CN115913722A - Message integrity checking method and system - Google Patents
Message integrity checking method and system Download PDFInfo
- Publication number
- CN115913722A CN115913722A CN202211458226.7A CN202211458226A CN115913722A CN 115913722 A CN115913722 A CN 115913722A CN 202211458226 A CN202211458226 A CN 202211458226A CN 115913722 A CN115913722 A CN 115913722A
- Authority
- CN
- China
- Prior art keywords
- message
- sent
- serial port
- check code
- firewall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of data security, in particular to a message integrity checking method and a system, wherein the method comprises the following steps: the serial port firewall obtains a security check code of the message to be delivered according to the byte number of each field of the message to be delivered based on a preset calculation rule; the serial port firewall sends the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial port firewall; the serial firewall obtains the actual check code of the response message; the serial port firewall judges whether the security check code is the same as the actual check code or not so as to judge whether the message to be sent received by the destination server is complete or not. The method can carry out real-time online verification on the integrity of the message, improves the verification efficiency of the message and ensures the integrity of the data message.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and a system for verifying message integrity.
Background
The firewall technology is a technology for protecting the security of user data and information by combining various software and hardware devices for security management and screening to help a computer network to construct a relatively isolated protection barrier between an internal network and an external network. A message is a data unit exchanged and transmitted in a network, that is, a data block to be sent by a station at one time. The message contains complete data information to be sent, and the message is very inconsistent in length, unlimited in length and variable. The message is also a unit of network transmission, and is continuously encapsulated into packets, packets and frames for transmission in the transmission process, and the encapsulation mode is to add some information sections, namely, data in which a message header is organized in a certain format, such as message type, message version, message length, message entity and other information. Particularly, with the wide application of the packet, it becomes more important to check the integrity of the packet data, and when the packet does not have integrity, the buffer of the network device may overflow, causing the memory of the network device to leak. When judging whether the message has integrity, the current network security authentication method transmits the message to be detected to a server through a first transmission channel, stores the message as a first detection message, transmits the message to be detected to the server through a second transmission channel, stores the message as a second detection message, judges and compares the first detection message and the second detection message, judges that the message has integrity when the first detection message and the second detection message are completely the same, otherwise judges that the message is falsified or the transmission is unstable to cause errors, but the method needs to occupy a large amount of computer resources and memory, greatly reduces the efficiency of message integrity verification, and cannot realize real-time network security verification on the message integrity.
Disclosure of Invention
The invention provides a method and a system for verifying message integrity, aiming at the defects of the prior art.
The technical scheme of the message integrity checking method of the invention is as follows:
the serial port firewall receives a message to be sent by an upper computer, and divides the message to be sent into two fields according to a preset condition;
the serial port firewall acquires the byte number of each field of the message to be sent;
the serial port firewall obtains a security check code of the message to be sent according to the byte number of each field of the message to be sent based on a preset calculation rule;
the serial port firewall sends the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial port firewall;
the serial port firewall divides the response message into two fields according to the preset condition and acquires the byte number of each field of the response message;
the serial port firewall obtains an actual check code of the response message according to the preset calculation rule and the byte number of each field of the response message;
the serial port firewall judges whether the security check code is the same as the actual check code, if so, the target server judges that the message to be sent received by the target server is complete, and if not, the target server judges that the message to be sent received by the target server is incomplete.
The message integrity checking method has the following beneficial effects:
the method can carry out real-time online verification on the integrity of the message, improves the verification efficiency of the message and ensures the integrity of the data message.
On the basis of the above scheme, the message integrity checking method of the present invention may be further improved as follows.
Further, when the message to be sent received by the destination server is judged to be complete, the serial firewall returns the response message to the upper computer.
Further, the two fields of the message to be sent are respectively: and the data request field and the security check code field of the message to be sent.
Further, the two fields of the response packet are respectively: and the data request field and the security check code field of the response message.
The technical scheme of the message integrity checking system of the invention is as follows:
the system comprises a serial port firewall and a destination server;
the serial port firewall is used for: receiving a message to be sent by an upper computer, and dividing the message to be sent into two fields according to a preset condition;
the serial port firewall is also used for: acquiring the byte number of each field of the message to be sent;
the serial port firewall is also used for: based on a preset calculation rule, and according to the byte number of each field of the message to be sent, obtaining a security check code of the message to be sent;
the serial port firewall is also used for: sending the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial firewall;
the serial port firewall is also used for: dividing the response message into two fields according to the preset condition, and acquiring the number of bytes of each field of the response message;
the serial port firewall is also used for: obtaining an actual check code of the response message according to the preset calculation rule and the byte number of each field of the response message;
the serial port firewall is also used for: and judging whether the security check code is the same as the actual check code, if so, judging that the message to be sent received by the destination server is complete, and if not, judging that the message to be sent received by the destination server is incomplete.
The message integrity checking system has the following beneficial effects:
the method can carry out real-time online verification on the integrity of the message, improves the verification efficiency of the message and ensures the integrity of the data message.
On the basis of the above scheme, the message integrity checking system of the present invention may be further improved as follows.
Further, the serial firewall is further configured to: and when the message to be sent received by the destination server is judged to be complete, returning the response message to the upper computer.
Further, the two fields of the message to be sent are respectively: and the data request field and the security check code field of the message to be sent.
Further, the two fields of the response packet are respectively: and the data request field and the security check code field of the response message.
Drawings
Fig. 1 is a schematic flowchart of a message integrity checking method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a message integrity checking system according to an embodiment of the present invention.
Detailed Description
As shown in fig. 1, a method for verifying integrity of a packet according to an embodiment of the present invention includes the following steps:
s1, a serial port firewall receives a message to be sent by an upper computer, and divides the message to be sent into two fields according to a preset condition;
each message comprises a data request field and a safety check code field, so that the preset conditions are set as follows: taking a data request field of the message as one field and a security check code field of the message as the other field, wherein the two fields to be sent to the message are respectively: a data request field and a security check code field of the message to be delivered.
S2, the serial port firewall acquires the byte number of each field of the message to be sent;
s3, the serial port firewall obtains the security check code of the message to be sent according to the byte number of each field of the message to be sent based on a preset calculation rule;
the preset calculation rule can be a mathematical calculation formula for setting the packet, the mathematical calculation formula sets the byte number of each field of the message to be sent as a variable parameter, and the byte number of each field of the message to be sent is brought into the mathematical calculation formula, and the obtained result is the safety check code;
or, the preset calculation rule is:
1. presetting 1 16-bit register as hexadecimal FFFF (all 1), wherein the register is a security check Code Register (CRC);
2. the first 8-bit binary data (i.e., the first byte of the communication frame) is exclusive-ored with the lower eight bits of the 16-bit CRC register and the result is stored in the CRC register.
3. The contents of the CRC register are shifted one bit to the right (toward the lower bits) with 0's to fill the most significant bits and the shifted out bits are detected after the right shift.
4. If the shift-out bit is zero, repeat the third step (shift right one bit again); if the shift-out bit is 1, the CRC register is XOR'd with polynomial A001.
5. Steps 3 and 4 are repeated until 8 shifts to the right are made so that the entire 8 bits of data are all processed.
6. And repeating the steps 2 and 5 to process the next byte of the communication information frame.
7. After all bytes of the communication information frame are calculated according to the steps, the high byte and the low byte of the 16-bit CRC register are obtained for exchanging.
8. And finally, the obtained CRC register content is the safety check code of the message to be sent.
S4, the serial port firewall sends the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial port firewall; the destination server may be a computer or a processor.
S5, the serial port firewall divides the response message into two fields according to a preset condition, and obtains the byte number of each field of the response message, wherein the two fields of the response message are respectively as follows: and the data request field and the security check code field of the response message.
And S6, the serial port firewall obtains the actual check code of the response message according to the preset calculation rule and the byte number of each field of the response message, and the preset calculation rule refers to the above, which is not described herein again.
And S7, the serial port firewall judges whether the security check code is the same as the actual check code, if so, the target server judges that the message to be sent received by the target server is complete, and if not, the target server judges that the message to be sent received by the target server is incomplete, if not, the message to be sent is indicated to be possibly tampered or generates deviation by electromagnetic interference in the communication process, and at the moment, the message to be sent is discarded.
Optionally, in the above technical solution, the method further includes:
and S8, when the message to be sent received by the destination server is judged to be complete, the serial firewall returns the response message to the upper computer.
Optionally, in the above technical solution, before S1, the method further includes: and judging whether the message to be sent comprises a data request field and a safety check code field, if so, executing S1.
In another embodiment, the security check code is encapsulated and encrypted, so that the security check code can be effectively prevented from being tampered by others in the transmission process, the problem that the security check code is randomly called can be avoided through an encryption mode, and the accuracy of message integrity verification is improved.
The method is combined into a serial port firewall and is suitable for ultra-long frame detection, frame redundancy detection, half-frame detection and small frame interval detection, and meanwhile, the technical scheme provided by the application can be used for detecting ultra-long abnormal frames which can cause the overflow of a buffer area of slave equipment, and the normal frame + redundancy structure can cause memory leakage, and detecting a truncated frame which can cause the non-release of the slave equipment application memory and the memory leakage, and the small frame interval causes the DOS attack.
In the foregoing embodiments, although steps are numbered as S1, S2, etc., but the embodiments are only specific examples given in this application, and those skilled in the art may adjust the execution order of S1, S2, etc. according to the actual situation, and this is also within the protection scope of the present invention, and it is understood that some embodiments may include some or all of the above embodiments.
As shown in fig. 2, a system for verifying integrity of a message according to an embodiment of the present invention includes a serial firewall and a destination server;
the serial port firewall is used for: receiving a message to be sent by an upper computer, and dividing the message to be sent into two fields according to a preset condition;
the serial port firewall is also used for: acquiring the byte number of each field of the message to be sent;
the serial port firewall is also used for: based on a preset calculation rule, obtaining a security check code of the message to be sent according to the byte number of each field of the message to be sent;
the serial port firewall is also used for: sending the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial firewall;
the serial port firewall is also used for: dividing the response message into two fields according to a preset condition, and acquiring the number of bytes of each field of the response message;
the serial port firewall is also used for: obtaining an actual check code of the response message according to a preset calculation rule and the byte number of each field of the response message;
the serial port firewall is also used for: and judging whether the security check code is the same as the actual check code, if so, judging that the message to be sent received by the destination server is complete, and if not, judging that the message to be sent received by the destination server is incomplete.
The method can carry out real-time online verification on the integrity of the message, improves the verification efficiency of the message and ensures the integrity of the data message.
Optionally, in the above technical solution, the serial firewall is further configured to: and when the message to be sent received by the destination server is judged to be complete, returning the response message to the upper computer.
Optionally, in the above technical solution, the two fields of the packet to be sent are: a data request field and a security check code field of the message to be delivered.
Optionally, in the above technical solution, two fields of the response packet are respectively: and the data request field and the security check code field of the response message.
The above steps for realizing the corresponding functions of each parameter and each unit module in the message integrity checking system according to the present invention may refer to each parameter and step in the above embodiment of a message integrity checking method, which are not described herein again.
As will be appreciated by one skilled in the art, the present invention may be embodied as a system, method or computer program product.
Accordingly, the present disclosure may be embodied in the form of: may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software, and may be referred to herein generally as a "circuit," module "or" system. Furthermore, in some embodiments, the invention may also be embodied in the form of a computer program product in one or more computer-readable media having computer-readable program code embodied in the medium.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (8)
1. A message integrity checking method is characterized by comprising the following steps:
the serial port firewall receives a message to be sent by an upper computer, and divides the message to be sent into two fields according to a preset condition;
the serial port firewall acquires the byte number of each field of the message to be sent;
the serial port firewall obtains a security check code of the message to be sent according to the byte number of each field of the message to be sent based on a preset calculation rule;
the serial port firewall sends the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial port firewall;
the serial port firewall divides the response message into two fields according to the preset condition and acquires the byte number of each field of the response message;
the serial port firewall obtains an actual check code of the response message according to the preset calculation rule and the byte number of each field of the response message;
the serial port firewall judges whether the security check code is the same as the actual check code, if so, the target server judges that the message to be sent received by the target server is complete, and if not, the target server judges that the message to be sent received by the target server is incomplete.
2. The method for message integrity check according to claim 1, further comprising:
and when the message to be sent received by the destination server is judged to be complete, the serial port firewall returns the response message to the upper computer.
3. The method according to claim 1, wherein the two fields of the packet to be sent are respectively: and the data request field and the security check code field of the message to be sent.
4. The method according to claim 1, wherein the two fields of the response packet are respectively: and the data request field and the security check code field of the response message.
5. A message integrity checking system is characterized by comprising a serial port firewall and a destination server;
the serial port firewall is used for: receiving a message to be sent by an upper computer, and dividing the message to be sent into two fields according to a preset condition;
the serial port firewall is also used for: acquiring the byte number of each field of the message to be sent;
the serial port firewall is also used for: based on a preset calculation rule and according to the byte number of each field of the message to be sent, obtaining a security check code of the message to be sent;
the serial port firewall is also used for: sending the message to be sent to a target server so that the target server can make a response message according to the received message to be sent and return the response message to the serial firewall;
the serial port firewall is also used for: dividing the response message into two fields according to the preset condition, and acquiring the byte number of each field of the response message;
the serial port firewall is also used for: obtaining an actual check code of the response message according to the preset calculation rule and the byte number of each field of the response message;
the serial port firewall is also used for: and judging whether the security check code is the same as the actual check code, if so, judging that the message to be sent received by the destination server is complete, and if not, judging that the message to be sent received by the destination server is incomplete.
6. The message integrity checking system according to claim 5, wherein the serial firewall is further configured to: and when the message to be sent received by the destination server is judged to be complete, returning the response message to the upper computer.
7. The message integrity checking system according to claim 5, wherein the two fields of the message to be sent are respectively: and the data request field and the security check code field of the message to be sent.
8. The message integrity checking system according to claim 5, wherein the two fields of the response message are respectively: and the data request field and the security check code field of the response message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211458226.7A CN115913722A (en) | 2022-11-21 | 2022-11-21 | Message integrity checking method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211458226.7A CN115913722A (en) | 2022-11-21 | 2022-11-21 | Message integrity checking method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115913722A true CN115913722A (en) | 2023-04-04 |
Family
ID=86476307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211458226.7A Pending CN115913722A (en) | 2022-11-21 | 2022-11-21 | Message integrity checking method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913722A (en) |
-
2022
- 2022-11-21 CN CN202211458226.7A patent/CN115913722A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11134100B2 (en) | Network device and network system | |
| US6717917B1 (en) | Method of determining real-time data latency and apparatus therefor | |
| CN104463007A (en) | Data authentication method and apparatus thereof | |
| CN103595661B (en) | Message fragmentation restructuring method and device | |
| KR102177411B1 (en) | Method for managing industrial control systems via physical one-way encryption remote monitoring | |
| KR20140116144A (en) | Method and system for secured communication of control information in a wireless network environment | |
| CN108683606B (en) | IPsec anti-replay method, device, network equipment and readable storage medium | |
| CN112653699B (en) | BFD authentication method and device and electronic equipment | |
| CN112600838A (en) | CAN bus data encryption method and device, storage medium and electronic equipment | |
| CN115913722A (en) | Message integrity checking method and system | |
| CN112615820A (en) | Replay attack detection method, device, equipment and storage medium | |
| KR101342423B1 (en) | An apparatus and a method for reporting the error of each level of the tunnel data packet in a communication network | |
| CN110198202B (en) | Method and device for checking AFDX (avionics full Duplex switched Ethernet) bus message data source | |
| CN115022078A (en) | Controller built-in network safety protection method and device and electronic equipment | |
| KR101389646B1 (en) | Communication device and communication method | |
| CN113645176A (en) | Method and device for detecting counterfeit flow and electronic equipment | |
| CN113595240B (en) | Method, device, equipment and storage medium for detecting electric power data | |
| CN113949561B (en) | Inter-station secure communication method, device and medium of secure controller | |
| CN114301600B (en) | Method, device and medium for improving HTTP message signature security | |
| CN116668004B (en) | Method and device for rapidly identifying abnormal information and storage medium thereof | |
| CN113872976B (en) | HTTP2 attack-based protection method and device and electronic equipment | |
| CN111478948B (en) | Block chain access method, internet of things equipment and storage medium | |
| CN109040031B (en) | Method for processing data message based on same local area network | |
| CN116599734A (en) | Data verification method, device, equipment and storage medium | |
| Wołoszyk et al. | Safe communication for railway transport using the example of axle counter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |