[go: up one dir, main page]

CN120110761A - A Dynamically Scalable Trusted Cascade Communication System - Google Patents

A Dynamically Scalable Trusted Cascade Communication System Download PDF

Info

Publication number
CN120110761A
CN120110761A CN202510277371.2A CN202510277371A CN120110761A CN 120110761 A CN120110761 A CN 120110761A CN 202510277371 A CN202510277371 A CN 202510277371A CN 120110761 A CN120110761 A CN 120110761A
Authority
CN
China
Prior art keywords
cascade
trusted
node
management
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510277371.2A
Other languages
Chinese (zh)
Inventor
宋晓鹏
胡佳
王宏鹏
弓弛
李琳
徐晶
孔凯薇
曾颖明
陈志浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN202510277371.2A priority Critical patent/CN120110761A/en
Publication of CN120110761A publication Critical patent/CN120110761A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种动态可伸缩的可信级联通信系统,属于网络安全和密码安全技术领域。该系统提供了可信管控中心装置、可信级联装置、可信安全域管控装置、可信终端装置和可信存储装置等五款装置以及可信级联通信机制。在各装置和可信级联通信机制的协同配合下,构建了可信级联节点树通信网,为可信级联通信系统的密码资源、安全域、级联、装置、数据提供了安全管控功能。

The present invention relates to a dynamically scalable trusted cascade communication system, which belongs to the field of network security and cryptographic security technology. The system provides five devices, including a trusted control center device, a trusted cascade device, a trusted security domain control device, a trusted terminal device, and a trusted storage device, as well as a trusted cascade communication mechanism. Under the coordinated cooperation of each device and the trusted cascade communication mechanism, a trusted cascade node tree communication network is constructed, which provides security control functions for the cryptographic resources, security domains, cascades, devices, and data of the trusted cascade communication system.

