KR101786783B1 - Data storing method of cyber blackbox device - Google Patents
Data storing method of cyber blackbox device Download PDFInfo
- Publication number
- KR101786783B1 KR101786783B1 KR1020150185908A KR20150185908A KR101786783B1 KR 101786783 B1 KR101786783 B1 KR 101786783B1 KR 1020150185908 A KR1020150185908 A KR 1020150185908A KR 20150185908 A KR20150185908 A KR 20150185908A KR 101786783 B1 KR101786783 B1 KR 101786783B1
- Authority
- KR
- South Korea
- Prior art keywords
- file
- hash value
- storing
- meta information
- packet capture
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
A method of storing data in a cyber black box device according to the present invention includes the steps of: requesting a certification authority for a one-day use password at a cycle of one day, receiving and storing a one-day use password from the certification authority; Generating and storing a one-day use encryption key using the received one-day use password; Collecting network traffic, and generating a packet capture file in units of a predetermined size from the collected network traffic; Extracting meta information from the packet capture file, and generating a hash value for the meta information and a hash value for the packet capture file; And encrypting the packet capture file using the one-day use encryption key, and storing the encrypted packet capture file, the hash value for the meta information, and the hash value for the packet capture file in a file repository .
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of storing data in a cyber black box for storing large-capacity network traffic data for pre- and post-cyber attack.
Recently, as the threat of Advanced Persistent Threat (APT) aimed at specific companies, institutions, and major facilities has intensified and become visible as social and national threats such as broadcasting and communication paralysis, volatility and nonvolatile information of network traffic It is important to identify and respond to the cause of the accident quickly in the event of a cyber attack by ensuring long-term preservation and integrity.
Accordingly, technology for cyber black box devices capable of reproducing attack scenarios has been developed through proof and preservation of network traffic for pre- and post-cyber attack, and analyzing cause analysis using the network traffic.
Specifically, it conducts continuous network traffic collection, preservation of evidence for collected data, processing for efficient use of preservation data, management for uninterrupted operation of cyber blackbox, causal analysis and logical reproduction of infringement incidents Device.
In particular, cyber black box devices are used not only for storing the media but also for ensuring authenticity, integrity, authenticity and authenticity of the data in the process of collecting and proving network traffic data, It focuses on performing various analytical functions that enable the administrator to analyze the cause of active attack.
SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to secure authenticity, integrity, reliability, and originality of data in collecting and proving network traffic data, The present invention provides a method of storing data in a cyber black box device capable of storing network traffic data so that desired data can be efficiently retrieved and reconfigured.
According to another aspect of the present invention, there is provided a method of storing data in a cyber black box device, the method comprising: requesting a certification authority for a one-day use password at a cycle of one day, receiving and storing a one- ; Generating and storing a one-day use encryption key using the received one-day use password; Collecting network traffic, and generating a packet capture file in units of a predetermined size from the collected network traffic; Extracting meta information from the packet capture file, and generating a hash value for the meta information and a hash value for the packet capture file; And encrypting the packet capture file using the one-day use encryption key, and storing the encrypted packet capture file, the hash value for the meta information, and the hash value for the packet capture file in a file repository .
The step of receiving and storing the one-day-use password can receive and store the one-day-use password and discard the stored one-day-one-day password.
The step of generating and storing the one-day use encryption key may generate and store the one-day use encryption key and discard the previously stored one day use encryption key.
The meta information may include a source IP address, a source port number, a destination IP address, a destination port number, a protocol type, a first time value, and a last time value of the corresponding network traffic.
The hash value for the meta information may include hash values for the meta information and hash values for the entire meta information.
Wherein the file repository comprises n virtual volumes, each virtual volume comprising a file source repository, a file hash value repository, and a file index repository, wherein storing the file in the file repository comprises: Storing the hash value of the nth virtual volume in the file source repository as a hash value for the entire meta information, mapping the hash value of the packet capture file with the hash value for the entire meta information, And stores the hash values of the meta information in the file index storage of the nth virtual volume by mapping the hash values of the meta information with the hash values of the entire meta information.
According to the present invention, it is possible to secure authenticity, integrity, reliability, and originality of data in the course of collecting and proving network traffic data, and to efficiently and efficiently analyze large amount of network traffic data stored in a cyber black box device It is possible to store network traffic data so that desired data can be retrieved and reconfigured.
1 shows a configuration of a cyber black box apparatus according to an embodiment of the present invention.
2 is a flowchart illustrating a method of storing data in a cyber black box device according to an embodiment of the present invention.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. In the following description and the accompanying drawings, substantially the same components are denoted by the same reference numerals, and redundant description will be omitted. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.
1 shows a configuration of a cyber black box apparatus according to an embodiment of the present invention.
The cyber
The cyber
The cyber
The cyber
The
Upon receiving a request for a one-day use password from the cyber
The
The
The
The encryption
The encryption
The
The hash
The hash
The
The
The
The
When a new one-day use password is received and a corresponding one-day use pass key is generated as described above, the one-day use password and the one-day use pass key are discarded, In order to decrypt the capture file, the user is required to request a one-day use password for the corresponding date on the
Also, the
Also, the
As described above, the file hash value storage 162_1 to n and the file index storage 163_1 to n are mapped to the file name of the encrypted packet capture file to obtain a hash value for each packet capture file and a hash value The desired network traffic can be efficiently retrieved and reconstructed per session based on seven meta information at the time of preliminary and post-analysis of cyber infringement in the future.
