[go: up one dir, main page]

CN109150789A - It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security - Google Patents

It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security Download PDF

Info

Publication number
CN109150789A
CN109150789A CN201710450451.9A CN201710450451A CN109150789A CN 109150789 A CN109150789 A CN 109150789A CN 201710450451 A CN201710450451 A CN 201710450451A CN 109150789 A CN109150789 A CN 109150789A
Authority
CN
China
Prior art keywords
data
encryption
algorithm
transmitting terminal
digitizing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710450451.9A
Other languages
Chinese (zh)
Inventor
胡毅
李力
孙砚辉
毕筱雪
刘劲松
吴迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenyang Gaojing Numerical Control Intelligent Technology Co Ltd
Original Assignee
Shenyang Gaojing Numerical Control Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenyang Gaojing Numerical Control Intelligent Technology Co Ltd filed Critical Shenyang Gaojing Numerical Control Intelligent Technology Co Ltd
Priority to CN201710450451.9A priority Critical patent/CN109150789A/en
Publication of CN109150789A publication Critical patent/CN109150789A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of for digitizing the Hybrid Encryption communication means of workshop information security, it include: that encryption is attached to transmission channel using SSL in communication process, the data in network transmission are encrypted using customized aes algorithm, and transmitting terminal digital finger-print is generated using data of the customized MD5 to encryption after transmitting terminal encryption data, receiving end digital finger-print is generated using MD5 to the encryption data sent simultaneously in receiving end, judges whether data are tampered or lose in transmission process by fingerprint effect.The present invention has effectively eliminated the possibility that the data that digitlization workshop management system acquires in real time are tampered in communication transfer end to end, the greatly possible safety and reliability for improving digitlization workshop management system communication and data.

Description

It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security
Technical field
The present invention relates to digitlization workshop information security fields, and in particular to a kind of for digitizing workshop information security Hybrid Encryption communication means.
Background technique
In digitlization workshop management (such as Fig. 1), data are from server to terminal or terminal transmission to server transport mistake Cheng Zhong, data information are easy monitored or distort, and lead if will cause information leakage or data display false data in industry control Domain may receive the command information of mistake, to bring significant damage and loss to industrial production, so in order to guarantee terminal with The reliable and data safety of network communication between server and industrial equipment and management system, using safe communication connection and Reliable data encryption algorithm is very necessary with data safety to guarantee to communicate.
AES is the block encryption standard that U.S. Federal Government uses, for the standard DES before replacing.The whole world is each Industry uses AES very extensive as the field of cryptography infrastructure algorithm.Have become global symmetric key by AES in 2006 to add One of most popular algorithm in close.AES has three kinds of encrypted features: 1. can utmostly resist known attack;2. and platform without It closes, encrypting and decrypting efficiency is fast, and encoding and decoding are compact;3. design is simple.Therefore too many terminal and server will not be lost in selection AES More reliable Data Encryption Scheme has been provided simultaneously in the case where performance.The dispersion of chaotic key is that block cipher is calculated in AES The basic foundation of method design resists known-plaintext difference and linear attack, and variable length key is design focal point.Encryption as standard Algorithm is all integrated with canonical algorithm inside each large platform or software language.But there is also some security risks for Integrated Algorithm.Inverse Obtain that key data is not difficult by analyzing original program memory into engineering, it is difficult to inversely going out original algorithm.Though Right standard of the AES as certain scenes, but the versatility of language succession algorithm is too strong.Therefore then key is obtained by source program It is still feasible that mode is cracked in the data for inheriting algorithm trial decryption with language, and is too easy.
MD5 digital finger-print or signature algorithm are a derivatives of Encryption Algorithm, are referred to for generating unique number to data Line or signed data, are not encrypted data itself, only generate unique fingerprint key, it is solid that fingerprint algorithm has length It is fixed, it is easy to calculate, the anti-feature modified and collision probability is small.It is similar with aes algorithm, it is calculated as general and open standard Method, in exploitation, selection open source or language, which carry algorithm, to allow security of system to have a greatly reduced quality.The algorithm and language of open source are included Algorithm due to its opening, used by most developer, also produce most fingerprint dictionaries.Theoretically MD5 It is irreversible, but since universal performance has existed many MD5 fingerprint mapping databases, short data is reflected by data dictionary The mode for penetrating comparison is readily available metadata.
Summary of the invention
The MD5 fingerprint digest algorithm of AES data encryption algorithm and standard for standard is tested in data encrypting and deciphering and ciphertext Existing shortcoming and deficiency, propose a kind of improved AES data encryption algorithm and improved MD5 fingerprint digest algorithm during card And realize the communication security of digitlization workshop management system.
Present invention technical solution used for the above purpose is: a kind of for digitizing the mixed of workshop information security Close encryption communication method, comprising the following steps:
Step 1: in communication process, transmitting terminal is attached encryption to transmission channel using SSL technology;
Step 2: transmitting terminal carries out encryption generation encryption data to the data in network transmission and is sent to receiving end;
Step 3: transmitting terminal carries out processing to encryption data and generates transmitting terminal digital finger-print;Receiving end adds to received simultaneously Ciphertext data carries out processing and generates receiving end digital finger-print;
Step 4: by carrying out fingerprint effect to transmitting terminal digital finger-print and receiving end digital finger-print, judging that data are passing Whether it is tampered or loses during defeated.
Transmitting terminal is to carry out encryption generation to the data in network transmission using customized aes algorithm in the step 2 Encryption data, comprising: Secure Hash Algorithm dictionary length, permutation table and displacement by modifying aes algorithm select and displacement Rule encrypts the data slot or file to be transmitted.
The modification Secure Hash Algorithm dictionary length is that dictionary length is modified as one at random to belong to 264In range Numerical value.
The modification permutation table includes modification initial permutation table, reverse initial permutation table, extension permutation table.
The modification displacement selects and is displaced rule and obscures will to there is displaced position according to array range.
Transmitting terminal is to carry out processing to encryption data using customized MD5 algorithm to generate transmitting terminal number in the step 3 Word fingerprint, comprising: the encryption data that transmitting terminal is generated by the combination of displacement array and output byte sequence of modifying MD5 algorithm It carries out processing and generates transmitting terminal digital finger-print.
Receiving end is to carry out processing generation to received encryption data using customized MD5 algorithm to connect in the step 3 Receiving end digital finger-print, comprising: the displacement array by modifying MD5 algorithm, which combines, and output byte sequence docking receiving end is received adds Ciphertext data carries out processing and generates receiving end digital finger-print.
The displacement array combination of the modification MD5 algorithm separates the method for calculating assignment, institute with algorithm using modification rotation Modification output byte sequence is stated using the method for modification block conversion process variable.
It is by comparing transmitting terminal digital finger-print and whether receiving end digital finger-print is identical carries out fingerprint in the step 4 Effect.
The invention has the following beneficial effects and advantage:
1. it is highly-safe, reduce because standard AES and MD5 algorithm versatility are easy by force very much the possibility cracked by attack, changes Method after the not performance to digitlization workshop management system and the excessive damage of network again while guaranteeing data security Consumption.
2. versatility is high, the present invention provides a reliable information to digitize workshop management system safety expansion mode Safety approach is applicable to other desired scene.
Detailed description of the invention
Fig. 1 digitizes workshop management architecture diagram;
Fig. 2 is overall flow figure of the present invention;
Fig. 3 SSL technical solution flow chart.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and embodiments.
As shown in Figure 1, digitlization workshop management architecture diagram.Acquisition server turns network interface by serial ports will be on industrial equipment Data acquisition, and stored with certain format to database, management server is by the data in database with the shape of chart Formula is checked by management client (end Android and the end IOS) for user.
Overall procedure of the invention is as shown in Fig. 2, a kind of for digitizing the Hybrid Encryption communication party of workshop information security Method mainly comprises the steps that
Step 1: encryption (SSL technical solution flow chart such as figure being attached to transmission channel using SSL in communication process Shown in 3): (1) Seed (32 byte) needed for generating key using RSA safe transmission AES.(2) AES_encrypt/ is utilized AES_decrypt carries out AES encryption/decryption to the business datum above Socket.Theoretically only AES is needed it is ensured that whole Process, but the AES-KEY as required for AES encryption is a structure.Such a structure, if passed by network It is defeated, it is necessary to network code to be carried out to it, the not ready-made API in the inside OpenSSL is so introduce RSA just to complete safety for the first time Transmission, guarantee Seed will not be ravesdropping.Equally, whole processes can also be completed by only using RSA, but due to the treatment effeciency of RSA It is lower than AES, so above still using AES in business data transmission encryption.In actual Socket application and development, need this A little steps are inserted into the moment of Client/Server network communication.
Step 2: the data in network transmission being encrypted using customized aes algorithm: (1) modifying canonical algorithm Secure Hash Algorithm dictionary length, random modification one are based on 264Numerical value in range.As long as not with the numerical value in the library of open source It is identical, modify this value will lead to the result that encrypted result and canonical algorithm or most open source library algorithms generate there is maximum can The differentiation of energy, and it is not available canonical algorithm and open source library algorithm decryption.But dictionary length is obtained not from memory Difficulty, therefore in order to further strengthen safety, it is also necessary to further algorithm is corrected.(2) algorithm permutation table is modified, AES includes A variety of displacements, including but not limited to initial permutation, reverse initial permutation, extension displacement.Scheme example: for example canonical algorithm is replaced Array is following { 14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7 }, we be revised as 16,6,12,1,5, 11,15,9,4,13,3,14,4,7,9,0}.Above-mentioned example describes a displacement parameter assignment to generate different results.Assuming that 1 Still we modify addend and summand value now+1=2, then possibility of the result equal to 2 would not be too big, even if identical Result decryption reduction so can also restore different data.Array displacement is carried out with this to realize and canonical algorithm and open source calculation The different array sequence of method is to generate completely different encrypted result.If algorithm is independent, expression can not be calculated with standard Method is compatible, thus the boosting algorithm safety of maximum possible.
Step 3: digital finger-print is generated using customized MD5 algorithm after transmitting terminal and receiving end encryption data:
(1) modification displacement array combination, such as:
Assuming that the fill order in group FF is (a, b, c, d, x, s, ac), and internal calculation be (a) +=F ((b), (c),(d))+(x)+ac;It will so fill and computation sequence is customized.
Assuming that the numerical value definition such as (a, b, c, d, x [0], S11,0xd76aa478) filled in group FF;According to the rule of oneself Surely it is filled with (c, a, b, d, x [0], S11,0xd76aa478).
(2) output byte sequence is modified.Tentative standard exports in outpout are as follows: output [j+1]=(byte) ((input[i]>>8)&0xff);Customized output is as follows: output [j+3]=(byte) ((input [i] > > 8) &0xff);
Above content is, if canonical algorithm define an array filling 123456789 so we oneself define one A filling array is 987654321, and reference standard does not follow standard, and filling process and algorithm be it is internal, can not be seen It arrives, therefore data result will be no longer identical as canonical algorithm after fill rule is changed, and canonical algorithm can not also decrypt it Data.
By above-mentioned technological means, the encrypted result of MD5 algorithm will be totally different from knot caused by standard and open source library Fruit prevents the possibility that data are cracked by dictionary collision with this.
Step 4: judging whether data are tampered or lose in transmission process by fingerprint effect.

Claims (9)

1. a kind of for digitizing the Hybrid Encryption communication means of workshop information security, which comprises the following steps:
Step 1: in communication process, transmitting terminal is attached encryption to transmission channel using SSL technology;
Step 2: transmitting terminal carries out encryption generation encryption data to the data in network transmission and is sent to receiving end;
Step 3: transmitting terminal carries out processing to encryption data and generates transmitting terminal digital finger-print;Receiving end is to received encryption number simultaneously Receiving end digital finger-print is generated according to processing is carried out;
Step 4: by carrying out fingerprint effect to transmitting terminal digital finger-print and receiving end digital finger-print, judging that data are being transmitted across Whether it is tampered or loses in journey.
2. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 1 In transmitting terminal is to carry out encryption to the data in network transmission using customized aes algorithm to generate encryption number in the step 2 According to, comprising: Secure Hash Algorithm dictionary length, permutation table and displacement by modifying aes algorithm select and displacement rule is right The data slot or file to be transmitted are encrypted.
3. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 2 In the modification Secure Hash Algorithm dictionary length is that dictionary length is modified as one at random to belong to 264Numerical value in range.
4. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 2 In the modification permutation table includes modification initial permutation table, reverse initial permutation table, extension permutation table.
5. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 2 In the modification displacement selects and is displaced rule and obscures will to there is displaced position according to array range.
6. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 1 In transmitting terminal is to carry out processing generation transmitting terminal number to encryption data using customized MD5 algorithm to refer in the step 3 Line, comprising: the encryption data that transmitting terminal generates is carried out by the combination of displacement array and output byte sequence of modifying MD5 algorithm Processing generates transmitting terminal digital finger-print.
7. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 1 In receiving end is to carry out processing to received encryption data using customized MD5 algorithm to generate receiving end number in the step 3 Word fingerprint, comprising: by the combination of displacement array and the received encryption data of output byte sequence docking receiving end of modifying MD5 algorithm It carries out processing and generates receiving end digital finger-print.
8. described a kind of for digitizing the Hybrid Encryption communication means of workshop information security, feature according to claim 6 or 7 It is, the displacement array combination of the modification MD5 algorithm separates the method for calculating assignment with algorithm using modification rotation, described to repair Change output byte sequence using the method for modification block conversion process variable.
9. feature exists according to a kind of for digitizing the Hybrid Encryption communication means of workshop information security described in claim 1 In being by comparing transmitting terminal digital finger-print and whether receiving end digital finger-print is identical carries out fingerprint effect in the step 4.
CN201710450451.9A 2017-06-15 2017-06-15 It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security Withdrawn CN109150789A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710450451.9A CN109150789A (en) 2017-06-15 2017-06-15 It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710450451.9A CN109150789A (en) 2017-06-15 2017-06-15 It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security

Publications (1)

Publication Number Publication Date
CN109150789A true CN109150789A (en) 2019-01-04

Family

ID=64829676

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710450451.9A Withdrawn CN109150789A (en) 2017-06-15 2017-06-15 It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security

Country Status (1)

Country Link
CN (1) CN109150789A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114969771A (en) * 2022-02-28 2022-08-30 河南甘棠软件科技有限公司 Electron data encryption storage method and system and decryption reading method and system
CN119276467A (en) * 2024-12-09 2025-01-07 沈阳航盛科技有限责任公司 1394B high-speed interface data encryption and obfuscation method for airborne avionics system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102064942A (en) * 2010-11-30 2011-05-18 南京理工大学 Credible integrated security processing platform
US20110283106A1 (en) * 2009-01-22 2011-11-17 Zte Corporation Method for realizing authentication center and authentication system
CN105656865A (en) * 2014-11-30 2016-06-08 沈阳高精数控智能技术股份有限公司 Encrypted communication method for workshop monitoring and managing system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110283106A1 (en) * 2009-01-22 2011-11-17 Zte Corporation Method for realizing authentication center and authentication system
CN102064942A (en) * 2010-11-30 2011-05-18 南京理工大学 Credible integrated security processing platform
CN105656865A (en) * 2014-11-30 2016-06-08 沈阳高精数控智能技术股份有限公司 Encrypted communication method for workshop monitoring and managing system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘洪民 等: "MD5算法在用户口令认证中的应用", 《网络安全技术与应用》 *
房超: "车间管理系统安全技术的研究与开发", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114969771A (en) * 2022-02-28 2022-08-30 河南甘棠软件科技有限公司 Electron data encryption storage method and system and decryption reading method and system
CN119276467A (en) * 2024-12-09 2025-01-07 沈阳航盛科技有限责任公司 1394B high-speed interface data encryption and obfuscation method for airborne avionics system

Similar Documents

Publication Publication Date Title
CN109429222B (en) Method for encrypting wireless network equipment upgrading program and communication data
US8300828B2 (en) System and method for a derivation function for key per page
US5757913A (en) Method and apparatus for data authentication in a data communication environment
CN109840425B (en) File encryption method and device
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN112738051B (en) Data information encryption method, system and computer readable storage medium
CN111586076A (en) Anti-tampering encryption and decryption method and system for remote control telemetry information based on mixed cipher
US11057205B2 (en) Seed key expansion method and its uses
CN117640256B (en) Data encryption method, recommendation device and storage medium of wireless network card
CN115174261A (en) Mixed encryption and decryption system and method based on hierarchical layer and secret-medium secret distribution
CN111475690A (en) Character string matching method and device, data detection method and server
CN104038336A (en) Data encryption method based on 3DES
CN114338648A (en) SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm
CN105978693B (en) A kind of method and system of terminal association
CN109768969B (en) Authority control method, Internet of things terminal and electronic equipment
CN109150789A (en) It is a kind of for digitizing the Hybrid Encryption communication means of workshop information security
CN113158218B (en) Data encryption method and device and data decryption method and device
CN108737353A (en) A kind of data ciphering method and device based on data analysis system
TWI488478B (en) Techniques for performing symmetric cryptography
CN106165340B (en) Encryption method, program, and system
US12021968B2 (en) Method for data processing in a computing environment with distributed computers and railway application
US10057054B2 (en) Method and system for remotely keyed encrypting/decrypting data with prior checking a token
CN113259438B (en) Method and device for sending model file and method and device for receiving model file
CN117675189A (en) Data encryption method, data decryption device and electronic equipment
CN113672955B (en) Data processing method, system and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190104