CN107222556A - Secure and trusted group network system is observed at a kind of deep-sea - Google Patents

Secure and trusted group network system is observed at a kind of deep-sea Download PDF

Info

Publication number
CN107222556A
CN107222556A CN201710504318.7A CN201710504318A CN107222556A CN 107222556 A CN107222556 A CN 107222556A CN 201710504318 A CN201710504318 A CN 201710504318A CN 107222556 A CN107222556 A CN 107222556A
Authority
CN
China
Prior art keywords
credible
equipment
networking
terminal
under water
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710504318.7A
Other languages
Chinese (zh)
Inventor
杨华勇
张锋
徐波波
谢凯
顾海峰
杜宗印
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongtian Ocean System Co Ltd
Original Assignee
Zhongtian Ocean System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongtian Ocean System Co Ltd filed Critical Zhongtian Ocean System Co Ltd
Priority to CN201710504318.7A priority Critical patent/CN107222556A/en
Publication of CN107222556A publication Critical patent/CN107222556A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Secure and trusted group network system is observed the invention discloses a kind of deep-sea, including credible bank base LAN and credible LAN under water, described credible LAN under water includes credible sensing terminal, credible networking is plugged into equipment, credible access authentication equipment and cert services infrastructure, described credible bank base LAN includes bank base running guarantee system, credible access authentication equipment and cert services infrastructure, described credible sensing terminal and credible networking are plugged into equipment, credible networking is plugged into be connected with each other by trustable network respectively between equipment and credible access authentication equipment, described cert services infrastructure provides certification to credible access authentication equipment and supported.The present invention proposes a kind of credible LAN under water, builds network associated safety protection system framework under water, safety prevention measure is provided for LAN under water, the major security threat of network faces under water is solved on the whole.

Description

Secure and trusted group network system is observed at a kind of deep-sea
Technical field
Secure and trusted group network system is observed the present invention relates to a kind of deep-sea, belongs to submarine observation networking technology field, especially Suitable for credible networking access solution under water.
Background technology
Ocean and national security and rights and interests maintenance, human survival and sustainable development, Global climate change, oil gas and technology The of overall importance, Materialities such as the strategic resources such as mineral products guarantee and permanent sex chromosome mosaicism are of close concern to each other.The development and utilization of marine resources and Marine Environmental Security is by one of focus as countries in the world economy and science and technology competition.Seabed observation network is led as marine exploration All kinds of scopes are laid in important marine site by the one big emphasis branch in domain, realize long-term continuous, real-time in-situ, perspective cross section Oceanographic observation, to ocean military security, development of resources, prevent and reduce natural disasters, scientific research etc. has important support effect, is national war Omit the important component of infrastructure.
When seabed observation network technology originates from World War II, used underwater submarine detection array technology. Last century Mo, western developed country takes the lead in carrying out extensive submarine observation network technical research, it is beautiful plus, Europe, day, Russia etc. builds in succession Multiple submarine observation networks with functions such as Underwater Target Detection, seismic sea wave monitoring, internal wave of ocean monitorings are found.Currently, I State's submarine observation network research, experiment and construction also enter a Rapid development stage.
The hierarchical tree-type network architecture being used the network under water for having submarine observation network both at home and abroad at present, network is under water more Open marine environment, nucleus equipment seabed primary and secondary box of plugging into is based on opening and shares architectural framework and open interface design, under water Scope networking access directly carries out wet plug under water by underwater robot and plugged into, or entered by AUV without safety certification Row is wirelessly plugged into, and is obtained communication and is authorized.
This opening and shares formula submarine observation planar network architecture faces maximum potential safety hazard:It is difficult to the machine under water for preventing enemy Device people approaches exploration and accessed, for bank base network, it is easier to by illegal access, poisoning intrusion, wooden horse implantation, data The security attack such as distort.
Therefore, it is highly desirable to be directed to the problems such as network safety prevention under water, credible access, innovates a kind of credible group under water Net access settling mode, particularly studies a kind of credible deep-sea networking and plugs into equipment and secure and trusted networking technology, formulate safety Believable deep-sea observation networking access standards and norms.
The content of the invention
Goal of the invention:The invention aims to solve it is of the prior art it is not enough there is provided a kind of terminal security it is controllable, The deep-sea observation secure and trusted group network system that credible Access Control, network trusted interconnection, observational network situation are controlled.
Technical scheme:A kind of deep-sea observation secure and trusted group network system of the present invention, including credible bank base LAN With credible LAN under water, described credible LAN under water include credible sensing terminal, credible networking plug into equipment, credible connect Enter authentication device and cert services infrastructure, described credible bank base LAN includes bank base running guarantee system, credible connect Enter authentication device and cert services infrastructure, plug into equipment, credible networking of described credible sensing terminal and credible networking connects Refute and be connected with each other respectively by trustable network between equipment and credible access authentication equipment, described cert services infrastructure pair Credible access authentication equipment provides certification and supported.
Further, described credible networking plugs into equipment including leading plug into box and secondary box of plugging into, and credible networking, which is plugged into, to be set Standby is the foundation for security support of whole network under water, and it is believed by the certification discriminating of equipment room, running status trust authentication, management and control Integrity protection, protocol security protection are ceased, effectively prevents from plugging into and invading for the illegal of the network equipment under water.
Further, described master plug into box be responsible for each time plug into box convergence interconnection;Secondary box of plugging into possesses in data Link layer implements the credible access control function based on port, and it is first of pass that each sensing terminal accesses network under water Card, identity information and safe condition for being reported according to terminal be estimated, and safe condition legal to identity is well Terminal opens access interface, otherwise forbids access network, while being carried out to the communication information of networking access device under water and state Trusted processes, to prevent leaking data.
Further, described credible sensing terminal possesses hardware trusted root and hardware environment safety inspection, operation Control, cryptographic service function, realize that terminal trust chain is set up and security management and control, and pass through credible box and the credible access authentication of plugging into System destruction, data are tampered in equipment interaction networking certification, solution terminal, poisoning intrusion, Malware run safety problem.
Further, described credible access authentication deployed with devices is responsible for networking to underwater sensing terminal and asked in bank base station Ask and responded, checking networking terminal identity, characteristic information and safe condition.
Further, described credible access authentication equipment is based on certification and Authorization result, implements with reference to credible switchboard Port controlling, it is ensured that the underwater sensing terminal of only " identity is legal, state closes rule " could access observational network, and can be to entering under water Network termination presence and illegal terminal access behavior carry out monitoring and comprehensive statistics in real time.
Further, described credible sensing terminal includes application layer, operating system layer and hardware layer, described application layer Assessed including credible operation control, trustable network connection, security baseline, terminal security is reinforced and safe condition monitoring;Described Operating system layer includes credible software stack and credible equipment drives;Described hardware layer includes credible Bootloader and credible mould Block/chip.
Further, described credible networking plug into equipment including application layer, Embedded Operating System layer and hardware layer, it is described Application layer include trustable network connection, it is credible management control, access limitation, credible interconnection agreement and protocol attack protection;Institute The Embedded Operating System layer stated includes credible software stack, credible equipment driving and autonomous network protocol stack;Described hardware layer bag Include trusted module/chip and hardware.
Further, described credible access authentication equipment includes application layer, system layer and hardware layer, described application layer Networked including terminal identity registration, access tactical management, terminal identity certification, the judgement of networking authority, terminal access control, terminal Statistics, networking behavior show and networking behavior inquiry;Described system layer includes credible software stack and credible equipment drives;It is described Hardware layer include trusted module/chip, credible BIOS and hardware.
Further, described cert services infrastructure includes authentication service and certificate management functions.
Beneficial effect:Beneficial effects of the present invention are as follows:
1st, the present invention proposes a kind of credible LAN under water, builds network associated safety protection system framework under water, is under water LAN provides safety prevention measure, and the major security threat of network faces under water is solved on the whole;
2nd, the present invention devises a kind of sensing terminal credible under water, credible plug into box and credible bank base equipment, there is no both at home and abroad same Class technical research and products application, possess significant technology innovation and practical value;
3rd, according to the relevant criterion of trusted technology, the present invention plugs into box, under water for the master of the hub node under water of network under water The equipment of the box of time plugging into of via node and under water the security protection problem of network, it is proposed that credible plug into and under water may be used at box under water Believe the overall settling mode of LAN.
Brief description of the drawings
Fig. 1 observes secure and trusted networking system assumption diagram for the deep-sea of the present invention;
Fig. 2 is submarine observation networking structure schematic diagram.
Embodiment
Technical scheme is described in further detail with reference to specific embodiments and the drawings.
Submarine observation networking structure schematic diagram as shown in Figure 2, the main master for including being connected with each other plugs into box hub node With secondary box via node of plugging into, secondary box via node of plugging into is connected with each sensor and under water access point.
This opening and shares formula submarine observation planar network architecture faces maximum potential safety hazard:It is difficult to the machine under water for preventing enemy Device people approaches exploration and accessed, for bank base network, it is easier to by illegal access, poisoning intrusion, wooden horse implantation, data The security attack such as distort.
As shown in figure 1, a kind of deep-sea observation secure and trusted group network system proposed by the present invention, including credible bank base LAN With credible LAN under water, described credible LAN under water include credible sensing terminal, credible networking plug into equipment, credible connect Enter authentication device and cert services infrastructure, described credible bank base LAN includes bank base running guarantee system, credible connect Enter authentication device(Under water/bank base net is shared)With cert services infrastructure, described credible sensing terminal connects with credible networking Refute equipment, credible networking and plug into and be connected with each other respectively by trustable network between equipment and credible access authentication equipment, it is described Cert services infrastructure provides certification to credible access authentication equipment and supported.
Wherein, described credible networking equipment of plugging into includes main plug into box and box of time plugging into, and credible networking equipment of plugging into is The entirely foundation for security support of network under water, it is complete by the certification discriminating of equipment room, running status trust authentication, management and control information Whole property protection, protocol security protection, effectively prevent from plugging into and invading for the illegal of the network equipment under water.
Wherein, described master plug into box be responsible for each time plug into box convergence interconnection;Secondary box of plugging into possesses in data link Layer implements the credible access control function based on port, and it is first of outpost of the tax office that each sensing terminal accesses network under water, is used It is estimated in the identity information reported according to terminal and safe condition, and safe condition good terminal legal to identity is beaten Access interface is opened, otherwise forbids access network, while carrying out credible place to the communication information of networking access device under water and state Reason, to prevent leaking data.
Wherein, described credible sensing terminal possess hardware trusted root and hardware environment safety inspection, operation control, Cryptographic service function, realizes that terminal trust chain is set up and security management and control, and passes through credible box and the credible access authentication equipment of plugging into System destruction, data are tampered in interaction networking certification, solution terminal, poisoning intrusion, Malware run safety problem.
Wherein, described credible access authentication deployed with devices is in bank base station, be responsible for networking to underwater sensing terminal ask into Row response, checking networking terminal identity, characteristic information and safe condition.
Wherein, described credible access authentication equipment is based on certification and Authorization result, and port is implemented with reference to credible switchboard Control, it is ensured that the underwater sensing terminal of only " identity is legal, state closes rule " could access observational network, and can be to the end that networks under water Presence and illegal terminal access behavior is held to carry out monitoring and comprehensive statistics in real time.
The structure composition of wherein modules part is as follows:
Credible sensing terminal includes application layer, operating system layer and hardware layer, and described application layer includes credible operation control, can Communication network connection, security baseline are assessed, terminal security is reinforced and safe condition monitoring;Described operating system layer includes credible soft Part stack and credible equipment driving;Described hardware layer includes credible Bootloader and trusted module/chip.
Credible networking equipment of plugging into includes application layer, Embedded Operating System layer and hardware layer, and described application layer includes can Communication network connection, credible management control, access limitation, credible interconnection agreement and protocol attack protection;Described embedding operation system Layer of uniting includes credible software stack, credible equipment driving and autonomous network protocol stack;Described hardware layer includes trusted module/chip And hardware.
Credible access authentication equipment includes application layer, system layer and hardware layer, and described application layer is noted including terminal identity Volume, access tactical management, terminal identity certification, the judgement of networking authority, terminal access control, terminal networking statistics, networking behavior Show and networking behavior inquiry;Described system layer includes credible software stack and credible equipment drives;Described hardware layer includes Trusted module/chip, credible BIOS and hardware.
Cert services infrastructure includes authentication service and certificate management functions.
The purpose of the present invention is:
Under water in observation networking, following secure and trusted control function is realized:
1st, terminal security is controllable:Prevent that system destruction, gathered data are tampered, rogue program is run;
2nd, credible Access Control:Prevent identity illegal or safe condition does not conform to the terminal accesses of rule net under water;
3rd, network trusted interconnection:Prevent the illegal or health degree network equipment not up to standard from mutually cascading and being communicated;
4th, observational network situation is controlled:Security state of terminal, networking behavior monitoring and comprehensive statistics is provided to show.
The above described is only a preferred embodiment of the present invention, any formal limitation not is made to the present invention, though So the present invention is disclosed above with preferred embodiment, but is not limited to the present invention, any to be familiar with this professional technology people Member, without departing from the scope of the present invention, when the technology contents using the disclosure above make a little change or modification For the equivalent embodiment of equivalent variations, as long as being the content without departing from technical solution of the present invention, the technical spirit according to the present invention Any simple modification, equivalent variations and the modification made to above example, in the range of still falling within technical solution of the present invention.

Claims (10)

1. secure and trusted group network system is observed at a kind of deep-sea, it is characterised in that:Including credible bank base LAN and credible office under water Domain net, described credible LAN under water include credible sensing terminal, credible networking plug into equipment, credible access authentication equipment and Cert services infrastructure, described credible bank base LAN include bank base running guarantee system, credible access authentication equipment and Cert services infrastructure, described credible sensing terminal and credible networking plug into equipment, credible networking plug into equipment with it is credible It is connected with each other respectively by trustable network between access authentication equipment, described cert services infrastructure is to credible access authentication Equipment provides certification and supported.
2. a kind of deep-sea observation secure and trusted group network system according to claim 1, it is characterised in that:Described credible group Net equipment of plugging into includes main plug into box and box of time plugging into, credible networking plug into equipment be whole network under water foundation for security branch Support, it is protected by the certification discriminating of equipment room, running status trust authentication, management and control information integrity, protocol security is protected, and is had Effect prevents from plugging into and invading for the illegal of the network equipment under water.
3. a kind of deep-sea observation secure and trusted group network system according to claim 2, it is characterised in that:Described master plugs into Box be responsible for each time plug into box convergence interconnection;Secondary box of plugging into possesses implements the credible access control based on port in data link layer Function processed, it is first of outpost of the tax office of each sensing terminal access network under water, for the identity information that is reported according to terminal with Safe condition is estimated, and terminal legal to identity and that safe condition is good opens access interface, otherwise forbids access network Network, while trusted processes are carried out to the communication information of networking access device under water and state, to prevent leaking data.
4. a kind of deep-sea observation secure and trusted group network system according to claim 1, it is characterised in that:Described credible biography Sense terminal possesses hardware trusted root and hardware environment safety inspection, operation control, cryptographic service function, realizes that terminal is trusted Chain is set up and security management and control, and interacts networking certification with credible access authentication equipment by credible box of plugging into, and is in solution terminal System destruction, data are tampered, poisoning intrusion, Malware operation safety problem.
5. a kind of deep-sea observation secure and trusted group network system according to claim 1, it is characterised in that:It is described credible to connect Enter authentication device and be deployed in bank base station, be responsible for networking to underwater sensing terminal and ask to respond, checking networking terminal identity, spy Reference ceases and safe condition.
6. a kind of deep-sea observation secure and trusted group network system according to claim 5, it is characterised in that:It is described credible to connect Enter authentication device and be based on certification and Authorization result, port controlling is implemented with reference to credible switchboard, it is ensured that only " identity is legal, shape The underwater sensing terminal of state conjunction rule " could access observational network, and can be accessed to entering network termination presence and illegal terminal under water Behavior carries out monitoring and comprehensive statistics in real time.
7. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:Institute The credible sensing terminal stated includes application layer, operating system layer and hardware layer, and described application layer includes credible operation control, can Communication network connection, security baseline are assessed, terminal security is reinforced and safe condition monitoring;Described operating system layer includes credible soft Part stack and credible equipment driving;Described hardware layer includes credible Bootloader and trusted module/chip.
8. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:Institute The credible networking stated equipment of plugging into includes application layer, Embedded Operating System layer and hardware layer, and described application layer includes trusted networks Network connection, credible management control, access limitation, credible interconnection agreement and protocol attack protection;Described Embedded Operating System layer Including credible software stack, credible equipment driving and autonomous network protocol stack;Described hardware layer includes trusted module/chip and hard Part.
9. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that:Institute The credible access authentication equipment stated includes application layer, system layer and hardware layer, and described application layer includes terminal identity registration, standard Enter tactical management, terminal identity certification, the judgement of networking authority, terminal access control, terminal network statistics, networking behavior show and Networking behavior is inquired about;Described system layer includes credible software stack and credible equipment drives;Described hardware layer includes credible mould Block/chip, credible BIOS and hardware.
10. a kind of deep-sea observation secure and trusted group network system according to claim 1-6 any one, it is characterised in that: Described cert services infrastructure includes authentication service and certificate management functions.
CN201710504318.7A 2017-06-28 2017-06-28 Secure and trusted group network system is observed at a kind of deep-sea Pending CN107222556A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710504318.7A CN107222556A (en) 2017-06-28 2017-06-28 Secure and trusted group network system is observed at a kind of deep-sea

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710504318.7A CN107222556A (en) 2017-06-28 2017-06-28 Secure and trusted group network system is observed at a kind of deep-sea

Publications (1)

Publication Number Publication Date
CN107222556A true CN107222556A (en) 2017-09-29

Family

ID=59951071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710504318.7A Pending CN107222556A (en) 2017-06-28 2017-06-28 Secure and trusted group network system is observed at a kind of deep-sea

Country Status (1)

Country Link
CN (1) CN107222556A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111027050A (en) * 2019-12-25 2020-04-17 中国科学院声学研究所 Underwater equipment credibility authentication system and method for seabed observation network based on PUF

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102761870A (en) * 2012-07-24 2012-10-31 中兴通讯股份有限公司 Terminal authentication and service authentication method, system and terminal
CN103399359A (en) * 2013-08-21 2013-11-20 国家***第二海洋研究所 Benthonic geophysical observation device
CN105516646A (en) * 2014-09-24 2016-04-20 祁艳 Submarine observation network control system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102761870A (en) * 2012-07-24 2012-10-31 中兴通讯股份有限公司 Terminal authentication and service authentication method, system and terminal
CN103399359A (en) * 2013-08-21 2013-11-20 国家***第二海洋研究所 Benthonic geophysical observation device
CN105516646A (en) * 2014-09-24 2016-04-20 祁艳 Submarine observation network control system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111027050A (en) * 2019-12-25 2020-04-17 中国科学院声学研究所 Underwater equipment credibility authentication system and method for seabed observation network based on PUF

Similar Documents

Publication Publication Date Title
Gan et al. Internet of things security analysis
CN103490895B (en) A kind of industrial control identity authentication applying the close algorithm of state and device
US9246691B2 (en) System, method and apparata for secure communications using an electrical grid network
CN105141641B (en) A kind of Chaos movement target defence methods and system based on SDN
CN108063751A (en) A kind of public network safety access method for new energy power plant
CN103441991A (en) Mobile terminal security access platform
CN108494729A (en) A kind of zero trust model realization system
CN106911529A (en) Power network industry control safety detecting system based on protocol analysis
CN109347847A (en) A kind of smart city security assurance information system
CN110233817A (en) A kind of vessel safety system based on cloud computing
CN209627407U (en) The safety isolation network gate of limited connection
WO2021227465A1 (en) Security defense method and system for industrial control system network
CN106209916A (en) Industrial automation produces business data transmission encryption and decryption method and system
CN104219077A (en) Information management system for middle and small-sized enterprises
Nicol Hacking the lights out
CN202652534U (en) Mobile terminal safety access platform
CN114584331A (en) Power distribution internet of things edge internet of things agent network security protection method and system
CN107222556A (en) Secure and trusted group network system is observed at a kind of deep-sea
CN104243294A (en) PROFIBUS embedded type Web gateway with security mechanism
Hieb et al. Security enhancements for distributed control systems
CN106060087A (en) Multi-factor host security access control system and method
CN109120619A (en) A kind of computer network communications system
CN113703373B (en) Data storage and reading method for networking of deep sea intelligent lander
CN106534110A (en) Three-in-one security protection system architecture for substation secondary system
CN102055742A (en) Method and device for configuring firewall

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170929