The virtual
For example, the
Also, the virtual
The virtual volume
2 is a flowchart illustrating a method of storing data in a cyber black box device according to an embodiment of the present invention. The data storing method according to the present embodiment includes the steps performed in the cyber
In
In
In operation 430, the
In
In
When one day passes in
In
In
In
In
In
In
The above-described embodiments of the present invention can be embodied in a general-purpose digital computer that can be embodied as a program that can be executed by a computer and operates the program using a computer-readable recording medium. The computer-readable recording medium includes a storage medium such as a magnetic storage medium (e.g., ROM, floppy disk, hard disk, etc.), optical reading medium (e.g., CD ROM,
The present invention has been described with reference to the preferred embodiments. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.
Claims (6)
Requesting a certification authority for a one-day use password at a cycle of one day, receiving and storing a one-day use password from the certification authority;
Generating and storing a one-day use encryption key using the received one-day use password;
Collecting network traffic, and generating a packet capture file in units of a predetermined size from the collected network traffic;
Extracting meta information from the packet capture file, and generating a hash value for the meta information and a hash value for the packet capture file; And
Encrypting the packet capture file using the one-day use encryption key, and storing the encrypted packet capture file, the hash value for the meta information, and the hash value for the packet capture file in a file repository And storing the data.
Wherein the receiving and storing of the one-day use password comprises receiving and storing the one-day use password and discarding the previously stored one day use password.
Wherein the generating and storing of the one-day use encryption key comprises generating and storing the one-day use encryption key, and discarding the pre-stored one-day use encryption key.
Wherein the meta information includes a source IP address, a source port number, a destination IP address, a destination port number, a protocol type, a first time value, and a last time value of the corresponding network traffic.
Wherein the hash value for the meta information includes a hash value for each of the meta information and a hash value for the entire meta information.
Wherein the file repository comprises n virtual volumes, each virtual volume comprising a file source repository, a file hash value repository, and a file index repository,
Storing the encrypted packet capture file in the file repository as a hash value for the entire meta information, storing the encrypted packet capture file in the file source repository of the nth virtual volume, Mapping a hash value of each of the meta information with a hash value of the meta information to store the hash value of the meta information in a file hash value storage of the nth virtual volume, and storing the data in the file index storage of the nth virtual volume.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150185908A KR101786783B1 (en) | 2015-12-24 | 2015-12-24 | Data storing method of cyber blackbox device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150185908A KR101786783B1 (en) | 2015-12-24 | 2015-12-24 | Data storing method of cyber blackbox device |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170076862A KR20170076862A (en) | 2017-07-05 |
KR101786783B1 true KR101786783B1 (en) | 2017-10-18 |
Family
ID=59352175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150185908A KR101786783B1 (en) | 2015-12-24 | 2015-12-24 | Data storing method of cyber blackbox device |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101786783B1 (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101078546B1 (en) | 2011-06-27 | 2011-11-01 | 박주혁 | Apparatus for coding and decoding of security data file based on data storage unit idedtification, system for electronic signature using the same |
-
2015
- 2015-12-24 KR KR1020150185908A patent/KR101786783B1/en active IP Right Grant
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101078546B1 (en) | 2011-06-27 | 2011-11-01 | 박주혁 | Apparatus for coding and decoding of security data file based on data storage unit idedtification, system for electronic signature using the same |
Also Published As
Publication number | Publication date |
---|---|
KR20170076862A (en) | 2017-07-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107947922B (en) | Digital file management method and system based on block chain technology | |
JP6542962B2 (en) | Delayed data access | |
Zawoad et al. | Towards building forensics enabled cloud through secure logging-as-a-service | |
KR102055116B1 (en) | Data security service | |
EP2957063B1 (en) | Policy enforcement with associated data | |
Ray et al. | Secure logging as a service—delegating log management to the cloud | |
CN105191207B (en) | Federated key management | |
US9852300B2 (en) | Secure audit logging | |
US11372993B2 (en) | Automatic key rotation | |
JP6678457B2 (en) | Data security services | |
Muthurajkumar et al. | Secured temporal log management techniques for cloud | |
CN104270614A (en) | Video encryption and decryption method and device | |
O’shaughnessy et al. | Impact of cloud computing on digital forensic investigations | |
GB2520056A (en) | Digital data retention management | |
Ćosić et al. | (Im) proving chain of custody and digital evidence integrity with time stamp | |
CN105049448B (en) | Single-sign-on device and method | |
EP2545488A1 (en) | Data capture tool and method | |
CN110493011B (en) | Block chain-based certificate issuing management method and device | |
CN112583772B (en) | Data acquisition and storage platform | |
KR101786783B1 (en) | Data storing method of cyber blackbox device | |
CN108171078B (en) | Data preservation method and device of cloud platform evaluation system facing third party | |
KR20170098348A (en) | Integrity assurance system for mass log data of cyber blackbox | |
CN113595741B (en) | Credible data chain generation system and method based on 5G law enforcement recorder | |
Mata et al. | Enhanced secure data storage in cloud computing using hybrid cryptographic techniques (AES and Blowfish) | |
Varghese et al. | Integrity verification in multi cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |