防火墙功能外包的隐私保护技术研究
发布时间:2019-05-07 06:09
【摘要】:随着互联网技术和通信技术的不断发展,网络已经融入到人们生活的方方面面,给人们的生活带来了极大的方便。但是与此同时,各种网络攻击手段层出不穷,网络空间的安全受到极大的威胁。因此,我们需要各种网络防御技术来抵御网络攻击。防火墙技术是抵御网络攻击、保障网络安全的关键技术之一。防火墙可以监视和检查传入和传出内网的网络流量,阻止攻击者的恶意分组数据包进入到内网,将恶意的分组数据包扼杀在内网的入口。但是部署和管理防火墙会带来很大的开销,这会增加公司的经营成本。为了减少公司的开销,公司开始考虑将防火墙功能外包给云服务提供商去处理。然而防火墙功能外包会泄露公司的防火墙策略,现有的防火墙功能外包方案要么不保护防火墙策略的隐私,要么就是性能或者安全性不高,这使得防火墙策略的隐私保护问题成为了公司采用防火墙功能外包技术的阻碍。本文旨在解决防火墙功能外包中防火墙策略的隐私保护问题。具体研究内容包括如下几个方面:1.提出一种基于双云的防火墙功能外包的系统架构。针对现有的防火墙功能外包系统架构中存在的问题,我们提出了一种基于两个相互独立的云平台的防火墙功能外包的系统架构。这个系统架构中两个云平台,相互独立同时又能遵循协议共同提供防火墙功能的外包服务。2.基于上述的双云的外包系统架构,利用Paillier部分同态加密提出一种隐私保护的防火墙功能外包方案。这个方案中我们将Paillier部分同态加密和密码学模糊器结合起来,设计了一个基于Paillier部分同态加密的密码学模糊器,然后使用这个密码学模糊器去模糊化防火墙策略,从而保证外包出去的防火墙策略的隐私。3.基于流量重定向的外包系统架构,利用前缀保持加密提出一种隐私保护的防火墙功能外包方案。这个方案使用前缀保持加密算法加密防火墙策略,从而保证外包的防火墙策略的隐私。4.使用Click模块化路由器分别实现了上述两个方案的仿真实验,验证了提出的方案的可行性。同时我们测试了两个方案的处理延时与吞吐量两个指标,验证了这两个方案的性能。
[Abstract]:With the continuous development of Internet technology and communication technology, network has been integrated into all aspects of people's lives, which brings great convenience to people's lives. But at the same time, a variety of cyber attacks emerge one after another, and the security of cyberspace is greatly threatened. Therefore, we need a variety of network defense technology to resist network attacks. Firewall technology is one of the key technologies to resist network attack and guarantee network security. The firewall can monitor and check the incoming and outgoing network traffic, prevent the malicious packet from entering the intranet, and kill the malicious packet at the entrance of the intranet. But deploying and managing firewalls brings a lot of overhead, which increases the company's operating costs. To reduce the company's overhead, the company began to consider outsourcing firewall capabilities to cloud service providers to handle. However, firewall function outsourcing will reveal the company's firewall policy, the existing firewall function outsourcing scheme either does not protect the privacy of the firewall policy, or the performance or security is not high. This makes the privacy protection of firewall policy become a hindrance to the company adopting firewall function outsourcing technology. The purpose of this paper is to solve the privacy protection problem of firewall policy in firewall function outsourcing. The specific contents of the study include the following aspects: 1. This paper presents a dual cloud-based firewall function outsourcing system architecture. In view of the problems existing in the existing firewall function outsourcing system architecture, we propose a firewall function outsourcing system architecture based on two independent cloud platforms. The two cloud platforms in this system architecture are independent of each other and can provide firewall functions in accordance with the protocol. 2. Based on the above-mentioned dual-cloud outsourcing system architecture, a privacy-protected firewall outsourcing scheme is proposed by using Paillier partial homomorphism encryption. In this scheme, we combine Paillier partial homomorphism encryption with cryptology fuzzizer, design a cryptology fuzzer based on Paillier partial homomorphism encryption, and then use this cryptology fuzzizer to defuzzify firewall strategy. Thus ensuring the privacy of the outsourced firewall policy. 3. Based on the outsourced system architecture of traffic redirection, a privacy-protected firewall outsourcing scheme is proposed by using prefix-preserving encryption. This scheme uses prefix-preserving encryption algorithms to encrypt firewall policies, thus ensuring the privacy of outsourced firewall policies. 4. The simulation experiments of the above two schemes are carried out by using Click modular router, and the feasibility of the proposed scheme is verified. At the same time, we test the processing delay and throughput of the two schemes, and verify the performance of the two schemes.
【学位授予单位】:中国科学技术大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2470828
[Abstract]:With the continuous development of Internet technology and communication technology, network has been integrated into all aspects of people's lives, which brings great convenience to people's lives. But at the same time, a variety of cyber attacks emerge one after another, and the security of cyberspace is greatly threatened. Therefore, we need a variety of network defense technology to resist network attacks. Firewall technology is one of the key technologies to resist network attack and guarantee network security. The firewall can monitor and check the incoming and outgoing network traffic, prevent the malicious packet from entering the intranet, and kill the malicious packet at the entrance of the intranet. But deploying and managing firewalls brings a lot of overhead, which increases the company's operating costs. To reduce the company's overhead, the company began to consider outsourcing firewall capabilities to cloud service providers to handle. However, firewall function outsourcing will reveal the company's firewall policy, the existing firewall function outsourcing scheme either does not protect the privacy of the firewall policy, or the performance or security is not high. This makes the privacy protection of firewall policy become a hindrance to the company adopting firewall function outsourcing technology. The purpose of this paper is to solve the privacy protection problem of firewall policy in firewall function outsourcing. The specific contents of the study include the following aspects: 1. This paper presents a dual cloud-based firewall function outsourcing system architecture. In view of the problems existing in the existing firewall function outsourcing system architecture, we propose a firewall function outsourcing system architecture based on two independent cloud platforms. The two cloud platforms in this system architecture are independent of each other and can provide firewall functions in accordance with the protocol. 2. Based on the above-mentioned dual-cloud outsourcing system architecture, a privacy-protected firewall outsourcing scheme is proposed by using Paillier partial homomorphism encryption. In this scheme, we combine Paillier partial homomorphism encryption with cryptology fuzzizer, design a cryptology fuzzer based on Paillier partial homomorphism encryption, and then use this cryptology fuzzizer to defuzzify firewall strategy. Thus ensuring the privacy of the outsourced firewall policy. 3. Based on the outsourced system architecture of traffic redirection, a privacy-protected firewall outsourcing scheme is proposed by using prefix-preserving encryption. This scheme uses prefix-preserving encryption algorithms to encrypt firewall policies, thus ensuring the privacy of outsourced firewall policies. 4. The simulation experiments of the above two schemes are carried out by using Click modular router, and the feasibility of the proposed scheme is verified. At the same time, we test the processing delay and throughput of the two schemes, and verify the performance of the two schemes.
【学位授予单位】:中国科学技术大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 ;防火墙功能分类及其局限性分析[J];计算机与网络;2010年07期
2 林琪;如何评价防火墙功能[J];计算机安全;2002年03期
3 清凉心;;防火墙功能指标详解[J];网络与信息;2007年04期
4 陈德模;用LRP实现防火墙功能[J];电脑知识与技术;2001年16期
5 山德鲁;;学用Windows防火墙,做好安全防护[J];电脑知识与技术(经验技巧);2014年08期
6 ;业界要闻[J];电子产品世界;1997年04期
7 曹喜波;;基于ASP的主页防火墙功能的实现[J];中国科技信息;2004年24期
8 曹伟;利用Linux防火墙功能保护校园网的安全[J];丹东纺专学报;2005年01期
9 庞亚宾;任治洪;;思科IOS系统的防火墙功能实现研究[J];甘肃科技;2008年09期
10 ;扩展防火墙功能 再创性价比新高 SonicWALL推出防火墙新品—PRO230和PRO330[J];信息安全与通信保密;2003年04期
相关重要报纸文章 前9条
1 ;阿尔卡特Speed Touch 511路由器兼具防火墙功能[N];中国计算机报;2003年
2 ;东软:用虚拟防火墙为用户护航[N];中国计算机报;2007年
3 甘肃 飞扬;激活Windows XP的防火墙[N];中国电脑教育报;2001年
4 离子翼;安全无处不在[N];中国电脑教育报;2005年
5 陈会安;揭开FTP服务器无法访问之谜[N];中国电脑教育报;2004年
6 雷燕;美国网屹登陆中国[N];通信产业报;2000年
7 ;奥联科技 APN GW 5000[N];中国计算机报;2006年
8 孙晓明;移动办公更要安全[N];中国计算机报;2002年
9 ;迷你的SAFE[N];网络世界;2002年
相关硕士学位论文 前1条
1 盛化龙;防火墙功能外包的隐私保护技术研究[D];中国科学技术大学;2017年
,本文编号:2470828
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2470828.html
