CN116896445A - Satellite network information encryption system and method - Google Patents
Satellite network information encryption system and method Download PDFInfo
- Publication number
- CN116896445A CN116896445A CN202311154260.XA CN202311154260A CN116896445A CN 116896445 A CN116896445 A CN 116896445A CN 202311154260 A CN202311154260 A CN 202311154260A CN 116896445 A CN116896445 A CN 116896445A
- Authority
- CN
- China
- Prior art keywords
- data
- security
- safety
- encryption algorithm
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 239000002131 composite material Substances 0.000 claims abstract description 61
- 231100000279 safety data Toxicity 0.000 claims abstract description 41
- 230000005540 biological transmission Effects 0.000 claims abstract description 34
- 238000012545 processing Methods 0.000 claims abstract description 30
- 238000004364 calculation method Methods 0.000 claims description 13
- 230000035945 sensitivity Effects 0.000 claims description 9
- 238000013507 mapping Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 7
- 150000001875 compounds Chemical class 0.000 claims description 6
- 230000009471 action Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 10
- 238000005457 optimization Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 230000001133 acceleration Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18513—Transmission in a satellite or space-based system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Radio Relay Systems (AREA)
Abstract
The invention discloses a satellite network information encryption system and method, wherein the method comprises the steps of dividing the level of security data to be transmitted; according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing; and when the encryption processing is carried out by calling the composite encryption algorithm, the safety balance coefficient of the safety data is obtained, and the key length of the composite encryption algorithm is adjusted in real time according to the safety balance coefficient. The method optimizes the composite encryption algorithm, realizes the parameter adjustment of the changed composite encryption algorithm, and can carry out safety management and encryption transmission on the data in the satellite network.
Description
Technical Field
The invention relates to the technical field of satellite communication, in particular to a satellite network information encryption system and method.
Background
With the continued development of satellite technology, satellite communications have become an important component of modern communications.
The goal of satellite communication security techniques is to protect the confidentiality, integrity, and availability of satellite communication systems from data theft, tampering, or interruption.
It is an integral part of satellite communication systems to ensure the security of the communication.
The satellite communication system in the prior art also has a plurality of data security management methods by adopting a commercial-secret lightweight algorithm, but further research discovers that the satellite network information encryption system in the prior art still has some problems:
the safety is lower: the commercial-secret lightweight algorithm usually makes a certain compromise in terms of security compared to the conventional encryption algorithm.
This is to reduce the complexity of the algorithm while ensuring computational efficiency.
However, this also makes the dense lightweight algorithm more vulnerable to various attacks, such as brute force, differential, side channel attacks, etc.
Thus, the use of a dense lightweight algorithm in satellite communications may increase the risk of data being attacked or stolen.
Applicability is limited: the quotient secret lightweight algorithm usually makes some simplification and optimization in algorithm design so as to improve the calculation efficiency.
However, this may also result in a limited applicability of the algorithm.
The commercial-dense lightweight algorithm may not be able to meet certain specific security requirements, such as high security level data transmission or the need to resist strong attacks.
In summary, the adoption of the commercial dense lightweight algorithm for satellite communication may suffer from the disadvantages of low security, limited applicability to calculating the transmission rate, and the like.
Disclosure of Invention
The invention aims to provide a satellite network information encryption system and method, which solve the technical problems pointed out in the prior art and reduce potential risks by adopting corresponding safety measures.
The invention provides a satellite network information encryption system, which comprises a data source analysis module, an encryption processing module and a compound adjustment module;
the data source analysis module is used for classifying the grades of the safety data to be sent; the security data is classified into a low level, a medium level and a high level;
the encryption processing module is used for implementing different grades of encryption algorithm calling adjustment: according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing;
the composite adjustment module is used for acquiring a safety balance coefficient of the safety data when the composite encryption algorithm is called to implement encryption processing, and performing real-time adjustment action on the key length of the composite encryption algorithm according to the safety balance coefficient.
