CN107666491A - The data transmission method of air-ground integrated network based on symmetric cryptography - Google Patents
The data transmission method of air-ground integrated network based on symmetric cryptography Download PDFInfo
- Publication number
- CN107666491A CN107666491A CN201711128463.6A CN201711128463A CN107666491A CN 107666491 A CN107666491 A CN 107666491A CN 201711128463 A CN201711128463 A CN 201711128463A CN 107666491 A CN107666491 A CN 107666491A
- Authority
- CN
- China
- Prior art keywords
- node
- data
- encryption
- key
- collection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of data transmission method of the air-ground integrated network based on symmetric cryptography.This method includes:The data key for transmitting node generation is encrypted, and encryption data is sent into collection of letters node by air network;Transmit node and key progress Fragmentation is obtained into multiple fragment datas, operation is encrypted to each fragment data respectively using the public key of collection of letters node, the fragment data after encryption is sent to by collection of letters node by ground network;Operation is decrypted using the fragment data after the private key pair encryption of oneself in collection of letters node, the multiple fragment datas obtained to decryption oprerations carry out restoring operation and obtain key, operation is decrypted to transmitting the encryption data that node sends over using key, obtains clear data.The encryption key of important information and important information is encrypted simultaneously for the method for the present invention so that what the important information in air-ground integrated network can be safe is sent to related receiving end, is effectively guaranteed important information and is not tampered with.
Description
Technical field
The present invention relates to Security Data Transmission technical field, more particularly to a kind of air-ground integrated net based on symmetric cryptography
The data transmission method of network.
Background technology
Air-ground integrated network is a kind of comprehensive ground and spatial network resource, passes through the multidimensional information such as air, space, land, sea
Effective acquisition, collaboration, transmission, and the pool processing of resource, the distribution of task, the organization and management of action realize space-time
The integrated synthesis processing of complex network and maximum effectively utilization, real-time reliable on-demand service is provided for all kinds of different users.
The target of air-ground integrated network is that the processing that efficiently cooperates with comprehensively is carried out to event, for expansion, be exactly using multidimensional information,
Each operational module is cooperateed with, strengthens the disposal ability of event;With reference to sky, day, disparate networks and the respective advantage of system, realize
Have complementary functions, expand the scope that can handle event;Using the powerful mobility of air-ground integrated network synthesis information system, extensively
General coverage, global collaboration capabilities and the intelligent processing capacity to information, realizes the efficient place to event and task
Reason.
Air-ground integrated network can realize the information service of global integration, and ensure its real-time accuracy.In order to
Accurate information service in real time is obtained, direction of the communication mode towards cooperative cooperating is fast-developing and as future communications
Trend, and air-ground integrated network is to realize prerequisite and effective means that different communication mode cooperates with, it has following spy
Point:
(1) collaborative:Sky, day, cooperate between network and be fused to unified integrated network system, to greatest extent
The advantage of land productivity Land-Mobile-Network and satellite network, it can be cooperateed between the modules and module in system
Work, is coordinated to spatial information, managed and is optimized, and is collected to greatest extent and is utilized various space information resources, realizes
The processing faster and better to event;
(2) ubiquitous:Comprehensive air, space, land, sea multiple network realizes covering and Multi folds coverage extensively, has to region entirely
The real-time coverage of weather;
(3) high efficiency:Air-ground integrated network synthesis information system have to the quick respond of task events and
Efficient disposal ability.
Satellite information network is the diaphyseal portion of air-ground integrated network, is to enter row information as main carriers using satellite to obtain
The network system for taking, transmitting and handling.Satellite network be by between star, the different tracks that satellite-ground link links together, species,
The network that satellite, constellation and the corresponding ground installation of performance are formed, and supported by Information Network commander, control
System, communication and the set of other various application systems.As the Primary communication means of satellite network, radio communication quality it is good
The bad transmission rate for directly affecting information, it is one of key factor of performance for determining whole system.
In the prior art also without the data transmission method in a kind of safe and effective air-ground integrated network.
The content of the invention
The embodiment provides a kind of data transmission method of the air-ground integrated network based on symmetric cryptography, with
It is embodied as significant data in air-ground integrated network and a kind of transmission technology with higher-security is provided.
To achieve these goals, this invention takes following technical scheme.
A kind of data transmission method of the air-ground integrated network based on symmetric cryptography, including:Transmitting node needs to transmit
During data, first by transmitting node generation key, the data transmitted using the key to needs are encrypted to obtain encryption number
According to the encryption data is sent into collection of letters node by air network;
Key progress Fragmentation is obtained multiple fragment datas by the node that transmits, and utilizes the public key of collection of letters node
Operation is encrypted to each fragment data respectively, the fragment data after encryption is sent into described collect mail by ground network saves
Point;
The collection of letters node is entered using the private key of oneself to the fragment data after the encryption for transmitting node and sending over
Row decryption oprerations, restoring operation corresponding to the multiple fragment datas progress Fragmentation obtained to decryption oprerations obtain described
Key, transmit the encryption data that node sends over to described using the key operation is decrypted, obtain described needing to pass
Defeated data.
Further, it is described transmit node generation key before, in addition to:
Before data transfer starts, collection of letters node generates a pair of public keys and private key by key generting machanism, by public key
It is sent to by escape way and transmits node, private key is preserved by collection of letters node.
Further, the described node that transmits generates key, and the data transmitted using the key to needs are encrypted
Encryption data is obtained, the encryption data is sent to by collection of letters node by air network, including:
It is described to transmit node generation key k, it is encrypted and is encrypted using the key k data m transmitted to needs
Data Enc (m, k), using the public key that the collection of letters node sends over by the mark data mark for transmitting node and described
The integer that node generates at random is transmitted to be encrypted to obtain Enc (mark);
It is described transmit node by air network by the ciphertext Enc (m, k) and encryption after mark data Enc (mark)
It is sent to the collection of letters node.
Further, key progress Fragmentation is obtained multiple fragment datas by the described node that transmits, and utilizes receipts
Operation is encrypted to each fragment data respectively in the public key of letter node, is sent the fragment data after encryption by ground network
To the collection of letters node, including:
Key is carried out the multiple fragment datas of Fragmentation generation by the node that transmits, and the Fragmentation is reversible behaviour
Make, using the public key of the collection of letters node respectively by each fragment data with transmitting the mark data mark of node and described transmitting
The integer that node generates at random is encrypted together, obtains the fragment data after multiple encryptions, by the burst number after each encryption
According to being sent to the collection of letters node by ground network respectively.
Further, described collection of letters node using the private key of oneself to the encryption for transmitting node and sending over after
Operation is decrypted in fragment data, and the multiple fragment datas obtained to decryption oprerations carry out reducing behaviour corresponding to the Fragmentation
The key is obtained, the encryption data that node sends over is transmitted to described using the key operation is decrypted, obtain
The data for needing to transmit, including:
The collection of letters node receives the mark transmitted after the ciphertext Enc (m, k), encryption that node sends over
After fragment data after data Enc (mark) and each encryption, the private key preserved according to itself is to the mark number after the encryption
It is decrypted to obtain the identifier for transmitting node according to Enc (mark), always according to the private key that itself is preserved to point after each encryption
Sheet data is decrypted operation and respectively obtains the identifier for transmitting node, and the collection of letters node judges to solve from the Enc (mark)
The close obtained identifier for transmitting node whether and the mark for transmitting node decrypting to obtain from the fragment data after each encryption
Symbol is all equal, if it is, continuing handling process below, otherwise;Flow terminates;
The collection of letters node is decrypted operation to the fragment data after each encryption according to the private key that itself is preserved and obtained
Corresponding integrity verification value, judge from the fragment data after each encryption decrypt obtained integrity verification value whether phase
Deng if it is, continuing handling process below, otherwise;Flow terminates;
The collection of letters node carries out data deciphering operation according to the private key that itself is preserved to the fragment data after each encryption
Corresponding fragment data is obtained, by restoring operation corresponding to all fragment data progress bursts, obtains the key k,
Operation is decrypted to the ciphertext Enc (m, k) using the key k, obtains the cleartext information of the data for needing to transmit.
Further, described method also includes:
If within a certain period of time, the collection of letters node does not receive whole encryption fragment datas or encryption fragment data
All node is not transmitted described in request then and resends the fragment data after encryption by data integrity validation;
It is described transmit node receive repeating transmission request after, again according to transmission phase flow, generate the burst after new encryption
Data, in the fragment data after by new encryption by air-ground integrated network transmission to the collection of letters node when, be selected differently from
Secondary transmission path.
The embodiment of the present invention proposes a kind of new it can be seen from the technical scheme provided by embodiments of the invention described above
The safety data transmission method of new air-ground integrated network based on symmetric cryptography, this method use two kinds of cipher modes, together
When the encryption key of important information and important information is encrypted so that the important information in air-ground integrated network can pacify
Complete is sent to related receiving end, while is effectively guaranteed important information and is not tampered with.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill of field, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other
Accompanying drawing.
Fig. 1 is a kind of air-ground integrated network security data transmission side based on symmetric cryptography provided in an embodiment of the present invention
The process chart of method.
Embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning
Same or similar element is represented to same or similar label eventually or there is the element of same or like function.Below by ginseng
The embodiment for examining accompanying drawing description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is individual ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges
Diction " comprising " refer to the feature, integer, step, operation, element and/or component be present, but it is not excluded that in the presence of or addition
One or more other features, integer, step, operation, element, component and/or their groups.It should be understood that when we claim member
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or coupling.Wording used herein
"and/or" includes any cell of one or more associated list items and all combined.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology) with the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also
Understand, those terms defined in such as general dictionary, which should be understood that, to be had and the meaning in the context of prior art
The consistent meaning of justice, and unless defined as here, will not be with idealizing or the implication of overly formal be explained.
For ease of the understanding to the embodiment of the present invention, done further by taking several specific embodiments as an example below in conjunction with accompanying drawing
Explanation, and each embodiment does not form the restriction to the embodiment of the present invention.
The embodiment of the present invention is on the basis of significant data transmission in designing air-ground integrated network, it is proposed that one kind is based on
Safety data transmission method in the new air-ground integrated network of symmetric cryptography, has ensured the security requirement of significant data,
Data integrity validation function is provided simultaneously for the encryption key of significant data.Above-mentioned air-ground integrated network includes Kongzhong
Network and ground network.
The node type included in concurrent Routing Protocol has following two:
Transmit node:Refer to preserve important information in itself, and need for the information to be transmitted a kind of node of operation.
Such node have encryption important information, encryption association key data, burst encryption key data, send encryption important information and
Encrypt the functions such as fragment data.
Collection of letters node:Refer to the terminal node for receiving important information.Such node, which has, to be received encryption important information, receives
Encryption fragment data, reduction fragment data, decruption key data, decryption important information and request transmit node resend it is related
The functions such as data.
The safety data transmission technology that the embodiment of the present invention proposes mainly includes following three aspects:
The key generation of public key encryption:Collection of letters node public and private key generting machanism known to, produce one group of public and private key.Receive
Letter node holds private key, and public key is sent to by secure transmission tunnel and transmits node.
The encryption of significant data:When transmitting node in the presence of the significant data for needing to send, a symmetric key is produced first;
Then, significant data is encrypted using the symmetric key;Next, symmetric key is subjected to Fragmentation, and it is right respectively
All bursts carry out public key encryption;Finally, the significant data of encryption is transmitted directly to collection of letters node, the fragment data difference of encryption
Collection of letters node is sent to by satellite network and ground network.
The decryption of significant data:After collection of letters node receives the significant data of encryption, if not receiving within a certain period of time complete
The encryption fragment data in portion or encryption fragment data are sent out to transmitting node and send again not over data integrity validation, then
Send the request of fragment data, if having received all encryption fragment datas and all by data integrity validation, start into
The decryption of row significant data.The private key held first with collection of letters node decrypts fragment data, then enters all fragment datas
Row synthesis obtains key, last that significant data is decrypted according to obtained key, obtains the cleartext information of significant data.
Embodiment one
A kind of processing for air-ground integrated network security data transmission technology based on symmetric cryptography that the embodiment provides
Flow is as shown in figure 1, including following processing step:
Step S110, before communication starts, collection of letters node generates a set of public and private key for carrying out data integrity validation, and will
Public key transmits node to be sent to by escape way, and private key is preserved by collection of letters node.
The embodiment of the present invention is in collection of letters node and transmits and uses public and private key encryption mechanism between node, is on the one hand because logical
Often in the case of, a collection of letters node may correspond to it is multiple transmit node, if taking asymmetric encryption mechanisms, need according to collect mail save
The symmetric key of point quantity generation respective numbers, otherwise transmitting internodal data can mutually crack, and security risk is larger;It is another
The public and private key encryption mechanism of aspect is easy to maintenance, while the security issued of public key is also larger.
The public and private key encryption mechanism of the embodiment of the present invention can be added according to actual conditions using what existing any satisfaction required
Close mechanism.The public and private key encryption mechanism wherein used needs to meet three following conditions:
Condition one:With higher-security;
Condition two:Data integrity validation can be carried out;
Condition three:It can verify that data source.
Wherein, first condition is the basic requirement for encryption mechanism, and second condition is to ensure that encryption data exists
Do not distorted maliciously in transmitting procedure, the 3rd condition is to ensure that collection of letters node can know the encryption number by encryption data
Node is transmitted according to from which.The public and private key encryption mechanism of the overwhelming majority can meet three above requirement by adjustment.
Step S120, node is transmitted before the data for needing to transmit are sent, it is random to generate key k, utilize k pairs of the key
The data m transmitted is needed to be encrypted to obtain encryption data, the public key sended over using the collection of letters node is transmitted described
The mark data mark of node and described transmit the integer that node generates at random and be encrypted to obtain Enc (mark).Then, transmit
Mark data Enc (mark) after ciphertext Enc (m, k) and encryption is sent to collection of letters node by node by air network.
In the embodiment of the present invention, asymmetric encryption mechanisms are taken to the significant data for transmitting node, the asymmetric encryption mechanisms
Encryption key also transmits node generation by this.Because what the transmission for the significant data after encryption was taken is collection of letters node to hair
The air network of letter node directly transmits, and will not generally destroy the integrality of data.
Step S130, transmit node and key k is subjected to the multiple fragment datas of Fragmentation generation, the Fragmentation is can
Inverse operation, using the public key of the collection of letters node respectively by each fragment data with transmitting the mark data mark of node and described
Transmit the integer that node generates at random to be encrypted together, obtain the fragment data after multiple encryptions, by point after each encryption
Sheet data is sent to the collection of letters node by ground network respectively.
For example transmit node and key k is subjected to Fragmentation generation a and b, and generate a random number r and be used for integrality
Checking, is then encrypted to a and b, obtains encryption data a and encryption data b respectively according to the public key of collection of letters node, simultaneously will
R is added in encryption data a and encryption data b, for data integrity validation, finally transmits node by ground network to receipts
Letter node sends the two encryption datas.
In the embodiment of the present invention, Fragmentation can be multiplying, add operation or other invertible operations, the operation
Mutually know between node in collection of letters node and transmitting.In addition, the data of burst can not be too small, with additive exemplified by, if wherein one
Individual burst is 5, then attacker has obtained another burst, can crack the plaintext of symmetric key easily, fragment data can not play
Improve the effect of security.
In the embodiment of the present invention, in the data of public key encryption in addition to fragment data, integrity verification data, should also there is hair
Believe the mark data of node, which the data that the mark data can allow collection of letters node to acknowledge receipt of belong to and transmit node and burst
Total quantity.
Step S140, collection of letters node using the private key of oneself to the burst number after the encryption for transmitting node and sending over
Operated according to being decrypted, restoring operation corresponding to the multiple fragment datas progress Fragmentation obtained to decryption oprerations obtains
The key, transmit the encryption data that node sends over to described using the key operation is decrypted, obtain the need
The data to be transmitted.
Collection of letters node receives the mark data Enc after the ciphertext Enc (m, k) for transmitting node and sending over, encryption
(mark) and after the fragment data after each encryption, the mark data Enc (mark) after the private key pair encryption preserved according to itself
It is decrypted to obtain the identifier for transmitting node, the private key preserved always according to itself solves the fragment data after each encryption
Close operation respectively obtains the identifier for transmitting node, and the collection of letters node judges to transmit from what the Enc (mark) decryption obtained
The identifier of node whether and the identifier for transmitting node decrypting to obtain from the fragment data after each encryption it is equal, if
It is to continue handling process below, otherwise;Flow terminates.
Collection of letters node is decrypted operation to the fragment data after each encryption according to the private key that itself is preserved and obtained accordingly
Integrity verification value, judge whether the integrity verification value decrypting to obtain from the fragment data after each encryption equal, such as
Fruit is to continue handling process below, otherwise;Flow terminates.
The collection of letters node carries out data deciphering operation according to the private key that itself is preserved to the fragment data after each encryption
Corresponding fragment data is obtained, by restoring operation corresponding to all fragment data progress bursts, obtains the key k,
Operation is decrypted to the ciphertext Enc (m, k) using the key k, obtains the cleartext information of the data for needing to transmit.
Such as collection of letters node receive transmit public key encryption data that node sent by air network and ground network and
After identifier encryption data, integrity verification is carried out to public key encryption data, integrity verification is carried out by rear to encryption data
Decryption obtains burst a and b, and two bursts a and b are carried out into restoring operation can obtain symmetric cryptographic key k.Finally, according to close
The encryption data for transmitting node is decrypted key k, obtains final clear data.
In the embodiment of the present invention, collection of letters node receives the significant data and identifier data of encryption from air network first,
Then fragment data is received from ground network, first verifies that the affiliated of fragment data transmits node, then fragment data is carried out
Integrity verification, fragment data is decrypted for operation to ability after being verified.
In the embodiment of the present invention, if integrity verification not by or target transmit the fragment data of node in certain time
Collection of letters node is not all arrived inside, then needs to transmit node to target and sends request, it is desirable to is transmitted node and is sent burst again
Data.
In whole air-ground integrated network, simply by the presence of the transmission of significant data, above-mentioned steps S120- steps will be carried out
S140 operation, and at regular intervals, carry out above-mentioned steps S110 public key renewal operation.
Embodiment two
The embodiment will show a specific implementation example by analogue simulation.
In the embodiment of the present invention, public personal key algorithm uses elliptic curve cryptography system (i.e. ECC AESs), burst
Algorithm takes add operation, and symmetric key encryption mechanism takes des encryption algorithm, then the flow of this algorithm is as follows:
Starting stage:
Collection of letters node produces tuple (q according to parameter1,q2,q3, E), wherein q1,q2,q3It is 3 different prime numbers, E is represented
One exponent number is m=q1q2q3Elliptic curve;
Then, 3 exponent numbers taken on E are m point { X, Y, Z };
Make P=q1q2X, Q=q2q3Y, R=q3q1Z.Wherein, P is used to encrypt the important information transmitted in node, and Q is used to count
According to integrity verification, R is encrypted with to transmitting node identification data.
Public key caused by collection of letters node is (m, P, Q, R, E), and private key is (q1,q2,q3).Collection of letters node holds private key, and will
Public key is sent to all by escape way and transmits node.
Encrypting stage:
First, according to DES (data encryption standards, Data Encryption Standard) encryption rule, node is transmitted
The key k that random one length of generation is 64, wherein the 8th, 16,24,32,40,48,56,64 is check bit so that each
Key has odd number 1.
Next, 64 bit data block step-by-steps of input are reconfigured, and output is divided into L0、R0Two parts, it is each per part
It is long 32, and carry out front and rear and change, finally by L0Output is left 32, R0Output is right 32, passes through 16 iteration according to this rule
After computing, L is obtained16、R16, using this as input, the inverse permutation opposite with initial permutation is carried out, that is, obtains ciphertext output.
The plaintext m of significant data can be encrypted to obtain ciphertext Des (m, k) by said process.Simultaneously according to public affairs
Key will transmit the exclusive mark data of node (mark) and be encrypted:
Ecc (mark)=mark × P+r1× Q,
Wherein r1To transmit the integer that node generates at random, for strengthening the security of mark data.
Finally, the mark data Ecc (mark) after ciphertext Des (m, k) and encryption is sent to collection of letters node.
The transmission stage:
First, two positive integer a and b and random integers r are generated at random2, wherein a and b meet:
A+b=k, and min { a, b }<p<q<Max { a, b },
P and q is the threshold value manually set, prevents that the positive integer of generation is excessive or too small, then a and b is key k burst
Data.
Then, fragment data is encrypted according to the public key for transmitting node:
Ecc (a)=a × P+r2× Q+mark × R, Ecc (b)=b × P+r2× Q+mark × R,
Wherein, mark be collection of letters node mark data, r2To transmit the integer that node generates at random.
Finally, fragment data Ecc (a) is encrypted, Ecc (b) is sent to collection of letters node by ground network.
Decryption phase:
Because the mark data Ecc (mark) after ciphertext Des (m, k) and encryption is to be transmitted directly to collection of letters node, therefore
Collection of letters node can receive both the above data first, and encryption fragment data Ecc (a), Ecc next can be received from ground network
(b).Collection of letters node proceeds by decryption after receiving all data:
First, collection of letters node is decrypted to obtain the mark for transmitting node according to the private key that itself is preserved to Ecc (mark)
Symbol,
Mark=logP(q1×Ecc(mark))。
Random number r1Effect be to strengthen the security of encryption data, directly random number can be removed in decrypting process.
Then, collection of letters node is decrypted operation to Ecc (a) and Ecc (b) according to the private key that itself is preserved and is transmitted node accordingly
Identifier:
marka=logR(q2q3× Ecc (a)), markb=logR(q2q3× Ecc (b)),
By by marka, markbCompared with mark, judge whether this group of data all belong to one and transmit node.
Work as marka, markbIt is identical with tri- mark datas of mark, then judge this group of data be all belong to it is same transmit node, after
The flow of continuous progress below;Work as marka, markbDiffered with tri- mark datas of mark, then judge that this group of data are not all of
Belong to one and transmit node, flow terminates.
Transmit after node identification data compare end, data integrity validation is carried out to Ecc (a) and Ecc (b), section of collecting mail
Point is decrypted operation to Ecc (a) and Ecc (b) according to the private key that itself is preserved and obtains corresponding integrity verification value:
r2a=logQ(q1q3×Ecc(a)),r2b=logQ(q1q3×Ecc(b))
By comparing integrity verification value r2aWith integrity verification value r2bWhether it is equal judge data integrality, if
r2aEqual to r2b, then confirm Ecc (a) and Ecc (b) data integrity validation by continuing follow-up handling process;Such as
Fruit r2aNot equal to r2b, then confirm Ecc (a) and Ecc (b) data integrity validation not by the way that flow terminates.
Ecc (a) and Ecc (b) data integrity validation carries out data deciphering by rear, to Ecc (a) and Ecc (b), obtains
To two fragment datas a and b:
A=logP(q1q2× Ecc (a)), b=logP(q1q2× Ecc (b)),
Two fragment data a are added with b to obtain ciphertext Des (m, k) decruption key k.According to des encryption machine
System, ciphertext Des (m, k) is decrypted using decruption key k the plaintext m that can obtain significant data.
Key retransmission mechanism:
If within a certain period of time, collection of letters node does not receive the fragment data after whole encryptions or the burst after encryption
Data all do not transmit node and resend encryption fragment data by data integrity validation, then request.
Transmit node receive repeating transmission request after, again according to transmission phase flow, generate the fragment data after new encryption.
Meanwhile when the fragment data after by new encryption is transmitted by satellite network and ground network, it is selected differently from the biography of last time
Defeated path.
In summary, the embodiment of the present invention proposes a kind of new new air-ground integrated network based on symmetric cryptography
Safety data transmission method, this method uses two kinds of cipher modes, while the encryption key of important information and important information is entered
Row encryption so that what the important information in air-ground integrated network can be safe is sent to related receiving end, while effective guarantor
Important information has been demonstrate,proved to be not tampered with.
The characteristics of safety data transmission method that the embodiment of the present invention proposes takes full advantage of vacant lot network, based on vacant lot
Has universal applicability in the network of network structure.
One of ordinary skill in the art will appreciate that:Accompanying drawing is the schematic diagram of one embodiment, module in accompanying drawing or
Flow is not necessarily implemented necessary to the present invention.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can
Realized by the mode of software plus required general hardware platform.Based on such understanding, technical scheme essence
On the part that is contributed in other words to prior art can be embodied in the form of software product, the computer software product
It can be stored in storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are causing a computer equipment
(can be personal computer, server, either network equipment etc.) performs some of each embodiment of the present invention or embodiment
Method described in part.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment stressed is the difference with other embodiment.Especially for device or
For system embodiment, because it is substantially similar to embodiment of the method, so describing fairly simple, related part is referring to method
The part explanation of embodiment.Apparatus and system embodiment described above is only schematical, wherein the conduct
The unit that separating component illustrates can be or may not be it is physically separate, can be as the part that unit is shown or
Person may not be physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can root
Factually border needs to select some or all of module therein realize the purpose of this embodiment scheme.Ordinary skill
Personnel are without creative efforts, you can to understand and implement.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art the invention discloses technical scope in, the change or replacement that can readily occur in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (6)
- A kind of 1. data transmission method of the air-ground integrated network based on symmetric cryptography, it is characterised in that including:Transmit node When needing to transmit data, first by transmitting node generation key, the data transmitted using the key to needs are encrypted To encryption data, the encryption data is sent to by collection of letters node by air network;Key progress Fragmentation is obtained multiple fragment datas by the node that transmits, and is distinguished using the public key of collection of letters node Operation is encrypted to each fragment data, the fragment data after encryption is sent to by the collection of letters node by ground network;The collection of letters node is solved using the private key of oneself to the fragment data after the encryption for transmitting node and sending over Close operation, restoring operation corresponding to the multiple fragment datas progress Fragmentation obtained to decryption oprerations obtain described close Key, transmit the encryption data that node sends over to described using the key operation is decrypted, obtain described needing to transmit Data.
- 2. according to the method for claim 1, it is characterised in that it is described transmit node generation key before, in addition to:Before data transfer starts, collection of letters node generates a pair of public keys and private key by key generting machanism, and public key is passed through Escape way, which is sent to, transmits node, and private key is preserved by collection of letters node.
- 3. according to the method for claim 2, it is characterised in that described transmits node generation key, utilizes the key The data transmitted to needs are encrypted to obtain encryption data, and the encryption data is sent into collection of letters section by air network Point, including:It is described to transmit node generation key k, it is encrypted to obtain encryption data using the key k data m for transmitting needs Enc (m, k), by the mark data mark for transmitting node and described transmitted using the public key that the collection of letters node sends over The integer that node generates at random is encrypted to obtain Enc (mark);The node that transmits is sent the mark data Enc (mark) after the ciphertext Enc (m, k) and encryption by air network To the collection of letters node.
- 4. according to the method for claim 3, it is characterised in that the key is carried out Fragmentation by the described node that transmits Multiple fragment datas are obtained, operation is encrypted to each fragment data respectively using the public key of collection of letters node, passes through terrestrial network Fragment data after encryption is sent to the collection of letters node by network, including:Key is carried out the multiple fragment datas of Fragmentation generation by the node that transmits, and the Fragmentation is invertible operation, profit By each fragment data and transmitted the mark data mark of node respectively with the public key of the collection of letters node and described transmit node The integer generated at random is encrypted together, obtains the fragment data after multiple encryptions, by the fragment data after each encryption point The collection of letters node is not sent to by ground network.
- 5. according to the method for claim 4, it is characterised in that described collection of letters node is using the private key of oneself to the hair Operation is decrypted in fragment data after the encryption that letter node sends over, and the multiple fragment datas obtained to decryption oprerations are carried out Restoring operation corresponding to the Fragmentation obtains the key, using the key to described transmitting that node sends over plus Operation is decrypted in ciphertext data, obtains the data for needing to transmit, including:The collection of letters node receives the mark data transmitted after the ciphertext Enc (m, k), encryption that node sends over After fragment data after Enc (mark) and each encryption, the private key preserved according to itself is to the mark data Enc after the encryption (mark) it is decrypted to obtain the identifier for transmitting node, always according to the private key itself preserved to the fragment data after each encryption Operation is decrypted and respectively obtains the identifier for transmitting node, the collection of letters node judges to obtain from the Enc (mark) decryption The identifier for transmitting node whether and the identifier phase for transmitting node decrypting to obtain from the fragment data after each encryption Deng if it is, continuing handling process below, otherwise;Flow terminates;The collection of letters node is decrypted operation to the fragment data after each encryption according to the private key that itself is preserved and obtained accordingly Integrity verification value, judge whether the integrity verification value decrypting to obtain from the fragment data after each encryption equal, such as Fruit is to continue handling process below, otherwise;Flow terminates;The collection of letters node carries out data deciphering to the fragment data after each encryption according to the private key that itself is preserved and operates to obtain Corresponding fragment data, by restoring operation corresponding to all fragment data progress bursts, the key k is obtained, is utilized Operation is decrypted to the ciphertext Enc (m, k) in the key k, obtains the cleartext information of the data for needing to transmit.
- 6. according to the method for claim 5, it is characterised in that described method also includes:If within a certain period of time, the collection of letters node does not receive whole encryption fragment datas or encryption fragment data and not had All by data integrity validation, then node is transmitted described in request and resends the fragment data after encryption;It is described transmit node receive repeating transmission request after, again according to transmission phase flow, generate the fragment data after new encryption, In the fragment data after by new encryption by air-ground integrated network transmission to the collection of letters node when, be selected differently from the biography of last time Defeated path.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711128463.6A CN107666491B (en) | 2017-11-15 | 2017-11-15 | Data transmission method of air-ground integrated network based on symmetric encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711128463.6A CN107666491B (en) | 2017-11-15 | 2017-11-15 | Data transmission method of air-ground integrated network based on symmetric encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107666491A true CN107666491A (en) | 2018-02-06 |
CN107666491B CN107666491B (en) | 2020-05-05 |
Family
ID=61143896
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711128463.6A Active CN107666491B (en) | 2017-11-15 | 2017-11-15 | Data transmission method of air-ground integrated network based on symmetric encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107666491B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818023A (en) * | 2020-06-23 | 2020-10-23 | 中国商用飞机有限责任公司 | Data transmission method and data transmission system suitable for air-ground communication link |
WO2021056865A1 (en) * | 2019-09-27 | 2021-04-01 | 厦门网宿有限公司 | Data consistency checking method and data uploading/downloading apparatus |
CN112769547A (en) * | 2019-11-05 | 2021-05-07 | 成都鼎桥通信技术有限公司 | Key fragment transmission method and device and corresponding receiving method and device |
WO2021088593A1 (en) * | 2019-11-06 | 2021-05-14 | ***通信有限公司研究院 | Verification method, device and equipment and computer readable storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101047494A (en) * | 2006-05-14 | 2007-10-03 | 华为技术有限公司 | Method and system of key consultation in PON system |
CN101286843A (en) * | 2008-06-03 | 2008-10-15 | 江西省电力信息通讯有限公司 | Single-point login method under point-to-point model |
CN101753311A (en) * | 2010-01-14 | 2010-06-23 | 杨筑平 | Information privacy and identity authentication method and digital signature program |
CN103401678A (en) * | 2013-07-30 | 2013-11-20 | 成都卫士通信息产业股份有限公司 | Method for ensuring data transmission safety of Internet of things |
US20150163211A1 (en) * | 2013-12-11 | 2015-06-11 | International Business Machines Corporation | Unclonable id based chip-to-chip communication |
CN104821944A (en) * | 2015-04-28 | 2015-08-05 | 广东小天才科技有限公司 | Hybrid encrypted network data security method and system |
CN107231368A (en) * | 2017-06-22 | 2017-10-03 | 四川长虹电器股份有限公司 | The method for lifting the software interface security that Internet is opened |
-
2017
- 2017-11-15 CN CN201711128463.6A patent/CN107666491B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101047494A (en) * | 2006-05-14 | 2007-10-03 | 华为技术有限公司 | Method and system of key consultation in PON system |
CN101286843A (en) * | 2008-06-03 | 2008-10-15 | 江西省电力信息通讯有限公司 | Single-point login method under point-to-point model |
CN101753311A (en) * | 2010-01-14 | 2010-06-23 | 杨筑平 | Information privacy and identity authentication method and digital signature program |
CN103401678A (en) * | 2013-07-30 | 2013-11-20 | 成都卫士通信息产业股份有限公司 | Method for ensuring data transmission safety of Internet of things |
US20150163211A1 (en) * | 2013-12-11 | 2015-06-11 | International Business Machines Corporation | Unclonable id based chip-to-chip communication |
CN104821944A (en) * | 2015-04-28 | 2015-08-05 | 广东小天才科技有限公司 | Hybrid encrypted network data security method and system |
CN107231368A (en) * | 2017-06-22 | 2017-10-03 | 四川长虹电器股份有限公司 | The method for lifting the software interface security that Internet is opened |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021056865A1 (en) * | 2019-09-27 | 2021-04-01 | 厦门网宿有限公司 | Data consistency checking method and data uploading/downloading apparatus |
CN112769547A (en) * | 2019-11-05 | 2021-05-07 | 成都鼎桥通信技术有限公司 | Key fragment transmission method and device and corresponding receiving method and device |
WO2021088593A1 (en) * | 2019-11-06 | 2021-05-14 | ***通信有限公司研究院 | Verification method, device and equipment and computer readable storage medium |
CN111818023A (en) * | 2020-06-23 | 2020-10-23 | 中国商用飞机有限责任公司 | Data transmission method and data transmission system suitable for air-ground communication link |
Also Published As
Publication number | Publication date |
---|---|
CN107666491B (en) | 2020-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104023013B (en) | Data transmission method, server side and client | |
CN102130768B (en) | Terminal equipment having capability of encrypting and decrypting link layer and data processing method thereof | |
CN105049401B (en) | A kind of safety communicating method based on intelligent vehicle | |
CN105162599B (en) | A kind of data transmission system and its transmission method | |
CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
CN107666491A (en) | The data transmission method of air-ground integrated network based on symmetric cryptography | |
CN1938980A (en) | Method and apparatus for cryptographically processing data | |
CN208986966U (en) | A kind of ciphering terminal and corresponding data transmission system | |
US7039190B1 (en) | Wireless LAN WEP initialization vector partitioning scheme | |
CN110011786B (en) | High-safety IP secret communication method | |
CN102088352B (en) | Data encryption transmission method and system for message-oriented middleware | |
CN101667999A (en) | Method and system for transmitting peer-to-peer broadcast stream, data signature device and client | |
CN109104278A (en) | A kind of encrypting and decrypting method | |
CN116321129A (en) | Lightweight dynamic key-based power transaction private network communication encryption method | |
CN104735094A (en) | Information separation based data security transmission system and method | |
CN101527708B (en) | Method and device for restoring connection | |
CN110098937A (en) | A kind of data block associated Encryption Algorithm based on timestamp | |
CN116015943B (en) | Privacy protection method based on multi-level tunnel confusion | |
CN111555879A (en) | Satellite communication network management channel message encryption and decryption method and system | |
US11019042B1 (en) | Data assisted key switching in hybrid cryptography | |
Gaur et al. | A comparative study and analysis of cryptographic algorithms: RSA, DES, AES, BLOWFISH, 3-DES, and TWOFISH | |
Ren et al. | Fountain-coding-aided secure delivery via cross-locking between payload data and control information | |
Wang et al. | Design and implementation of secure and reliable information interaction architecture for digital twins | |
CN110213257B (en) | High-safety IP secret communication method based on true random stream exclusive or encryption | |
EP3883178A1 (en) | Encryption system and method employing permutation group-based encryption technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |