CN103905184A - Classical network and quantum secret communication network integration traffic control method - Google Patents
Classical network and quantum secret communication network integration traffic control method Download PDFInfo
- Publication number
- CN103905184A CN103905184A CN201410138950.0A CN201410138950A CN103905184A CN 103905184 A CN103905184 A CN 103905184A CN 201410138950 A CN201410138950 A CN 201410138950A CN 103905184 A CN103905184 A CN 103905184A
- Authority
- CN
- China
- Prior art keywords
- packet
- network
- quantum
- confidentiality
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a classical network and quantum secret communication network integration traffic control method. Data traffic is classified, ordinary data traffic is forwarded through a classical network channel, and secret traffic is divided according to the security classification and then is forwarded through a quantum secret channel. According to the classical network and quantum secret communication network integration traffic control method, division between the secret traffic and the ordinary traffic is achieved, the problems that the number of quantum secret communication system keys required by classical network traffic is large, and the generation speed of the quantum secret communication system keys is low are solved, and access of a classical network to a quantum backbone network becomes possible; configuration is flexible, easy and convenient, and matching rules in a traffic characteristic library can be manually adjusted according to the service characteristics; the network architecture is simple, and the cost needed for building the network and the network operation cost are low.
Description
Technical field:
What the present invention relates to is grid computing technology field, is specifically related to, and classic network incorporates quantum secret communication network flow control methods.
Background technology:
Modern algorithms for encryption and decryption mainly depends on the complexity of calculating.The high complexity of calculating guarantees that listener-in is not in the situation that there is no key, cannot complete and crack required a large amount of calculating within the limited time, ensures information security.Canadian D-WaveSystemInc has issued global first item commercial style quantum calculation equipment " D-WaveOne " on May 11st, 2011.Although whether this quantum devices has really realized quantum calculation not yet obtain academia and extensively admit, can predict, quantum calculation almost can be decoded all traditional encryption methods at present by efficient computing capability, makes traditional cryptographic algorithm without Mi Kebao.
Based on quantum mechanics and derivative Quantum Secure Communication adopt quantum state carry out the bipartite key of code communication, according to Heisenberg's uncertainty principle and the not reproducible theorem of quantum, any listener-in's existence all can be found, thereby has realized in theory absolute secure communication.Along with the continuous progress of Quantum Secure Communication, quantum network will merge in various fields mutually with classic network.
Summary of the invention:
The object of the invention is to overcome the deficiencies in the prior art, provide classic network to incorporate quantum secret communication network flow control methods.
In order to solve the existing problem of background technology, the present invention by the following technical solutions:
Classic network incorporates quantum secret communication network flow control methods, and it comprises the following steps:
(1) classic network access quantum secure backbone network flow control system is caught the packet that classic network will transmit;
(2) mate with the rule in traffic characteristic rule base according to the information characteristics of packet, identify secure communication data and general communication data;
(3) general communication data are forwarded by classic network channel, secure communication data are mated with the rule in level of confidentiality feature database, and give corresponding level of confidentiality metric;
(4) packet obtains corresponding forward process time slot according to timesharing algorithm after obtaining level of confidentiality metric;
(5) by quantum secret communication network channel forwarding time slot secure communication data after treatment.
Further, in step (1), the packet from classic network egress router that flow control system is caught not is the entire packet flowing out on this equipment, but packet after the filtering of egress router security strategy.
Further, in step (2), traffic characteristic rule match storehouse mainly builds according to the feature string of application layer protocol, in addition in working control, carry out application layer feature rule match take stream as unit, to there is identical source IP address, object IP address, source port address, the packet of destination interface address, and the packet definitions that adjacent two packets are less than 30s the time of advent is a stream.
Further, in step (3), level of confidentiality feature database mainly builds jointly according to the characteristic information of packet application layer protocol and the equal duration of levelling, and the computational methods of the equal duration of levelling are: in stream the adjacent data Inter-arrival Time time and with packet number ratio.
Further, in step (4), the packet that level of confidentiality metric is higher can obtain more forward process time slot, and the packet more relatively low than level of confidentiality metric takies more forwarding resource.
The present invention contrasts prior art, there is following beneficial effect: the present invention has realized the division of secret flow and common discharge, solve classic network flow large to quantum secret communication system key demand, and quantum secret communication system size of key produces slow problem, make classic network access quantum backbone network become possibility; Flexible configuration is easy, can, according to service feature, manually adjust the matched rule in traffic characteristic storehouse; Network architecture is simple, builds network required expense and network operation cost little.
Accompanying drawing explanation:
Fig. 1 is classic network access quantum secure network topological diagram of the present invention.
Fig. 2 is flow control process structure schematic diagram of the invention process.
Fig. 3 is flow control flow chart of the invention process.
Embodiment:
Below in conjunction with the drawings and specific embodiments, the invention will be further described:
Classic network incorporates quantum secret communication network flow control methods, and it comprises the following steps:
(1) classic network access quantum secure backbone network flow control system is caught the packet that classic network will transmit;
(2) mate with the rule in traffic characteristic rule base according to the information characteristics of packet, identify secure communication data and general communication data;
(3) general communication data are forwarded by classic network channel, secure communication data are mated with the rule in level of confidentiality feature database, and give corresponding level of confidentiality metric;
(4) packet obtains corresponding forward process time slot according to timesharing algorithm after obtaining level of confidentiality metric;
(5) by quantum secret communication network channel forwarding time slot secure communication data after treatment.
Further, in step (1), the packet from classic network egress router that flow control system is caught not is the entire packet flowing out on this equipment, but packet after the filtering of egress router security strategy.
Further, in step (2), traffic characteristic rule match storehouse mainly builds according to the feature string of application layer protocol, in addition in working control, carry out application layer feature rule match take stream as unit, to there is identical source IP address, object IP address, source port address, the packet of destination interface address, and the packet definitions that adjacent two packets are less than 30s the time of advent is a stream.
Further, in step (3), level of confidentiality feature database mainly builds jointly according to the characteristic information of packet application layer protocol and the equal duration of levelling, and the computational methods of the equal duration of levelling are: in stream the adjacent data Inter-arrival Time time and with packet number ratio.
Further, in step (4), the packet that level of confidentiality metric is higher can obtain more forward process time slot, and the packet more relatively low than level of confidentiality metric takies more forwarding resource.
Fig. 1 is classic network access quantum secure network topological diagram of the present invention, from PC(people's main frame) data traffic enter classic network outgoing interface router through switch, through the control of Router Security strategy, the conventional flow of a part is forwarded to the Internet (Internet), remaining flow is forwarded to flow control system, through traffic characteristic analysis and level of confidentiality characteristic matching, secret flow is forwarded to quantum secret communication network, conventional flow is sent back to interface router, sends to Internet.
Fig. 2 is flow control process structure schematic diagram of the invention process, after classic network data traffic is monitored to, implements control strategy and can judge its classification, and secret flow sends to quantum network channel, and common discharge sends to classic network channel.
Fig. 3 is flow control flow chart of the invention process, after classical channel data is coated with and detects and catch, mate with the rule in traffic characteristic rule base, carry out traffic characteristic identification, if general data flow forwards by classical channel, if secret flow carries out level of confidentiality characteristic matching, by time slot allocation control, be forwarded to quantum channel.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any modifications of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (5)
1. classic network incorporates quantum secret communication network flow control methods, it is characterized in that, it comprises the following steps:
(1) classic network access quantum secure backbone network flow control system is caught the packet that classic network will transmit;
(2) mate with the rule in traffic characteristic rule base according to the information characteristics of packet, identify secure communication data and general communication data;
(3) general communication data are forwarded by classic network channel, secure communication data are mated with the rule in level of confidentiality feature database, and give corresponding level of confidentiality metric;
(4) packet obtains corresponding forward process time slot according to timesharing algorithm after obtaining level of confidentiality metric;
(5) by quantum secret communication network channel forwarding time slot secure communication data after treatment.
2. according to claim 1, it is characterized in that, in step (1), the packet from classic network egress router that flow control system is caught not is the entire packet flowing out on this equipment, but packet after the filtering of egress router security strategy.
3. according to claim 1, it is characterized in that, in step (2), traffic characteristic rule match storehouse mainly builds according to the feature string of application layer protocol, in working control, carry out application layer feature rule match take stream as unit in addition, will there is identical source IP address, object IP address, source port address, the packet of destination interface address, and the packet definitions that adjacent two packets are less than 30s the time of advent is a stream.
4. according to claim 1, it is characterized in that, in step (3), level of confidentiality feature database mainly builds jointly according to the characteristic information of packet application layer protocol and the equal duration of levelling, and the computational methods of the equal duration of levelling are: in stream the adjacent data Inter-arrival Time time and with packet number ratio.
5. according to claim 1, it is characterized in that, in step (4), the packet that level of confidentiality metric is higher can obtain more forward process time slot, and the packet more relatively low than level of confidentiality metric takies more forwarding resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410138950.0A CN103905184A (en) | 2014-04-09 | 2014-04-09 | Classical network and quantum secret communication network integration traffic control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410138950.0A CN103905184A (en) | 2014-04-09 | 2014-04-09 | Classical network and quantum secret communication network integration traffic control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103905184A true CN103905184A (en) | 2014-07-02 |
Family
ID=50996341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410138950.0A Pending CN103905184A (en) | 2014-04-09 | 2014-04-09 | Classical network and quantum secret communication network integration traffic control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103905184A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107333332A (en) * | 2017-07-20 | 2017-11-07 | 中通服软件科技有限公司 | A kind of method with prefabricated rule distribution access type communication service resource |
| CN108880802A (en) * | 2018-07-11 | 2018-11-23 | 长春大学 | Classic network accesses quantum-key distribution network encryption fused controlling method |
| CN108900371A (en) * | 2018-06-12 | 2018-11-27 | 广东睿江云计算股份有限公司 | A kind of method of flow control optimization |
| CN113163433A (en) * | 2021-04-07 | 2021-07-23 | 南京大学 | Self-organizing quantum network protocol and routing scheduling algorithm |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110182428A1 (en) * | 2009-10-09 | 2011-07-28 | Nec Laboratories America, Inc. | Secure communication over passive optical network (pon) with quantum encryption |
| CN102394745A (en) * | 2011-11-15 | 2012-03-28 | 北京邮电大学 | Quality of service realization method applied to quantum key distribution network |
| CN102946313A (en) * | 2012-10-08 | 2013-02-27 | 北京邮电大学 | Model and method for user authentication for quantum key distribution network |
| CN103338448A (en) * | 2013-06-07 | 2013-10-02 | 国家电网公司 | Wireless local area network security communication method based on quantum key distribution |
-
2014
- 2014-04-09 CN CN201410138950.0A patent/CN103905184A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110182428A1 (en) * | 2009-10-09 | 2011-07-28 | Nec Laboratories America, Inc. | Secure communication over passive optical network (pon) with quantum encryption |
| CN102394745A (en) * | 2011-11-15 | 2012-03-28 | 北京邮电大学 | Quality of service realization method applied to quantum key distribution network |
| CN102946313A (en) * | 2012-10-08 | 2013-02-27 | 北京邮电大学 | Model and method for user authentication for quantum key distribution network |
| CN103338448A (en) * | 2013-06-07 | 2013-10-02 | 国家电网公司 | Wireless local area network security communication method based on quantum key distribution |
Non-Patent Citations (2)
| Title |
|---|
| 吴佳楠等: "基于BB84协议的量子保密通信网络流量控制策略", 《吉林大学学报(理学版)》 * |
| 温浩: "量子密钥分配网络的协议和机制", 《中国博士学位论文全文数据库》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107333332A (en) * | 2017-07-20 | 2017-11-07 | 中通服软件科技有限公司 | A kind of method with prefabricated rule distribution access type communication service resource |
| CN107333332B (en) * | 2017-07-20 | 2020-05-12 | 中通服软件科技有限公司 | Method for distributing access type communication service resource by using prefabricated rule |
| CN108900371A (en) * | 2018-06-12 | 2018-11-27 | 广东睿江云计算股份有限公司 | A kind of method of flow control optimization |
| CN108880802A (en) * | 2018-07-11 | 2018-11-23 | 长春大学 | Classic network accesses quantum-key distribution network encryption fused controlling method |
| CN108880802B (en) * | 2018-07-11 | 2020-11-24 | 长春大学 | Encryption fusion control method for classical network access quantum key distribution network |
| CN113163433A (en) * | 2021-04-07 | 2021-07-23 | 南京大学 | Self-organizing quantum network protocol and routing scheduling algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Al Shuhaimi et al. | Software defined network as solution to overcome security challenges in IoT | |
| TWI640177B (en) | Data delivery method and system in software defined network | |
| US20180124020A1 (en) | Feature-based classification of individual domain queries | |
| CN103905184A (en) | Classical network and quantum secret communication network integration traffic control method | |
| CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| WO2015085752A1 (en) | Method and apparatus for determining data flow rate of service access port | |
| CN105553948A (en) | Flexible attack prevention method based on virtual machine | |
| Karaliopoulos et al. | Trace-based performance analysis of opportunistic forwarding under imperfect node cooperation | |
| Khan et al. | Lobby Influence: Opportunistic forwarding algorithm based on human social relationship patterns | |
| CN101510843A (en) | Method for real time separation of P2P flow based on NetFlow flow | |
| Li et al. | A maximum algebraic connectivity increment edge-based strategy for capacity enhancement in scale-free networks | |
| Singhal et al. | State of the art review of network traffic classification based on machine learning approach | |
| Liu et al. | Dynamic cluster-based flow management for software defined networks | |
| WO2017206499A1 (en) | Network attack detection method and attack detection apparatus | |
| CN106612273A (en) | Improved data transmission privacy protection algorithm in cloud computing | |
| Vineeth et al. | Intruder detection and prevention in a smart grid communication system | |
| Cao et al. | Progress in study of encrypted traffic classification | |
| Liyanage et al. | Fast transmission mechanism for secure VPLS architectures | |
| Tu et al. | Access control system based cloudlet and ABE on mobile cloud | |
| CN104702609A (en) | Ad Hoc network route intrusion detecting method based on friend mechanism | |
| Madan et al. | Privacy-preserving data aggregation in wireless sensor | |
| CN103618599B (en) | Data set encryption pre-treating method | |
| Qin et al. | Research on Secure Aggregation Scheme based on Stateful Public Key Cryptology in Wireless Sensor Networks. | |
| Iacovazzi et al. | From ideality to practicability in statistical packet features masking | |
| Ding et al. | Network social media information leakage detection based on link state awareness |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140702 |