Correspondingly, the invention provides a satellite network information encryption method, which utilizes the satellite network information encryption system to process, and comprises the following operation steps:
grading the security data to be sent; the security data is classified into a low level, a medium level and a high level;
implementing different levels of encryption algorithm call adjustment: according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing;
and when the encryption processing is carried out by calling the composite encryption algorithm, the safety balance coefficient of the safety data is obtained, and the key length of the composite encryption algorithm is adjusted in real time according to the safety balance coefficient.
Preferably, as an embodiment; the current commercial density lightweight algorithm comprises any one of SM4 and SM 3; the composite encryption algorithm comprises any one of AES and RSA.
Preferably, as an embodiment; the method for classifying the security data to be transmitted comprises the following steps:
tracing the data source of the current safety data, and acquiring a data source sensitive value and a data source importance level value of the current safety data according to the tracing result;
carrying out weight calculation according to the data source sensitive value and the data source importance level value of the security data to obtain the security level value;
and comparing the security level value with a standard threshold range, and classifying the security data into one of low level, medium level and high level.
The data source sensitive value and the data source importance level value of the current safety data are obtained according to the tracing result, the weight calculation is carried out to obtain the safety level value, and finally the safety level value is compared with the standard threshold range to carry out the grading operation on the safety data.
Preferably, as an embodiment; the operation of pre-building the database is also included before the classification of the security data to be transmitted is performed.
Preferably, as an embodiment; the operation of pre-constructing a database specifically comprises the steps of forming the database on a pre-constructed sensitive numerical value list of a data source and a data source importance level list;
the sensitive numerical value list is a mapping relation of preset sensitive numerical values of data sources corresponding to different satellites;
and the data source importance level list is used for constructing a mapping relation formed by the data source importance level values corresponding to the data types of different data sources in advance.
Preferably, as an embodiment; the data source sensitivity value and the data source importance level value according to the safety data are weighted to obtain a safety level value, and the safety level value is calculated according to the following formula 1;
equation 1: the security level value f=α×the data source sensitivity value+β×the data source importance level value; wherein α is a first weight coefficient; beta is a second weight coefficient.
The first weight coefficient is a weight sensitive to the data source, and the second weight coefficient is a weight specific to the importance degree of the data source, and the first weight coefficient and the second weight coefficient are constants;
preferably, as an embodiment; before the classification of the security data to be sent is implemented, the method further comprises the step of acquiring the transmission rate grade value of the current security data;
preferably, as an embodiment; the safety balance coefficient is the proportion of the transmission rate grade value of the current safety data to the grade value of the safety data; the rank value of the security data is constant.
Preferably, as an embodiment; the method comprises the following steps of obtaining a safety balance coefficient of safety data, and performing real-time adjustment action on the key length of a composite encryption algorithm according to the safety balance coefficient:
calculating a safety balance coefficient of the current safety data; the security balance coefficient=transmission rate class value of the current security data/class value of the security data;
comparing the current safety balance coefficient with a minimum level threshold value, and if the safety balance coefficient is smaller than the minimum level, controlling to increase the key length of the composite encryption algorithm so as to improve the anti-attack capability of the current composite encryption algorithm; if the safety balance coefficient is higher than the highest level threshold, controlling to reduce the key length of the composite encryption algorithm so as to improve the transmission rate of the current composite encryption algorithm; the key length of the current composite encryption algorithm is maintained if the security balance coefficient is between the minimum level and the maximum level threshold.
Compared with the prior art, the embodiment of the invention has at least the following technical advantages:
the invention provides a satellite network information encryption system, which adopts a composite encryption algorithm mode taking a commercial-secret lightweight algorithm as a main part and a composite encryption algorithm as an auxiliary part, can meet different task requirements, realizes data security transmission of different security data grades, and simultaneously realizes the security management and encryption transmission of data in a satellite network by utilizing the parameter adjustment of a variable composite encryption algorithm by utilizing an optimized composite encryption algorithm.
In the data transmission process, the system adopts a multiple encryption technology, and a wider application range is realized by flexibly modifying a composite encryption algorithm, namely by optimizing the algorithm; the security and applicability of the enhanced business secret lightweight algorithm can be changed by setting the adjustable key length, and the confidentiality and timeliness of the transmission of the security data are ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a system architecture of a satellite network information encryption system according to a first embodiment of the present invention;
fig. 2 is a flow chart illustrating main operation steps of a satellite network information encryption method according to a second embodiment of the present invention;
fig. 3 is a flowchart illustrating a specific operation procedure in a satellite network information encryption method according to a second embodiment of the present invention;
fig. 4 is a flowchart illustrating another specific operation procedure in a satellite network information encryption method according to a second embodiment of the present invention.
Reference numerals: a satellite network information encryption system 100; a data source analysis module 10; an encryption processing module 20; a compound adjustment module 30.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown.
All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention will now be described in further detail with reference to specific examples thereof in connection with the accompanying drawings.
In order to solve the problem of low safety of the business secret lightweight algorithm, the technical scheme adopted by the embodiment of the invention is to adopt the encryption algorithm adjustment of different grades according to the grade division of the safety data, and finally overcome the unsafe of the encryption processing of the single business secret lightweight algorithm in the prior art.
Example 1
Referring to fig. 1, the present invention proposes a satellite network information encryption system 100, which includes a data source analysis module 10, an encryption processing module 20, and a composite adjustment module 30;
a data source analysis module 10, configured to perform classification on security data to be transmitted; the security data is classified into a low level, a medium level and a high level;
the encryption processing module 20 is configured to implement different levels of encryption algorithm call adjustment: according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing;
and the compound adjusting module 30 is used for acquiring the safety balance coefficient of the safety data when the encryption processing is carried out by calling the compound encryption algorithm, and carrying out real-time adjusting action on the key length of the compound encryption algorithm according to the safety balance coefficient.
The invention provides a satellite network information encryption system, which adopts a composite encryption algorithm mode taking a commercial-secret lightweight algorithm as a main part and a composite encryption algorithm as an auxiliary part, can meet different task requirements, realizes data security transmission of different security data grades, and simultaneously realizes the security management and encryption transmission of data in a satellite network by utilizing the parameter adjustment of a variable composite encryption algorithm by utilizing an optimized composite encryption algorithm.
In the data transmission process, the system adopts a multiple encryption technology, and a wider application range is realized by flexibly modifying a composite encryption algorithm, namely by optimizing the algorithm; the security and applicability of the enhanced business secret lightweight algorithm can be changed by setting the adjustable key length, and the confidentiality and timeliness of the transmission of the security data are ensured.
Example two
As shown in fig. 2, correspondingly, the invention also provides a satellite network information encryption method, which comprises the following operation steps:
step 11: grading the security data to be sent; the security data is classified into a low level, a medium level and a high level;
first, security data is classified into different levels according to the level of the security data.
Security data is classified into high, medium, and low levels according to its sensitivity and importance.
This ranking may be determined based on actual needs and security policies, typically assessed and ranked by security specialists or related departments.
Step 12: implementing different levels of encryption algorithm call adjustment: according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing; it should be noted that for high-level security data, a more powerful and complex encryption algorithm may be selected to provide greater security.
While for low-level security data, a lighter-weight encryption algorithm may be selected to balance the relationship between security and computational efficiency.
The current commercial density lightweight algorithm comprises any one of SM4 and SM 3.
The composite encryption algorithm comprises any one of AES and RSA.
And (3) specifically implementing encryption algorithm adjustment: when different grades of encryption algorithm call adjustment are implemented, implementation is required according to specific conditions; selecting a proper encryption algorithm: according to the security data of different levels, a proper encryption algorithm is selected.
The high-level security data can select a safer encryption algorithm, such as AES, RSA and the like; the lower level security data may select a lighter weight encryption algorithm such as SM4, SM3, etc.
Step 13: and when the encryption processing is carried out by calling the composite encryption algorithm, the safety balance coefficient of the safety data is obtained, and the key length of the composite encryption algorithm is adjusted in real time according to the safety balance coefficient.
Wherein, strengthening and adjusting the key length means: by increasing the key length, the anti-attack capability of the algorithm can be improved, so that the method is suitable for data transmission with higher security level and the requirement of strong attack resistance.
Generally, the commercial-secret lightweight algorithm generally adopts a shorter key length to improve the calculation efficiency, but this also reduces the security of the algorithm, so setting the adjustable key length can change to enhance the security and the applicability of the commercial-secret lightweight algorithm.
In summary, in order to solve the problem of low security of the business-secret lightweight algorithm, the method can be described in detail according to steps 11-13, and according to the classification of the security data, different levels of encryption algorithm calling adjustment are implemented to improve the security of the system and protect the confidentiality of the data.
As shown in fig. 3, step 11: the method for classifying the security data to be transmitted comprises the following steps:
step 111: tracing the data source of the current safety data, and acquiring a data source sensitive value and a data source importance level value of the current safety data according to the tracing result;
step 112: carrying out weight calculation according to the data source sensitive value and the data source importance level value of the security data to obtain the security level value;
step 113: and comparing the security level value with a standard threshold range, and classifying the security data into one of low level, medium level and high level.
The data source sensitive value and the data source importance level value of the current safety data are obtained according to the tracing result, the weight calculation is carried out to obtain the safety level value, and finally the safety level value is compared with the standard threshold range to carry out the grading operation on the safety data.
Preferably, before the classification of the security data to be transmitted is performed, an operation of constructing the database in advance is further included.
Preferably, the operation of pre-constructing the database specifically comprises the steps of forming the database on a pre-constructed sensitive numerical value list of the data source and a data source importance level list;
the sensitive numerical value list is a mapping relation of preset sensitive numerical values of data sources corresponding to different satellites;
the data source importance level list is pre-constructed with mapping relations formed by data source importance level values corresponding to the data types of different data sources;
preferably, the weight calculation is performed according to the data source sensitivity value and the data source importance level value of the security data to obtain a security level value, and the security level value is calculated according to the following formula 1;
equation 1: the security level value f=α×the data source sensitivity value+β×the data source importance level value; wherein α is a first weight coefficient; beta is a second weight coefficient.
The first weight coefficient is a weight sensitive to the data source, and the second weight coefficient is a weight specific to the importance degree of the data source, and the first weight coefficient and the second weight coefficient are constants;
it should be noted that, a sensitive numerical value list of data sources sent by each satellite is pre-established, and a data source importance level list which is formed by dividing according to the data types of the data sources is pre-established at the same time; then tracing according to the safety data sent by the current satellite, and inquiring and matching the sensitivity value list by confirming the current satellite to obtain the data source sensitivity value of the current safety data; identifying the data type of the current data source, and inquiring in the current data source importance level list to obtain a data source importance level value corresponding to the data type of the current data source;
therefore, the sensitive value list of the data sources is a mapping relation of the sensitive values of the data sources which are preset and constructed corresponding to different satellites; the current data source importance level list is pre-constructed with mapping relations formed by data source importance level values corresponding to the data types of different data sources;
and obtaining a data source sensitive value and a data source importance level value of the current safety data according to the tracing result, performing weight calculation to obtain a safety level value, and finally classifying the safety data into low, medium or high levels by comparing the safety level value with a standard threshold range.
Preferably, before the classification of the security data to be sent is implemented, the method further comprises the step of acquiring the transmission rate grade value of the current security data; typically, the transmission rate level is a number of different values, which are used to represent the minimum transmission rate level for the transmission of the current security data, and to measure the data transmission rate requirements and levels.
Preferably, the security balance coefficient is a ratio of a transmission rate grade value of the current security data to a grade value of the security data.
The level value of the security data is a constant; for example: the grade value corresponding to the low grade is 1n, the grade value corresponding to the medium grade is 2n, and the grade value corresponding to the high grade is 2.5n;
as shown in fig. 4, the method for obtaining the security balance coefficient of the security data, and performing a real-time adjustment action on the key length of the composite encryption algorithm according to the security balance coefficient specifically includes the following operation steps:
step 131; calculating a safety balance coefficient of the current safety data; the security balance coefficient=transmission rate class value of the current security data/class value of the security data;
step 132; comparing the current safety balance coefficient with a minimum level threshold value, and if the safety balance coefficient is smaller than the minimum level, controlling to increase the key length of the composite encryption algorithm so as to improve the anti-attack capability of the current composite encryption algorithm; if the safety balance coefficient is higher than the highest level threshold, controlling to reduce the key length of the composite encryption algorithm so as to improve the transmission rate of the current composite encryption algorithm; the key length of the current composite encryption algorithm is maintained if the security balance coefficient is between the minimum level and the maximum level threshold.
