CN107222556A - Secure and trusted group network system is observed at a kind of deep-sea - Google Patents
Secure and trusted group network system is observed at a kind of deep-sea Download PDFInfo
- Publication number
- CN107222556A CN107222556A CN201710504318.7A CN201710504318A CN107222556A CN 107222556 A CN107222556 A CN 107222556A CN 201710504318 A CN201710504318 A CN 201710504318A CN 107222556 A CN107222556 A CN 107222556A
- Authority
- CN
- China
- Prior art keywords
- credible
- equipment
- networking
- terminal
- under water
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Secure and trusted group network system is observed the invention discloses a kind of deep-sea, including credible bank base LAN and credible LAN under water, described credible LAN under water includes credible sensing terminal, credible networking is plugged into equipment, credible access authentication equipment and cert services infrastructure, described credible bank base LAN includes bank base running guarantee system, credible access authentication equipment and cert services infrastructure, described credible sensing terminal and credible networking are plugged into equipment, credible networking is plugged into be connected with each other by trustable network respectively between equipment and credible access authentication equipment, described cert services infrastructure provides certification to credible access authentication equipment and supported.The present invention proposes a kind of credible LAN under water, builds network associated safety protection system framework under water, safety prevention measure is provided for LAN under water, the major security threat of network faces under water is solved on the whole.
Description
Technical field
Secure and trusted group network system is observed the present invention relates to a kind of deep-sea, belongs to submarine observation networking technology field, especially
Suitable for credible networking access solution under water.
Background technology
Ocean and national security and rights and interests maintenance, human survival and sustainable development, Global climate change, oil gas and technology
The of overall importance, Materialities such as the strategic resources such as mineral products guarantee and permanent sex chromosome mosaicism are of close concern to each other.The development and utilization of marine resources and
Marine Environmental Security is by one of focus as countries in the world economy and science and technology competition.Seabed observation network is led as marine exploration
All kinds of scopes are laid in important marine site by the one big emphasis branch in domain, realize long-term continuous, real-time in-situ, perspective cross section
Oceanographic observation, to ocean military security, development of resources, prevent and reduce natural disasters, scientific research etc. has important support effect, is national war
Omit the important component of infrastructure.
When seabed observation network technology originates from World War II, used underwater submarine detection array technology.
Last century Mo, western developed country takes the lead in carrying out extensive submarine observation network technical research, it is beautiful plus, Europe, day, Russia etc. builds in succession
Multiple submarine observation networks with functions such as Underwater Target Detection, seismic sea wave monitoring, internal wave of ocean monitorings are found.Currently, I
State's submarine observation network research, experiment and construction also enter a Rapid development stage.
The hierarchical tree-type network architecture being used the network under water for having submarine observation network both at home and abroad at present, network is under water more
Open marine environment, nucleus equipment seabed primary and secondary box of plugging into is based on opening and shares architectural framework and open interface design, under water
Scope networking access directly carries out wet plug under water by underwater robot and plugged into, or entered by AUV without safety certification
Row is wirelessly plugged into, and is obtained communication and is authorized.
This opening and shares formula submarine observation planar network architecture faces maximum potential safety hazard:It is difficult to the machine under water for preventing enemy
Device people approaches exploration and accessed, for bank base network, it is easier to by illegal access, poisoning intrusion, wooden horse implantation, data
The security attack such as distort.
Therefore, it is highly desirable to be directed to the problems such as network safety prevention under water, credible access, innovates a kind of credible group under water
Net access settling mode, particularly studies a kind of credible deep-sea networking and plugs into equipment and secure and trusted networking technology, formulate safety
Believable deep-sea observation networking access standards and norms.
The content of the invention
Goal of the invention:The invention aims to solve it is of the prior art it is not enough there is provided a kind of terminal security it is controllable,
The deep-sea observation secure and trusted group network system that credible Access Control, network trusted interconnection, observational network situation are controlled.
Technical scheme:A kind of deep-sea observation secure and trusted group network system of the present invention, including credible bank base LAN
With credible LAN under water, described credible LAN under water include credible sensing terminal, credible networking plug into equipment, credible connect
Enter authentication device and cert services infrastructure, described credible bank base LAN includes bank base running guarantee system, credible connect
Enter authentication device and cert services infrastructure, plug into equipment, credible networking of described credible sensing terminal and credible networking connects
Refute and be connected with each other respectively by trustable network between equipment and credible access authentication equipment, described cert services infrastructure pair
Credible access authentication equipment provides certification and supported.
Further, described credible networking plugs into equipment including leading plug into box and secondary box of plugging into, and credible networking, which is plugged into, to be set
Standby is the foundation for security support of whole network under water, and it is believed by the certification discriminating of equipment room, running status trust authentication, management and control
Integrity protection, protocol security protection are ceased, effectively prevents from plugging into and invading for the illegal of the network equipment under water.
Further, described master plug into box be responsible for each time plug into box convergence interconnection;Secondary box of plugging into possesses in data
Link layer implements the credible access control function based on port, and it is first of pass that each sensing terminal accesses network under water
Card, identity information and safe condition for being reported according to terminal be estimated, and safe condition legal to identity is well
Terminal opens access interface, otherwise forbids access network, while being carried out to the communication information of networking access device under water and state
Trusted processes, to prevent leaking data.
Further, described credible sensing terminal possesses hardware trusted root and hardware environment safety inspection, operation
Control, cryptographic service function, realize that terminal trust chain is set up and security management and control, and pass through credible box and the credible access authentication of plugging into
System destruction, data are tampered in equipment interaction networking certification, solution terminal, poisoning intrusion, Malware run safety problem.
Further, described credible access authentication deployed with devices is responsible for networking to underwater sensing terminal and asked in bank base station
Ask and responded, checking networking terminal identity, characteristic information and safe condition.
Further, described credible access authentication equipment is based on certification and Authorization result, implements with reference to credible switchboard
Port controlling, it is ensured that the underwater sensing terminal of only " identity is legal, state closes rule " could access observational network, and can be to entering under water
Network termination presence and illegal terminal access behavior carry out monitoring and comprehensive statistics in real time.
Further, described credible sensing terminal includes application layer, operating system layer and hardware layer, described application layer
Assessed including credible operation control, trustable network connection, security baseline, terminal security is reinforced and safe condition monitoring;Described
Operating system layer includes credible software stack and credible equipment drives;Described hardware layer includes credible Bootloader and credible mould
Block/chip.
Further, described credible networking plug into equipment including application layer, Embedded Operating System layer and hardware layer, it is described
Application layer include trustable network connection, it is credible management control, access limitation, credible interconnection agreement and protocol attack protection;Institute
The Embedded Operating System layer stated includes credible software stack, credible equipment driving and autonomous network protocol stack;Described hardware layer bag
Include trusted module/chip and hardware.
Further, described credible access authentication equipment includes application layer, system layer and hardware layer, described application layer
Networked including terminal identity registration, access tactical management, terminal identity certification, the judgement of networking authority, terminal access control, terminal
Statistics, networking behavior show and networking behavior inquiry;Described system layer includes credible software stack and credible equipment drives;It is described
Hardware layer include trusted module/chip, credible BIOS and hardware.
Further, described cert services infrastructure includes authentication service and certificate management functions.
Beneficial effect:Beneficial effects of the present invention are as follows:
1st, the present invention proposes a kind of credible LAN under water, builds network associated safety protection system framework under water, is under water
LAN provides safety prevention measure, and the major security threat of network faces under water is solved on the whole;
2nd, the present invention devises a kind of sensing terminal credible under water, credible plug into box and credible bank base equipment, there is no both at home and abroad same
Class technical research and products application, possess significant technology innovation and practical value;
3rd, according to the relevant criterion of trusted technology, the present invention plugs into box, under water for the master of the hub node under water of network under water
The equipment of the box of time plugging into of via node and under water the security protection problem of network, it is proposed that credible plug into and under water may be used at box under water
Believe the overall settling mode of LAN.
Brief description of the drawings
Fig. 1 observes secure and trusted networking system assumption diagram for the deep-sea of the present invention;
Fig. 2 is submarine observation networking structure schematic diagram.
Embodiment
Technical scheme is described in further detail with reference to specific embodiments and the drawings.
Submarine observation networking structure schematic diagram as shown in Figure 2, the main master for including being connected with each other plugs into box hub node
With secondary box via node of plugging into, secondary box via node of plugging into is connected with each sensor and under water access point.
This opening and shares formula submarine observation planar network architecture faces maximum potential safety hazard:It is difficult to the machine under water for preventing enemy
Device people approaches exploration and accessed, for bank base network, it is easier to by illegal access, poisoning intrusion, wooden horse implantation, data
The security attack such as distort.
As shown in figure 1, a kind of deep-sea observation secure and trusted group network system proposed by the present invention, including credible bank base LAN
With credible LAN under water, described credible LAN under water include credible sensing terminal, credible networking plug into equipment, credible connect
Enter authentication device and cert services infrastructure, described credible bank base LAN includes bank base running guarantee system, credible connect
Enter authentication device(Under water/bank base net is shared)With cert services infrastructure, described credible sensing terminal connects with credible networking
Refute equipment, credible networking and plug into and be connected with each other respectively by trustable network between equipment and credible access authentication equipment, it is described
Cert services infrastructure provides certification to credible access authentication equipment and supported.
Wherein, described credible networking equipment of plugging into includes main plug into box and box of time plugging into, and credible networking equipment of plugging into is
The entirely foundation for security support of network under water, it is complete by the certification discriminating of equipment room, running status trust authentication, management and control information
Whole property protection, protocol security protection, effectively prevent from plugging into and invading for the illegal of the network equipment under water.
Wherein, described master plug into box be responsible for each time plug into box convergence interconnection;Secondary box of plugging into possesses in data link
Layer implements the credible access control function based on port, and it is first of outpost of the tax office that each sensing terminal accesses network under water, is used
It is estimated in the identity information reported according to terminal and safe condition, and safe condition good terminal legal to identity is beaten
Access interface is opened, otherwise forbids access network, while carrying out credible place to the communication information of networking access device under water and state
Reason, to prevent leaking data.
Wherein, described credible sensing terminal possess hardware trusted root and hardware environment safety inspection, operation control,
Cryptographic service function, realizes that terminal trust chain is set up and security management and control, and passes through credible box and the credible access authentication equipment of plugging into
System destruction, data are tampered in interaction networking certification, solution terminal, poisoning intrusion, Malware run safety problem.
Wherein, described credible access authentication deployed with devices is in bank base station, be responsible for networking to underwater sensing terminal ask into
Row response, checking networking terminal identity, characteristic information and safe condition.
Wherein, described credible access authentication equipment is based on certification and Authorization result, and port is implemented with reference to credible switchboard
Control, it is ensured that the underwater sensing terminal of only " identity is legal, state closes rule " could access observational network, and can be to the end that networks under water
Presence and illegal terminal access behavior is held to carry out monitoring and comprehensive statistics in real time.
The structure composition of wherein modules part is as follows:
Credible sensing terminal includes application layer, operating system layer and hardware layer, and described application layer includes credible operation control, can
Communication network connection, security baseline are assessed, terminal security is reinforced and safe condition monitoring;Described operating system layer includes credible soft
Part stack and credible equipment driving;Described hardware layer includes credible Bootloader and trusted module/chip.
Credible networking equipment of plugging into includes application layer, Embedded Operating System layer and hardware layer, and described application layer includes can
Communication network connection, credible management control, access limitation, credible interconnection agreement and protocol attack protection;Described embedding operation system
Layer of uniting includes credible software stack, credible equipment driving and autonomous network protocol stack;Described hardware layer includes trusted module/chip
And hardware.
Credible access authentication equipment includes application layer, system layer and hardware layer, and described application layer is noted including terminal identity
Volume, access tactical management, terminal identity certification, the judgement of networking authority, terminal access control, terminal networking statistics, networking behavior
Show and networking behavior inquiry;Described system layer includes credible software stack and credible equipment drives;Described hardware layer includes
Trusted module/chip, credible BIOS and hardware.
Cert services infrastructure includes authentication service and certificate management functions.
The purpose of the present invention is:
Under water in observation networking, following secure and trusted control function is realized:
1st, terminal security is controllable:Prevent that system destruction, gathered data are tampered, rogue program is run;
2nd, credible Access Control:Prevent identity illegal or safe condition does not conform to the terminal accesses of rule net under water;
3rd, network trusted interconnection:Prevent the illegal or health degree network equipment not up to standard from mutually cascading and being communicated;
4th, observational network situation is controlled:Security state of terminal, networking behavior monitoring and comprehensive statistics is provided to show.
The above described is only a preferred embodiment of the present invention, any formal limitation not is made to the present invention, though
So the present invention is disclosed above with preferred embodiment, but is not limited to the present invention, any to be familiar with this professional technology people
Member, without departing from the scope of the present invention, when the technology contents using the disclosure above make a little change or modification
For the equivalent embodiment of equivalent variations, as long as being the content without departing from technical solution of the present invention, the technical spirit according to the present invention
Any simple modification, equivalent variations and the modification made to above example, in the range of still falling within technical solution of the present invention.
Claims (10)
1. secure and trusted group network system is observed at a kind of deep-sea, it is characterised in that:Including credible bank base LAN and credible office under water
Domain net, described credible LAN under water include credible sensing terminal, credible networking plug into equipment, credible access authentication equipment and
Cert services infrastructure, described credible bank base LAN include bank base running guarantee system, credible access authentication equipment and
Cert services infrastructure, described credible sensing terminal and credible networking plug into equipment, credible networking plug into equipment with it is credible
It is connected with each other respectively by trustable network between access authentication equipment, described cert services infrastructure is to credible access authentication
Equipment provides certification and supported.
2. a kind of deep-sea observation secure and trusted group network system according to claim 1, it is characterised in that:Described credible group
Net equipment of plugging into includes main plug into box and box of time plugging into, credible networking plug into equipment be whole network under water foundation for security branch
Support, it is protected by the certification discriminating of equipment room, running status trust authentication, management and control information integrity, protocol security is protected, and is had
Effect prevents from plugging into and invading for the illegal of the network equipment under water.
3. a kind of deep-sea observation secure and trusted group network system according to claim 2, it is characterised in that:Described master plugs into
Box be responsible for each time plug into box convergence interconnection;Secondary box of plugging into possesses implements the credible access control based on port in data link layer
Function processed, it is first of outpost of the tax office of each sensing terminal access network under water, for the identity information that is reported according to terminal with
Safe condition is estimated, and terminal legal to identity and that safe condition is good opens access interface, otherwise forbids access network
Network, while trusted processes are carried out to the communication information of networking access device under water and state, to prevent leaking data.
4. a kind of deep-sea observation secure and trusted group network system according to claim 1, it is characterised in that:Described credible biography
Sense terminal possesses hardware trusted root and hardware environment safety inspection, operation control, cryptographic service function, realizes that terminal is trusted
Chain is set up and security management and control, and interacts networking certification with credible access authentication equipment by credible box of plugging into, and is in solution terminal
System destruction, data are tampered, poisoning intrusion, Malware operation safety problem.
5. a kind of deep-sea observation secure and trusted group network system according to claim 1, it is characterised in that:It is described credible to connect
Enter authentication device and be deployed in bank base station, be responsible for networking to underwater sensing terminal and ask to respond, checking networking terminal identity, spy
Reference ceases and safe condition.
6. a kind of deep-sea observation secure and trusted group network system according to claim 5, it is characterised in that:It is described credible to connect
Enter authentication device and be based on certification and Authorization result, port controlling is implemented with reference to credible switchboard, it is ensured that only " identity is legal, shape
The underwater sensing terminal of state conjunction rule " could access observational network, and can be accessed to entering network termination presence and illegal terminal under water
Behavior carries out monitoring and comprehensive statistics in real time.
7. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:Institute
The credible sensing terminal stated includes application layer, operating system layer and hardware layer, and described application layer includes credible operation control, can
Communication network connection, security baseline are assessed, terminal security is reinforced and safe condition monitoring;Described operating system layer includes credible soft
Part stack and credible equipment driving;Described hardware layer includes credible Bootloader and trusted module/chip.
8. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:Institute
The credible networking stated equipment of plugging into includes application layer, Embedded Operating System layer and hardware layer, and described application layer includes trusted networks
Network connection, credible management control, access limitation, credible interconnection agreement and protocol attack protection;Described Embedded Operating System layer
Including credible software stack, credible equipment driving and autonomous network protocol stack;Described hardware layer includes trusted module/chip and hard
Part.
9. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:Institute
The credible access authentication equipment stated includes application layer, system layer and hardware layer, and described application layer includes terminal identity registration, standard
Enter tactical management, terminal identity certification, the judgement of networking authority, terminal access control, terminal network statistics, networking behavior show and
Networking behavior is inquired about;Described system layer includes credible software stack and credible equipment drives;Described hardware layer includes credible mould
Block/chip, credible BIOS and hardware.
10. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:
Described cert services infrastructure includes authentication service and certificate management functions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710504318.7A CN107222556A (en) | 2017-06-28 | 2017-06-28 | Secure and trusted group network system is observed at a kind of deep-sea |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710504318.7A CN107222556A (en) | 2017-06-28 | 2017-06-28 | Secure and trusted group network system is observed at a kind of deep-sea |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107222556A true CN107222556A (en) | 2017-09-29 |
Family
ID=59951071
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710504318.7A Pending CN107222556A (en) | 2017-06-28 | 2017-06-28 | Secure and trusted group network system is observed at a kind of deep-sea |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107222556A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111027050A (en) * | 2019-12-25 | 2020-04-17 | 中国科学院声学研究所 | Underwater equipment credibility authentication system and method for seabed observation network based on PUF |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102761870A (en) * | 2012-07-24 | 2012-10-31 | 中兴通讯股份有限公司 | Terminal authentication and service authentication method, system and terminal |
CN103399359A (en) * | 2013-08-21 | 2013-11-20 | 国家***第二海洋研究所 | Benthonic geophysical observation device |
CN105516646A (en) * | 2014-09-24 | 2016-04-20 | 祁艳 | Submarine observation network control system |
-
2017
- 2017-06-28 CN CN201710504318.7A patent/CN107222556A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102761870A (en) * | 2012-07-24 | 2012-10-31 | 中兴通讯股份有限公司 | Terminal authentication and service authentication method, system and terminal |
CN103399359A (en) * | 2013-08-21 | 2013-11-20 | 国家***第二海洋研究所 | Benthonic geophysical observation device |
CN105516646A (en) * | 2014-09-24 | 2016-04-20 | 祁艳 | Submarine observation network control system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111027050A (en) * | 2019-12-25 | 2020-04-17 | 中国科学院声学研究所 | Underwater equipment credibility authentication system and method for seabed observation network based on PUF |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gan et al. | Internet of things security analysis | |
CN103490895B (en) | A kind of industrial control identity authentication applying the close algorithm of state and device | |
US9246691B2 (en) | System, method and apparata for secure communications using an electrical grid network | |
CN105141641B (en) | A kind of Chaos movement target defence methods and system based on SDN | |
CN108063751A (en) | A kind of public network safety access method for new energy power plant | |
CN103441991A (en) | Mobile terminal security access platform | |
CN108494729A (en) | A kind of zero trust model realization system | |
CN106911529A (en) | Power network industry control safety detecting system based on protocol analysis | |
CN109347847A (en) | A kind of smart city security assurance information system | |
CN110233817A (en) | A kind of vessel safety system based on cloud computing | |
CN209627407U (en) | The safety isolation network gate of limited connection | |
WO2021227465A1 (en) | Security defense method and system for industrial control system network | |
CN106209916A (en) | Industrial automation produces business data transmission encryption and decryption method and system | |
CN104219077A (en) | Information management system for middle and small-sized enterprises | |
Nicol | Hacking the lights out | |
CN202652534U (en) | Mobile terminal safety access platform | |
CN114584331A (en) | Power distribution internet of things edge internet of things agent network security protection method and system | |
CN107222556A (en) | Secure and trusted group network system is observed at a kind of deep-sea | |
CN104243294A (en) | PROFIBUS embedded type Web gateway with security mechanism | |
Hieb et al. | Security enhancements for distributed control systems | |
CN106060087A (en) | Multi-factor host security access control system and method | |
CN109120619A (en) | A kind of computer network communications system | |
CN113703373B (en) | Data storage and reading method for networking of deep sea intelligent lander | |
CN106534110A (en) | Three-in-one security protection system architecture for substation secondary system | |
CN102055742A (en) | Method and device for configuring firewall |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170929 |