基于局域网的数据安全传输组件的设计与实现
发布时间:2018-10-07 21:20
【摘要】:随着社会信息科学技术的迅猛发展,大部分企业单位都组建了自己的计算机网络系统,因此在局域网内进行端对端的通信并且传播重要的数据是十分有必要的。但是由于网络黑客、病毒的存在,网络数据通信存在着巨大的安全隐患。采取有效的措施抵制网络攻击已经成为世界上各个国家重点关注的研究目标。 本文的研究内容源自实际科研项目,通过结合密码保护服务、哈希运算消息认证(Hash-based MessageAuthentication Code,HMAC)、自定义报文和动态密钥管理四者来实现数据的安全传输。我们设计的数据安全传输模块是一种基于端-对-端的安全模式,,在发送端的对数据加密后发送给接收端,接收端接收到数据后解密成为明文,高效的抵御了网络攻击,防止内部消息泄露。本模块的发送端和接收端在基于TCP的套接字(socket)的通信基础上,自定义报文格式发送数据。在发送端实现以高级加密标准加密数据(Advanced Encryption Standard, AES)、封装报文、HMAC、序列化数据。在接收端进行多线程处理、报文解封装处理、消息队列的处理以及对各种错误码的分析处理。在本文的最后进行了相关的测试,并且详细的分析了测试结果,从而验证了该模块可以保证数据传输的安全性。 数据安全传输模块为数据传输的准确性、保密性、反重复性提供了强有力且灵活的保护,确保信息在传输过程中不会被截取篡改,提高了整个系统的安全性。
[Abstract]:With the rapid development of social information science and technology, most enterprises have set up their own computer network system, so it is necessary to carry out end-to-end communication and spread important data in LAN. But because of the network hacker, the virus existence, the network data communication has the huge security hidden danger. To take effective measures to resist cyber attacks has become the focus of research in every country in the world. The research content of this paper is derived from the actual scientific research projects. The secure transmission of data is realized by combining cryptographic protection service, hash operation message authentication (Hash-based MessageAuthentication Code,HMAC), custom message and dynamic key management. The data security transmission module we designed is a kind of end-to-end security mode, which is sent to the receiving end after the data is encrypted at the sending end, and decrypted into clear text after receiving the data at the receiving end, which effectively resists the network attack. Prevent internal information from leaking. The sending and receiving end of this module is based on the communication of socket (socket) based on TCP. In the sender, the advanced encryption standard encryption data (Advanced Encryption Standard, AES), encapsulates the message and serializes the data. Multithread processing, packet unencapsulation, message queue processing and error code analysis are carried out at the receiving end. At the end of this paper, the relevant tests are carried out, and the test results are analyzed in detail to verify that the module can ensure the security of data transmission. The data security transmission module provides a powerful and flexible protection for the accuracy, confidentiality and anti-repeatability of data transmission, ensures that the information will not be intercepted and tampered during the transmission process, and improves the security of the whole system.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.1;TP393.08
本文编号:2255710
[Abstract]:With the rapid development of social information science and technology, most enterprises have set up their own computer network system, so it is necessary to carry out end-to-end communication and spread important data in LAN. But because of the network hacker, the virus existence, the network data communication has the huge security hidden danger. To take effective measures to resist cyber attacks has become the focus of research in every country in the world. The research content of this paper is derived from the actual scientific research projects. The secure transmission of data is realized by combining cryptographic protection service, hash operation message authentication (Hash-based MessageAuthentication Code,HMAC), custom message and dynamic key management. The data security transmission module we designed is a kind of end-to-end security mode, which is sent to the receiving end after the data is encrypted at the sending end, and decrypted into clear text after receiving the data at the receiving end, which effectively resists the network attack. Prevent internal information from leaking. The sending and receiving end of this module is based on the communication of socket (socket) based on TCP. In the sender, the advanced encryption standard encryption data (Advanced Encryption Standard, AES), encapsulates the message and serializes the data. Multithread processing, packet unencapsulation, message queue processing and error code analysis are carried out at the receiving end. At the end of this paper, the relevant tests are carried out, and the test results are analyzed in detail to verify that the module can ensure the security of data transmission. The data security transmission module provides a powerful and flexible protection for the accuracy, confidentiality and anti-repeatability of data transmission, ensures that the information will not be intercepted and tampered during the transmission process, and improves the security of the whole system.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.1;TP393.08
【参考文献】
相关期刊论文 前2条
1 周晓军;Internet安全标准IPSec[J];电脑与信息技术;2000年06期
2 谭晓青;利用OpenSSL建立PKI数字证书系统[J];科学技术与工程;2005年20期
本文编号:2255710
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2255710.html