Adjusting the key length: and adjusting the length of the key in the encryption algorithm according to the security data of different levels.
For high-level security data, a longer key length can be selected to improve the cracking difficulty; for low-level security data, a shorter key length may be selected to increase computational efficiency.
Explanation: aiming at the problem that the business-secret lightweight algorithm is limited in application range, the embodiment of the invention realizes wider application range by flexibly modifying the composite encryption algorithm, namely by optimizing the algorithm; in addition, the applicability of the composite encryption algorithm can be realized through hardware acceleration and optimization;
namely hardware acceleration and optimization: the computational efficiency of the commercial-dense lightweight algorithm is typically achieved through hardware acceleration and optimization.
The calculation efficiency and the application range of the algorithm can be further improved through hardware implementation of the optimization algorithm, such as using a special accelerator, optimizing circuit design and the like.
It should be noted that when optimizing the dense lightweight algorithm to expand its application range, the relationship between security and computational efficiency still needs to be balanced.
Ensure that algorithms can still meet specific security requirements while providing wider applicability.
In addition, the optimized algorithm should be subjected to strict security assessment and test to ensure the security and reliability in practical application.
Generally, the security data is the original data related to security in the whole data transmission, so that grading the security data is a security means for improving the security data transmission, especially for encrypting and protecting sensitive data and security data with higher importance, so as to prevent the data from being stolen, tampered or maliciously used in the transmission or storage process.
The invention provides a satellite network information encryption system, which adopts a composite encryption algorithm mode taking a commercial-secret lightweight algorithm as a main part and a composite encryption algorithm as an auxiliary part, can meet different task requirements, realizes data security transmission of different security data grades, and simultaneously realizes the security management and encryption transmission of data in a satellite network by utilizing the parameter adjustment of a variable composite encryption algorithm by utilizing an optimized composite encryption algorithm.
In summary, the satellite network information encryption system provided by the invention can monitor the operation state of the satellite system in real time, know the transmission rate requirement and the importance degree of the current safety data, and timely regulate and control the algorithm, so that threat response capability is improved by the technical means, and applicability and safety are considered.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; modifications of the technical solutions described in the foregoing embodiments, or equivalent substitutions of some or all of the technical features thereof, may be made by those of ordinary skill in the art; such modifications and substitutions do not depart from the spirit of the invention.
Claims (10)
1. The satellite network information encryption system is characterized by comprising a data source analysis module, an encryption processing module and a compound adjustment module;
the data source analysis module is used for classifying the grades of the safety data to be sent; the security data is classified into a low level, a medium level and a high level;
the encryption processing module is used for implementing different grades of encryption algorithm calling adjustment: according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing;
the composite adjustment module is used for acquiring a safety balance coefficient of the safety data when the composite encryption algorithm is called to implement encryption processing, and performing real-time adjustment action on the key length of the composite encryption algorithm according to the safety balance coefficient.
2. A satellite network information encryption method, which uses the satellite network information encryption system of claim 1 for processing, comprising the following steps:
grading the security data to be sent; the security data is classified into a low level, a medium level and a high level;
implementing different levels of encryption algorithm call adjustment: according to the security data of different grades, selecting a matched encryption algorithm for calling and adjusting, wherein if the grade of the obtained current security data is low grade or medium grade, the current business secret lightweight algorithm is kept to be used for encryption processing; if the grade of the obtained current safety data is high-grade, calling a composite encryption algorithm to implement encryption processing;
and when the encryption processing is carried out by calling the composite encryption algorithm, the safety balance coefficient of the safety data is obtained, and the key length of the composite encryption algorithm is adjusted in real time according to the safety balance coefficient.
3. The method for encrypting satellite network information according to claim 2, wherein the current commercial-secret lightweight algorithm comprises any one of SM4 and SM 3; the composite encryption algorithm comprises any one of AES and RSA.
4. The method for encrypting satellite network information according to claim 2, wherein the classification of the security data to be transmitted is performed, comprising the steps of:
tracing the data source of the current safety data, and acquiring a data source sensitive value and a data source importance level value of the current safety data according to the tracing result;
carrying out weight calculation according to the data source sensitive value and the data source importance level value of the security data to obtain the security level value;
comparing the security level value with a standard threshold range, and classifying the security data into one of low level, medium level and high level; the data source sensitive value and the data source importance level value of the current safety data are obtained according to the tracing result, the weight calculation is carried out to obtain the safety level value, and finally the safety level value is compared with the standard threshold range to carry out the grading operation on the safety data.
5. The method for encrypting satellite network information according to claim 4, further comprising the operation of constructing a database in advance before the classification of the security data to be transmitted is performed.
6. The method for encrypting satellite network information according to claim 5, wherein the operation of pre-building a database comprises forming the database from a list of sensitive values of pre-built data sources and a list of importance levels of the data sources;
the sensitive numerical value list is a mapping relation of preset sensitive numerical values of data sources corresponding to different satellites;
and the data source importance level list is used for constructing a mapping relation formed by the data source importance level values corresponding to the data types of different data sources in advance.
7. The method for encrypting satellite network information according to claim 6, wherein the weight calculation is performed according to the data source sensitivity value and the data source importance level value of the security data to obtain the security level value, and the calculation is performed according to the following formula 1;
equation 1: the security level value f=α×the data source sensitivity value+β×the data source importance level value; wherein α is a first weight coefficient; beta is a second weight coefficient;
the first weight coefficient is a weight sensitive to the data source, and the second weight coefficient is a weight for the importance degree of the data source, and the first weight coefficient and the second weight coefficient are constants.
8. The method according to claim 7, further comprising acquiring a transmission rate class value of the current security data before classifying the class of the security data to be transmitted.
9. The method for encrypting satellite network information according to claim 8, wherein the security balance coefficient is a ratio of a transmission rate class value of current security data to a class value of security data; the rank value of the security data is constant.
10. The method for encrypting satellite network information according to claim 9, wherein the step of obtaining the security balance coefficient of the security data and performing the real-time adjustment of the key length of the composite encryption algorithm according to the security balance coefficient comprises the following steps:
calculating a safety balance coefficient of the current safety data; the security balance coefficient=transmission rate class value of the current security data/class value of the security data;
comparing the current safety balance coefficient with a minimum level threshold value, and if the safety balance coefficient is smaller than the minimum level, controlling to increase the key length of the composite encryption algorithm so as to improve the anti-attack capability of the current composite encryption algorithm; if the safety balance coefficient is higher than the highest level threshold, controlling to reduce the key length of the composite encryption algorithm so as to improve the transmission rate of the current composite encryption algorithm; the key length of the current composite encryption algorithm is maintained if the security balance coefficient is between the minimum level and the maximum level threshold.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311154260.XA CN116896445B (en) | 2023-09-08 | 2023-09-08 | Satellite network information encryption system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311154260.XA CN116896445B (en) | 2023-09-08 | 2023-09-08 | Satellite network information encryption system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116896445A true CN116896445A (en) | 2023-10-17 |
| CN116896445B CN116896445B (en) | 2023-12-15 |
Family
ID=88311061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311154260.XA Active CN116896445B (en) | 2023-09-08 | 2023-09-08 | Satellite network information encryption system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116896445B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117540407A (en) * | 2023-12-18 | 2024-02-09 | 广州劲源科技发展股份有限公司 | Platform information security encryption system |
| CN117592091A (en) * | 2024-01-19 | 2024-02-23 | 石家庄学院 | Computer information anti-theft method and system |
| CN118036080A (en) * | 2024-04-11 | 2024-05-14 | 广东南电智控系统有限公司 | Data security treatment method and system based on big data technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060067533A1 (en) * | 2001-07-17 | 2006-03-30 | Eli Yanovsky | Secure communication system and method using shared random source for key changing |
| CN108900511A (en) * | 2018-06-29 | 2018-11-27 | 中兴通讯股份有限公司 | A kind of method, device and equipment of file encryption and decryption |
| CN109815707A (en) * | 2019-01-31 | 2019-05-28 | 清华大学 | Date storage method and system |
| CN116455649A (en) * | 2023-04-25 | 2023-07-18 | 深圳市检验检疫科学研究院 | Import and export trade data exchange system |
-
2023
- 2023-09-08 CN CN202311154260.XA patent/CN116896445B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060067533A1 (en) * | 2001-07-17 | 2006-03-30 | Eli Yanovsky | Secure communication system and method using shared random source for key changing |
| CN108900511A (en) * | 2018-06-29 | 2018-11-27 | 中兴通讯股份有限公司 | A kind of method, device and equipment of file encryption and decryption |
| CN109815707A (en) * | 2019-01-31 | 2019-05-28 | 清华大学 | Date storage method and system |
| CN116455649A (en) * | 2023-04-25 | 2023-07-18 | 深圳市检验检疫科学研究院 | Import and export trade data exchange system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117540407A (en) * | 2023-12-18 | 2024-02-09 | 广州劲源科技发展股份有限公司 | Platform information security encryption system |
| CN117592091A (en) * | 2024-01-19 | 2024-02-23 | 石家庄学院 | Computer information anti-theft method and system |
| CN117592091B (en) * | 2024-01-19 | 2024-03-29 | 石家庄学院 | Computer information anti-theft method and system |
| CN118036080A (en) * | 2024-04-11 | 2024-05-14 | 广东南电智控系统有限公司 | Data security treatment method and system based on big data technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116896445B (en) | 2023-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116896445B (en) | Satellite network information encryption system and method | |
| US20240022595A1 (en) | Method for sharing cybersecurity threat analysis and defensive measures amongst a community | |
| US7352280B1 (en) | System and method for intruder tracking using advanced correlation in a network security system | |
| US20230012220A1 (en) | Method for determining likely malicious behavior based on abnormal behavior pattern comparison | |
| US7950058B1 (en) | System and method for collaborative information security correlation in low bandwidth environments | |
| CN110933093A (en) | Block chain data sharing platform and method based on differential privacy protection technology | |
| CN110941856A (en) | Data differential privacy protection sharing platform based on block chain | |
| CN112583810B (en) | Zero trust method for context-based virtual network | |
| CN112689281B (en) | Sensor network malicious node judgment method based on two-type fuzzy system | |
| CN116471072A (en) | Federal service quality prediction method based on neighbor collaboration | |
| CN116091245A (en) | Mobile terminal insurance management method based on block chain | |
| Zainudin et al. | FedDDoS: An efficient federated learning-based DDoS attacks classification in SDN-enabled IIoT networks | |
| Algarni et al. | Autonomous vehicles with a 6g-based intelligent cybersecurity model | |
| Vijayakumar et al. | Network security using multi-layer neural network | |
| Jeong et al. | An efficient management scheme of blockchain-based cloud user information using probabilistic weighting | |
| CN116842559A (en) | Data encryption storage model and data encryption storage method based on blockchain | |
| Rosenstatter et al. | V2C: a trust-based vehicle to cloud anomaly detection framework for automotive systems | |
| Roumboutsos et al. | Information technology network security risk assessment and management framework for shipping companies | |
| CN113656831A (en) | Block chain-based edge track protection method | |
| Jiang et al. | Anomaly Detection and Access Control for Cloud-Edge Collaboration Networks. | |
| CN112187445A (en) | Data transmission encryption and decryption system and method under satellite link | |
| Prakash et al. | Enabling secure and efficient industry 4.0 transformation through trust-authorized anomaly detection in cloud environments with a hybrid AI approach | |
| Gayathri et al. | Data Access Control in Cloud Computing | |
| Puviraj et al. | Study of Decentralized Database Network using concepts of Blockchain | |
| CN117725619A (en) | Data sharing method, device, computer equipment, chip and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |