namely the first preset length.
For example, in the present embodiment, uppercase english letters "a", "B", "C", "E", "S", and lowercase english letters "a", "B", "C", "E", "f", "g", "h", "i", "l", "m", "n", "o", "p", "r", "t", "y", "x", and third and fourth preset symbols are taken as encryption objects, the first preset length is 24, and one closed-loop chain key is constructed as shown in fig. 2.
2. And constructing an object sequence key according to the encrypted object and the first preset length.
Constructing a null sequence with the length equal to a first preset length, randomly filling all the encrypted objects in the null sequence, and obtaining a filled sequence, wherein the occurrence times of each encrypted object in the annular sequence are not limited; and marking the sequence meeting the condition as an object sequence key, and obtaining all different object sequence keys meeting the condition.
For example, an object sequence key constructed according to the encrypted object in this embodiment is: the obihtg is-: cafBbbcAgAyxyl ES is t-.
3. Each receiving end is assigned a closed-loop chained key and an object sequence key.
Each receiving end is allocated with a closed-loop chained key and an object sequence key, and it should be noted that the closed-loop chained key and the object sequence key which have been allocated cannot be allocated to other receiving ends,
and storing the closed-loop chained keys and the object sequence keys corresponding to each receiving end in the receiving end, and simultaneously storing the closed-loop chained keys and the object sequence keys corresponding to all the receiving ends in the transmitting end.
S003, obtaining data sequences to be encrypted of all receiving ends, and encrypting the data sequences to be encrypted of all receiving ends according to closed-loop chained keys and object sequence keys of all receiving ends to obtain ciphertext sequences of all receiving ends.
In order to ensure the security of the ipsec packet in the transmission process, after determining the target receiving end, the transmitting end needs to determine the closed-loop chained key and the object sequence key corresponding to the target receiving end from among the closed-loop chained keys and the object sequence keys corresponding to all the stored receiving ends, and encrypt the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key corresponding to the target receiving end, so this embodiment uses any receiving end as the target receiving end, and uses the closed-loop chained key and the object sequence key corresponding to the target receiving end to encrypt the data sequence to be encrypted of the target receiving end as an example to perform the specific steps as follows:
1. and obtaining the data sequence to be encrypted of the target receiving end.
All spaces in the ipsec data packet to be sent to the target receiving end are converted into a first preset symbol, a sequence formed by all converted data is recorded as a data sequence to be encrypted, and each data in the data sequence to be encrypted is recorded as data to be encrypted.
For example, the data sequence to be encrypted of the target receiving end is encryption-Algorithm: AES-CBC.
2. And encrypting the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end to obtain a ciphertext sequence of the target receiving end.
Encrypting each data to be encrypted in the data sequence to be encrypted of the target receiving end in sequence to obtain ciphertext, wherein the ciphertext is specifically:
(1) And acquiring an object of the data to be encrypted. For the t data to be encrypted in the data sequence to be encrypted of the target receiving end, the k data in the object sequence key of the target receiving end is recorded as the object of the t data to be encrypted, wherein,c represents the length of the object sequence key, i.e., the first preset length,% represents the division margin.
(2) A closed loop chained sequence of data to be encrypted is obtained. Regarding the t-th data to be encrypted in the data sequence to be encrypted of the target receiving end, taking the updated closed-loop chained sequence of the t-1-th data to be encrypted as the closed-loop chained sequence of the t-th data to be encrypted, wherein regarding the 1-th data to be encrypted in the data sequence to be encrypted of the target receiving end, taking the closed-loop chained key of the target receiving end as the closed-loop chained sequence of the 1-th data to be encrypted; since the encryption is sequentially performed according to the sequence of the data sequence to be encrypted of the target receiving end, when the closed-loop chained sequence of the t-th data to be encrypted is acquired, encryption of the t-1-th data to be encrypted in the data sequence to be encrypted is realized, so that the updated closed-loop chained sequence of the t-1-th data to be encrypted can be obtained, the closed-loop chained sequence of the t-th data to be encrypted is further acquired, and encryption of the t-th data to be encrypted is realized.
(3) A first location and a second location of data to be encrypted are obtained. Recording the corresponding position of the data which is the same as the data to be encrypted at the t on the closed loop chain sequence of the data to be encrypted at the t as the first position of the data to be encrypted at the t; and recording the corresponding position of the data which is the same as the object of the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted as the second position of the t data to be encrypted.
(4) And obtaining the ciphertext of the data to be encrypted according to the first position and the second position of the data to be encrypted. In the present embodiment, the t-th data to be encryptedWith the t-th object of data to be encryptedThe distance along the clockwise direction on the closed loop chain sequence of the t data to be encrypted is recorded as the ciphertext of the t data to be encryptedAnd (3) withThe distance along the clockwise direction on the closed-loop chained sequence of the t-th data to be encrypted is required to be obtained according to the first position and the second position of the data to be encrypted, specifically: when the t first position of the data to be encryptedA second location less than the t-th data to be encryptedWhen the calculation formula of the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chained sequence of the t data to be encrypted is as follows:the method comprises the steps of carrying out a first treatment on the surface of the When the t first position of the data to be encryptedA second location not less than the t-th data to be encryptedWhen the calculation formula of the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chained sequence of the t data to be encrypted is as follows:c represents the length of the object sequence key, namely a first preset length; according to the first position and the second position of the t data to be encrypted and the calculation formula, the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chain sequence of the t data to be encrypted is obtained, and the obtained distance is used as the ciphertext of the t data to be encrypted.
(5) Updating the closed-loop chained sequence of the data to be encrypted according to the data to be encrypted and the object of the data to be encrypted. The data which is the same as the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted is recorded asThe data which is the same as the object of the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted is recorded asWill beAnd (3) withExchanging, after the exchange is completedThe closed loop chain sequence of the (c) is marked as the updated closed loop chain sequence of the (t) th data to be encrypted.
(6) Encrypting each piece of data to be encrypted in the data sequence to be encrypted of the target receiving end sequentially to obtain ciphertext of each piece of data to be encrypted, and marking a sequence formed by all pieces of ciphertext of data to be encrypted in the data sequence to be encrypted according to the sequence as a ciphertext sequence of the target receiving end.
For example, the encryption-Algorithm AES-CBC of the data sequence to be encrypted of the target receiving end is encrypted according to the closed-loop chained key (figure 2) of the target receiving end and the object sequence key obihtg-: cafBbbcAgAyxylES:t-to obtain the ciphertext sequence of the target receiving end as {12,7,8,12,13,16,11,4,4,15,14,3,10,4,3,13,12,20,21,14,5,14,14,18,6,11,19,21}.
The invention constructs the closed-loop chained key and the object sequence key according to the encrypted object and the first preset length, obtains the data sequence to be encrypted of the target receiving end according to the ipsec data packet, encrypts the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end, obtains the ciphertext sequence of the target receiving end, and realizes the encryption of the ipsec data packet of the target receiving end based on simple searching, judging and calculating.
3. And obtaining the data sequences to be encrypted of each receiving end, and encrypting the data sequences to be encrypted of each receiving end according to the closed-loop chained key and the object sequence key of each receiving end to obtain the ciphertext sequences of each receiving end.
The invention encrypts the data sequence to be encrypted of the target receiving end according to the closed loop chain sequence of the target receiving end, and because the updated closed loop chain sequence of the previous data to be encrypted is used as the closed loop chain sequence of the current data to be encrypted, the indistinguishable change of the ciphertext sequence can be caused by the subtle change of any one of the data sequences to be encrypted of all the target receiving ends, so the ciphertext sequence obtained by the encryption method has stronger avalanche effect, and the security of the ciphertext sequence obtained by the encryption method encrypts the data sequence to be encrypted of the target receiving end is higher.
S004, decrypting the ciphertext sequences of the receiving ends according to the closed-loop chained key and the object sequence key of the receiving ends to obtain the ipsec data packet of the receiving ends.
In this embodiment, any receiving end is taken as a target receiving end, and the ciphertext sequence of the target receiving end is decrypted by taking a closed-loop chained key and an object sequence key corresponding to the target receiving end as examples, which specifically includes the following steps:
1. in the ISAKMP negotiation stage, the sending end needs to transmit the ipsec packet containing the encryption suite to the receiving end, encrypts the ipsec packet to be transmitted to the receiving end according to the step S003 to obtain the ciphertext sequence to be transmitted to the receiving end, and the sending end transmits the ciphertext sequence to the corresponding receiving end, and the receiving end encrypts the subsequently transmitted data according to the encryption suite in the ipsec packet.
2. And decrypting the ciphertext sequence of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end to obtain the plaintext sequence of the target receiving end.
Sequentially decrypting each piece of data to be decrypted in the ciphertext sequence of the target receiving end according to the sequence to obtain a plaintext, wherein the method specifically comprises the following steps:
(1) An object of data to be decrypted is obtained. For the t-th data to be decrypted in the data sequence to be decrypted of the target receiving endThe kth data in the object sequence key of the target receiving end is recorded as the object of the kth data to be decrypted, wherein,c represents the length of the object sequence key, i.e., the first preset length,% represents the division margin.
(2) A closed loop chained sequence of data to be decrypted is obtained. For the targetThe t-th data to be decrypted in the data sequence to be decrypted of the receiving endTaking the updated closed-loop chained sequence of the t-1 th data to be decrypted as the closed-loop chained sequence of the t data to be decrypted, wherein the 1 st data to be decrypted in the data to be decrypted sequence of the target receiving endTaking the closed-loop chained key of the target receiving end as a closed-loop chained sequence of the 1 st data to be decrypted; in this embodiment, the decryption is sequentially performed according to the order of the data sequence to be decrypted at the target receiving end, so when the closed-loop chained sequence of the t-th data to be decrypted is obtained, the decryption of the t-1 st data to be decrypted in the data sequence to be decrypted is already realized, thus the updated closed-loop chained sequence of the t-1 st data to be decrypted can be obtained, and further the closed-loop chained sequence of the t-th data to be decrypted is obtained, so that the decryption of the t-th data to be decrypted is realized.
(3) And obtaining the corresponding position of the object of the data to be decrypted on the closed loop chain sequence of the data to be decrypted. The corresponding position of the data which is the same as the object of the t data to be decrypted on the closed loop chain sequence of the t data to be decrypted is recorded as the third position of the t data to be decrypted。
(4) And obtaining a fourth position of the data to be decrypted according to the data to be decrypted and the third position of the data to be decrypted. Third position of t th data to be decryptedNot less than the t-th data to be decryptedAnd when the calculation formula of the fourth position of the t-th data to be decrypted is as follows:the method comprises the steps of carrying out a first treatment on the surface of the When the t is waitingThird location of decrypted dataLess than the t th data to be decryptedAnd when the calculation formula of the fourth position of the t-th data to be decrypted is as follows:c represents the length of the object sequence key, namely a first preset length; and obtaining a fourth position of the t data to be decrypted according to the third position of the t data to be decrypted and the calculation formula.
(5) And obtaining the plaintext of the data to be decrypted according to the fourth position of the data to be decrypted. And taking the data at the same position on the closed loop chain sequence of the t-th data to be decrypted as the plaintext of the data to be decrypted.
(6) Updating the closed-loop chained sequence of the data to be decrypted according to the data to be decrypted and the object of the data to be decrypted. And exchanging the closed loop chain sequence of the t data to be decrypted with the data identical to the plaintext of the t data to be decrypted and the data identical to the object of the t data to be decrypted on the closed loop chain sequence of the t data to be decrypted, and marking the closed loop chain sequence after the exchange as an updated closed loop chain sequence of the t data to be decrypted.
(7) Sequentially decrypting each piece of data to be decrypted in the data sequence to be decrypted of the target receiving end according to the sequence to obtain a plaintext of each piece of data to be decrypted, and marking a sequence formed by all pieces of plaintext of data to be decrypted in the data sequence to be decrypted according to the sequence as a plaintext sequence of the target receiving end.
3. And obtaining the ipsec data packet of the target receiving end.
All first preset symbols in a plaintext sequence of a target receiving end are converted into spaces, and a sequence formed by all converted data is recorded as an ipsec data packet of the target receiving end.
The invention constructs the closed-loop chained key and the object sequence key according to the encrypted object and the first preset length, obtains the data sequence to be encrypted of the target receiving end according to the ipsec data packet, encrypts the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end, obtains the ciphertext sequence of the target receiving end, and realizes the encryption of the ipsec data packet of the target receiving end based on simple searching, judging and calculating. The invention encrypts the data sequence to be encrypted of the target receiving end according to the closed loop chain sequence of the target receiving end, and because the updated closed loop chain sequence of the previous data to be encrypted is used as the closed loop chain sequence of the current data to be encrypted, the indistinguishable change of the ciphertext sequence can be caused by the subtle change of any one of the data sequences to be encrypted of all the target receiving ends, so the ciphertext sequence obtained by the encryption method has stronger avalanche effect, and the security of the ciphertext sequence obtained by the encryption method encrypts the data sequence to be encrypted of the target receiving end is higher.
It should be noted that: the sequence of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. The processes depicted in the accompanying drawings do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
Claims (10)
1. The method for processing the packet loss of the ipsec data packet is characterized by comprising the following steps:
obtaining encryption objects according to the ipsec data packet, and recording the number of the encryption objects as a first preset length;
constructing a closed-loop chained key and an object sequence key according to the encrypted object and the first preset length, and distributing a closed-loop chained key and an object sequence key to each receiving end;
taking any receiving end as a target receiving end to obtain a data sequence to be encrypted of the target receiving end;
encrypting the data sequence to be encrypted of the target receiving end according to the closed-loop chained key and the object sequence key of the target receiving end to obtain a ciphertext sequence of the target receiving end, wherein the method comprises the following steps: for any one data to be encrypted in a data sequence to be encrypted of a target receiving end, acquiring an object of the data to be encrypted according to an object sequence key of the target receiving end, acquiring a closed loop chained sequence of the data to be encrypted, acquiring a first position and a second position of the data to be encrypted, acquiring ciphertext of the data to be encrypted according to the first position and the second position of the data to be encrypted, and updating the closed loop chained sequence of the data to be encrypted according to the data to be encrypted and the object of the data to be encrypted; sequentially encrypting each piece of data to be encrypted in a data sequence to be encrypted of a target receiving end according to the sequence to obtain a ciphertext of each piece of data to be encrypted, and marking a sequence formed by all pieces of ciphertext of data to be encrypted in the data sequence to be encrypted according to the sequence as a ciphertext sequence of the target receiving end;
in the ISAKMP negotiation stage, the data sequence to be encrypted of each receiving end is encrypted according to the closed-loop chained key and the object sequence key of each receiving end to obtain the ciphertext sequence of each receiving end, and the sending end transmits the ciphertext sequence of each receiving end to each receiving end.
2. The method for processing the lost packet of the ipsec packet according to claim 1, wherein the obtaining the encrypted object according to the ipsec packet comprises the following specific steps:
and taking all capital English letters, all lowercase English letters, all numbers and 4 preset symbols contained in the ipsec data packet as encryption objects, wherein the 4 preset symbols comprise a first preset symbol, a second preset symbol, a third preset symbol and a fourth preset symbol.
3. The method for processing the packet loss of the ipsec packet according to claim 1, wherein the method for constructing the closed-loop chained key is:
constructing an empty annular sequence with the length equal to the first preset length, randomly filling all the encrypted objects in the empty annular sequence, and enabling each encrypted object to only appear once in the annular sequence; and marking the filled annular sequence as a closed-loop chained key to obtain all different closed-loop chained keys meeting the conditions.
4. The method for processing the packet loss of the ipsec packet according to claim 1, wherein the method for constructing the sequence key of the object is:
constructing a null sequence with the length equal to the first preset length, randomly filling all the encrypted objects in the null sequence, marking the filled sequence as an object sequence key without limiting the frequency of each encrypted object in the annular sequence, and obtaining all different object sequence keys meeting the conditions.
5. The method for processing the lost packet of the ipsec packet according to claim 1, wherein the obtaining the data sequence to be encrypted of the target receiving end includes the following specific steps:
all spaces in the ipsec data packet of the target receiving end are converted into a first preset symbol, a sequence formed by all converted data is recorded as a data sequence to be encrypted, and each data in the data sequence to be encrypted is recorded as data to be encrypted.
6. The method for processing the packet loss of the ipsec packet according to claim 1, wherein the obtaining the object of the data to be encrypted according to the object sequence key of the target receiving end includes the following specific steps:
for the t data to be encrypted in the data sequence to be encrypted of the target receiving end, the k data in the object sequence key of the target receiving end is recorded as the object of the t data to be encrypted, whichIn (a)C represents the length of the object sequence key, i.e., the first preset length,% represents the division margin.
7. The method for processing the packet loss of the ipsec packet according to claim 1, wherein the obtaining the closed-loop chained sequence of the data to be encrypted comprises the following specific steps:
regarding the 1 st data to be encrypted in the data sequence to be encrypted of the target receiving end, taking a closed-loop chained key of the target receiving end as a closed-loop chained sequence of the 1 st data to be encrypted; and regarding the t-th data to be encrypted in the data sequence to be encrypted of the target receiving end, taking the updated closed-loop chained sequence of the t-1-th data to be encrypted as the closed-loop chained sequence of the t-th data to be encrypted.
8. The method for processing the packet loss of the ipsec packet according to claim 1, wherein the step of obtaining the first location and the second location of the data to be encrypted includes the following specific steps:
recording the corresponding position of the data which is the same as the data to be encrypted at the t on the closed loop chain sequence of the data to be encrypted at the t as the first position of the data to be encrypted at the t; and recording the corresponding position of the data which is the same as the object of the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted as the second position of the t data to be encrypted.
9. The method for processing the packet loss of the ipsec packet according to claim 1, wherein the step of obtaining the ciphertext of the data to be encrypted according to the first location and the second location of the data to be encrypted comprises the following specific steps:
the distance between the t data to be encrypted and the object of the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted along the clockwise direction is recorded as ciphertext of the t data to be encrypted, and the ciphertext specifically comprises the following steps: when the t first position of the data to be encryptedSecond position +.>When the calculation formula of the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chained sequence of the t data to be encrypted is as follows: />The method comprises the steps of carrying out a first treatment on the surface of the When the first position of the t th data to be encrypted +.>A second position +.>When the calculation formula of the distance between the t data to be encrypted and the object of the t data to be encrypted along the clockwise direction on the closed loop chained sequence of the t data to be encrypted is as follows: />C represents the length of the object sequence key, namely a first preset length; and taking the obtained distance as the ciphertext of the t-th data to be encrypted.
10. The method for processing the lost packet of the ipsec packet according to claim 1, wherein updating the closed-loop chained sequence of the data to be encrypted according to the data to be encrypted and the object of the data to be encrypted comprises the following specific steps:
the data which is the same as the t data to be encrypted on the closed loop chain sequence of the t data to be encrypted is recorded asThe data which are the same as the object of the t th data to be encrypted on the closed loop chain sequence of the t th data to be encrypted are marked as +.>Will->And->And (3) exchanging, namely marking the closed loop chain sequence after the exchange as an updated closed loop chain sequence of the t-th data to be encrypted. />
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310538265.6A CN116260659B (en) | 2023-05-15 | 2023-05-15 | Method for processing packet loss of ipsec data packet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310538265.6A CN116260659B (en) | 2023-05-15 | 2023-05-15 | Method for processing packet loss of ipsec data packet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116260659A true CN116260659A (en) | 2023-06-13 |
CN116260659B CN116260659B (en) | 2023-07-11 |
Family
ID=86684651
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310538265.6A Active CN116260659B (en) | 2023-05-15 | 2023-05-15 | Method for processing packet loss of ipsec data packet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116260659B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105429748A (en) * | 2015-10-28 | 2016-03-23 | 济南知芯集成电路技术有限公司 | Data encryption method and system |
CN111049639A (en) * | 2019-11-01 | 2020-04-21 | 浙江理工大学 | Dynamic data encryption and decryption implementation method based on FPGA |
WO2021204273A1 (en) * | 2020-04-10 | 2021-10-14 | 支付宝(杭州)信息技术有限公司 | Asset type registration and transaction record verification |
CN114282239A (en) * | 2021-12-22 | 2022-04-05 | 中国电信股份有限公司 | Data encryption method, device, storage medium and processor |
US11516002B1 (en) * | 2022-03-24 | 2022-11-29 | Regscale | Tracking history of a digital object using a cryptographic chain |
US20220382521A1 (en) * | 2019-10-31 | 2022-12-01 | Ousia Ltd | System and method for encryption and decryption using logic synthesis |
CN115514469A (en) * | 2022-11-22 | 2022-12-23 | 成都工业职业技术学院 | Information encryption protection method |
US20230066604A1 (en) * | 2021-08-30 | 2023-03-02 | Hewlett Packard Enterprise Development Lp | Performance improvement for encrypted traffic over ipsec |
CN115834025A (en) * | 2022-11-17 | 2023-03-21 | 北京一雄信息科技有限公司 | Data encryption method, equipment and storage medium for automobile diagnosis platform |
CN116032474A (en) * | 2023-03-27 | 2023-04-28 | 莱芜职业技术学院 | Safety protection system based on big data computer network |
-
2023
- 2023-05-15 CN CN202310538265.6A patent/CN116260659B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105429748A (en) * | 2015-10-28 | 2016-03-23 | 济南知芯集成电路技术有限公司 | Data encryption method and system |
US20220382521A1 (en) * | 2019-10-31 | 2022-12-01 | Ousia Ltd | System and method for encryption and decryption using logic synthesis |
CN111049639A (en) * | 2019-11-01 | 2020-04-21 | 浙江理工大学 | Dynamic data encryption and decryption implementation method based on FPGA |
WO2021204273A1 (en) * | 2020-04-10 | 2021-10-14 | 支付宝(杭州)信息技术有限公司 | Asset type registration and transaction record verification |
US20230066604A1 (en) * | 2021-08-30 | 2023-03-02 | Hewlett Packard Enterprise Development Lp | Performance improvement for encrypted traffic over ipsec |
CN114282239A (en) * | 2021-12-22 | 2022-04-05 | 中国电信股份有限公司 | Data encryption method, device, storage medium and processor |
US11516002B1 (en) * | 2022-03-24 | 2022-11-29 | Regscale | Tracking history of a digital object using a cryptographic chain |
CN115834025A (en) * | 2022-11-17 | 2023-03-21 | 北京一雄信息科技有限公司 | Data encryption method, equipment and storage medium for automobile diagnosis platform |
CN115514469A (en) * | 2022-11-22 | 2022-12-23 | 成都工业职业技术学院 | Information encryption protection method |
CN116032474A (en) * | 2023-03-27 | 2023-04-28 | 莱芜职业技术学院 | Safety protection system based on big data computer network |
Also Published As
Publication number | Publication date |
---|---|
CN116260659B (en) | 2023-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7913085B2 (en) | System and method of per-packet keying | |
JP7353375B2 (en) | End-to-end double ratchet encryption with epoch key exchange | |
WO2020254177A1 (en) | Authenticated lattice-based key agreement or key encapsulation | |
US20150033014A1 (en) | Compact and Efficient Communication Security through Combining Anti-Replay with Encryption | |
CN111600661B (en) | Three-dimensional encryption OFDM optical system based on real-time updated chaotic key distribution | |
CA2639649A1 (en) | Cryptography method and system | |
CN114364062B (en) | Method for safely accessing gateway of Internet of vehicles | |
US20180159681A1 (en) | Method for safeguarding the information security of data transmitted via a data bus and data bus system | |
CN111224974A (en) | Method, system, electronic device and storage medium for network communication content encryption | |
CN116743505B (en) | Safety transmission encryption method based on national secret | |
CN116260659B (en) | Method for processing packet loss of ipsec data packet | |
CN108599922B (en) | Novel method for generating integrity authentication code of message containing secret key | |
Lu | Cryptanalysis of reduced versions of the HIGHT block cipher from CHES 2006 | |
CN115296841B (en) | Data encryption transmission method, device, equipment and storage medium | |
EP3883178A1 (en) | Encryption system and method employing permutation group-based encryption technology | |
Li et al. | Performance evaluation and analysis of lightweight symmetric encryption algorithms for internet of things | |
CN112333204B (en) | 5G network transmission security device based on TCP IP protocol disorder feature code | |
Zhao et al. | A hybrid AES encryption for IOT using Adversarial Network | |
Petrovic et al. | Authenticated Encryption for Janus-Based Acoustic Underwater Communication | |
CN113923029B (en) | Internet of things information encryption method based on ECC (error correction code) hybrid algorithm | |
KR100864092B1 (en) | Packet encryption method using block chaining mode of block cipher | |
Shi et al. | Improved impossible differential cryptanalysis of SMS4 | |
Padmini et al. | Authenticated Encryption for Wireless Sensor Network | |
Pethe et al. | Comparative Study of Symmetric Key Cryptographic Algorithms CAST, IDEA, RC, Camellia and SAFER | |
Jumaa et al. | Methods of Cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |