阅读说明：本技术 一种链路随机加密方法及系统 (Link random encryption method and system ) 是由 吴天成 马岩堂 商广勇 李佳 于 2021-08-09 设计创作，主要内容包括：本发明涉及大数据领域,具体提供了一种链路随机加密方法,具有以下步骤：S1、设计加密算法表；S2、选择加密算法；S3、加密密钥生成；S4、数据传输前的数据加密；S5、数据接收后的数据解密。与现有技术相比,本发明不仅在链路上的所有数据均以密文形式出现,同时随机加密的形式也可防止单一算法加密易被破解的情况。而且加密算法对应密钥也会按照一定的规则进行变化,使得链路加密的安全性得以改善。(The invention relates to the field of big data, and particularly provides a link random encryption method, which comprises the following steps: s1, designing an encryption algorithm table; s2, selecting an encryption algorithm; s3, generating an encryption key; s4, encrypting data before data transmission; and S5, decrypting the received data. Compared with the prior art, the invention not only can make all data on the link appear in a ciphertext form, but also can prevent the condition that the encryption of a single algorithm is easy to be cracked in a random encryption form. And the corresponding key of the encryption algorithm is changed according to a certain rule, so that the security of the link encryption is improved.)

1. A method for random encryption of a link, comprising the steps of:

s1, designing an encryption algorithm table;

s2, selecting an encryption algorithm;

s3, generating an encryption key;

s4, encrypting data before data transmission;

and S5, decrypting the received data.

2. The link random encryption method according to claim 1, wherein in step S1, an encryption algorithm table is designed, and all encryption modes are sequentially stored in the encryption algorithm table for use in encrypting and decrypting data before and after data transmission between devices.

3. The link random encryption method of claim 2, wherein in step S2, the data encryption uses symmetric key encryption, and the encryption algorithm includes DES, 3DES, IDEA, RC5 or RC 6.

4. The method for random link encryption according to claim 3, wherein in step S3, a required encryption algorithm is selected, a corresponding key is stored in the algorithm table, the key is required to be changed according to a certain rule, and the keys before and after the change are stored in the algorithm table respectively.

5. The method as claimed in claim 4, wherein the changing rule of the key is time-varying and is set to change every period of time.

6. The link random encryption method according to claim 5, wherein in step S4, the network node on the link determines to use a certain algorithm in the encryption table through random number random algorithm, and splices the information of the algorithm into the encrypted data ciphertext.

7. The link random encryption method according to claim 6, wherein in step S5, the node receiving the data determines the encryption algorithm to be used by obtaining the ciphertext information and analyzing the ciphertext, intercepting the corresponding id, and obtaining the key of the algorithm in the table according to the algorithm, and then decrypting the data by using the algorithm and the key to obtain the plaintext of the data.

8. A method for random encryption of links as claimed in claim 7, wherein after said node processes the data, it also encrypts and wraps the data according to a random algorithm, and so on.

9. A link random encryption system is characterized by comprising an encryption algorithm and storage module, a data transmission module, a data encryption module, a ciphertext storage module and a data decryption module,

the encryption algorithm and storage module is internally provided with a database and is used for selecting a proper encryption algorithm and storing the encryption algorithm and a corresponding key;

the data transmission module is used for transmitting data among the nodes and for mutual communication among the nodes, the encryption algorithm and the storage module, so that the nodes can acquire the relevant information of the encryption algorithm and can transmit data among the nodes;

the data encryption module acquires a random encryption algorithm through the data transmission module and then encrypts plaintext data transmitted by the node;

the ciphertext data storage module is internally provided with a ciphertext database and is responsible for storing and inquiring ciphertext data;

and the data decryption module acquires corresponding encryption algorithm information and asymmetric key information according to the suffix of the acquired ciphertext, so that data decryption service is provided.

Technical Field

The invention relates to the field of link encryption, and particularly provides a link random encryption method and system.

Background

An industrial internet platform is an informatization system manufactured by factories through integrating production data, and a machine detection mode is used for replacing manual recording of machine states and loss conditions, so that the production efficiency is improved, and more scene problems such as process improvement, quality detection and classification and the like are solved by introducing an artificial intelligence algorithm.

The data transmission node security problem becomes a security challenge in the field of industrial internet cloud platforms.

The data is collected from a terminal to the nodes of each link and processed until the data is stored in a central system, and the data lacks an effective inspection feedback system, so that the safety of the system is influenced.

For a certain communication link between two network nodes, link encryption can provide security assurance for data transmitted over the network.

However, for link encryption (also known as online encryption), all messages are encrypted before being transmitted, the received message is decrypted at each node, and then the message is encrypted using the key of the next link before being transmitted. A message may be transmitted over a number of communication links before reaching a destination.

Since each intermediate transfer node message is decrypted and then re-encrypted, all data on the link, including the routing information, appears in ciphertext form. Thus, link encryption masks the source and destination of the transmitted message. Because of the use of padding techniques and the fact that padding characters can be encrypted without the need to transmit data, the frequency and length characteristics of the message are masked, thereby preventing analysis of the traffic.

By adopting a link encryption mode, a plurality of intermediate nodes are required to pass from a starting point to a terminal point, if the safety protection of a certain node on the link is weak, according to the wooden barrel principle (the quantity of water in the wooden barrel is determined by the lowest wooden plate), although encryption measures are adopted, the safety of the whole link is only equivalent to the safety condition of the weakest node. In this case, if the link encryption only uses one encryption mode, the link security performance is greatly reduced; if the link encryption uses a fixed encryption key, there may be a possibility that the key is leaked or brute force.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides a link random encryption method with strong practicability.

The invention further aims to provide a link random encryption system which is reasonable in design, safe and applicable.

The technical scheme adopted by the invention for solving the technical problems is as follows:

a link random encryption method, having the steps of:

s1, designing an encryption algorithm table;

s2, selecting an encryption algorithm;

s3, generating an encryption key;

s4, encrypting data before data transmission;

and S5, decrypting the received data.

Further, in step S1, an encryption algorithm table is designed, and all encryption modes are sequentially stored in the encryption algorithm table for use in encrypting and decrypting data before and after data transmission between devices.

Preferably, in step S2, the data encryption uses a symmetric key encryption scheme, and the encryption algorithm includes DES, 3DES, IDEA, RC5 or RC 6.

Further, in step S3, a required encryption algorithm is selected, and the corresponding key is stored in the algorithm table, where the key is required to be changed according to a certain rule, and the keys before and after the change are stored in the algorithm table, respectively.

Preferably, the change rule of the key is time-varying and is set to change once every certain period of time.

Further, in step S4, the network node on the link determines to adopt a certain algorithm in the encryption table through a random number random algorithm, and splices information of the algorithm into the encrypted data ciphertext.

Further, in step S5, the node that receives the data determines the encryption algorithm to be used by obtaining the ciphertext information and analyzing the ciphertext, intercepting the corresponding id, and obtaining the key of the algorithm in the table according to the algorithm, and then decrypting the data by using the algorithm and the key to obtain the plaintext of the data.

Further, after the node processes the data, the data is encrypted and packaged according to a random algorithm, and so on.

A link random encryption system comprises an encryption algorithm and storage module, a data transmission module, a data encryption module, a ciphertext storage module and a data decryption module,

the encryption algorithm and storage module is internally provided with a database and is used for selecting a proper encryption algorithm and storing the encryption algorithm and a corresponding key;

the data transmission module is used for transmitting data among the nodes and for mutual communication among the nodes, the encryption algorithm and the storage module, so that the nodes can acquire the relevant information of the encryption algorithm and can transmit data among the nodes;

the data encryption module acquires a random encryption algorithm through the data transmission module and then encrypts plaintext data transmitted by the node;

the ciphertext data storage module is internally provided with a ciphertext database and is responsible for storing and inquiring ciphertext data;

and the data decryption module acquires corresponding encryption algorithm information and asymmetric key information according to the suffix of the acquired ciphertext, so that data decryption service is provided.

Compared with the prior art, the link random encryption method and the system have the following outstanding beneficial effects:

the invention not only can make all data on the link appear in a ciphertext form, but also can prevent the condition that the encryption of a single algorithm is easy to be cracked in a random encryption form. And the corresponding key of the encryption algorithm is changed according to a certain rule, so that the security of the link encryption is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a schematic diagram of a link random encryption system.

Detailed Description

The present invention will be described in further detail with reference to specific embodiments in order to better understand the technical solutions of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

A preferred embodiment is given below:

a link random encryption method in this embodiment includes the following steps:

s1, designing an encryption algorithm table:

the link security mode supports various encryption algorithms, firstly an encryption algorithm table is designed, and all encryption modes are sequentially stored in the encryption algorithm table for encrypting and decrypting data before and after data transmission between equipment.

S2, selecting an encryption algorithm:

the data encryption recommends an encryption mode using a symmetric key, and the symmetric encryption has small operand, high speed and high safety intensity. Common encryption algorithms are DES, 3DES, IDEA, RC5, RC6, etc.

S3, encryption key generation:

and selecting a required encryption algorithm, storing a corresponding key into the algorithm table, wherein the key needs to be changed according to a certain rule, and storing the keys before and after the change into the algorithm table respectively. The change rule of the key is time-varying and can be changed once every hour.

S4, data encryption before data transmission:

the network nodes on the link determine to adopt a certain algorithm in the encryption table through random algorithms such as random numbers and the like, and information (such as corresponding id in the table) of the algorithm is spliced into the encrypted data ciphertext.

Examples are: the data table has 10 different encryption algorithms, the node 1 obtains the random number 3 by a random number algorithm of 1-10, the encryption algorithm corresponding to the random number 3 in the table is AES symmetric encryption, then the data is encrypted into a character string vetTadkhjfFgjorgr 08ds (example) according to the algorithm, and simultaneously the id of the corresponding encryption algorithm: and 3, splicing the formed character strings into data, and dividing each part of information through an English sentence point to obtain a ciphertext vetTadkhjffFgjorggr08ds.3. And then storing the key into a corresponding algorithm table.

S5, data decryption after data reception:

and the data receiving node acquires the ciphertext information, analyzes the ciphertext, intercepts the corresponding id to determine which encryption algorithm is used, acquires the key of the algorithm in the table according to the algorithm, and then decrypts the data by using the algorithm and the key to acquire the data plaintext. After the node processes the data, the data is encrypted and packaged according to a random algorithm, and so on.

For example, the following steps are carried out: according to the example of S3, the subsequent node obtains the encryption algorithm as AES symmetric encryption by parsing the character string information ". then obtains a key corresponding to the encryption algorithm in the encryption table, decrypts the ciphertext according to the key, obtains the plaintext of the data, and performs data processing or other operations on the plaintext.

And then, sending the data to the next node, carrying out encryption operation on the data according to the method in the step S3 before sending, and decrypting the ciphertext according to the decryption method in the step S4 after the subsequent node receives the ciphertext, and so on.

As shown in FIG. 1, a link random encryption system comprises an encryption algorithm and storage module, a data transmission module, a data encryption module, a ciphertext storage module and a data decryption module,

the encryption algorithm and storage module is internally provided with a database and is used for selecting a proper encryption algorithm and storing the encryption algorithm and a corresponding key;

the data transmission module is used for transmitting data among the nodes and for mutual communication among the nodes, the encryption algorithm and the storage module, so that the nodes can acquire the relevant information of the encryption algorithm and can transmit data among the nodes;

the data encryption module acquires a random encryption algorithm through the data transmission module and then encrypts plaintext data transmitted by the node;

the ciphertext data storage module is internally provided with a ciphertext database and is responsible for storing and inquiring ciphertext data;

and the data decryption module acquires corresponding encryption algorithm information and asymmetric key information according to the suffix of the acquired ciphertext, so that data decryption service is provided.

The method comprises the following specific steps:

the node processes data internally, the node requests the transmission module to acquire an encryption algorithm, the encryption algorithm and storage module selects a random encryption algorithm and returns corresponding information to the data encryption module, and the data encryption module encrypts the data and returns ciphertext data to the encryption algorithm and storage module.

The ciphertext storage module stores ciphertext and transmits data to the next node, the node acquires a corresponding encryption algorithm and a key through ciphertext information, the encryption algorithm and the storage module, the ciphertext decryption module decrypts the ciphertext, and the data are processed inside the node.

The above embodiments are only specific ones of the present invention, and the scope of the present invention includes but is not limited to the above embodiments, and any suitable changes or substitutions that are consistent with the claims of a link random encryption method and system of the present invention and are made by those skilled in the art shall fall within the scope of the present invention.

Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.