Description

Dynamic telescopic trusted cascade communication system
Technical Field
The invention belongs to the technical fields of network security and password security, and particularly relates to a dynamic telescopic trusted cascade communication system.
Background
With the rapid development of information technology, the value of data is increasingly prominent, and data security faces serious challenges. Security in particular in terms of data transmission, storage, etc. among group multilevel companies, various departments of an enterprise is particularly important.
Currently, existing cascading devices have a number of problems in terms of data security. Firstly, the data lacks a security mechanism in the processes of transmission, storage and the like, is easy to suffer from attacks such as stealing, tampering and the like, and is difficult to ensure the characteristics of integrity, undeniability, confidentiality and the like of the data content, secondly, the cascade trust mechanism of the equipment is not sound and cannot effectively resist the access of malicious equipment, and furthermore, the cascade mode among different security domains is not fully considered, so that the security and the stability of the whole network are also affected.
Disclosure of Invention
First, the technical problem to be solved
The invention aims to solve the technical problem of designing a dynamic telescopic cascade communication system, and providing a safety management and control function for password resources, safety domains, cascades, devices and data of a trusted cascade communication system.
(II) technical scheme
In order to solve the technical problems, the invention provides a design method of a dynamic telescopic trusted cascade communication system, which is designed to comprise a trusted management and control center device, a trusted cascade device, a trusted security domain management and control device, a trusted terminal device and a trusted storage device, wherein each device constructs a trusted cascade node tree communication network through a dynamic telescopic trusted cascade communication mechanism;
Two kinds of five devices based on password and digital certificate technology are designed from five dimensions of management and control safety, cascade safety, communication safety, terminal safety and storage safety, wherein one is a management and control type device, namely a trusted management and control center device;
The trusted cascade communication system realizes the safe isolation of password control and operation business by dividing a control network and a business network; the management and control network realizes the functions of key distribution, certificate resource distribution and cipher resource management and control of authorized key negotiation authentication on four comprehensive devices connected with the management and control center device, and the service network realizes the functions of security domain policy distribution, establishment of a trusted cascade node tree according to an enterprise organization architecture and service communication of data communication among cascade nodes;
The work of each device comprises two stages of password opening and service operation, namely, firstly completing password opening and then operating the service; the four comprehensive devices apply key and certificate resources to the trusted management and control center device in three modes of off-line filling of key resources, encryption application of certificate resources and authorization and starting key negotiation authentication in a management and control network to finish the cipher opening of the device;
The trusted management and control center device has core functions of password resource management and control, certificate resource management and control, security domain management and control, device management and control and situation display, and provides security management and control capability for the management and control of password resources, security domains and devices of the whole system;
The trusted cascade device has the core functions of cascade registration audit, trusted cascade node tree security construction, data message signature verification, terminal application data encryption transmission, terminal access authentication, storage access authentication and communication log audit, and provides security cascade capability for establishing a trusted cascade node tree communication network for the whole system according to an enterprise organization architecture, device security access capability for trusted terminal devices and trusted storage devices in the same security domain, and integrity, non-repudiation, confidentiality protection capability and log audit capability for communication data among different cascade nodes;
The trusted security domain management and control device has the core functions of security domain isolation, security domain dynamic expansion, security domain policy management and control and flow monitoring and filtering, and provides communication security capability for isolation, access control and flow monitoring and filtering among different security domains of the whole system;
The trusted terminal device has the core functions of terminal security access, terminal security authentication, data transmission encryption and data local encryption, and provides terminal security capability for access authentication, data transmission, data reception and local storage of the terminal device of the whole system;
The trusted storage device has the core functions of storage security access, storage security authentication, data transmission encryption and data storage encryption, and provides storage security capability for data storage expansion of the trusted cascade devices in different cascade nodes in the whole system;
The deployment operation and business operation flow of the trusted cascade communication system comprises the trusted cascade communication mechanism which can be dynamically telescopic, and the specific steps of the deployment operation and business operation flow are as follows:
1) The device is opened, the management and control network interfaces of all devices of the whole system are connected to form a management and control network, and all devices sequentially complete password opening and enter a working operation stage;
2) The device access method comprises the steps of establishing a service network in a security domain by connecting a service network interface of a trusted terminal device and a service network interface of a trusted storage device with a service network interface of a trusted cascading device in the same security domain, and then accessing the trusted terminal device and the trusted storage device to the trusted cascading device in a device access auditing mode;
3) The trusted management and control center device transmits a security domain communication strategy to a trusted security domain management and control device connected between the upper and lower cascade nodes so as to realize service network communication between the cascade nodes of different upper and lower security domains;
4) Inputting the organization name of the cascade node and the IP address information of the service network interface of the upper cascade node by the lower cascade node to initiate a cascade registration request to the upper stage;
5) The upper cascade node audits and confirms the information input by the lower cascade node and then initiates a cascade audit request to the lower cascade node;
6) Sharing information of cascade nodes; after the step 3 to the step 5 are completed, the passage between the upper cascade node and the lower cascade node is successfully established, the lower cascade node transmits all node information of the established lower cascade area known by the node to the upper cascade node, and the upper cascade node shares the node information with all nodes of the established upper cascade area known by the node in a broadcasting mode;
7) After the information sharing of the cascade nodes is completed, the trusted cascade device adopts the mode of the step 6 to periodically manage the terminal management information in the same security domain;
8) The method comprises the steps of receiving terminal data, wherein a trusted terminal device applies for a session identifier from a trusted cascade device in the same security domain by adopting a device authentication mode, carrying session identifier, terminal application data and target terminal information encryption, sending the session identifier, the terminal application data and the target terminal information encryption to the trusted cascade device, forwarding the session identifier, the terminal application data and the target terminal information to the trusted cascade device in the security domain of a target terminal by the trusted cascade device in the same security domain in a data routing transmission mode, namely the target trusted cascade device, and finally encrypting and sending the session identifier and the target application data to the target terminal by the target trusted cascade device in an active or passive mode.
Preferably, the five devices all comprise a password operation control unit and a service communication unit, the two units are physically isolated through a red and black isolation technology, the two units respectively adopt independent CPU, memory, storage and network interface components, the security of a device password algorithm and password resources is ensured, the control network relies on the network interface of the password operation control unit of each device, namely, the control network interface, to realize the password resource control functions of key distribution, certificate resource distribution and authorization key negotiation authentication of the four comprehensive devices connected with the control center device, and the service network relies on the network interface of the service communication unit of each device, namely, the service network interface, to realize the service communication functions of issuing security domain strategies and establishing the data communication between the trusted cascade node tree and the cascade node according to an enterprise organization architecture.
Preferably, the four comprehensive devices receive unified control of the control devices, report heartbeats at regular time, and provide situation display of system cascade relation, device deployment condition and safety condition for the control devices and monitor and defend malicious traffic diffusion and transmission capacity.
Preferably, after step 2 is completed, the trusted storage device applies for a session identifier to the trusted tandem device in the same security domain by adopting a device authentication mode, and asynchronously provides the access function of encrypted data for the trusted tandem device in a transmission mode of IPSec protocol with the session identifier.
And simultaneously, the trusted cascade node tree is free from hierarchical limitation, the expansion of cascade nodes and the revocation of cascade leaf nodes are supported, the revocation adopts the modes of lower cascade revocation and upper cascade audit, and then the upper cascade node synchronously executes the step 6, so that the dynamic expansion of the trusted cascade node tree can be realized.
Preferably, when a cascade node which cannot be directly reached by service network communication is encountered in the broadcasting process of the step 6, the communicated cascade node broadcasts outwards again, node data is shared to each node of a trusted cascade node tree, when the cascade node broadcasts outwards again, the broadcasting mode from a leaf node to a root node is that the cascade node and all other subordinate cascade nodes except the communicated direct connection node broadcast upwards, and the broadcasting mode from the root node to the leaf node direction is that the cascade node broadcasts directly to all subordinate cascade nodes.
Preferably, the specific mode of forwarding terminal application data by the trusted cascade device in the step 8 by adopting a data routing transmission mode is that when the trusted cascade device receives a communication data packet sent by terminal data of the trusted terminal device in the security domain, the trusted cascade device finds an optimal node path from a trusted cascade node tree through a nearest public ancestor LCA algorithm and sends the data packet to a next-station cascade node of the node path, and the next-station cascade node forwards the data to the next-station cascade node of the node path in sequence by adopting the routing jump mode after receiving a request until the data packet is sent to a routing destination, namely the destination security domain trusted cascade device.
Preferably, the communication data between the different security domain trusted cascade devices in step 4 to step 7 comprise plain text service management data, communication is carried out by adopting a mode of requesting random numbers and signing the communication data so as to ensure the integrity, undeniability and authenticability of the service management data during communication, the communication data between the different security domain trusted cascade devices in step 8 comprise cipher text service management data and cipher text terminal application data, the trusted management center device is used as a key distribution center KDC, a sending end and a receiving end of the trusted cascade devices encrypt/decrypt the terminal application data in a mode of obtaining a shared session key through key negotiation, and the encrypted terminal application data and the encrypted service management data are placed in a signature original of the communication data together so as to ensure the confidentiality, the integrity and the undeniability of the terminal application data during communication.
The invention also provides a trusted cascade communication system designed based on the method.
The invention also provides a working method of the system.
(III) beneficial effects
The invention designs a dynamic telescopic cascade communication system which provides five devices such as a trusted management and control center device, a trusted cascade device, a trusted security domain management and control device, a trusted terminal device and a trusted storage device and a trusted cascade communication mechanism for meeting requirements of enterprise-level communication service, such as whole network communication security, different security domain cascades, security domain security isolation, security domain dynamic expansion, data transmission and storage security and device security access. Under the cooperative coordination of each device and the trusted cascade communication mechanism, a trusted cascade node tree communication network is constructed, and a security management and control function is provided for the password resources, security domains, cascades, devices and data of the trusted cascade communication system.
Drawings
Fig. 1 is a deployment diagram of a trusted cascade communication system device according to an embodiment of the present invention;
fig. 2 is a network layout diagram of a trusted cascade communication system according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a trusted tandem communication system according to an embodiment of the present invention;
Fig. 4 is a schematic diagram of a route transmission process of terminal application data according to an embodiment of the present invention;
Fig. 5 is a timing chart of routing transmission of communication data between routing nodes according to an embodiment of the present invention.
Detailed Description
To make the objects, contents and advantages of the present invention more apparent, the following detailed description of the present invention will be given with reference to the accompanying drawings and examples.
The invention designs a dynamic telescopic cascade communication system which provides five devices such as a trusted management and control center device, a trusted cascade device, a trusted security domain management and control device, a trusted terminal device and a trusted storage device and a trusted cascade communication mechanism for meeting requirements of enterprise-level communication service, such as whole network communication security, different security domain cascades, security domain security isolation, security domain dynamic expansion, data transmission and storage security and device security access. Under the cooperative coordination of each device and the trusted cascade communication mechanism, a trusted cascade node tree communication network is constructed, and a security management and control function is provided for the password resources, security domains, cascades, devices and data of the trusted cascade communication system.
In the first aspect, the invention designs two types of five types of devices based on password and digital certificate technology from five dimensions of management and control safety, cascade safety, communication safety, terminal safety, storage safety and the like, wherein one type of management and control device is a trusted management and control center device, and four types of comprehensive devices comprise a trusted cascade device, a trusted security domain management and control device, a trusted terminal device and a trusted storage device. The specific contents are as follows:
Firstly, the five devices comprise a password operation control unit and a business communication unit, and the two units are physically isolated through a red-black isolation technology. The two units respectively adopt independent components such as a CPU, a memory, a storage, a network interface and the like, so that the security of a device cryptographic algorithm and a cryptographic resource is ensured.
And secondly, the trusted cascade communication system realizes the safe isolation of password control and operation business by dividing a control network and a business network. The management and control network relies on a network interface (hereinafter referred to as a management and control network interface) of a cryptographic operation management and control unit of each device to realize the cryptographic resource management and control functions of key distribution, certificate resource distribution, authorized (authorized+started) key negotiation authentication and the like of the four comprehensive devices connected with the trusted management and control center device. The service network relies on network interfaces (hereinafter referred to as "service network interfaces") of service communication units of all devices to realize service communication functions such as issuing security domain policies, establishing trusted cascade node trees according to enterprise organization architecture, and data communication among cascade nodes. The service network comprises a plurality of security domains, and each cascade node (comprising each company and large departments) is one security domain, and the security domains are isolated from each other.
In addition, the work of each device comprises two stages of password opening and service operation, namely, the password opening is finished firstly, and then the service is operated. The trusted management and control center device is used as a password resource management and control center to finish password opening by self, four comprehensive devices finish password opening of the device by applying key and certificate resources to the trusted management and control center device through three modes (sequential execution) of off-line filling of key resources, encryption application of certificate resources and authorization key negotiation authentication in a management and control network, and the service operation stage is that after each device finishes password opening, execution of core service is started in a service network.
The trusted management and control center device has core functions of password resource management and control, certificate resource management and control, security domain management and control, device management and control, situation display and the like, and provides security management and control capability for the management and control of password resources, security domains and devices of the whole system.
The trusted cascade device has the core functions of cascade registration audit, trusted cascade node tree security construction, data message signature verification, terminal application data encryption transmission, terminal access authentication, storage access authentication, communication log audit and the like, provides security cascade capability for establishing a trusted cascade node tree communication network according to an enterprise organization architecture for the whole system, provides device security access capability for trusted terminal devices and trusted storage devices in the same security domain, and provides integrity, non-repudiation, confidentiality protection capability and log audit capability for communication data among different cascade nodes.
The trusted security domain management and control device has the core functions of security domain isolation, security domain dynamic expansion, security domain policy management and control, flow monitoring and filtering and the like, and provides communication security capability for isolation, access control and flow monitoring and filtering among different security domains of the whole system.
The trusted terminal device has the core functions of terminal safety access, terminal safety authentication, data transmission encryption, data local encryption and the like, and provides terminal safety capability for access authentication, data transmission, data reception and local storage of the terminal device of the whole system.
The trusted storage device has core functions of storage security access, storage security authentication, data transmission encryption, data storage encryption and the like, and provides storage security capability for data storage expansion of the trusted cascade devices in different cascade nodes in the whole system.
The four comprehensive devices receive unified control of the control devices, report heartbeats at regular time, and provide situation display and monitoring of content such as system cascade relation, device deployment condition, safety condition and the like for the control devices.
In a second aspect, the present invention provides a deployment operation and a service running flow of a trusted tandem communication system, which includes a trusted tandem communication mechanism that is dynamically scalable (including the following steps 4 to 8). The method comprises the following specific steps:
1) The device is turned on. The management and control network interfaces of all devices of the whole system are connected to form a management and control network, and all devices sequentially finish password opening and enter a working operation stage.
2) And (5) accessing the device. In the same security domain, the service network interfaces of the trusted terminal device and the trusted storage device are connected with the service network interfaces of the trusted cascade device to establish a service network in the security domain; and then the trusted terminal device and the trusted storage device are accessed to the trusted cascade device in a device access auditing mode, so that the security of device access is ensured. Each security domain independently develops the device access operation.
3) And issuing a security domain policy. The trusted management and control center device issues a security domain communication strategy to a trusted security domain management and control device connected between the upper and lower cascade nodes so as to realize service network communication between the cascade nodes of different security domains.
4) And registering the cascade nodes. The lower cascade node inputs the information of the cascade node organization name, the service network interface IP address of the upper cascade node and the like so as to initiate a cascade registration request to the upper stage.
5) And checking the cascade nodes. And after the upper cascade node audits and confirms the information input by the lower cascade node, a cascade audit request is initiated to the lower cascade node.
6) And sharing information of the cascade nodes. After the steps 3 to 5 are completed, the path between the upper and lower cascade nodes is successfully established. The lower cascade node sends all node information of the established lower cascade region known by the node to the upper cascade node, the upper cascade node shares the node information with all nodes of the established upper cascade region known by the node in a broadcasting mode, and then the upper cascade node sends all node information of the established upper cascade region to the lower cascade node and the lower cascade node broadcasts the node information, so that the establishment of the whole trusted cascade node tree is realized.
7) Domain information sharing. After the information sharing of the cascade nodes is completed, the trusted cascade device adopts the mode of the step 6 to regularly share the terminal management information (including the information of the terminal, the terminal group and the like) in the same security domain to each cascade node of the trusted cascade node tree, so that the synchronization of the terminal management information in different security domains is realized.
8) Data transmission and reception. And the terminal data transmission, namely applying a session identifier to the same security domain trusted cascade device by adopting a device authentication mode, carrying the session identifier, terminal application data, target terminals (the trusted terminal devices or terminal groups in the intrinsic security domain or different security domains) and other information encryption transmission to the trusted cascade device, forwarding the encrypted information to the trusted cascade device in the security domain where the target terminal is by the same security domain trusted cascade device in a data routing transmission mode (referred to as a target trusted cascade device for short), and finally encrypting and transmitting the encrypted information to the target terminal by the target trusted cascade device in an active or passive mode. The terminal data receiving method comprises the steps that a trusted terminal device passively receives terminal application data from a trusted cascade device in the same security domain, a terminal group obtains the terminal application data from the trusted cascade device in the same security domain in a data subscription mode, and the trusted terminal device saves the obtained data in a local encryption mode.
Specifically, after step 2 is completed, the trusted storage device applies for a session identifier to the trusted tandem device in the same security domain by adopting a device authentication mode, and carries the session identifier to asynchronously provide the access function of encrypted data for the trusted tandem device in a transmission mode of IPSec protocol.
In particular, step 4 and step 5 should complete registration and audit of upper and lower cascade nodes according to the actual enterprise organization architecture, and prohibit reverse access. Meanwhile, the trusted cascade node tree is theoretically unlimited, expansion of cascade nodes and revocation of cascade leaf nodes are supported (the revocation adopts a lower cascade revocation and upper cascade audit mode, and then the upper cascade nodes synchronously execute the step 6), so that dynamic expansion of the trusted cascade node tree can be realized.
In particular, when a cascade node which cannot be directly reached by service network communication is encountered in the broadcasting process of step 6, the node data can be shared to each node of the trusted cascade node tree by the communicated cascade node again broadcasting outwards (the direction from the leaf node to the root node: broadcasting to the upper cascade node and all other lower cascade nodes except the communicated direct connection node; the direction from the root node to the leaf node: broadcasting directly to all lower cascade nodes).
The method for forwarding terminal application data by the trusted cascade device in the step 8 is characterized in that when the trusted cascade device receives a communication data packet sent by terminal data of the trusted terminal device in the security domain, the trusted cascade device finds an optimal node path from a trusted cascade node tree through a nearest public ancestor (Lowest CommonAncestor, LCA) algorithm and sends the data packet to a next cascade node of the node path, and after the next cascade node receives a request, the next cascade node forwards the data to the next cascade node of the node path in sequence by adopting the routing jump mode until the data packet is sent to a routing destination (destination security domain trusted cascade device).
In particular, the communication data between the trusted tandem devices in the different security domains in step 4 to step 7 includes service management data (plaintext), and the communication is performed by adopting a mode of requesting a random number and signing the verification communication data, so that the integrity, non-repudiation and authentication of the service management data and the communication device are ensured during communication. The communication data between the different security domain trusted tandem devices in step 8 includes traffic management data and terminal application data (ciphertext). And taking the trusted management center device as a key distribution center (Key Distribution Center, KDC), encrypting/decrypting the terminal application data in a mode that a sending end and a receiving end of the trusted cascade device acquire a shared session key through key negotiation, and placing the encrypted terminal application data and the service management data in a signature original of communication data together, so that confidentiality, integrity and undeniability of the terminal application data during communication are ensured.
Referring to fig. 1, the present invention provides a trusted tandem communication system device deployment diagram. According to the enterprise organization architecture, each company/large department is a tandem node, and each tandem node (minimum level unit environment deployment) comprises at least one trusted tandem device, one trusted storage device, a plurality of trusted terminal devices and a third party security application service. And establishing service network intercommunication of different security domains between each upper and lower cascade nodes through a trusted security domain management and control device. The trusted management and control center device is deployed at the enterprise headquarter and is interconnected with the trusted security domain management and control device connected with the enterprise headquarter.
In the same cascade node, the trusted storage device and the trusted terminal device establish a service network path in the cascade node with the trusted cascade device through a device access auditing mode. The third party security application service is input by the trusted cascade device, and provides security application service for the trusted terminal device.
The trusted security domain management and control device comprises a plurality of service network interfaces to support access of a plurality of security domain devices, wherein the service network interfaces are isolated from each other to ensure isolation among the security domains.
In order to improve the expandability of the trusted security domain management and control device and the dynamic expandability of the service network, any one service network interface of a plurality of trusted security domain management and control devices can be connected in series (a loop is forbidden to be formed), and the dynamic balance of the service network communication is realized in a load balancing mode.
The trusted management center device, the trusted cascading device and the trusted storage device in the cascading node can adopt a dual-machine hot standby and cluster deployment mode to improve the high availability and concurrency of the device.
The trusted storage device supports the existing widely used data storage modes such as distributed storage, object storage, NAS storage and the like, and the storage components of the service communication unit can be replaced according to different data storage requirements.
Referring to fig. 2, the present invention provides a network plan for a trusted tandem communication system that includes a managed network plan and a traffic network plan, with physical isolation between the two.
The management and control network adopts a flattened architecture design, the management and control network interfaces of all devices are connected, and the four comprehensive devices are distributed on different cascade nodes in physical layout, but have the same password opening flow and have no division of device opening sequence. The trusted management and control center device is used as a password resource management and control center, and provides password opening service for four comprehensive devices, including key resource offline filling, certificate resource encryption application and authorized key negotiation authentication.
The service network interfaces the service networks of the devices to form a trusted tandem node tree communication network for service data communication between the tandem nodes, as described in connection with the embodiment of fig. 1. And the trusted management and control center device issues inter-domain network communication strategies to the trusted security domain management and control device according to service network distribution conditions of the cascade nodes of different security domains to realize network intercommunication among different security domains.
Furthermore, the trusted management and control center device can monitor the state information of each device in the security domain reported by each trusted security domain management and control device and each trusted cascading device in each cascading node in real time, immediately warn and inform, and intelligently process the dynamic expansion and contraction of the service network. And according to the flow monitoring report reported by the trusted security domain management and control device, the trusted management and control center device issues a security isolation strategy to the trusted security management and control device where the malicious flow is received, and prevents the malicious flow from spreading.
Referring to fig. 3, the present invention provides a trusted tandem communication system level online mapping. As shown in figure 3, each cascade node comprises a trusted cascade device and a trusted terminal device with established secure access, an established upper cascade zone is established for the cascade node B and comprises a self node (cascade node B), an upper node (cascade node A), all lower nodes (cascade node D) and all shared nodes (cascade node C), and an established lower cascade zone is established for the cascade node E and comprises a self node (cascade node E), all lower nodes (cascade node F, cascade node G and cascade node H) and all shared nodes (cascade node I).
The embodiment provides a deployment operation flow of a trusted cascade communication system.
Firstly, completing the arrangement of each device according to figure 1, secondly, completing the construction of a management and control network and a service network according to figure 2, enabling each device to successfully enter a service operation stage from a password opening stage, and enabling a trusted terminal device and a trusted storage device to safely access to a trusted cascade device in the same safety domain in a device access auditing mode. The trusted control center device issues different security inter-domain service network communication strategies to the trusted security domain control devices among the various cascade node devices, and opens the service network paths among the trusted cascade node devices (corresponding to the steps 1-3). Finally, according to fig. 3 (including steps S301 to S304 (i.e., cascade registration, cascade audit, cascade node information sharing, domain information sharing, corresponding to steps 4 to 7 above) and step S305 (data routing transmission, corresponding to step 8 above), the following steps are completed:
s301, cascading registration. The cascade node E is used as a lower node and initiates a cascade registration request to an upper cascade node B.
S302, cascade auditing. And the cascade node B serves as an upper node, and the cascade node E is audited and initiates a cascade audit request.
S303, cascade node information sharing. The lower cascade node E transmits all node information of the established lower cascade region to the upper cascade node B, and the cascade node B shares the node information with all nodes of the established upper cascade region in a broadcast mode. When broadcasting upwards, the cascade node B shares node information with the cascade node A and the cascade node D which directly communicate with the service network, and then the cascade node A shares node information with the cascade node C, so that the whole node information sharing of the established upper cascade region can be completed. When broadcasting downwards, the cascade node E directly communicates directly to the service network to share node information among the cascade node F, the cascade node G and the cascade node H, and then the cascade node H shares node information among the cascade node I. Thus, the establishment of the whole trusted cascade node tree is realized.
S304, domain information sharing. The cascade node E adopts the mode of S303 to regularly share the terminal management information (including the information of terminals, terminal groups and the like) in the security domain to each cascade node of the trusted cascade node tree, so as to realize the synchronization of the terminal management information in different security domains.
S305, data route transmission. In order to describe the data route transmission flow between the cascade nodes more clearly, in conjunction with fig. 4 and 5, the present embodiment provides a core process when the trusted terminal device M in the cascade node H sends the terminal application data to the trusted terminal device N of the cascade node C. The terminal application data is forwarded by a reliable cascade device route in each cascade node, wherein the communication data starting cascade node is a reliable cascade device sending end Sender (hereinafter referred to as Sender) of the cascade node H, and the communication data destination cascade node is a reliable cascade device receiving end Receiver (hereinafter referred to as Receiver) of the cascade node C. Specifically, the substeps (S401 to S409) of step S305 are as follows:
S401, the trusted terminal device M completes device authentication and sends terminal application data to the Sender in an encryption mode;
S402, the Sender obtains a shared session key of the Sender and a Receiver from a trusted management center device KDC in a password negotiation mode;
s403, the Sender uses the shared session key as an encryption key, and applies data encryption processing to the terminal by adopting a symmetric encryption algorithm;
S404, including S404-1 and S404-2. S404-1 provides services such as verification and forwarding of communication data in different security domains for upper and lower trusted cascade devices directly connected with service network communication by a trusted security domain management device, S404-2 is a data routing transmission process, and a Sender forwards communication data (comprising service management data plaintext and terminal application data ciphertext) to a Receiver through a routing node in an optimal node path of a trusted cascade node tree in a signature verification mode. The following steps S501-S505 are sub-steps of step S404-2, and the data route transmission process is described below with reference to FIG. 5:
S501, the Sender searches an optimal node path in a trusted cascade node tree through an LCA algorithm to obtain a nearest routing node (namely a next station routing node) directly through service network communication;
s502, establishing a route communication session by the Sender and the route node in a mode of requesting and preserving dynamic generation of Random, and ensuring the replay prevention of the primary route communication session;
S503, after signing the plaintext of the service management data (comprising the content of Random, next station routing node information, destination cascade node information and the like) and the ciphertext of the terminal application data by adopting a signature algorithm, sending the communication data, signature values, a Sender signature certificate and the like to the next station routing node;
S504, the next station routing node compares Random after receiving the message and verifies the signature value. If the comparison or verification fails, the subsequent flow is terminated, and if the comparison or verification fails, the next station routing node performs the next data routing transmission according to the steps S501-S504 until the Receiver receives the communication data.
S405 (linking step S404), the Receiver acquires a shared session key of the Sender and the Receiver from the trusted management center device KDC in a password negotiation mode;
S406, the Receiver uses the shared session key as an encryption key, adopts a symmetric encryption algorithm to decrypt the terminal application data, and encrypts and stores the terminal application data locally;
s407, the Receiver pushes terminal application data to the trusted terminal device N in an encryption mode;
s408, the trusted terminal device N locally encrypts and stores the terminal application data;
S409, the Receiver sends the local terminal application data to the trusted storage device for backup/expansion storage in a timing way.
Further, the trusted terminal device N may be replaced with a trusted terminal device group. Each trusted terminal device in the trusted terminal device group first completes device authentication, and when step S407 is executed, each trusted terminal device in the trusted terminal device group acquires terminal application data from the Receiver in a data subscription manner through encryption.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.

Claims (10)

1. A design method of a dynamic telescopic trusted cascade communication system is characterized in that the system is designed to comprise a trusted management and control center device, a trusted cascade device, a trusted security domain management and control device, a trusted terminal device and a trusted storage device, wherein each device constructs a trusted cascade node tree communication network through a dynamic telescopic trusted cascade communication mechanism;
Two kinds of five devices based on password and digital certificate technology are designed from five dimensions of management and control safety, cascade safety, communication safety, terminal safety and storage safety, wherein one is a management and control type device, namely a trusted management and control center device;
The trusted cascade communication system realizes the safe isolation of password control and operation business by dividing a control network and a business network; the management and control network realizes the functions of key distribution, certificate resource distribution and cipher resource management and control of authorized key negotiation authentication on four comprehensive devices connected with the management and control center device, and the service network realizes the functions of security domain policy distribution, establishment of a trusted cascade node tree according to an enterprise organization architecture and service communication of data communication among cascade nodes;
The work of each device comprises two stages of password opening and service operation, namely, firstly completing password opening and then operating the service; the four comprehensive devices apply key and certificate resources to the trusted management and control center device in three modes of off-line filling of key resources, encryption application of certificate resources and authorization and starting key negotiation authentication in a management and control network to finish the cipher opening of the device;
The trusted management and control center device has core functions of password resource management and control, certificate resource management and control, security domain management and control, device management and control and situation display, and provides security management and control capability for the management and control of password resources, security domains and devices of the whole system;
The trusted cascade device has the core functions of cascade registration audit, trusted cascade node tree security construction, data message signature verification, terminal application data encryption transmission, terminal access authentication, storage access authentication and communication log audit, and provides security cascade capability for establishing a trusted cascade node tree communication network for the whole system according to an enterprise organization architecture, device security access capability for trusted terminal devices and trusted storage devices in the same security domain, and integrity, non-repudiation, confidentiality protection capability and log audit capability for communication data among different cascade nodes;
The trusted security domain management and control device has the core functions of security domain isolation, security domain dynamic expansion, security domain policy management and control and flow monitoring and filtering, and provides communication security capability for isolation, access control and flow monitoring and filtering among different security domains of the whole system;
The trusted terminal device has the core functions of terminal security access, terminal security authentication, data transmission encryption and data local encryption, and provides terminal security capability for access authentication, data transmission, data reception and local storage of the terminal device of the whole system;
The trusted storage device has the core functions of storage security access, storage security authentication, data transmission encryption and data storage encryption, and provides storage security capability for data storage expansion of the trusted cascade devices in different cascade nodes in the whole system;
The deployment operation and business operation flow of the trusted cascade communication system comprises the trusted cascade communication mechanism which can be dynamically telescopic, and the specific steps of the deployment operation and business operation flow are as follows:
1) The device is opened, the management and control network interfaces of all devices of the whole system are connected to form a management and control network, and all devices sequentially complete password opening and enter a working operation stage;
2) The device access method comprises the steps of establishing a service network in a security domain by connecting a service network interface of a trusted terminal device and a service network interface of a trusted storage device with a service network interface of a trusted cascading device in the same security domain, and then accessing the trusted terminal device and the trusted storage device to the trusted cascading device in a device access auditing mode;
3) The trusted management and control center device transmits a security domain communication strategy to a trusted security domain management and control device connected between the upper and lower cascade nodes so as to realize service network communication between the cascade nodes of different upper and lower security domains;
4) Inputting the organization name of the cascade node and the IP address information of the service network interface of the upper cascade node by the lower cascade node to initiate a cascade registration request to the upper stage;
5) The upper cascade node audits and confirms the information input by the lower cascade node and then initiates a cascade audit request to the lower cascade node;
6) Sharing information of cascade nodes; after the step 3 to the step 5 are completed, the passage between the upper cascade node and the lower cascade node is successfully established, the lower cascade node transmits all node information of the established lower cascade area known by the node to the upper cascade node, and the upper cascade node shares the node information with all nodes of the established upper cascade area known by the node in a broadcasting mode;
7) After the information sharing of the cascade nodes is completed, the trusted cascade device adopts the mode of the step 6 to periodically manage the terminal management information in the same security domain;
8) The method comprises the steps of receiving terminal data, wherein a trusted terminal device applies for a session identifier from a trusted cascade device in the same security domain by adopting a device authentication mode, carrying session identifier, terminal application data and target terminal information encryption, sending the session identifier, the terminal application data and the target terminal information encryption to the trusted cascade device, forwarding the session identifier, the terminal application data and the target terminal information to the trusted cascade device in the security domain of a target terminal by the trusted cascade device in the same security domain in a data routing transmission mode, namely the target trusted cascade device, and finally encrypting and sending the session identifier and the target application data to the target terminal by the target trusted cascade device in an active or passive mode.
2. The method of claim 1, wherein the five devices comprise a cryptographic operation control unit and a service communication unit, the two units are physically separated by a red and black separation technology, the two units respectively adopt independent CPU, memory, storage and network interface components to ensure the security of cryptographic algorithms and cryptographic resources of the devices, the control network relies on the network interface of the cryptographic operation control unit of each device, namely, the control network interface, to realize the cryptographic resource control functions of key distribution, certificate resource distribution and authorization key negotiation authentication of four comprehensive devices connected with the control network by the trusted control center device, and the service network relies on the network interface of the service communication unit of each device, namely, the service network interface to realize the service communication functions of security domain policy issuing and establishing the data communication between the trusted cascade node tree and the cascade node according to the enterprise organization architecture.
3. The method of claim 1, wherein the four comprehensive devices receive unified management and control of the management and control devices and report heartbeats at regular time, and provide a system cascade relationship, a device deployment condition, a situation display of a security condition and capability of defending malicious traffic diffusion and propagation for the management and control devices.
4. The method of claim 1, wherein after step 2 is completed, the trusted storage applies for a session identifier to the trusted tandem device in the same security domain using a device authentication method, and asynchronously provides the trusted tandem device with an access function of encrypted data in a transmission mode of IPSec protocol with the session identifier.
5. The method of claim 1, wherein the steps 4 and 5 complete registration and audit of upper and lower cascade nodes according to an actual enterprise organization architecture, reverse access is forbidden, meanwhile, a trusted cascade node tree is free from hierarchical limitation, expansion of cascade nodes and revocation of cascade leaf nodes are supported, the revocation adopts a mode of lower cascade revocation and upper cascade audit, and then the upper cascade node synchronously executes the step 6, so that dynamic expansion of the trusted cascade node tree can be realized.
6. The method of claim 1, wherein when a cascade node which is not directly reached by service network communication is encountered in the broadcasting process of step 6, the cascade node which is communicated is broadcasted outwards again, node data is shared to each node of the trusted cascade node tree, when the cascade node is broadcasted outwards again, the broadcasting mode from a leaf node to a root node is broadcasting to an upper cascade node and all other lower cascade nodes except the directly connected node which is communicated, and the broadcasting mode from the root node to the leaf node is broadcasting to all lower cascade nodes directly.
7. The method of claim 1, wherein the step 8 is characterized in that the trusted cascade device uses a data routing transmission mode to forward the terminal application data in a specific mode that when the trusted cascade device receives the terminal data transmission communication data packet of the trusted terminal device of the security domain, the trusted cascade device finds an optimal node path from the trusted cascade node tree through the nearest public ancestor LCA algorithm and transmits the data packet to the next-station cascade node of the node path, and the next-station cascade node uses the routing jump mode to forward the data packet to the next-station cascade node of the node path in turn after receiving the request until the data packet is transmitted to a routing destination, namely the destination security domain trusted cascade device.
8. The method of claim 1, wherein the communication data between the trusted tandem devices of different security domains in step 4 to step 7 includes plain text service management data, communication is performed by adopting a mode of requesting random numbers and signing and verifying the communication data so as to ensure the integrity, undeniability and authenticability of the service management data during communication, the communication data between the trusted tandem devices of different security domains in step 8 includes cipher text service management data and cipher text terminal application data, the trusted management center device is used as a key distribution center KDC, a transmitting end and a receiving end of the trusted tandem devices acquire a shared session key through key negotiation to encrypt/decrypt the terminal application data, and the encrypted terminal application data and the encrypted service management data are placed in a signature source of the communication data together so as to ensure confidentiality, integrity and undeniability of the terminal application data during communication.
9. A trusted tandem communication system designed based on the method of any one of claims 1 to 8.
10. A method of operating the system of claim 9.
CN202510277371.2A 2025-03-10 2025-03-10 A Dynamically Scalable Trusted Cascade Communication System Pending CN120110761A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510277371.2A CN120110761A (en) 2025-03-10 2025-03-10 A Dynamically Scalable Trusted Cascade Communication System

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510277371.2A CN120110761A (en) 2025-03-10 2025-03-10 A Dynamically Scalable Trusted Cascade Communication System

Publications (1)

Publication Number Publication Date
CN120110761A true CN120110761A (en) 2025-06-06

Family

ID=95888058

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510277371.2A Pending CN120110761A (en) 2025-03-10 2025-03-10 A Dynamically Scalable Trusted Cascade Communication System

Country Status (1)

Country Link
CN (1) CN120110761A (en)

Similar Documents

Publication Publication Date Title
CN112152817B (en) Quantum key distribution method and system for authentication based on post-quantum cryptography algorithm
Weng et al. BENBI: Scalable and dynamic access control on the northbound interface of SDN-based VANET
US7596368B2 (en) Wireless access point apparatus and method of establishing secure wireless links
Liu et al. A secure and efficient authentication protocol for satellite-terrestrial networks
Yang et al. Blockchain-enabled tripartite anonymous identification trusted service provisioning in industrial IoT
CN114726523B (en) Password application service system and quantum security capability open platform
CN101222331B (en) Authentication server, method and system for bidirectional authentication in mesh network
CN101094056B (en) Security system of wireless industrial control network, and method for implementing security policy
EP3813298B1 (en) Method and apparatus for establishing trusted channel between user and trusted computing cluster
US20080072309A1 (en) Network security and applications to the fabric environment
WO2025007411A1 (en) Cross-domain identity authentication method and system based on quantum key distribution network
CN101420686A (en) Industrial wireless network security communication implementation method based on cipher key
Tomanek et al. Security and privacy of using AllJoyn IoT framework at home and beyond
CN118413389B (en) Quantum security-based zero trust network access method and system
CN100596068C (en) Secure Multicast Method Based on Session Initiation Protocol
Yang et al. Blockchain-based decentralized public key management for named data networking
WO2008042318A2 (en) Systems and methods for management of secured networks with distributed keys
CN114745226B (en) Inter-enterprise cross-domain security switching method based on switching center
WO2023148079A1 (en) Quantum key distribution network and quantum-secured communication network including the above
Lu et al. Distributed ledger technology based architecture for decentralized device-to-device communication network
Kwon et al. Mondrian: Comprehensive Inter-domain Network Zoning Architecture.
WO2023183925A1 (en) Serverless mutual authentication
CN100426801C (en) Data transmission method and system in instant communication
CN120110761A (en) A Dynamically Scalable Trusted Cascade Communication System
Martignon et al. DSA‐Mesh: a distributed security architecture for wireless mesh networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination