阅读说明：本技术 基于分组cbc模式的链路层信标加密方法 (Link layer beacon encryption method based on packet CBC mode ) 是由 任传伦 俞赛赛 金波 刘晓影 乌吉斯古愣 任秋洁 谭震 王淮 于 2021-07-31 设计创作，主要内容包括：本发明公开了一种基于分组CBC模式的链路层信标加密方法,其步骤包括：网络信标在链路层实现,因此网络信标即是链路层信标,在链路层使用基于密文分组链接CBC模式的对称加密算法DES,对链路层信标底码信息流进行加密；对于链路层信标解密,使用与加密过程相同的初始向量、加密密钥和对称加密算法DES,并使用CBC模式对链路层信标信息流进行解密,得到解密后的网络信标的底码。本发明引入基于分组CBC模式的网络信标加密方法,在网络信标信息底码分组内容相同的情况下,经过加密后的密文分组内容完全不同,使得攻击者更加难以洞悉网络信标信息序列内容,阻止其对植入的网络信标进行深入分析,更好隐藏和保护链路层信标原始信息内容。(The invention discloses a link layer beacon encryption method based on a packet CBC mode, which comprises the following steps: the network beacon is realized on a link layer, so that the network beacon is a link layer beacon, and a symmetric encryption algorithm DES based on a cipher text packet link CBC mode is used on the link layer to encrypt a link layer beacon bottom code information stream; and for link layer beacon decryption, the initial vector, the encryption key and the symmetric encryption algorithm DES which are the same as those in the encryption process are used, and the CBC mode is used for decrypting the link layer beacon information stream to obtain the bottom code of the decrypted network beacon. The invention introduces the network beacon encryption method based on the packet CBC mode, and the encrypted ciphertext packet contents are completely different under the condition that the network beacon information base code packet contents are the same, so that an attacker is more difficult to know the network beacon information sequence contents, the embedded network beacon is prevented from carrying out deep analysis, and the original information contents of the beacon of a link layer are better hidden and protected.)

1. A link layer beacon encryption method based on a packet CBC mode is characterized by comprising the following steps:

s1, implanting the encrypted network beacon; the network beacon is realized in a link layer, so that the network beacon is a link layer beacon, a symmetric encryption algorithm DES based on a cipher text packet chaining CBC mode is used in the link layer to encrypt a link layer beacon bottom code information stream,

s2, demodulating and decrypting the network beacon;

and for link layer beacon decryption, the initial vector, the encryption key and the symmetric encryption algorithm DES which are the same as those in the encryption process are used, and the CBC mode is used for decrypting the link layer beacon information stream to obtain the bottom code of the decrypted network beacon.

2. The method for encrypting the link layer beacon based on the packet CBC mode as claimed in claim 1, wherein the step S1 includes the following specific steps:

s11, determining an initial vector IV of 64 bits and a 64-bit encryption key for a symmetric encryption algorithm DES;

s12, before network beacon is implanted and modulated, converting the bottom code information stream of the set link layer beacon into a binary stream, and if the bottom code information of the link layer beacon needs to be sent repeatedly, splicing the bottom code information streams of the link layer beacon together according to the repeated times to form continuous bottom codes;

s13, grouping the network beacon information data according to 64-bit groups to obtain n groups of data P1, P2, and.

S14, performing XOR on the first group of data P1 and the initial vector IV, and performing DES encryption on an obtained result to obtain a first group of ciphertext M1; performing exclusive or on the second group of data P2 and the first group of ciphertext M1, and performing DES encryption on the obtained result to obtain a second group of ciphertext M2; sequentially analogizing, performing exclusive-or on the (i + 1) th group of data and the (i) th group of ciphertext Mi, performing DES encryption on the obtained result to obtain an (i + 1) th group of ciphertext, wherein i >1, successively completing encryption on the grouped data of all the network beacons according to the mode to obtain ciphertext sequences M1, M2, i.e. encrypted network beacon information;

and S15, implanting the encrypted network beacon information in the target network flow by adopting a time slot modulation-based mode.

3. The packet CBC mode based link layer beacon encryption method of claim 1,

in the step S2, the specific process of demodulating and decrypting the network beacon includes:

s21, intercepting the network flow containing the network beacon information, and demodulating the intercepted network flow containing the network beacon information by adopting a time slot-based demodulation mechanism corresponding to the network beacon implantation modulation to obtain an encrypted network beacon information sequence;

s22, according to the encryption process, determining an initial 64-bit vector IV for decryption₁And a 64-bit decryption key for the symmetric encryption algorithm DES, a 64-bit initial vector IV for decryption₁Same as the initial vector IV;

s23, grouping the encrypted network beacon information sequences obtained in the step S21 according to 64-bit groups to obtain n groups of encrypted data sequences T1, T2 and Tn;

s24, performing DES decryption operation on the first group of encrypted data sequence T1 by using a 64-bit decryption key, and performing exclusive OR on the obtained result and the initialization vector IV to obtain a first group of plaintext P1; performing DES decryption operation on the second group of encrypted data sequence T2 by using a 64-bit decryption key, and performing exclusive OR operation on the obtained result and the first group of encrypted data sequence T1 to obtain a second group of plaintext P2; and analogizing in sequence, performing DES decryption operation on the j-th group of encrypted data sequences by using a 64-bit decryption key to obtain a result, performing exclusive OR on the obtained result and the j-1-th group of encrypted data sequences to obtain a j-th group of plaintext Pj, j >2, sequentially and completely decrypting all encrypted data sequences in groups to obtain plaintext sequences P1, P2, the.

Technical Field

The invention relates to the field of network security, in particular to a link layer beacon encryption method based on a packet CBC mode.

Background

At present, in the field of active tracing technology for network attack activities, especially for tracing anonymous network attack behaviors with encryption transformation characteristics by using TORs and the like, the network beacon technology is a relatively common technical means at present. However, the attacker also continuously upgrades the anti-tracing technology for the tracing of the network security defense party, and even performs anti-reconnaissance, analysis and destruction on technical means such as network packet marking, link layer beacons and the like so as to resist the active tracing of the network defense party on the attack behavior. The technical weaknesses existing in the existing network beacon technology, which easily cause an attacker to implement anti-tracing, mainly include:

1) the existing network beacon technology generally does not adopt an encryption technology to protect network beacon information, an attacker can obtain the rule of network beacon information implantation modulation through flow analysis and coding analysis, and can further restore the content of link layer beacon information, so that targeted anti-tracking can be performed.

2) In the process of implanting and modulating the network beacon, a section of network beacon mark information is often sent repeatedly, which easily causes an attacker to find the network beacon information embedded in the network traffic and perform reduction analysis on the network beacon information.

Disclosure of Invention

Aiming at the problems of the prior link layer beacon technology in the analysis of the network beacon information base code, the invention discloses a link layer beacon encryption method based on a packet CBC mode, so as to enhance the concealment of the network beacon information and ensure the protection of the actively implanted network beacon information in the process of actively tracking and tracing the network attack behavior.

The invention firstly introduces a network beacon information sequence encryption technology to hide original information content of a link layer beacon, so that an attacker cannot know the content of the network beacon information sequence and is prevented from deeply analyzing network beacon information implanted by a network defense party. In order to overcome the characteristic that network beacons are easy to discover and analyze due to repeated transmission of link layer beacon information, a network beacon encryption method based on a packet CBC mode is introduced, and under the condition that the network beacon information is repeatedly implanted and transmitted for multiple times, the encrypted network beacon information is ensured not to have repeated content and has a random characteristic.

The invention provides a link layer beacon encryption method based on a packet CBC mode, which is used for enhancing the concealment and confidentiality of network beacon information and ensuring the protection of the network beacon information during the active tracking and tracing process. The key of the link layer beacon encryption method based on the packet CBC mode is to realize encryption implantation and demodulation decryption of link layer beacon information.

The invention discloses a link layer beacon encryption technology based on a packet CBC mode (ciphertext packet chaining mode), which comprises the following steps:

s1, implanting the encrypted network beacon; the network beacon is realized in a link layer, so that the network beacon is a link layer beacon, a symmetric encryption algorithm DES based on a cipher text packet chaining CBC mode is used in the link layer to encrypt a link layer beacon bottom code information stream, and the specific process comprises the following steps:

s11, determining an initial vector IV of 64 bits and a 64-bit encryption key for a symmetric encryption algorithm DES;

s12, before network beacon is implanted and modulated, converting the bottom code information stream of the set link layer beacon into a binary stream, and if the bottom code information of the link layer beacon needs to be sent repeatedly, splicing the bottom code information streams of the link layer beacon together according to the repeated times to form continuous bottom codes;

s13, grouping the network beacon information data according to 64-bit groups to obtain n groups of data P1, P2, and.

S14, performing XOR on the first group of data P1 and the initial vector IV, and performing DES encryption on an obtained result to obtain a first group of ciphertext M1; performing exclusive or on the second group of data P2 and the first group of ciphertext M1, and performing DES encryption on the obtained result to obtain a second group of ciphertext M2; and in the same way, performing exclusive or on the (i + 1) th group of data and the (i) th group of ciphertext Mi, performing DES encryption on the obtained result to obtain an (i + 1) th group of ciphertext, wherein i >1, and sequentially completing encryption on the grouped data of all the network beacons according to the above mode to obtain ciphertext sequences M1, M2, and the.

And S15, implanting the encrypted network beacon information in the target network flow by adopting a time slot modulation-based mode.

S2, demodulating and decrypting the network beacon;

and for link layer beacon decryption, the initial vector, the encryption key and the symmetric encryption algorithm DES which are the same as those in the encryption process are used, and the CBC mode is used for decrypting the link layer beacon information stream to obtain the bottom code of the decrypted network beacon. The specific process of demodulating and decrypting the network beacon comprises the following steps:

s21, intercepting the network flow containing the network beacon information, and demodulating the intercepted network flow containing the network beacon information by adopting a time slot-based demodulation mechanism corresponding to the network beacon implantation modulation to obtain an encrypted network beacon information sequence;

s22, according to the encryption process, determining an initial 64-bit vector IV for decryption₁And a 64-bit decryption key for the symmetric encryption algorithm DES, a 64-bit initial vector IV for decryption₁Same as the initial vector IV;

s23, grouping the encrypted network beacon information sequences obtained in the step S21 according to 64-bit groups to obtain n groups of encrypted data sequences T1, T2 and Tn;

s24, performing DES decryption operation on the first group of encrypted data sequence T1 by using a 64-bit decryption key, and performing exclusive OR on the obtained result and the initialization vector IV to obtain a first group of plaintext P1; performing DES decryption operation on the second group of encrypted data sequence T2 by using a 64-bit decryption key, and performing exclusive OR operation on the obtained result and the first group of encrypted data sequence T1 to obtain a second group of plaintext P2; and analogizing in sequence, performing DES decryption operation on the j-th group of encrypted data sequences by using a 64-bit decryption key to obtain a result, performing exclusive OR on the obtained result and the j-1-th group of encrypted data sequences to obtain a j-th group of plaintext Pj, j >2, sequentially and completely decrypting all encrypted data sequences in groups to obtain plaintext sequences P1, P2, the.

The invention has the beneficial effects that:

1. the link layer beacon encryption method based on the packet CBC mode adopts the encryption technology to enhance the safety of the network beacon information, greatly increases the difficulty of an attacker in analyzing the network beacon bottom code on the basis that the network beacon technology has concealment, and ensures that the protection of the network beacon information can be realized in the active tracking and tracing process.

2. The link layer beacon encryption method based on the packet CBC mode introduces the network beacon encryption method based on the packet CBC mode, and the encrypted ciphertext packet contents are completely different under the condition that the network beacon information base code packet contents are the same. Therefore, an attacker is more difficult to know the content of the network beacon information sequence, the network beacon information implanted by the network defense party is prevented from being deeply analyzed, and the original information content of the link layer beacon is better hidden and protected.

Drawings

FIG. 1 is a schematic diagram of a technical implementation deployment of the present invention;

FIG. 2 is a flow diagram of an overall technical implementation of the present invention;

FIG. 3 is a flow chart of the encryption of the network beacon information according to the present invention;

fig. 4 is a flowchart illustrating decryption of network beacon information according to the present invention.

Detailed Description

For a better understanding of the present disclosure, an example is given here.

The invention discloses a link layer beacon encryption technology based on a packet CBC mode (ciphertext packet chaining mode), which comprises the following steps:

s1, implanting the encrypted network beacon; the network beacon is realized in a link layer, so that the network beacon is a link layer beacon, a symmetric encryption algorithm DES based on a cipher text packet chaining CBC mode is used in the link layer to encrypt a link layer beacon bottom code information stream, and the specific process comprises the following steps:

s11, determining an initial vector IV of 64 bits and a 64-bit encryption key for a symmetric encryption algorithm DES;

s12, before network beacon is implanted and modulated, converting the bottom code information stream of the set link layer beacon into a binary stream, and if the bottom code information of the link layer beacon needs to be sent repeatedly, splicing the bottom code information streams of the link layer beacon together according to the repeated times to form continuous bottom codes;

s13, grouping the network beacon information data according to 64-bit groups to obtain n groups of data P1, P2, and.

S14, performing XOR on the first group of data P1 and the initial vector IV, and performing DES encryption on an obtained result to obtain a first group of ciphertext M1; performing exclusive or on the second group of data P2 and the first group of ciphertext M1, and performing DES encryption on the obtained result to obtain a second group of ciphertext M2; and in the same way, performing exclusive or on the (i + 1) th group of data and the (i) th group of ciphertext Mi, performing DES encryption on the obtained result to obtain an (i + 1) th group of ciphertext, wherein i >1, and sequentially completing encryption on the grouped data of all the network beacons according to the above mode to obtain ciphertext sequences M1, M2, and the.

And S15, implanting the encrypted network beacon information in the target network flow by adopting a time slot modulation-based mode.

The encryption operation process is shown in FIG. 1;

s2, demodulating and decrypting the network beacon;

and for link layer beacon decryption, the initial vector, the encryption key and the symmetric encryption algorithm DES which are the same as those in the encryption process are used, and the CBC mode is used for decrypting the link layer beacon information stream to obtain the bottom code of the decrypted network beacon. The specific process of demodulating and decrypting the network beacon comprises the following steps:

s21, intercepting the network flow containing the network beacon information, and demodulating the intercepted network flow containing the network beacon information by adopting a time slot-based demodulation mechanism corresponding to the network beacon implantation modulation to obtain an encrypted network beacon information sequence;

s22, according to the encryption process, determining an initial 64-bit vector IV for decryption₁And a 64-bit decryption key for the symmetric encryption algorithm DES, a 64-bit initial vector IV for decryption₁Same as the initial vector IV;

s23, grouping the encrypted network beacon information sequences obtained in the step S21 according to 64-bit groups to obtain n groups of encrypted data sequences T1, T2 and Tn;

s24, performing DES decryption operation on the first group of encrypted data sequence T1 by using a 64-bit decryption key, and performing exclusive OR on the obtained result and the initialization vector IV to obtain a first group of plaintext P1; performing DES decryption operation on the second group of encrypted data sequence T2 by using a 64-bit decryption key, and performing exclusive OR operation on the obtained result and the first group of encrypted data sequence T1 to obtain a second group of plaintext P2; and analogizing in sequence, performing DES decryption operation on the j-th group of encrypted data sequences by using a 64-bit decryption key to obtain a result, performing exclusive OR on the obtained result and the j-1-th group of encrypted data sequences to obtain a j-th group of plaintext Pj, j >2, sequentially and completely decrypting all encrypted data sequences in groups to obtain plaintext sequences P1, P2, the.

The complete technical implementation of the link layer beacon encryption method based on the packet CBC mode includes a communication terminal, a network beacon encryption module, a network beacon implantation modulation module, a network beacon demodulation module, a network beacon decryption module, and the like, and the technical implementation deployment scheme is as shown in fig. 1.

The whole implementation process of the link layer beacon encryption method based on the packet CBC mode is that two communication terminals carry out network communication to generate network flow, link layer beacon implantation modulation equipment intercepts and captures the flow sent by a terminal A, implants encrypted link layer beacon information in the flow and continues to forward according to the original trend of the network flow, link layer beacon detection equipment is positioned on a terminal B side, and intercepts, captures, demodulates and decrypts the network flow to obtain a link layer beacon information base code before the test network flow reaches the terminal B. The overall technical implementation flow is shown in fig. 2. The implementation of the link layer beacon encryption method based on the packet CBC mode is specifically carried out according to the following steps:

step 1:

determining a bottom code of the beacon information of the link layer to be implanted, wherein the bottom code is a binary sequence stream consisting of 0 and 1, and determining an initial vector IV and an encryption key for encrypting the beacon information of the network.

Step 2:

and constructing a technical implementation environment, deploying the terminal A and the terminal B in a communicable intranet or internet environment, and performing network communication on the terminal A and the terminal B to generate original network traffic.

And step 3:

the step is a network beacon information bottom code encryption link. The network beacon encryption module takes a network beacon bottom code information sequence, an encrypted initial vector and an encryption key as input, and outputs encrypted network beacon information. Link layer beacon encryption uses the symmetric encryption algorithm DES and uses CBC mode to encrypt the network beacon base code information stream. In the encryption process, network beacon base code data is grouped according to 64 bits, and the grouping is completed by using all-zero data when the grouping is less than 64 bits; and performing DES encryption on the result of the XOR of each group of network beacon packets and the initialization vector IV to obtain a ciphertext M1, wherein the initial vector IV of the first group is divided into the initially determined IV, and the ciphertext of the previous group is used as the initial vector for the subsequent group encryption of the initial vector. The specific encryption flow is shown in fig. 3.

And 4, step 4:

and the link layer beacon implantation modulation module intercepts the target network flow sent by the terminal A, implants the encrypted link layer beacon information sequence into the network flow through the link layer beacon implantation modulation module, and resends the implanted link layer beacon flow to the terminal B.

And 5:

and the link layer beacon demodulation module intercepts and captures network traffic which is sent by the terminal A and carries encrypted link layer beacon information, and acquires an encrypted link layer beacon information sequence through demodulation.

Step 6:

the step is a network beacon information bottom code decryption link. The network beacon decryption module takes the demodulated encrypted network beacon information sequence, the encrypted initial vector and the encrypted key as input and outputs decrypted network beacon information. The link layer beacon decryption uses the symmetric encryption algorithm DES and decrypts the network beacon encrypted information stream using CBC mode. The decryption process firstly groups the demodulated information sequence according to 64 bit groups; and performing DES decryption on the result of the XOR of each group of information packets and the initialization vector IV to obtain a network beacon bottom code packet M1, wherein the initial vector IV of the first group is divided into a group of initially determined IV, and a group of ciphertext before the initial vector is decrypted by a subsequent group is used as the initial vector. The specific decryption flow is shown in fig. 3.

And 7:

and splicing the decrypted information packets, and removing the filling data at the tail end to obtain the beacon bottom code of the link layer. Fig. 4 is a flowchart illustrating decryption of network beacon information according to the present invention.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.