CN117390656B - Security management method and system for encryption equipment - Google Patents

Security management method and system for encryption equipment Download PDF

Info

Publication number
CN117390656B
CN117390656B CN202311657691.8A CN202311657691A CN117390656B CN 117390656 B CN117390656 B CN 117390656B CN 202311657691 A CN202311657691 A CN 202311657691A CN 117390656 B CN117390656 B CN 117390656B
Authority
CN
China
Prior art keywords
security
module
key
sub
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311657691.8A
Other languages
Chinese (zh)
Other versions
CN117390656A (en
Inventor
蔡先勇
周枭淳
杜峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Aolian Information Security Technology Co ltd
Original Assignee
Shenzhen Aolian Information Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Aolian Information Security Technology Co ltd filed Critical Shenzhen Aolian Information Security Technology Co ltd
Priority to CN202311657691.8A priority Critical patent/CN117390656B/en
Publication of CN117390656A publication Critical patent/CN117390656A/en
Application granted granted Critical
Publication of CN117390656B publication Critical patent/CN117390656B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of security management, in particular to a security management method and system of encryption equipment, comprising the following steps: based on user data, a Schnorr zero knowledge proof algorithm and a multi-factor identity verification technology are adopted to conduct user identity verification, role distribution is conducted, and a user identity verification result is generated. According to the invention, the privacy information of the user is protected by using zero knowledge proof and multi-factor identity, the identity verification security is provided, the weakness of single-factor identity verification is avoided, the key is generated and distributed by adopting a blockchain technology, the key security is enhanced, the risk of man-in-the-middle attack and key leakage is reduced, the security and the credibility of the key are ensured by the untampere and decentralization of the blockchain, the security event is recorded in the blockchain by the blockchain event recording sub-module, the untampere and the reliability are ensured, the risk that the traditional audit log is easy to be tampered or deleted is avoided, and the higher security and auditability are provided.

Description

Security management method and system for encryption equipment
Technical Field
The present invention relates to the field of security management technologies, and in particular, to a security management method and system for an encryption device.
Background
Security management covers the development of basic data encryption and decryption techniques to sophisticated security policies and protocols. The core objective of the security management technique is to ensure the integrity, confidentiality and availability of sensitive information, and to prevent unauthorized access and data leakage. This includes access control to encryption devices (e.g., hardware security modules, encryption servers, etc.), user authentication, management and updating of encryption keys, security auditing, and data leakage prevention measures.
The security management method of the encryption equipment is a means for protecting information security, and sensitive data is mainly protected by encryption technology. The purpose of this approach is to ensure that only authorized users can access and process the encrypted data, preventing the data from being stolen or tampered with during storage, transmission or processing. The security management method of the encryption device has the effects of improving the security level of the whole information system and reducing risks caused by data leakage, illegal access or other forms of network attacks. To achieve these goals, security management of encryption devices is typically achieved by a variety of means. This includes, but is not limited to, encrypting data using strong encryption algorithms (e.g., AES, RSA, etc.), implementing strict user authentication and entitlement control measures, and periodically updating keys and security protocols to cope with emerging security threats. Also included is monitoring and recording all access attempts to the encryption device to facilitate quick response in the event of a security event. By the comprehensive measures, the security management method of the encryption equipment can effectively protect sensitive data and reduce the possibility of data leakage and other security threats.
In the actual use process of the existing security management system, the traditional identity verification only depends on a user name and a password, the security of single-factor identity verification is low, the security risk of privacy information disclosure exists, and the risk of man-in-the-middle attack or key disclosure exists in the key generation and distribution process. Conventional audit logs are typically stored on a centralized server, and in the event of hacking or insider attack, the log is tampered with or deleted, thereby masking potential security events or compromising the reliability of the audit.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a security management method and system of encryption equipment.
In order to achieve the above purpose, the present invention adopts the following technical scheme: a security management method of an encryption device, comprising the steps of:
S1: based on user data, carrying out user identity verification by adopting a Schnorr zero knowledge proof algorithm and a multi-factor identity verification technology, and carrying out role allocation to generate a user identity verification result;
s2: based on the user identity verification result, performing authority setting by adopting a role-based access control model and an XACML access control strategy, and generating role allocation and authority setting;
S3: based on the role allocation and authority setting, generating, distributing and storing a key by adopting a blockchain technology and a symmetric encryption algorithm SM4/AES to generate key management data;
S4: based on the key management data, adopting a blockchain technology and a k-means cluster analysis algorithm to audit and analyze the security event, and generating a security event audit report;
s5: based on the security event audit report, a real-time event detection technology based on a log is adopted to implement a security policy, and a security policy execution record is generated;
s6: based on the security policy execution record, performing software update and security patch management by adopting a vulnerability scanning tool and a blockchain update distribution technology, and generating a software update and security patch record;
S7: based on the software update and the security patch record, adopting a real-time behavior analysis and support vector machine technology to monitor abnormal behaviors and perform security response, and generating an abnormal behavior and response record.
As a further aspect of the present invention, the user authentication result includes a user role, an authentication state and used authentication factors, the role allocation and authority setting includes a role name, an authority level and an access rule, the key management data includes a key pair list, a storage location of a key and an encryption manner, the security event audit report includes a security event list, an impact analysis and improvement suggestion, the security policy execution record includes executed policy details, a policy violation event and a processing result, the software update and security patch record includes an update item list, an update state and a patch application condition, and the abnormal behavior and response record includes identified abnormal behavior, taken response measures and an alarm record.
The system comprises an access control module, a key management module, an audit and report module, a security policy management module, an updating and upgrading management module, an abnormality detection and response module and an autonomous security decision module;
The access control module comprises a zero knowledge proof verification sub-module, a multi-factor identity verification sub-module, a right management sub-module and an access control strategy sub-module;
The key management module comprises a key generation and distribution sub-module, a key distribution and pin injection module and a key storage and removal module;
The audit and report module comprises a security event audit sub-module, an audit log analysis sub-module and a report generation sub-module;
the security policy management module comprises a policy setting sub-module and a policy executing sub-module;
the update and upgrade management module comprises a software update sub-module and an update distribution sub-module;
The abnormality detection and response module comprises an abnormality behavior monitoring sub-module, a safety response sub-module and a threat notification and early warning sub-module;
the autonomous security decision module comprises a machine learning model sub-module and an autonomous security decision sub-module.
As a further aspect of the present invention, the zero-knowledge proof verification sub-module uses a Schnorr zero-knowledge proof algorithm to implement a zero-knowledge proof protocol, and generates a proof to verify the authenticity of certain statements using an elliptic curve cryptography algorithm without revealing actual data to verify the identity of the user and without revealing privacy information of the user;
the multi-factor identity verification sub-module combines a plurality of identity verification factors to carry out multi-factor identity verification, wherein the identity verification factors comprise a hardware token and a biological recognition technology, the biological recognition technology adopts a support vector machine to carry out fingerprint matching, and a convolutional neural network is adopted to carry out face recognition;
the authority management sub-module adopts an access control model based on roles, defines different roles and authority levels, and distributes users to corresponding roles;
The access control strategy sub-module adopts an attribute access control model to define and manage an access control strategy based on a zero trust security architecture.
As a further scheme of the present invention, the key generation and distribution submodule uses a blockchain technology to securely distribute keys and ensure their secure distribution to user equipment, the key pair is composed of a public key and a private key, the public key is used for encryption and verification, and the private key is used for decryption and signature;
The key distribution and cancellation submodule distributes the generated key to the user equipment by adopting a public key encryption algorithm, encrypts the generated key pair by utilizing the public key of the user equipment, decrypts the key pair by only the private key of the user equipment, signs a cancellation request by adopting a digital signature algorithm after the key cancellation, and operates by marking the key state as a cancellation state in a key management system;
The key storage and revocation submodule stores the key in an encrypted form by adopting a symmetric encryption algorithm SM4 or AES and provides a safe backup and recovery mechanism, and when a security event comprising key leakage occurs, the key revocation submodule uses a revocation list CRL mechanism to revoke the affected key.
As a further scheme of the invention, the security event audit submodule records the security event of the system by using a blockchain technology based on a hash function and a consensus algorithm, and provides higher security and reliability based on the decentralization and traceability characteristics of the blockchain;
the audit log analysis submodule analyzes and interprets the security event records to detect potential security threats and abnormal behaviors, uses a k-means cluster analysis algorithm, analyzes the audit log based on a rule reasoning mechanism, and timely discovers and deals with security problems;
The report generation submodule automatically generates detailed safety reports according to the audit logs and the safety event records by utilizing a data analysis and visualization algorithm, wherein the safety reports comprise statistical analysis, association analysis, a visualization chart and a graph.
As a further scheme of the invention, the policy setting submodule defines and configures a security policy, wherein the security policy comprises a forced password policy, an access control policy and an encryption algorithm policy, the access control policy adopts a rule-based access control method, the rule-based access control method is specifically an attribute access control language XACML, and the encryption algorithm policy is specifically a symmetric encryption algorithm SM4 or AES;
The policy execution submodule executes and controls the user and the equipment in real time according to the security policy defined by the policy setting submodule, monitors the running state of the system by using real-time event detection based on log analysis, and detects and deals with the behavior violating the security policy.
As a further scheme of the invention, the software updating sub-module utilizes a vulnerability database and a security supply chain to acquire the latest security information, automatically detects security vulnerabilities by using a vulnerability scanning tool and a security bulletin subscription technology, and automatically acquires related security updates and patches to ensure the security and integrity of the system;
the update distribution submodule realizes higher-security software update distribution by using a blockchain technology, and creates a distributed and non-tamperable update distribution record by using the blockchain to prevent man-in-the-middle attack and tampering.
As a further scheme of the invention, the abnormal behavior monitoring sub-module monitors and analyzes the equipment behaviors in real time by utilizing real-time behavior analysis and threat information data, monitors and analyzes event logs, network flow and system call of the equipment, trains a model and learns the normal behavior mode of the equipment by adopting a support vector machine and behavior mode analysis technology, identifies abnormal behaviors and improves detection accuracy;
The safety response submodule automatically executes corresponding safety response measures according to the abnormal behavior detected by the abnormal behavior monitoring submodule, wherein the safety response measures comprise disabling a user, preventing network traffic and preventing an IP address;
The threat notification and early warning submodule utilizes real-time threat information data to send alarm notification in cooperation with event and abnormal behavior monitoring results.
As a further scheme of the invention, a machine learning model sub-module trains and updates a machine learning model, and identifies and learns a new security threat mode based on historical data, wherein the machine learning model improves the accuracy and timeliness of security decision by analyzing a large amount of security data, and the security data comprises logs, network traffic, malicious software and attack characteristics;
The autonomous security decision sub-module classifies the target event or behavior based on a machine learning model, judges whether the target event or behavior belongs to security threat, and autonomously takes proper response measures.
Compared with the prior art, the invention has the advantages and positive effects that:
In the invention, the zero knowledge proof verification sub-module and the multi-factor identity verification sub-module are used, so that the privacy information of the user is better protected, stronger identity verification security is provided, and the weakness of single-factor identity verification is avoided. The adoption of the blockchain technology to generate and distribute the secret key can enhance the security of secret key generation and distribution, and reduce the risks of man-in-the-middle attack and secret key leakage. The non-tamper and decentralization features of the blockchain ensure the security and trustworthiness of the key. All security events are recorded in the blockchain through the blockchain event recording submodule, so that the non-falsifiability and reliability of the security events are ensured, the risk that the traditional audit log is falsified or deleted easily is avoided, and higher security and auditability are provided.
Drawings
FIG. 1 is a schematic workflow diagram of the present invention;
FIG. 2 is a schematic diagram of a system flow of the present invention;
FIG. 3 is a schematic diagram of a frame of the present invention;
FIG. 4 is a flow chart of an access control module system of the present invention;
FIG. 5 is a flow chart of a key management module of the present invention;
FIG. 6 is a flow chart of an audit and reporting module of the present invention;
FIG. 7 is a flow chart of a security policy management module according to the present invention;
FIG. 8 is a flowchart of an update and upgrade management module according to the present invention;
FIG. 9 is a flow chart of an anomaly detection and response module according to the present invention;
FIG. 10 is a flow chart of an autonomous security decision module of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In the description of the present invention, it should be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientation or positional relationships shown in the drawings, merely to facilitate describing the present invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the present invention. Furthermore, in the description of the present invention, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
Example 1
Referring to fig. 1, the present invention provides a technical solution: a security management method of an encryption device, comprising the steps of:
S1: based on user data, carrying out user identity verification by adopting a Schnorr zero knowledge proof algorithm and a multi-factor identity verification technology, and carrying out role allocation to generate a user identity verification result;
S2: based on a user identity verification result, performing authority setting by adopting a role-based access control model and an XACML access control strategy, and generating role allocation and authority setting;
S3: based on role allocation and authority setting, generating, distributing and storing a key by adopting a blockchain technology and a symmetric encryption algorithm SM4/AES to generate key management data;
S4: based on the key management data, adopting a blockchain technology and a k-means cluster analysis algorithm to audit and analyze the security event, and generating a security event audit report;
s5: based on the security event audit report, implementing a security policy by adopting a real-time event detection technology based on a log, and generating a security policy execution record;
s6: based on the security policy execution record, performing software update and security patch management by adopting a vulnerability scanning tool and a blockchain update distribution technology, and generating a software update and security patch record;
S7: based on the software update and the security patch record, adopting a real-time behavior analysis and support vector machine technology to monitor abnormal behavior and perform security response, and generating an abnormal behavior and response record.
The user identity verification result comprises a user role, an identity verification state and used verification factors, role allocation and authority setting comprises a role name, an authority level and an access rule, key management data comprises a key pair list, a key storage position and an encryption mode, a security event audit report comprises a security event list, influence analysis and improvement suggestions, a security policy execution record comprises executed policy details, a policy violation event and a processing result, a software update and security patch record comprises an update item list, an update state and a patch application condition, and an abnormal behavior and response record comprises identified abnormal behavior, taken response measures and alarm records.
Through Schnorr zero knowledge proof algorithm and multi-factor identity verification, the privacy information of the user is better protected, and meanwhile weak points of single-factor identity verification are avoided. The block chain technology is adopted to generate and distribute the secret key, so that the security of secret key generation and distribution is enhanced, the risks of man-in-the-middle attack and secret key leakage are reduced, and the security and the credibility of the secret key are ensured. All security events are recorded in the blockchain in a non-tamperable manner through the blockchain event recording submodule, auditability and reliability of the security events are guaranteed, risks that traditional audit logs are easy to tamper or delete are avoided, and higher security and auditability are provided. The use of role-based access control and XACML access control policies enhances the rights settings, ensuring that only authorized users can access sensitive information. The security event audit and analysis and real-time event detection techniques provide for timely identification and response to security threats, thereby enhancing the real-time security of the system. Software updating and security patch management and abnormal behavior monitoring and security response mechanisms further improve the overall security and stability of the system.
Referring to fig. 2 to 3, a security management system of an encryption device is used for executing the security management method of the encryption device, and the system comprises an access control module, a key management module, an audit and report module, a security policy management module, an update and upgrade management module, an anomaly detection and response module and an autonomous security decision module;
The access control module comprises a zero knowledge proof verification sub-module, a multi-factor identity verification sub-module, a right management sub-module and an access control strategy sub-module;
the key management module comprises a key generation and distribution sub-module, a key distribution and pin injection module and a key storage and pin removal module;
The audit and report module comprises a security event audit sub-module, an audit log analysis sub-module and a report generation sub-module;
the security policy management module comprises a policy setting sub-module and a policy executing sub-module;
The update and upgrade management module comprises a software update sub-module and an update distribution sub-module;
The abnormality detection and response module comprises an abnormality behavior monitoring sub-module, a safety response sub-module and a threat notification and early warning sub-module;
the autonomous security decision module comprises a machine learning model sub-module and an autonomous security decision sub-module.
The comprehensive encryption equipment security management system integrates a plurality of key modules and sub-modules, and provides comprehensive guarantee for the security and manageability of the system. The modules of identity verification, access control, key management, audit and report, security policy management, update and upgrade, anomaly detection and response, autonomous security decision and the like cooperate with each other, so that multiple beneficial effects are brought. The method comprises the steps of strengthening user identity verification and access control, improving the security of key management, realizing security event audit and analysis, effective security policy management, accurate updating and upgrading management, real-time anomaly detection and response and autonomous security decision, comprehensively improving the overall security, auditability and response capability of the system, reducing potential risks and threats, providing safer use environment for users, and maintaining the credibility and robustness of the encryption equipment.
Referring to fig. 4, the zero-knowledge proof verification sub-module uses a Schnorr zero-knowledge proof algorithm to implement a zero-knowledge proof protocol, and generates a proof to verify the authenticity of certain statements using an elliptic curve cryptography algorithm without revealing actual data to verify the identity of the user and without revealing the privacy information of the user;
The multi-factor identity verification sub-module combines a plurality of identity verification factors to carry out multi-factor identity verification, wherein the identity verification factors comprise a hardware token and a biological recognition technology, the biological recognition technology adopts a support vector machine to carry out fingerprint matching, and a convolutional neural network to carry out face recognition;
The authority management sub-module adopts an access control model based on roles, defines different roles and authority levels, and distributes users to corresponding roles;
And the access control strategy sub-module adopts an attribute access control model to define and manage the access control strategy based on the zero trust security architecture.
The key generation and distribution submodule is mainly aimed at generating a key pair, comprising a public key and a private key, wherein the public key is used for encryption and verification and the private key is used for decryption and signing. To ensure security, the key generation and distribution submodule utilizes blockchain technology to securely distribute keys. The generated key information is recorded and uploaded to the blockchain to ensure the non-tamperability and trustworthiness of the distribution. The key information is distributed to the user equipment through a secure communication channel or a hardware security module to ensure secure transmission and storage of the key.
The key distribution and cancellation sub-module is responsible for distributing the generated key pairs to the user devices in a secure manner. The key distribution employs a public key encryption algorithm, and only the private key of the user device can decrypt the key pairs. The user equipment may initiate a key cancellation request that is validated by a digital signature to ensure its legitimacy and integrity. If the request is legal, the key management system will mark the state of the relevant key as the cancellation state and invalidate it.
The key storage and revocation sub-module stores keys in encrypted form using a symmetric encryption algorithm (e.g., SM4 or AES) and provides a secure backup and recovery mechanism. Upon the occurrence of a security event, such as a key compromise, the key revocation pin module uses a revocation list (CRL) mechanism to revoke the affected key. The CRL contains a key identification that has been revoked or is no longer trusted to ensure security and restorability of the system.
Referring to fig. 5, the key generation and distribution submodule uses a blockchain technique to securely distribute keys and ensure their secure distribution to user devices, wherein a key pair consists of a public key and a private key, the public key is used for encryption and verification, and the private key is used for decryption and signature;
The key distribution and cancellation submodule distributes the generated key to the user equipment by adopting a public key encryption algorithm, encrypts the generated key pair by utilizing the public key of the user equipment, decrypts the key pair by only the private key of the user equipment, signs a cancellation request by adopting a digital signature algorithm after the key cancellation, and operates by marking the key state as a cancellation state in a key management system;
The key storage and revocation sub-module stores the key in an encrypted form using a symmetric encryption algorithm SM4 or AES and provides a secure backup and recovery mechanism, and when a security event including key leakage occurs, the key revocation sub-module revokes the affected key using a revocation list CRL mechanism.
The key generation and distribution sub-module is intended to generate and distribute secure key pairs, including public and private keys. The public key is used for encryption and authentication and the private key is used for decryption and signing. To ensure secure distribution of keys, this submodule relies on blockchain technology. A strong cryptographic algorithm is used to generate a key pair and the generated key information is uploaded to the blockchain to ensure non-tampering and trustworthiness. The key information is securely distributed to the user device through a secure communication channel or a hardware security module.
The key distribution and cancellation submodule is used for safely distributing the generated key pair to the user equipment and realizing the cancellation of the key. The key distribution employs a public key encryption algorithm, and only the private key of the user device can decrypt the key pairs. The user device may initiate a key revocation request that is validated by a digital signature to ensure legitimacy and integrity. If the request is legitimate, the key management system will mark the associated key as revoked.
The key storage and revocation sub-module is responsible for storing keys in a secure manner and enabling revocation of keys. The key storage employs a symmetric encryption algorithm (e.g., SM4 or AES) to store the key in encrypted form. The secure backup and restore mechanism ensures the reliability and restorability of the key. Upon the occurrence of a security event, such as a key compromise, the key revocation pin module uses a revocation list (CRL) mechanism to revoke the affected key, the CRL containing the revoked or no longer trusted key identification.
Referring to fig. 6, the security event audit submodule records the security event of the system based on a hash function and a consensus algorithm by using a blockchain technology, and provides higher security and reliability based on the decentralization and traceability characteristics of the blockchain;
the audit log analysis submodule analyzes and interprets the security event records to detect potential security threats and abnormal behaviors, uses a k-means cluster analysis algorithm, analyzes the audit log based on a rule reasoning mechanism, and timely discovers and deals with security problems;
The report generation submodule automatically generates detailed safety reports according to the audit log and the safety event record by utilizing a data analysis and visualization algorithm, wherein the safety reports comprise statistical analysis, association analysis, a visualization chart and a graph.
The security event audit sub-module is responsible for recording the security events of the system by combining the hash function and the blockchain technology to provide high security and credibility. When a security event occurs in the system, the relevant information is recorded, and a unique event identification is generated through a hash function. These event identifications and other related information, such as time stamps and event types, are added to the blockchain. This process ensures the non-tamper and traceability of event records because the blockchain is a decentralized, trusted distributed ledger.
The audit log analysis submodule plays a role in interpretation and analysis of security events to detect potential security threats and abnormal behavior. And collecting security event records and event identifications in the blockchain to form an audit log. Events in the audit log are clustered using a k-means cluster analysis algorithm to identify events with similar characteristics, which indicates potential security issues. Audit log analysis also utilizes rule-based reasoning mechanisms to conduct rule checks on events, such as violated security rules. If an event is found that is not in compliance with the rules, the system will alert and timely discover and address potential security issues.
The report generation sub-module is responsible for converting the data of the audit log and the security event record into an understandable security report. And carrying out data analysis, and carrying out statistical analysis and association analysis by utilizing the clustering result in the audit log and the output of rule reasoning analysis. The analysis results are presented as clear graphs and charts using a visualization algorithm to provide an intuitive visual presentation. The report generation sub-module automatically generates detailed security reports including statistical analysis, associative analysis, visual charts and graphs of events, and detailed descriptions and suggested solutions to security problems.
Referring to fig. 7, the policy setting submodule defines and configures a security policy, where the security policy includes a mandatory cryptographic policy, an access control policy, and an encryption algorithm policy, the access control policy adopts a rule-based access control method, the rule-based access control method is specifically an attribute access control language XACML, and the encryption algorithm policy is specifically a symmetric encryption algorithm SM4 or AES;
The policy execution submodule executes and controls the security policies of the user and the equipment in real time according to the security policies defined by the policy setting submodule, monitors the running state of the system by using real-time event detection based on log analysis, and detects and corresponds to the behavior violating the security policies.
The policy setting sub-module is responsible for defining and configuring security policies of the system, including mandatory cryptographic policies, access control policies, and encryption algorithm policies. The administrator first defines these policies and configures relevant parameters such as password complexity, user rights, encryption algorithm choices, etc., according to security requirements and policy requirements. Of particular note, access control policies employ rule-based access control methods, typically using the Attribute access control language XACML (Attribute-Based Access Control Language), to ensure accurate control of who can access system resources and under what conditions. The administrator also selects an appropriate encryption algorithm, typically the symmetric encryption algorithm SM4 or AES, in this sub-module to ensure confidentiality of the data.
The policy enforcement sub-module is responsible for enforcing and monitoring these security policies in real time. By constantly monitoring the operational state of the system, it is checked whether the behaviour of the user and the device meets predefined security policies. The sub-module uses a real-time event detection technology based on log analysis to compare the system log with defined strategies and timely discover and cope with the behavior violating the security strategies. Once an offence is found, the policy enforcement sub-module may take appropriate action, such as issuing a warning, restricting or denying access, triggering an alarm, or automatically applying a repair action to ensure continued security of the system.
Referring to fig. 8, the software updating sub-module acquires the latest security information by using the vulnerability database and the security supply chain, automatically detects the security vulnerability by using the vulnerability scanning tool and the security bulletin subscription technology, and automatically acquires the related security update and patch to ensure the security and integrity of the system;
The update distribution submodule realizes higher-security software update distribution by using a blockchain technology, and creates a distributed and non-tamperable update distribution record by using the blockchain to prevent man-in-the-middle attack and tampering.
The software update submodule aims to maintain the continuous security and integrity of the system. The latest security information, including known vulnerabilities, threat intelligence, and security announcements, is obtained using a vulnerability database and a security supply chain. And automatically detecting security holes in the system through a hole scanning tool and a security bulletin subscription technology, and acquiring related security updates and patches. Once the security vulnerabilities are discovered, the sub-modules automatically obtain corresponding security updates and patches that are typically released by the software vendor or developer for repairing the known vulnerabilities and enhancing the security of the system. Is responsible for installing security updates and patches into the system and performing the necessary tests to ensure that the updates do not cause the system to be unstable or conflict with other components.
The update distribution submodule creates a distributed, non-tamperable update distribution record using blockchain technology. Each update is recorded in the blockchain, including version, signature, timestamp, and related metadata of the update. Updates are distributed to corresponding nodes in the system using the blockchain recorded information. The blockchain technique ensures secure transmission of updates, preventing man-in-the-middle attacks and data tampering. The node receiving the update will verify its integrity and authenticity to ensure that the update has not been tampered with. The node application then updates and restarts the corresponding software component. After the update is completed, the update status of each node is continuously tracked and recorded in the blockchain, so that the manager can know the overall update condition of the system.
Referring to fig. 9, the abnormal behavior monitoring sub-module monitors and analyzes the device behavior in real time by using real-time behavior analysis and threat information data, monitors and analyzes event logs, network traffic and system calls of the device, trains a model and learns a normal behavior mode of the device by adopting a support vector machine and behavior mode analysis technology, identifies abnormal behaviors, and improves detection accuracy;
the safety response submodule automatically executes corresponding safety response measures according to the abnormal behavior detected by the abnormal behavior monitoring submodule, wherein the safety response measures comprise disabling a user, preventing network traffic and preventing an IP address;
The threat notification and early warning sub-module utilizes real-time threat information data to send alarm notification in cooperation with event and abnormal behavior monitoring results.
The abnormal behavior monitoring sub-module is responsible for monitoring device behavior in real time, analyzing event logs and network traffic to identify potential security threats. And monitoring system activities by using real-time behavior analysis and threat intelligence data and adopting a support vector machine and a behavior pattern analysis technology. Data such as event logs, network traffic, and system calls are collected. And training a model by using machine learning technologies such as a support vector machine and the like, and learning a normal behavior mode of the equipment. When the equipment behavior is inconsistent with the normal mode, the sub-module marks the equipment behavior as abnormal behavior, so that the detection accuracy is improved. This helps to discover potential security risks in a timely manner.
The safety response sub-module is responsible for automatically executing corresponding safety response measures according to the abnormal behaviors detected by the abnormal behavior monitoring sub-module. This includes disabling user accounts, blocking network traffic and IP addresses, etc. The safety response is real-time and is intended to immediately cope with potential threats to mitigate risks and damage. A fast response to the security event is ensured, reducing the impact of potential threats to the system.
The threat notification and early warning submodule utilizes real-time threat information data and combines event monitoring results to send alarm notification to related personnel and warn potential security threats in advance. Threat information data including threat indicators, malicious IP addresses, etc. are obtained. Combining this data with the results of event monitoring and abnormal behavior detection identifies potential security threats. If a potential threat is found, an alert notification is sent to a security team or manager informing that further action is required. The potential threats can be warned in advance, and even if abnormal behaviors do not occur, risks can be identified in advance by analyzing threat information data.
Referring to fig. 10, the machine learning model sub-module trains and updates a machine learning model that identifies and learns new security threat patterns based on historical data, the machine learning model improving accuracy and timeliness of security decisions by analyzing a large amount of security data including logs, network traffic, malware, and attack features;
the autonomous security decision sub-module classifies the target event or behavior based on the machine learning model, judges whether the target event or behavior belongs to security threat, and autonomously takes proper response measures.
The machine learning model submodule is responsible for collection of safety data, feature engineering, model training, model evaluation and model updating. The historical security data is used to train a machine learning model to improve the accuracy of threat detection. The model identifies security patterns and anomaly patterns based on features, and is updated over time to accommodate new security threats.
The autonomous security decision sub-module classifies the observed events or behaviors based on the output of the machine learning model, judges whether the events or behaviors form security threats, and takes corresponding response measures. This includes threat assessment and real-time security responses to deal with potential threats, such as blocking suspicious traffic or disabling infected user accounts.
The present invention is not limited to the above embodiments, and any equivalent embodiments which can be changed or modified by the technical disclosure described above can be applied to other fields, but any simple modification, equivalent changes and modification made to the above embodiments according to the technical matter of the present invention will still fall within the scope of the technical disclosure.

Claims (6)

1. The system is characterized by comprising an access control module, a key management module, an audit and report module, a security policy management module, an updating and upgrading management module, an anomaly detection and response module and an autonomous security decision module;
The access control module comprises a zero knowledge proof verification sub-module, a multi-factor identity verification sub-module, a right management sub-module and an access control strategy sub-module;
the zero-knowledge proof verification sub-module uses a Schnorr zero-knowledge proof algorithm to realize a zero-knowledge proof protocol, and generates a proof to verify the authenticity of certain statements by using an elliptic curve cryptography algorithm without revealing actual data so as to verify the identity of the user and not reveal the privacy information of the user;
the multi-factor identity verification sub-module combines a plurality of identity verification factors to carry out multi-factor identity verification, wherein the identity verification factors comprise a hardware token and a biological recognition technology, the biological recognition technology adopts a support vector machine to carry out fingerprint matching, and a convolutional neural network is adopted to carry out face recognition;
the authority management sub-module adopts an access control model based on roles, defines different roles and authority levels, and distributes users to corresponding roles;
the access control strategy sub-module adopts an attribute access control model to define and manage an access control strategy based on a zero trust security architecture;
The key management module comprises a key generation and distribution sub-module, a key distribution and pin injection module and a key storage and removal module;
The audit and report module comprises a security event audit sub-module, an audit log analysis sub-module and a report generation sub-module;
the security event auditing submodule records the security event of the system by using a blockchain technology based on a hash function and a consensus algorithm, and provides higher security and reliability based on the decentralization and traceability characteristics of the blockchain;
the audit log analysis submodule analyzes and interprets the security event records to detect potential security threats and abnormal behaviors, uses a k-means cluster analysis algorithm, analyzes the audit log based on a rule reasoning mechanism, and timely discovers and deals with security problems;
the report generation submodule automatically generates detailed safety reports according to the audit log and the safety event record by utilizing a data analysis and visualization algorithm, wherein the safety reports comprise statistical analysis, association analysis, a visualization chart and a graph;
the security policy management module comprises a policy setting sub-module and a policy executing sub-module;
the update and upgrade management module comprises a software update sub-module and an update distribution sub-module;
The abnormality detection and response module comprises an abnormality behavior monitoring sub-module, a safety response sub-module and a threat notification and early warning sub-module;
The abnormal behavior monitoring sub-module monitors and analyzes equipment behaviors in real time by utilizing real-time behavior analysis and threat information data, monitors and analyzes event logs, network flow and system call of the equipment, trains a model and learns normal behavior modes of the equipment by adopting a support vector machine and behavior mode analysis technology, identifies abnormal behaviors and improves detection accuracy;
The safety response submodule automatically executes corresponding safety response measures according to the abnormal behavior detected by the abnormal behavior monitoring submodule, wherein the safety response measures comprise disabling a user, preventing network traffic and preventing an IP address;
The threat notification and early warning submodule sends an alarm notification by utilizing real-time threat information data and matching with event and abnormal behavior monitoring results;
the autonomous security decision module comprises a machine learning model sub-module and an autonomous security decision sub-module;
the machine learning model sub-module trains and updates a machine learning model, identifies and learns a new security threat mode based on historical data, and improves the accuracy and timeliness of security decision by analyzing a large amount of security data, wherein the security data comprises logs, network traffic, malicious software and attack characteristics;
The autonomous security decision sub-module classifies the target event or behavior based on a machine learning model, judges whether the target event or behavior belongs to security threat, and autonomously takes proper response measures.
2. The security management system of an encryption device according to claim 1, wherein the key generation and distribution sub-module uses a blockchain technique to securely distribute a key and ensure secure distribution thereof to a user device, the key pair being composed of a public key for encryption and authentication and a private key for decryption and signing;
The key distribution and cancellation submodule distributes the generated key to the user equipment by adopting a public key encryption algorithm, encrypts the generated key pair by utilizing the public key of the user equipment, decrypts the key pair by only the private key of the user equipment, signs a cancellation request by adopting a digital signature algorithm after the key cancellation, and operates by marking the key state as a cancellation state in a key management system;
The key storage and revocation submodule stores the key in an encrypted form by adopting a symmetric encryption algorithm SM4 or AES and provides a safe backup and recovery mechanism, and when a security event comprising key leakage occurs, the key revocation submodule uses a revocation list CRL mechanism to revoke the affected key.
3. The security management system of an encryption device according to claim 1, wherein the policy setting submodule defines and configures security policies including a mandatory cryptographic policy, an access control policy and an encryption algorithm policy, the access control policy adopting a rule-based access control method, the rule-based access control method being in particular the attribute access control language XACML, the encryption algorithm policy being in particular the symmetric encryption algorithm SM4 or AES;
The policy execution submodule executes and controls the user and the equipment in real time according to the security policy defined by the policy setting submodule, monitors the running state of the system by using real-time event detection based on log analysis, and detects and deals with the behavior violating the security policy.
4. The system according to claim 1, wherein the software update sub-module uses a vulnerability database and a security supply chain to obtain the latest security information, uses a vulnerability scanning tool and a security bulletin subscription technology to automatically detect security vulnerabilities and automatically obtain related security updates and patches to ensure the security and integrity of the system;
the update distribution submodule realizes higher-security software update distribution by using a blockchain technology, and creates a distributed and non-tamperable update distribution record by using the blockchain to prevent man-in-the-middle attack and tampering.
5. A security management method of an encryption device, applied to the security management system of an encryption device according to any one of claims 1 to 4, comprising the steps of:
Based on user data, carrying out user identity verification by adopting a Schnorr zero knowledge proof algorithm and a multi-factor identity verification technology, and carrying out role allocation to generate a user identity verification result;
Based on the user identity verification result, performing authority setting by adopting a role-based access control model and an XACML access control strategy, and generating role allocation and authority setting;
based on the role allocation and authority setting, generating, distributing and storing a key by adopting a blockchain technology and a symmetric encryption algorithm SM4/AES to generate key management data;
Based on the key management data, adopting a blockchain technology and a k-means cluster analysis algorithm to audit and analyze the security event, and generating a security event audit report;
based on the security event audit report, a real-time event detection technology based on a log is adopted to implement a security policy, and a security policy execution record is generated;
Based on the security policy execution record, performing software update and security patch management by adopting a vulnerability scanning tool and a blockchain update distribution technology, and generating a software update and security patch record;
Based on the software update and the security patch record, adopting a real-time behavior analysis and support vector machine technology to monitor abnormal behaviors and perform security response, and generating an abnormal behavior and response record.
6. The method of claim 5, wherein the user authentication result includes a user role, an authentication state, and a used authentication factor, the role assignment and authority setting includes a role name, an authority level, and an access rule, the key management data includes a key pair list, a storage location of the key, and an encryption manner, the security event audit report includes a security event list, an impact analysis, and an improvement suggestion, the security policy execution record includes executed policy details, a policy violation event, and a processing result, the software update and security patch record includes an update item list, an update state, and a patch application, and the abnormal behavior and response record includes an identified abnormal behavior, a taken response measure, and an alarm record.
CN202311657691.8A 2023-12-06 2023-12-06 Security management method and system for encryption equipment Active CN117390656B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311657691.8A CN117390656B (en) 2023-12-06 2023-12-06 Security management method and system for encryption equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311657691.8A CN117390656B (en) 2023-12-06 2023-12-06 Security management method and system for encryption equipment

Publications (2)

Publication Number Publication Date
CN117390656A CN117390656A (en) 2024-01-12
CN117390656B true CN117390656B (en) 2024-06-11

Family

ID=89472413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311657691.8A Active CN117390656B (en) 2023-12-06 2023-12-06 Security management method and system for encryption equipment

Country Status (1)

Country Link
CN (1) CN117390656B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117648362B (en) * 2024-01-29 2024-06-04 北京谷器数据科技有限公司 Method and system for linking third party databases

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347799A (en) * 2018-09-13 2019-02-15 深圳市图灵奇点智能科技有限公司 A kind of identity information management method and system based on block chain technology
CN113992418A (en) * 2021-10-29 2022-01-28 南京联了么信息技术有限公司 IoT (Internet of things) equipment management method based on block chain technology
CN116232704A (en) * 2023-02-13 2023-06-06 广州大学 Data controlled access method and system based on XACML and intelligent contract
CN117040896A (en) * 2023-09-05 2023-11-10 重庆埃迪加信息技术有限公司 Internet of things management method and Internet of things management platform
US11829486B1 (en) * 2023-02-08 2023-11-28 BobaGuard LLP Apparatus and method for enhancing cybersecurity of an entity
CN117155678A (en) * 2023-09-12 2023-12-01 辽宁科技大学 Computer network engineering safety control system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347799A (en) * 2018-09-13 2019-02-15 深圳市图灵奇点智能科技有限公司 A kind of identity information management method and system based on block chain technology
CN113992418A (en) * 2021-10-29 2022-01-28 南京联了么信息技术有限公司 IoT (Internet of things) equipment management method based on block chain technology
US11829486B1 (en) * 2023-02-08 2023-11-28 BobaGuard LLP Apparatus and method for enhancing cybersecurity of an entity
CN116232704A (en) * 2023-02-13 2023-06-06 广州大学 Data controlled access method and system based on XACML and intelligent contract
CN117040896A (en) * 2023-09-05 2023-11-10 重庆埃迪加信息技术有限公司 Internet of things management method and Internet of things management platform
CN117155678A (en) * 2023-09-12 2023-12-01 辽宁科技大学 Computer network engineering safety control system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于区块链技术的物联网密钥管理方案;很酷cat;https://developer.***.com/article/detail.html?id=404825;20230706;第1-3页 *

Also Published As

Publication number Publication date
CN117390656A (en) 2024-01-12

Similar Documents

Publication Publication Date Title
CN114978584A (en) Network security protection safety method and system based on unit cell
CN117390656B (en) Security management method and system for encryption equipment
CN116881981B (en) Digital signature system and method based on certificate
CA2849312A1 (en) Secure integrated cyberspace security and situational awareness system
CN117040896A (en) Internet of things management method and Internet of things management platform
CN117081868B (en) Network security operation method based on security policy
CN114024704A (en) Certificate distribution method in zero trust architecture
CN115102791B (en) Password service monitoring system and method based on mimicry defense
Tyagi Blockchain and Artificial Intelligence for Cyber Security in the Era of Internet of Things and Industrial Internet of Things Applications
CN117319030A (en) Data safety transmission system
CN117688529A (en) Control box system for wharf ship
Montrieux et al. Challenges in engineering self-adaptive authorisation infrastructures
CN117332433A (en) Data security detection method and system based on system integration
CN116723048A (en) Communication system and method in local area network
CN110086812B (en) Safe and controllable internal network safety patrol system and method
Shrivastava et al. Preventing data tampering in IoT networks
CN116684875A (en) Communication security authentication method for electric power 5G network slice
CN113422776A (en) Active defense method and system for information network security
Patra et al. An automated approach for mitigating server security issues
CN112769784A (en) Text processing method and device, computer readable storage medium and processor
CN115225415B (en) Password application platform for new energy centralized control system and monitoring and early warning method
Conte de Leon et al. Cybersecurity
Chakraborty Digital defense: Verification of security intelligence
CN117407849B (en) Industrial data security protection method and system based on industrial Internet technology
CN116866920A (en) Network environment arrangement method and system based on personal wifi

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant