CN107666491A - The data transmission method of air-ground integrated network based on symmetric cryptography - Google Patents

The data transmission method of air-ground integrated network based on symmetric cryptography Download PDF

Info

Publication number
CN107666491A
CN107666491A CN201711128463.6A CN201711128463A CN107666491A CN 107666491 A CN107666491 A CN 107666491A CN 201711128463 A CN201711128463 A CN 201711128463A CN 107666491 A CN107666491 A CN 107666491A
Authority
CN
China
Prior art keywords
node
data
encryption
key
collection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711128463.6A
Other languages
Chinese (zh)
Other versions
CN107666491B (en
Inventor
张振江
李超
李娜
张文宇
张静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
CETC 54 Research Institute
Original Assignee
Beijing Jiaotong University
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University, CETC 54 Research Institute filed Critical Beijing Jiaotong University
Priority to CN201711128463.6A priority Critical patent/CN107666491B/en
Publication of CN107666491A publication Critical patent/CN107666491A/en
Application granted granted Critical
Publication of CN107666491B publication Critical patent/CN107666491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a kind of data transmission method of the air-ground integrated network based on symmetric cryptography.This method includes:The data key for transmitting node generation is encrypted, and encryption data is sent into collection of letters node by air network;Transmit node and key progress Fragmentation is obtained into multiple fragment datas, operation is encrypted to each fragment data respectively using the public key of collection of letters node, the fragment data after encryption is sent to by collection of letters node by ground network;Operation is decrypted using the fragment data after the private key pair encryption of oneself in collection of letters node, the multiple fragment datas obtained to decryption oprerations carry out restoring operation and obtain key, operation is decrypted to transmitting the encryption data that node sends over using key, obtains clear data.The encryption key of important information and important information is encrypted simultaneously for the method for the present invention so that what the important information in air-ground integrated network can be safe is sent to related receiving end, is effectively guaranteed important information and is not tampered with.

Description

The data transmission method of air-ground integrated network based on symmetric cryptography
Technical field
The present invention relates to Security Data Transmission technical field, more particularly to a kind of air-ground integrated net based on symmetric cryptography The data transmission method of network.
Background technology
Air-ground integrated network is a kind of comprehensive ground and spatial network resource, passes through the multidimensional information such as air, space, land, sea Effective acquisition, collaboration, transmission, and the pool processing of resource, the distribution of task, the organization and management of action realize space-time The integrated synthesis processing of complex network and maximum effectively utilization, real-time reliable on-demand service is provided for all kinds of different users. The target of air-ground integrated network is that the processing that efficiently cooperates with comprehensively is carried out to event, for expansion, be exactly using multidimensional information, Each operational module is cooperateed with, strengthens the disposal ability of event;With reference to sky, day, disparate networks and the respective advantage of system, realize Have complementary functions, expand the scope that can handle event;Using the powerful mobility of air-ground integrated network synthesis information system, extensively General coverage, global collaboration capabilities and the intelligent processing capacity to information, realizes the efficient place to event and task Reason.
Air-ground integrated network can realize the information service of global integration, and ensure its real-time accuracy.In order to Accurate information service in real time is obtained, direction of the communication mode towards cooperative cooperating is fast-developing and as future communications Trend, and air-ground integrated network is to realize prerequisite and effective means that different communication mode cooperates with, it has following spy Point:
(1) collaborative:Sky, day, cooperate between network and be fused to unified integrated network system, to greatest extent The advantage of land productivity Land-Mobile-Network and satellite network, it can be cooperateed between the modules and module in system Work, is coordinated to spatial information, managed and is optimized, and is collected to greatest extent and is utilized various space information resources, realizes The processing faster and better to event;
(2) ubiquitous:Comprehensive air, space, land, sea multiple network realizes covering and Multi folds coverage extensively, has to region entirely The real-time coverage of weather;
(3) high efficiency:Air-ground integrated network synthesis information system have to the quick respond of task events and Efficient disposal ability.
Satellite information network is the diaphyseal portion of air-ground integrated network, is to enter row information as main carriers using satellite to obtain The network system for taking, transmitting and handling.Satellite network be by between star, the different tracks that satellite-ground link links together, species, The network that satellite, constellation and the corresponding ground installation of performance are formed, and supported by Information Network commander, control System, communication and the set of other various application systems.As the Primary communication means of satellite network, radio communication quality it is good The bad transmission rate for directly affecting information, it is one of key factor of performance for determining whole system.
In the prior art also without the data transmission method in a kind of safe and effective air-ground integrated network.
The content of the invention
The embodiment provides a kind of data transmission method of the air-ground integrated network based on symmetric cryptography, with It is embodied as significant data in air-ground integrated network and a kind of transmission technology with higher-security is provided.
To achieve these goals, this invention takes following technical scheme.
A kind of data transmission method of the air-ground integrated network based on symmetric cryptography, including:Transmitting node needs to transmit During data, first by transmitting node generation key, the data transmitted using the key to needs are encrypted to obtain encryption number According to the encryption data is sent into collection of letters node by air network;
Key progress Fragmentation is obtained multiple fragment datas by the node that transmits, and utilizes the public key of collection of letters node Operation is encrypted to each fragment data respectively, the fragment data after encryption is sent into described collect mail by ground network saves Point;
The collection of letters node is entered using the private key of oneself to the fragment data after the encryption for transmitting node and sending over Row decryption oprerations, restoring operation corresponding to the multiple fragment datas progress Fragmentation obtained to decryption oprerations obtain described Key, transmit the encryption data that node sends over to described using the key operation is decrypted, obtain described needing to pass Defeated data.
Further, it is described transmit node generation key before, in addition to:
Before data transfer starts, collection of letters node generates a pair of public keys and private key by key generting machanism, by public key It is sent to by escape way and transmits node, private key is preserved by collection of letters node.
Further, the described node that transmits generates key, and the data transmitted using the key to needs are encrypted Encryption data is obtained, the encryption data is sent to by collection of letters node by air network, including:
It is described to transmit node generation key k, it is encrypted and is encrypted using the key k data m transmitted to needs Data Enc (m, k), using the public key that the collection of letters node sends over by the mark data mark for transmitting node and described The integer that node generates at random is transmitted to be encrypted to obtain Enc (mark);
It is described transmit node by air network by the ciphertext Enc (m, k) and encryption after mark data Enc (mark) It is sent to the collection of letters node.
Further, key progress Fragmentation is obtained multiple fragment datas by the described node that transmits, and utilizes receipts Operation is encrypted to each fragment data respectively in the public key of letter node, is sent the fragment data after encryption by ground network To the collection of letters node, including:
Key is carried out the multiple fragment datas of Fragmentation generation by the node that transmits, and the Fragmentation is reversible behaviour Make, using the public key of the collection of letters node respectively by each fragment data with transmitting the mark data mark of node and described transmitting The integer that node generates at random is encrypted together, obtains the fragment data after multiple encryptions, by the burst number after each encryption According to being sent to the collection of letters node by ground network respectively.
Further, described collection of letters node using the private key of oneself to the encryption for transmitting node and sending over after Operation is decrypted in fragment data, and the multiple fragment datas obtained to decryption oprerations carry out reducing behaviour corresponding to the Fragmentation The key is obtained, the encryption data that node sends over is transmitted to described using the key operation is decrypted, obtain The data for needing to transmit, including:
The collection of letters node receives the mark transmitted after the ciphertext Enc (m, k), encryption that node sends over After fragment data after data Enc (mark) and each encryption, the private key preserved according to itself is to the mark number after the encryption It is decrypted to obtain the identifier for transmitting node according to Enc (mark), always according to the private key that itself is preserved to point after each encryption Sheet data is decrypted operation and respectively obtains the identifier for transmitting node, and the collection of letters node judges to solve from the Enc (mark) The close obtained identifier for transmitting node whether and the mark for transmitting node decrypting to obtain from the fragment data after each encryption Symbol is all equal, if it is, continuing handling process below, otherwise;Flow terminates;
The collection of letters node is decrypted operation to the fragment data after each encryption according to the private key that itself is preserved and obtained Corresponding integrity verification value, judge from the fragment data after each encryption decrypt obtained integrity verification value whether phase Deng if it is, continuing handling process below, otherwise;Flow terminates;
The collection of letters node carries out data deciphering operation according to the private key that itself is preserved to the fragment data after each encryption Corresponding fragment data is obtained, by restoring operation corresponding to all fragment data progress bursts, obtains the key k, Operation is decrypted to the ciphertext Enc (m, k) using the key k, obtains the cleartext information of the data for needing to transmit.
Further, described method also includes:
If within a certain period of time, the collection of letters node does not receive whole encryption fragment datas or encryption fragment data All node is not transmitted described in request then and resends the fragment data after encryption by data integrity validation;
It is described transmit node receive repeating transmission request after, again according to transmission phase flow, generate the burst after new encryption Data, in the fragment data after by new encryption by air-ground integrated network transmission to the collection of letters node when, be selected differently from Secondary transmission path.
The embodiment of the present invention proposes a kind of new it can be seen from the technical scheme provided by embodiments of the invention described above The safety data transmission method of new air-ground integrated network based on symmetric cryptography, this method use two kinds of cipher modes, together When the encryption key of important information and important information is encrypted so that the important information in air-ground integrated network can pacify Complete is sent to related receiving end, while is effectively guaranteed important information and is not tampered with.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill of field, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other Accompanying drawing.
Fig. 1 is a kind of air-ground integrated network security data transmission side based on symmetric cryptography provided in an embodiment of the present invention The process chart of method.
Embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning Same or similar element is represented to same or similar label eventually or there is the element of same or like function.Below by ginseng The embodiment for examining accompanying drawing description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one It is individual ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges Diction " comprising " refer to the feature, integer, step, operation, element and/or component be present, but it is not excluded that in the presence of or addition One or more other features, integer, step, operation, element, component and/or their groups.It should be understood that when we claim member Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or there may also be Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or coupling.Wording used herein "and/or" includes any cell of one or more associated list items and all combined.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art Language and scientific terminology) with the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also Understand, those terms defined in such as general dictionary, which should be understood that, to be had and the meaning in the context of prior art The consistent meaning of justice, and unless defined as here, will not be with idealizing or the implication of overly formal be explained.
For ease of the understanding to the embodiment of the present invention, done further by taking several specific embodiments as an example below in conjunction with accompanying drawing Explanation, and each embodiment does not form the restriction to the embodiment of the present invention.
The embodiment of the present invention is on the basis of significant data transmission in designing air-ground integrated network, it is proposed that one kind is based on Safety data transmission method in the new air-ground integrated network of symmetric cryptography, has ensured the security requirement of significant data, Data integrity validation function is provided simultaneously for the encryption key of significant data.Above-mentioned air-ground integrated network includes Kongzhong Network and ground network.
The node type included in concurrent Routing Protocol has following two:
Transmit node:Refer to preserve important information in itself, and need for the information to be transmitted a kind of node of operation. Such node have encryption important information, encryption association key data, burst encryption key data, send encryption important information and Encrypt the functions such as fragment data.
Collection of letters node:Refer to the terminal node for receiving important information.Such node, which has, to be received encryption important information, receives Encryption fragment data, reduction fragment data, decruption key data, decryption important information and request transmit node resend it is related The functions such as data.
The safety data transmission technology that the embodiment of the present invention proposes mainly includes following three aspects:
The key generation of public key encryption:Collection of letters node public and private key generting machanism known to, produce one group of public and private key.Receive Letter node holds private key, and public key is sent to by secure transmission tunnel and transmits node.
The encryption of significant data:When transmitting node in the presence of the significant data for needing to send, a symmetric key is produced first; Then, significant data is encrypted using the symmetric key;Next, symmetric key is subjected to Fragmentation, and it is right respectively All bursts carry out public key encryption;Finally, the significant data of encryption is transmitted directly to collection of letters node, the fragment data difference of encryption Collection of letters node is sent to by satellite network and ground network.
The decryption of significant data:After collection of letters node receives the significant data of encryption, if not receiving within a certain period of time complete The encryption fragment data in portion or encryption fragment data are sent out to transmitting node and send again not over data integrity validation, then Send the request of fragment data, if having received all encryption fragment datas and all by data integrity validation, start into The decryption of row significant data.The private key held first with collection of letters node decrypts fragment data, then enters all fragment datas Row synthesis obtains key, last that significant data is decrypted according to obtained key, obtains the cleartext information of significant data.
Embodiment one
A kind of processing for air-ground integrated network security data transmission technology based on symmetric cryptography that the embodiment provides Flow is as shown in figure 1, including following processing step:
Step S110, before communication starts, collection of letters node generates a set of public and private key for carrying out data integrity validation, and will Public key transmits node to be sent to by escape way, and private key is preserved by collection of letters node.
The embodiment of the present invention is in collection of letters node and transmits and uses public and private key encryption mechanism between node, is on the one hand because logical Often in the case of, a collection of letters node may correspond to it is multiple transmit node, if taking asymmetric encryption mechanisms, need according to collect mail save The symmetric key of point quantity generation respective numbers, otherwise transmitting internodal data can mutually crack, and security risk is larger;It is another The public and private key encryption mechanism of aspect is easy to maintenance, while the security issued of public key is also larger.
The public and private key encryption mechanism of the embodiment of the present invention can be added according to actual conditions using what existing any satisfaction required Close mechanism.The public and private key encryption mechanism wherein used needs to meet three following conditions:
Condition one:With higher-security;
Condition two:Data integrity validation can be carried out;
Condition three:It can verify that data source.
Wherein, first condition is the basic requirement for encryption mechanism, and second condition is to ensure that encryption data exists Do not distorted maliciously in transmitting procedure, the 3rd condition is to ensure that collection of letters node can know the encryption number by encryption data Node is transmitted according to from which.The public and private key encryption mechanism of the overwhelming majority can meet three above requirement by adjustment.
Step S120, node is transmitted before the data for needing to transmit are sent, it is random to generate key k, utilize k pairs of the key The data m transmitted is needed to be encrypted to obtain encryption data, the public key sended over using the collection of letters node is transmitted described The mark data mark of node and described transmit the integer that node generates at random and be encrypted to obtain Enc (mark).Then, transmit Mark data Enc (mark) after ciphertext Enc (m, k) and encryption is sent to collection of letters node by node by air network.
In the embodiment of the present invention, asymmetric encryption mechanisms are taken to the significant data for transmitting node, the asymmetric encryption mechanisms Encryption key also transmits node generation by this.Because what the transmission for the significant data after encryption was taken is collection of letters node to hair The air network of letter node directly transmits, and will not generally destroy the integrality of data.
Step S130, transmit node and key k is subjected to the multiple fragment datas of Fragmentation generation, the Fragmentation is can Inverse operation, using the public key of the collection of letters node respectively by each fragment data with transmitting the mark data mark of node and described Transmit the integer that node generates at random to be encrypted together, obtain the fragment data after multiple encryptions, by point after each encryption Sheet data is sent to the collection of letters node by ground network respectively.
For example transmit node and key k is subjected to Fragmentation generation a and b, and generate a random number r and be used for integrality Checking, is then encrypted to a and b, obtains encryption data a and encryption data b respectively according to the public key of collection of letters node, simultaneously will R is added in encryption data a and encryption data b, for data integrity validation, finally transmits node by ground network to receipts Letter node sends the two encryption datas.
In the embodiment of the present invention, Fragmentation can be multiplying, add operation or other invertible operations, the operation Mutually know between node in collection of letters node and transmitting.In addition, the data of burst can not be too small, with additive exemplified by, if wherein one Individual burst is 5, then attacker has obtained another burst, can crack the plaintext of symmetric key easily, fragment data can not play Improve the effect of security.
In the embodiment of the present invention, in the data of public key encryption in addition to fragment data, integrity verification data, should also there is hair Believe the mark data of node, which the data that the mark data can allow collection of letters node to acknowledge receipt of belong to and transmit node and burst Total quantity.
Step S140, collection of letters node using the private key of oneself to the burst number after the encryption for transmitting node and sending over Operated according to being decrypted, restoring operation corresponding to the multiple fragment datas progress Fragmentation obtained to decryption oprerations obtains The key, transmit the encryption data that node sends over to described using the key operation is decrypted, obtain the need The data to be transmitted.
Collection of letters node receives the mark data Enc after the ciphertext Enc (m, k) for transmitting node and sending over, encryption (mark) and after the fragment data after each encryption, the mark data Enc (mark) after the private key pair encryption preserved according to itself It is decrypted to obtain the identifier for transmitting node, the private key preserved always according to itself solves the fragment data after each encryption Close operation respectively obtains the identifier for transmitting node, and the collection of letters node judges to transmit from what the Enc (mark) decryption obtained The identifier of node whether and the identifier for transmitting node decrypting to obtain from the fragment data after each encryption it is equal, if It is to continue handling process below, otherwise;Flow terminates.
Collection of letters node is decrypted operation to the fragment data after each encryption according to the private key that itself is preserved and obtained accordingly Integrity verification value, judge whether the integrity verification value decrypting to obtain from the fragment data after each encryption equal, such as Fruit is to continue handling process below, otherwise;Flow terminates.
The collection of letters node carries out data deciphering operation according to the private key that itself is preserved to the fragment data after each encryption Corresponding fragment data is obtained, by restoring operation corresponding to all fragment data progress bursts, obtains the key k, Operation is decrypted to the ciphertext Enc (m, k) using the key k, obtains the cleartext information of the data for needing to transmit.
Such as collection of letters node receive transmit public key encryption data that node sent by air network and ground network and After identifier encryption data, integrity verification is carried out to public key encryption data, integrity verification is carried out by rear to encryption data Decryption obtains burst a and b, and two bursts a and b are carried out into restoring operation can obtain symmetric cryptographic key k.Finally, according to close The encryption data for transmitting node is decrypted key k, obtains final clear data.
In the embodiment of the present invention, collection of letters node receives the significant data and identifier data of encryption from air network first, Then fragment data is received from ground network, first verifies that the affiliated of fragment data transmits node, then fragment data is carried out Integrity verification, fragment data is decrypted for operation to ability after being verified.
In the embodiment of the present invention, if integrity verification not by or target transmit the fragment data of node in certain time Collection of letters node is not all arrived inside, then needs to transmit node to target and sends request, it is desirable to is transmitted node and is sent burst again Data.
In whole air-ground integrated network, simply by the presence of the transmission of significant data, above-mentioned steps S120- steps will be carried out S140 operation, and at regular intervals, carry out above-mentioned steps S110 public key renewal operation.
Embodiment two
The embodiment will show a specific implementation example by analogue simulation.
In the embodiment of the present invention, public personal key algorithm uses elliptic curve cryptography system (i.e. ECC AESs), burst Algorithm takes add operation, and symmetric key encryption mechanism takes des encryption algorithm, then the flow of this algorithm is as follows:
Starting stage:
Collection of letters node produces tuple (q according to parameter1,q2,q3, E), wherein q1,q2,q3It is 3 different prime numbers, E is represented One exponent number is m=q1q2q3Elliptic curve;
Then, 3 exponent numbers taken on E are m point { X, Y, Z };
Make P=q1q2X, Q=q2q3Y, R=q3q1Z.Wherein, P is used to encrypt the important information transmitted in node, and Q is used to count According to integrity verification, R is encrypted with to transmitting node identification data.
Public key caused by collection of letters node is (m, P, Q, R, E), and private key is (q1,q2,q3).Collection of letters node holds private key, and will Public key is sent to all by escape way and transmits node.
Encrypting stage:
First, according to DES (data encryption standards, Data Encryption Standard) encryption rule, node is transmitted The key k that random one length of generation is 64, wherein the 8th, 16,24,32,40,48,56,64 is check bit so that each Key has odd number 1.
Next, 64 bit data block step-by-steps of input are reconfigured, and output is divided into L0、R0Two parts, it is each per part It is long 32, and carry out front and rear and change, finally by L0Output is left 32, R0Output is right 32, passes through 16 iteration according to this rule After computing, L is obtained16、R16, using this as input, the inverse permutation opposite with initial permutation is carried out, that is, obtains ciphertext output.
The plaintext m of significant data can be encrypted to obtain ciphertext Des (m, k) by said process.Simultaneously according to public affairs Key will transmit the exclusive mark data of node (mark) and be encrypted:
Ecc (mark)=mark × P+r1× Q,
Wherein r1To transmit the integer that node generates at random, for strengthening the security of mark data.
Finally, the mark data Ecc (mark) after ciphertext Des (m, k) and encryption is sent to collection of letters node.
The transmission stage:
First, two positive integer a and b and random integers r are generated at random2, wherein a and b meet:
A+b=k, and min { a, b }<p<q<Max { a, b },
P and q is the threshold value manually set, prevents that the positive integer of generation is excessive or too small, then a and b is key k burst Data.
Then, fragment data is encrypted according to the public key for transmitting node:
Ecc (a)=a × P+r2× Q+mark × R, Ecc (b)=b × P+r2× Q+mark × R,
Wherein, mark be collection of letters node mark data, r2To transmit the integer that node generates at random.
Finally, fragment data Ecc (a) is encrypted, Ecc (b) is sent to collection of letters node by ground network.
Decryption phase:
Because the mark data Ecc (mark) after ciphertext Des (m, k) and encryption is to be transmitted directly to collection of letters node, therefore Collection of letters node can receive both the above data first, and encryption fragment data Ecc (a), Ecc next can be received from ground network (b).Collection of letters node proceeds by decryption after receiving all data:
First, collection of letters node is decrypted to obtain the mark for transmitting node according to the private key that itself is preserved to Ecc (mark) Symbol,
Mark=logP(q1×Ecc(mark))。
Random number r1Effect be to strengthen the security of encryption data, directly random number can be removed in decrypting process. Then, collection of letters node is decrypted operation to Ecc (a) and Ecc (b) according to the private key that itself is preserved and is transmitted node accordingly Identifier:
marka=logR(q2q3× Ecc (a)), markb=logR(q2q3× Ecc (b)),
By by marka, markbCompared with mark, judge whether this group of data all belong to one and transmit node. Work as marka, markbIt is identical with tri- mark datas of mark, then judge this group of data be all belong to it is same transmit node, after The flow of continuous progress below;Work as marka, markbDiffered with tri- mark datas of mark, then judge that this group of data are not all of Belong to one and transmit node, flow terminates.
Transmit after node identification data compare end, data integrity validation is carried out to Ecc (a) and Ecc (b), section of collecting mail Point is decrypted operation to Ecc (a) and Ecc (b) according to the private key that itself is preserved and obtains corresponding integrity verification value:
r2a=logQ(q1q3×Ecc(a)),r2b=logQ(q1q3×Ecc(b))
By comparing integrity verification value r2aWith integrity verification value r2bWhether it is equal judge data integrality, if r2aEqual to r2b, then confirm Ecc (a) and Ecc (b) data integrity validation by continuing follow-up handling process;Such as Fruit r2aNot equal to r2b, then confirm Ecc (a) and Ecc (b) data integrity validation not by the way that flow terminates.
Ecc (a) and Ecc (b) data integrity validation carries out data deciphering by rear, to Ecc (a) and Ecc (b), obtains To two fragment datas a and b:
A=logP(q1q2× Ecc (a)), b=logP(q1q2× Ecc (b)),
Two fragment data a are added with b to obtain ciphertext Des (m, k) decruption key k.According to des encryption machine System, ciphertext Des (m, k) is decrypted using decruption key k the plaintext m that can obtain significant data.
Key retransmission mechanism:
If within a certain period of time, collection of letters node does not receive the fragment data after whole encryptions or the burst after encryption Data all do not transmit node and resend encryption fragment data by data integrity validation, then request.
Transmit node receive repeating transmission request after, again according to transmission phase flow, generate the fragment data after new encryption. Meanwhile when the fragment data after by new encryption is transmitted by satellite network and ground network, it is selected differently from the biography of last time Defeated path.
In summary, the embodiment of the present invention proposes a kind of new new air-ground integrated network based on symmetric cryptography Safety data transmission method, this method uses two kinds of cipher modes, while the encryption key of important information and important information is entered Row encryption so that what the important information in air-ground integrated network can be safe is sent to related receiving end, while effective guarantor Important information has been demonstrate,proved to be not tampered with.
The characteristics of safety data transmission method that the embodiment of the present invention proposes takes full advantage of vacant lot network, based on vacant lot Has universal applicability in the network of network structure.
One of ordinary skill in the art will appreciate that:Accompanying drawing is the schematic diagram of one embodiment, module in accompanying drawing or Flow is not necessarily implemented necessary to the present invention.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can Realized by the mode of software plus required general hardware platform.Based on such understanding, technical scheme essence On the part that is contributed in other words to prior art can be embodied in the form of software product, the computer software product It can be stored in storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are causing a computer equipment (can be personal computer, server, either network equipment etc.) performs some of each embodiment of the present invention or embodiment Method described in part.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment Divide mutually referring to what each embodiment stressed is the difference with other embodiment.Especially for device or For system embodiment, because it is substantially similar to embodiment of the method, so describing fairly simple, related part is referring to method The part explanation of embodiment.Apparatus and system embodiment described above is only schematical, wherein the conduct The unit that separating component illustrates can be or may not be it is physically separate, can be as the part that unit is shown or Person may not be physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can root Factually border needs to select some or all of module therein realize the purpose of this embodiment scheme.Ordinary skill Personnel are without creative efforts, you can to understand and implement.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto, Any one skilled in the art the invention discloses technical scope in, the change or replacement that can readily occur in, It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (6)

  1. A kind of 1. data transmission method of the air-ground integrated network based on symmetric cryptography, it is characterised in that including:Transmit node When needing to transmit data, first by transmitting node generation key, the data transmitted using the key to needs are encrypted To encryption data, the encryption data is sent to by collection of letters node by air network;
    Key progress Fragmentation is obtained multiple fragment datas by the node that transmits, and is distinguished using the public key of collection of letters node Operation is encrypted to each fragment data, the fragment data after encryption is sent to by the collection of letters node by ground network;
    The collection of letters node is solved using the private key of oneself to the fragment data after the encryption for transmitting node and sending over Close operation, restoring operation corresponding to the multiple fragment datas progress Fragmentation obtained to decryption oprerations obtain described close Key, transmit the encryption data that node sends over to described using the key operation is decrypted, obtain described needing to transmit Data.
  2. 2. according to the method for claim 1, it is characterised in that it is described transmit node generation key before, in addition to:
    Before data transfer starts, collection of letters node generates a pair of public keys and private key by key generting machanism, and public key is passed through Escape way, which is sent to, transmits node, and private key is preserved by collection of letters node.
  3. 3. according to the method for claim 2, it is characterised in that described transmits node generation key, utilizes the key The data transmitted to needs are encrypted to obtain encryption data, and the encryption data is sent into collection of letters section by air network Point, including:
    It is described to transmit node generation key k, it is encrypted to obtain encryption data using the key k data m for transmitting needs Enc (m, k), by the mark data mark for transmitting node and described transmitted using the public key that the collection of letters node sends over The integer that node generates at random is encrypted to obtain Enc (mark);
    The node that transmits is sent the mark data Enc (mark) after the ciphertext Enc (m, k) and encryption by air network To the collection of letters node.
  4. 4. according to the method for claim 3, it is characterised in that the key is carried out Fragmentation by the described node that transmits Multiple fragment datas are obtained, operation is encrypted to each fragment data respectively using the public key of collection of letters node, passes through terrestrial network Fragment data after encryption is sent to the collection of letters node by network, including:
    Key is carried out the multiple fragment datas of Fragmentation generation by the node that transmits, and the Fragmentation is invertible operation, profit By each fragment data and transmitted the mark data mark of node respectively with the public key of the collection of letters node and described transmit node The integer generated at random is encrypted together, obtains the fragment data after multiple encryptions, by the fragment data after each encryption point The collection of letters node is not sent to by ground network.
  5. 5. according to the method for claim 4, it is characterised in that described collection of letters node is using the private key of oneself to the hair Operation is decrypted in fragment data after the encryption that letter node sends over, and the multiple fragment datas obtained to decryption oprerations are carried out Restoring operation corresponding to the Fragmentation obtains the key, using the key to described transmitting that node sends over plus Operation is decrypted in ciphertext data, obtains the data for needing to transmit, including:
    The collection of letters node receives the mark data transmitted after the ciphertext Enc (m, k), encryption that node sends over After fragment data after Enc (mark) and each encryption, the private key preserved according to itself is to the mark data Enc after the encryption (mark) it is decrypted to obtain the identifier for transmitting node, always according to the private key itself preserved to the fragment data after each encryption Operation is decrypted and respectively obtains the identifier for transmitting node, the collection of letters node judges to obtain from the Enc (mark) decryption The identifier for transmitting node whether and the identifier phase for transmitting node decrypting to obtain from the fragment data after each encryption Deng if it is, continuing handling process below, otherwise;Flow terminates;
    The collection of letters node is decrypted operation to the fragment data after each encryption according to the private key that itself is preserved and obtained accordingly Integrity verification value, judge whether the integrity verification value decrypting to obtain from the fragment data after each encryption equal, such as Fruit is to continue handling process below, otherwise;Flow terminates;
    The collection of letters node carries out data deciphering to the fragment data after each encryption according to the private key that itself is preserved and operates to obtain Corresponding fragment data, by restoring operation corresponding to all fragment data progress bursts, the key k is obtained, is utilized Operation is decrypted to the ciphertext Enc (m, k) in the key k, obtains the cleartext information of the data for needing to transmit.
  6. 6. according to the method for claim 5, it is characterised in that described method also includes:
    If within a certain period of time, the collection of letters node does not receive whole encryption fragment datas or encryption fragment data and not had All by data integrity validation, then node is transmitted described in request and resends the fragment data after encryption;
    It is described transmit node receive repeating transmission request after, again according to transmission phase flow, generate the fragment data after new encryption, In the fragment data after by new encryption by air-ground integrated network transmission to the collection of letters node when, be selected differently from the biography of last time Defeated path.
CN201711128463.6A 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption Active CN107666491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711128463.6A CN107666491B (en) 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711128463.6A CN107666491B (en) 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption

Publications (2)

Publication Number Publication Date
CN107666491A true CN107666491A (en) 2018-02-06
CN107666491B CN107666491B (en) 2020-05-05

Family

ID=61143896

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711128463.6A Active CN107666491B (en) 2017-11-15 2017-11-15 Data transmission method of air-ground integrated network based on symmetric encryption

Country Status (1)

Country Link
CN (1) CN107666491B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111818023A (en) * 2020-06-23 2020-10-23 中国商用飞机有限责任公司 Data transmission method and data transmission system suitable for air-ground communication link
WO2021056865A1 (en) * 2019-09-27 2021-04-01 厦门网宿有限公司 Data consistency checking method and data uploading/downloading apparatus
CN112769547A (en) * 2019-11-05 2021-05-07 成都鼎桥通信技术有限公司 Key fragment transmission method and device and corresponding receiving method and device
WO2021088593A1 (en) * 2019-11-06 2021-05-14 ***通信有限公司研究院 Verification method, device and equipment and computer readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047494A (en) * 2006-05-14 2007-10-03 华为技术有限公司 Method and system of key consultation in PON system
CN101286843A (en) * 2008-06-03 2008-10-15 江西省电力信息通讯有限公司 Single-point login method under point-to-point model
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
CN103401678A (en) * 2013-07-30 2013-11-20 成都卫士通信息产业股份有限公司 Method for ensuring data transmission safety of Internet of things
US20150163211A1 (en) * 2013-12-11 2015-06-11 International Business Machines Corporation Unclonable id based chip-to-chip communication
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107231368A (en) * 2017-06-22 2017-10-03 四川长虹电器股份有限公司 The method for lifting the software interface security that Internet is opened

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047494A (en) * 2006-05-14 2007-10-03 华为技术有限公司 Method and system of key consultation in PON system
CN101286843A (en) * 2008-06-03 2008-10-15 江西省电力信息通讯有限公司 Single-point login method under point-to-point model
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
CN103401678A (en) * 2013-07-30 2013-11-20 成都卫士通信息产业股份有限公司 Method for ensuring data transmission safety of Internet of things
US20150163211A1 (en) * 2013-12-11 2015-06-11 International Business Machines Corporation Unclonable id based chip-to-chip communication
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system
CN107231368A (en) * 2017-06-22 2017-10-03 四川长虹电器股份有限公司 The method for lifting the software interface security that Internet is opened

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021056865A1 (en) * 2019-09-27 2021-04-01 厦门网宿有限公司 Data consistency checking method and data uploading/downloading apparatus
CN112769547A (en) * 2019-11-05 2021-05-07 成都鼎桥通信技术有限公司 Key fragment transmission method and device and corresponding receiving method and device
WO2021088593A1 (en) * 2019-11-06 2021-05-14 ***通信有限公司研究院 Verification method, device and equipment and computer readable storage medium
CN111818023A (en) * 2020-06-23 2020-10-23 中国商用飞机有限责任公司 Data transmission method and data transmission system suitable for air-ground communication link

Also Published As

Publication number Publication date
CN107666491B (en) 2020-05-05

Similar Documents

Publication Publication Date Title
CN104023013B (en) Data transmission method, server side and client
CN102130768B (en) Terminal equipment having capability of encrypting and decrypting link layer and data processing method thereof
CN105049401B (en) A kind of safety communicating method based on intelligent vehicle
CN105162599B (en) A kind of data transmission system and its transmission method
CN102088441B (en) Data encryption transmission method and system for message-oriented middleware
CN107666491A (en) The data transmission method of air-ground integrated network based on symmetric cryptography
CN1938980A (en) Method and apparatus for cryptographically processing data
CN208986966U (en) A kind of ciphering terminal and corresponding data transmission system
US7039190B1 (en) Wireless LAN WEP initialization vector partitioning scheme
CN110011786B (en) High-safety IP secret communication method
CN102088352B (en) Data encryption transmission method and system for message-oriented middleware
CN101667999A (en) Method and system for transmitting peer-to-peer broadcast stream, data signature device and client
CN109104278A (en) A kind of encrypting and decrypting method
CN116321129A (en) Lightweight dynamic key-based power transaction private network communication encryption method
CN104735094A (en) Information separation based data security transmission system and method
CN101527708B (en) Method and device for restoring connection
CN110098937A (en) A kind of data block associated Encryption Algorithm based on timestamp
CN116015943B (en) Privacy protection method based on multi-level tunnel confusion
CN111555879A (en) Satellite communication network management channel message encryption and decryption method and system
US11019042B1 (en) Data assisted key switching in hybrid cryptography
Gaur et al. A comparative study and analysis of cryptographic algorithms: RSA, DES, AES, BLOWFISH, 3-DES, and TWOFISH
Ren et al. Fountain-coding-aided secure delivery via cross-locking between payload data and control information
Wang et al. Design and implementation of secure and reliable information interaction architecture for digital twins
CN110213257B (en) High-safety IP secret communication method based on true random stream exclusive or encryption
EP3883178A1 (en) Encryption system and method employing permutation group-based encryption technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant