[go: up one dir, main page]

CN106454814A - GTP tunnel communication system and method - Google Patents

GTP tunnel communication system and method Download PDF

Info

Publication number
CN106454814A
CN106454814A CN201611040603.XA CN201611040603A CN106454814A CN 106454814 A CN106454814 A CN 106454814A CN 201611040603 A CN201611040603 A CN 201611040603A CN 106454814 A CN106454814 A CN 106454814A
Authority
CN
China
Prior art keywords
protocol
data
gtp tunnel
transport layer
transmitted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611040603.XA
Other languages
Chinese (zh)
Inventor
龙隆
刘子辰
石晶林
张玉成
韦伟
韩雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201611040603.XA priority Critical patent/CN106454814A/en
Publication of CN106454814A publication Critical patent/CN106454814A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Communication Control (AREA)

Abstract

本发明提供一种用于GTP隧道通信的系统及方法。所述系统,包括:设置在GTP隧道发送端的协议池单元、和泛在承载选择装置,以及设置在GTP隧道接收端的解协议伪装单元;其中,所述协议池,用于存储各种传输层协议;所述泛在承载选择装置,用于从所述各种传输层协议中选择至少一种传输层协议对需要通过所述GTP隧道传输的数据进行伪装;所述解协议伪装单元,用于解析通过所述GTP隧道传输的数据内容。本发明在传输层与GTP隧道之间加入设置有各种协议类型的协议池,使得GTP隧道可以支持多种传输协议;并且,本发明还可以通过泛在承载选择装置对将通过GTP隧道发送的数据进行协议伪装,确保攻击者难以准确获取数据包的重要信息。

The invention provides a system and method for GTP tunnel communication. The system includes: a protocol pool unit set at the sending end of the GTP tunnel, a ubiquitous bearer selection device, and a de-protocol masquerading unit set at the receiving end of the GTP tunnel; wherein the protocol pool is used to store various transport layer protocols The ubiquitous bearer selection device is used to select at least one transport layer protocol from the various transport layer protocols to camouflage the data that needs to be transmitted through the GTP tunnel; the de-protocol camouflage unit is used to analyze The data content transmitted through the GTP tunnel. The present invention adds a protocol pool with various protocol types between the transport layer and the GTP tunnel, so that the GTP tunnel can support multiple transport protocols; moreover, the present invention can also use the ubiquitous bearer selection device for the data to be sent through the GTP tunnel Protocol camouflage is performed on data to ensure that it is difficult for attackers to accurately obtain important information of data packets.

Description

一种用于GTP隧道通信的系统与方法A system and method for GTP tunnel communication

技术领域technical field

本发明涉及无线通信,尤其涉及基于GTP隧道的无线通信。The present invention relates to wireless communication, in particular to wireless communication based on GTP tunnel.

背景技术Background technique

随着移动终端智能化以及4G的启用,分组数据作为重要的用户数据,其安全性受到用户的广泛关注。然而,在当前移动通信网中用户分组数据泄露的现象严重,越来越多的用户反映在订购或体验某些业务应用时其个人信息被第三方窃取。比如T-Mobile公司用户数据遭到窃取,美国千万信用卡泄密和国内明星电话在网络上被公布等事件。CNCERT数据显示,2014年我国移动互联网恶意代码数量达到17亿,比去年增加了2.5倍,在恶意代码的所造成恶意行为中,窃取用户隐私信息的比例高达39.8%。另外,在通信核心网中存在病毒、木马泛滥的现象,使得用户的数据安全遭受到严重威胁。With the intelligentization of mobile terminals and the enablement of 4G, packet data is important user data, and its security is widely concerned by users. However, in the current mobile communication network, user group data leakage is serious, and more and more users report that their personal information is stolen by a third party when ordering or experiencing certain business applications. For example, the user data of T-Mobile was stolen, tens of millions of credit cards in the United States were leaked, and domestic celebrity phones were published on the Internet. According to CNCERT data, the number of malicious codes on my country's mobile Internet reached 1.7 billion in 2014, an increase of 2.5 times compared to last year. Among the malicious behaviors caused by malicious codes, the proportion of stealing user privacy information is as high as 39.8%. In addition, there are viruses and Trojans flooding in the communication core network, which seriously threatens the user's data security.

在现有的通信方式中,最常用的通信协议是GPRS隧道协议(GPRS TunnellingProtocol,GTP)。GTP协议是一种建立在UDP和TCP数据传输协议基础上的隧道传输协议,其作为接入网与核心网之间的传输接口,使得可以在信令传输平面或者数据传输平面上采用GTP隧道来传输数据。然而,传统的GTP隧道传输协议在当前网络攻击泛滥的环境下并不安全。这是由于在当前2G、3G以及4G的通信中,GTP隧道采用TCP、UDP传输协议来传输数据,其数据传输结构、以及数据包结构相对固定,使得攻击者利用抓包的方式便可轻松地截取例如用户身份、位置等关键信息。可见,当前GTP隧道的通信架构为通信数据的传输带来了巨大的安全隐患。Among existing communication methods, the most commonly used communication protocol is GPRS Tunneling Protocol (GPRS Tunneling Protocol, GTP). The GTP protocol is a tunnel transmission protocol based on UDP and TCP data transmission protocols. It serves as the transmission interface between the access network and the core network, so that GTP tunnels can be used on the signaling transmission plane or data transmission plane. transfer data. However, the traditional GTP tunneling protocol is not safe in the current environment where network attacks are rampant. This is because in current 2G, 3G, and 4G communications, GTP tunnels use TCP and UDP transmission protocols to transmit data, and its data transmission structure and data packet structure are relatively fixed, making it easy for attackers to use packet capture. Intercept key information such as user identity and location. It can be seen that the current communication architecture of the GTP tunnel brings huge security risks to the transmission of communication data.

发明内容Contents of the invention

因此,本发明的目的在于克服上述现有技术的缺陷,提供一种用于GTP隧道通信的系统,包括:设置在GTP隧道发送端的协议池单元、和泛在承载选择装置,以及设置在GTP隧道接收端的解协议伪装单元;其中,Therefore, the object of the present invention is to overcome above-mentioned defective of prior art, provide a kind of system for GTP tunnel communication, comprise: the agreement pool unit that is arranged on the sending end of GTP tunnel and ubiquitous bearer selection device, and be arranged on GTP tunnel The de-protocol masquerading unit at the receiving end; where,

所述协议池,用于存储各种传输层协议;The protocol pool is used to store various transport layer protocols;

所述泛在承载选择装置,用于从所述各种传输层协议中选择至少一种传输层协议对需要通过所述GTP隧道传输的数据进行伪装;The ubiquitous bearer selection device is used to select at least one transport layer protocol from the various transport layer protocols to camouflage the data that needs to be transmitted through the GTP tunnel;

所述解协议伪装单元,用于解析通过所述GTP隧道传输的数据内容。The protocol de-masquerading unit is configured to analyze the data content transmitted through the GTP tunnel.

优选地,根据所述系统,其中所述泛在承载选择装置还用于从所述各种传输层协议中选择至少一种传输层协议的数据包头和相应的标识字段来伪装所述需要通过所述GTP隧道传输的数据。Preferably, according to the system, wherein the ubiquitous bearer selection device is further configured to select at least one transport layer protocol data packet header and corresponding identification field from the various transport layer protocols to disguise the need to pass the Describes the data transmitted by the GTP tunnel.

优选地,根据所述系统,其中所述在GTP隧道的发送端和接收端共享所述传输层协议与所述标识的对应关系。Preferably, according to the system, wherein the sending end and the receiving end of the GTP tunnel share the corresponding relationship between the transport layer protocol and the identification.

优选地,根据所述系统,其中所述解协议伪装单元,还用于根据所述传输层协议与所述标识的对应关系以及来自GTP隧道发送端的数据包中的标识字段,确定所述数据包所采用的用于伪装的传输层协议。Preferably, according to the system, the de-protocol masquerading unit is further configured to determine the data packet according to the corresponding relationship between the transport layer protocol and the identification and the identification field in the data packet from the sending end of the GTP tunnel The transport layer protocol used for masquerading.

优选地,根据所述系统,其中所述协议池还用于在需要通过所述GTP隧道传输的数据包所采用的协议的格式未被存储时,存储所述数据包的数据包头。Preferably, according to the system, wherein the protocol pool is further used for storing the data packet header of the data packet when the format of the protocol adopted by the data packet to be transmitted through the GTP tunnel is not stored.

并且,本发明还提供一种用于GTP隧道通信的方法,包括:And, the present invention also provides a kind of method for GTP tunnel communication, comprising:

1)从预先设定的传输层协议中选择一种,采用所选择的传输层协议来伪装需要通过GTP隧道传输的数据;1) Select one of the preset transport layer protocols, and use the selected transport layer protocol to disguise the data that needs to be transmitted through the GTP tunnel;

2)通过GTP隧道传输伪装后的数据;2) Transmit the masqueraded data through the GTP tunnel;

3)接收来自GTP隧道发送端的数据,还原数据内容。3) Receive the data from the sender of the GTP tunnel and restore the data content.

优选地,根据所述方法,其中,Preferably, according to the method, wherein,

所述步骤1)包括:采用所选择的传输层协议和对应的标识来伪装需要通过GTP隧道传输的数据;The step 1) includes: using the selected transport layer protocol and the corresponding identification to disguise the data that needs to be transmitted through the GTP tunnel;

所述步骤3)包括:根据预先设定的传输层协议和标识之间的对应关系,解析来自GTP隧道发送端的数据中的数据内容。The step 3) includes: analyzing the data content in the data from the sending end of the GTP tunnel according to the preset corresponding relationship between the transport layer protocol and the identifier.

优选地,根据所述方法,其中步骤1)包括:Preferably, according to the method, wherein step 1) comprises:

1-1)从预先设定的传输层协议中选择一种;1-1) Select one of the preset transport layer protocols;

1-2)根据预先设定的传输层协议和标识之间的对应关系,在需要通过GTP隧道传输的数据的前端,添加所选择的传输层协议的数据包头和对应的标识字段。1-2) According to the preset correspondence between the transport layer protocol and the identification, add the data packet header of the selected transport layer protocol and the corresponding identification field at the front end of the data to be transmitted through the GTP tunnel.

优选地,根据所述方法,其中所述需要通过GTP隧道传输的数据为传输层数据包。Preferably, according to the method, the data to be transmitted through the GTP tunnel is a transport layer data packet.

优选地,根据所述方法,其中所述需要通过GTP隧道传输的数据为传输层数据包中的核心数据内容。Preferably, according to the method, the data that needs to be transmitted through the GTP tunnel is the core data content in the transport layer data packet.

优选地,根据所述方法,还包括:Preferably, according to the method, it also includes:

4)根据需要来更新所述传输层协议和所述标识之间的对应关系。4) Updating the correspondence between the transport layer protocol and the identifier as required.

与现有技术相比,本发明的优点在于:Compared with the prior art, the present invention has the advantages of:

1.在传输层与GTP隧道之间增加了设置有各种协议类型的协议池,使得GTP隧道可以支持多种传输协议,并且,协议池还可以在发往GTP隧道的数据所采用的协议未被设置在该协议池中时,添加该数据所采用的协议。通过这种方式可以提高GTP数据传输层协议的扩展性与广泛性,加强了数据的安全性以及信息的复杂度、加强了信息安全的可靠性,使攻击者难以准确地捕获所传输信息的类型,从而提高数据传输的安全性。1. A protocol pool with various protocol types is added between the transport layer and the GTP tunnel, so that the GTP tunnel can support a variety of transport protocols, and the protocol pool can also be used for the data sent to the GTP tunnel. When set in the protocol pool, the protocol used to add the data. In this way, the scalability and universality of the GTP data transport layer protocol can be improved, the security of data and the complexity of information can be enhanced, and the reliability of information security can be enhanced, making it difficult for attackers to accurately capture the type of transmitted information. , thereby improving the security of data transmission.

2.设置泛在承载选择装置对将通过GTP隧道发送的数据进行协议伪装,使得GTP隧道所采用的传输协议不再局限于TCP和UDP协议,可以改变数据原本所采用的协议,使得GTP隧道中数据的承载方式不再是一成不变的,确保攻击者难以准确获取数据包的重要信息。2. Set the ubiquitous bearer selection device to camouflage the data to be sent through the GTP tunnel, so that the transmission protocol adopted by the GTP tunnel is no longer limited to the TCP and UDP protocols, and the protocol originally adopted by the data can be changed, so that the data in the GTP tunnel The way data is carried is no longer static, making it difficult for attackers to accurately obtain important information about data packets.

附图说明Description of drawings

以下参照附图对本发明实施例作进一步说明,其中:Embodiments of the present invention will be further described below with reference to the accompanying drawings, wherein:

图1是现有技术中GTP隧道在协议栈中传输数据的场景图;Fig. 1 is a scene diagram of GTP tunnel transmitting data in the protocol stack in the prior art;

图2是现有技术中GTP隧道的网络结构示意图;FIG. 2 is a schematic diagram of a network structure of a GTP tunnel in the prior art;

图3是根据本发明的一个实施例的GTP隧道发送端将原传输层协议TCP伪装成SCTP的示意图;Fig. 3 is the schematic diagram that the GTP tunnel sender disguises the original transport layer protocol TCP as SCTP according to an embodiment of the present invention;

图4是根据本发明的一个实施例的用于GTP隧道通信的方法流程图。Fig. 4 is a flowchart of a method for GTP tunnel communication according to an embodiment of the present invention.

具体实施方式detailed description

下面结合附图和具体实施方式对本发明作详细说明。The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

如前文所述,目前通信领域中对于用户数据的保密性有着越来越高的要求,而GTP隧道传输协议作为接入网与核心网之间的传输节点,更要提高该协议的安全性。下面将通过图1和图2来介绍现有技术中采用GPRS隧道协议进行通信的方案。As mentioned above, there are increasingly higher requirements for the confidentiality of user data in the current communication field, and the GTP tunnel transmission protocol, as a transmission node between the access network and the core network, needs to improve the security of the protocol. The scheme of using the GPRS tunneling protocol for communication in the prior art will be introduced below through FIG. 1 and FIG. 2 .

图1示出了现有技术中GTP隧道在协议栈中传输数据的场景图。在图1示出的场景中,用户将数据发往基站(eNode B),由基站将数据发送至包含无线网络控制器(RNC)的通信核心网,通过该RNC向GTP隧道发送数据。GTP隧道标识隧道的端点,以在服务GPRS支持节点(SGSN)与网关GPRS支持节点(GGSN)之间传输数据。在图1示出的场景中,经过GGSN节点的数据通过防火墙被发送到内联网或互联网。FIG. 1 shows a scene diagram of a GTP tunnel transmitting data in a protocol stack in the prior art. In the scenario shown in Figure 1, the user sends data to the base station (eNode B), and the base station sends the data to the communication core network including the radio network controller (RNC), and sends the data to the GTP tunnel through the RNC. The GTP Tunnel identifies the endpoints of the tunnel to transfer data between the Serving GPRS Support Node (SGSN) and the Gateway GPRS Support Node (GGSN). In the scenario shown in Figure 1, the data passing through the GGSN node is sent to the intranet or the Internet through the firewall.

通常,GTP隧道主要在网络应用层中负责数据的承载,通过对数据包进行封装和解封装来完成业务数据在SGSN和GGSN节点之间的负载传输。参考图2所示出的现有技术中GTP隧道的网络层级的示意图,其中L1到GTP分别处于网络中的物理层、数据链路层、网络层、传输层、会话层,GTP隧道处于会话层,其通过Gn或Gp接口在GSN节点之间建立。如图2所示,在传输层中,现有的GTP隧道的承载方式是以UDP、TCP作为传输层的承载协议,其传输承载结构较为单一,产生的数据包的结构比较固化,使得攻击者可以通过伪装GTP数据包的方式窃取用户的基本数据。Usually, the GTP tunnel is mainly responsible for carrying data in the network application layer, and completes the load transmission of service data between SGSN and GGSN nodes by encapsulating and decapsulating data packets. Referring to the schematic diagram of the network level of the GTP tunnel in the prior art shown in Figure 2, wherein L1 to GTP are respectively in the physical layer, data link layer, network layer, transport layer, and session layer in the network, and the GTP tunnel is in the session layer , which are established between GSN nodes through Gn or Gp interfaces. As shown in Figure 2, in the transport layer, the existing GTP tunnel bearer method uses UDP and TCP as the bearer protocol of the transport layer. Basic user data can be stolen by disguising GTP packets.

发明人通过研究发现,在上述现有的例如2G、3G、LTE等通信系统中,在用户面的GTP隧道传输协议传是通过UDP/IP协议进行承载,而在控制平面则通过TCP/IP进行承载,这使得对于不同平面的传输方式相对固化,因而容易遭受攻击。另一方面,对于传输承载不是UDP或TCP的D其他环境而言,则无法使用GTP隧道协议。The inventor found through research that in the above-mentioned existing communication systems such as 2G, 3G, LTE, etc., the transmission of the GTP tunnel transmission protocol on the user plane is carried by the UDP/IP protocol, while on the control plane it is carried by TCP/IP. Bearer, which makes the transmission methods for different planes relatively fixed, so it is vulnerable to attacks. On the other hand, for other environments where the transport bearer is not UDP or TCP, the GTP tunneling protocol cannot be used.

为此,本发明提出了一种用于GTP隧道通信的系统。图3示出了根据本发明的一个实施例的GTP隧道通信系统的发送端。For this reason, the present invention proposes a system for GTP tunnel communication. Fig. 3 shows the sending end of the GTP tunnel communication system according to an embodiment of the present invention.

如图3所示,在所述GTP隧道通信的系统的发送端包括:协议池单元、泛在承载选择装置。参考图3,在所述系统的发送端,协议池存储有多种不同的传输层协议;当需要通过GTP隧道传输的数据所采用的传输层协议尚未被协议池存储时,可以由协议池存储所述数据的传输层协议;泛在承载选择装置从协议池所存储的各种协议中选择一种,例如选择图3所示出的SCTP协议将原本TCP数据包中的核心数据伪装成SCTP数据包,以通过建立好的GTP隧道传输。As shown in FIG. 3 , the sending end of the GTP tunnel communication system includes: a protocol pool unit and a ubiquitous bearer selection device. Referring to Fig. 3, at the sending end of the system, the protocol pool stores a variety of different transport layer protocols; when the transport layer protocol adopted by the data that needs to be transmitted through the GTP tunnel has not been stored by the protocol pool, it can be stored by the protocol pool The transport layer protocol of the data; the ubiquitous bearer selection device selects one from various protocols stored in the protocol pool, such as selecting the SCTP protocol shown in Figure 3 to disguise the core data in the original TCP packet as SCTP data packets to be transmitted through the established GTP tunnel.

在本发明的所述系统中,所述协议池被用于存储各种传输层协议的数据格式,例如各种协议的数据包头格式;以及,当通过解析确定需要通过所述GTP隧道传输的的数据包的传输层协议尚未被存储时,存储该传输层协议的数据包头。应当理解,根据本发明的协议池可以是仅具有存储功能的存储单元,用于存储各种传输层协议;也可以实现为同时具有存储单元以及解析功能的装置。In the system of the present invention, the protocol pool is used to store the data formats of various transport layer protocols, such as the header formats of various protocols; When the transport layer protocol of the data packet has not been stored, the data packet header of the transport layer protocol is stored. It should be understood that the protocol pool according to the present invention may be a storage unit with only a storage function for storing various transport layer protocols; it may also be implemented as a device with both a storage unit and an analysis function.

利用协议池存储各种传输层协议,可以使得GTP隧道支持除TCP和UDP之外的其他传输协议。可以初始地在协议池中预先设置一些常用的传输协议,例如UDP、SCTP、SPX、TCP、ICMP、DCCP等;在接收到将用于GTP隧道传输的数据包后,对该数据包进行解析,如果接收到的数据包所采用的协议不存在于当前协议池中,则将该数据包的数据包头添加到协议池中;例如,对需要传输的数据包进行解析,采用贪婪算法将该数据包的数据包头与协议池中已存在的各种协议类型的数据包头进行比对,假如未找到相匹配的结果,则将该数据包的数据包头添加进协议池,并保留该数据包的数据内容部分留待后续步骤的处理;并且,还可以进一步对数据包的解析,来确定该数据包的核心数据(例如,数据包中涉及的数据内容部分),并将所述核心数据存储在协议池或存储单元中,以便随后利用泛在承载选择装置采用与原有协议不同或相同的协议对该核心数据进行封装。By using the protocol pool to store various transport layer protocols, the GTP tunnel can support other transport protocols except TCP and UDP. Some commonly used transmission protocols can be preset in the protocol pool initially, such as UDP, SCTP, SPX, TCP, ICMP, DCCP, etc.; after receiving the data packet that will be used for GTP tunnel transmission, analyze the data packet, If the protocol adopted by the received data packet does not exist in the current protocol pool, add the data packet header of the data packet to the protocol pool; The header of the data packet is compared with the headers of various protocol types existing in the protocol pool. If no matching result is found, the header of the data packet is added to the protocol pool, and the data content of the packet is retained. Partially left for the processing of the subsequent steps; and, the analysis of the data packet can be further carried out to determine the core data of the data packet (for example, the data content part involved in the data packet), and store the core data in the protocol pool or In the storage unit, the ubiquitous bearer selection device can be used to encapsulate the core data with a different or the same protocol as the original protocol.

通过采用协议池的方式,可以增加GTP数据传输所支持的协议类型,使得所传输的数据类型不再单一化(即不再局限于传输TCP和UDP数据包),从而增加了网络攻击的难度。By using the protocol pool, the protocol types supported by GTP data transmission can be increased, so that the transmitted data types are no longer single (that is, no longer limited to the transmission of TCP and UDP data packets), thus increasing the difficulty of network attacks.

根据本发明的系统中的所述泛在承载选择装置,用于从所述协议池所支持的各种传输层协议中选择至少一种协议来伪装需要传输的数据,以增加GTP隧道数据传输的安全性。在对数据包进行伪装时,可以将伪装协议的数据包头添加到数据内容之前,并且在该伪装协议的数据包头中设置用于标识原传输协议和/或伪装协议的字段,以便在接收端解析传输的数据。According to the ubiquitous bearer selection device in the system of the present invention, it is used to select at least one protocol from various transport layer protocols supported by the protocol pool to disguise the data to be transmitted, so as to increase the efficiency of GTP tunnel data transmission safety. When masquerading a data packet, the data packet header of the masquerading protocol can be added before the data content, and a field for identifying the original transmission protocol and/or masquerading protocol is set in the data packet header of the masquerading protocol, so as to be parsed at the receiving end transmitted data.

下面以一个具体的实例来介绍采用泛在承载选择装置将TCP数据包伪装成SCTP数据包的过程。The following uses a specific example to introduce the process of using the ubiquitous bearer selection device to disguise a TCP data packet as an SCTP data packet.

假设,在协议池中已存储有UDP、SCTP、SPX、TCP、ICMP、DCCP这几种协议格式,可以首先由泛在承载选择装置随机地对这几种协议进行编号标识,这里标识与协议的对应关系应当被GTP隧道接收端的解协议伪装单元所知晓。使得解协议伪装单元与泛在承载选择装置共享所述对应关系的方法可以采用任何已知的现有技术。为了进一步增加安全性,还可以每间隔一段时间对标识与协议的对应关系进行一次更新。Assuming that several protocol formats such as UDP, SCTP, SPX, TCP, ICMP, and DCCP have been stored in the protocol pool, the ubiquitous bearer selection device can firstly randomly number and identify these protocols. The corresponding relationship should be known by the protocol de-masquerading unit at the receiving end of the GTP tunnel. The method for making the de-protocol masquerading unit share the corresponding relationship with the ubiquitous bearer selection device may adopt any known prior art. In order to further increase security, the corresponding relationship between the identifier and the protocol may also be updated at intervals.

下表为标识与协议的对应关系一个示例,例如,其中将TCP的编号设置为2,则以4位二进制将该编号“2”表示为标识“0010”。The following table is an example of the corresponding relationship between the identifier and the protocol. For example, if the serial number of TCP is set to 2, then the serial number "2" is expressed as the identifier "0010" in 4-bit binary.

UDP 1UDP 1 00010001 TCP 2TCP 2 00100010 SPX 3SPX 3 00110011 SCTP 4SCTP4 01000100 ICMP 5ICMP5 01010101 DCCP 6DCCP 6 01100110

这里,可以设置一个随机数产生器,根据所产生的随机数从当前协议池中选择与该随机数对应的一种协议的数据包头来封装接收到的原数据包。假设产生的随机数为4,则意味着需要将原有的传输层协议TCP伪装成SCTP。为了进行所述伪装,需要在原本的TCP数据包之前或在原本的TCP数据包的数据内容之前增加SCTP的数据头,并在该SCTP的数据头之前增加32位的标识字段0000 0000 0000 0000 0000 0000 0100 0010。这里的标识字段优选为32位或32的倍数,这是由于当前国际通用的协议格式采用的数据包头为32位或32的倍数位,为方便处理可以将增加在数据之前用于伪装的标识的位数设为32。在上述示出的32位的标识字段中,后4位“0010”用于标识伪装前的原传输协议为TCP,倒数5-8位“0100”用于标识伪装采用了SCTP协议,除上述标识以外的其余位数可以全部设置为0或采用随机数。在本实例中,采用的标识长度为4,在实际使用时,也可以根据存储在协议池中的协议类型的数目适当地设置标识的长度,例如8、16等。并且,本发明也不限制标识处于全部标识字段中的位置,例如也可以将标识字段设置为1111 0100 0010 0001 0000 1011 1110 0010,使得其中第9-12位的“0010”用于标识伪装前的原传输协议为TCP,第5-8位“0100”用于标识伪装协议为SCTP,其余位数可为随机数也可以用作标识其他需要被标识的信息。Here, a random number generator may be set, and a packet header of a protocol corresponding to the random number is selected from the current protocol pool according to the generated random number to encapsulate the received original data packet. Assuming that the generated random number is 4, it means that the original transport layer protocol TCP needs to be disguised as SCTP. In order to carry out the camouflage, it is necessary to add an SCTP data header before the original TCP data packet or before the data content of the original TCP data packet, and add a 32-bit identification field 0000 0000 0000 0000 0000 before the SCTP data header 0000 0100 0010 . The identification field here is preferably 32 bits or a multiple of 32. This is due to the fact that the data packet header used in the current international protocol format is 32 bits or a multiple of 32 bits. For the convenience of processing, the identification used for camouflage can be added before the data. The number of bits is set to 32. In the 32-bit identification field shown above, the last 4 digits "0010" are used to identify the original transmission protocol before masquerading as TCP, and the last 5-8 digits "0100" are used to identify the SCTP protocol used for masquerading. The rest of the digits can be all set to 0 or use random numbers. In this example, the length of the identifier is 4. In actual use, the length of the identifier can also be appropriately set according to the number of protocol types stored in the protocol pool, such as 8, 16, and so on. Moreover, the present invention does not limit the position of the identification in all the identification fields. For example, the identification field can also be set to 1111 0100 0010 0001 0000 1011 1110 0010, so that the "0010" in the 9th-12th bits is used to identify the The original transmission protocol is TCP, the 5th to 8th digits "0100" are used to identify the masquerading protocol as SCTP, and the remaining digits can be random numbers or used to identify other information that needs to be identified.

在增加了32位的标识字段后,为其增加包含源地址、目的地址的IP头,则所获得的IP包的字段内容为:After adding the 32-bit identification field, add an IP header containing source address and destination address to it, then the field content of the obtained IP packet is:

IP头IP header 32位标识字段32-bit identification field SCTP头SCTP header 原TCP数据包/数据内容Original TCP packet/data content

在实际操作时,如果SCTP头后为数据内容,那么在32位标识字段中可以仅标识所采用的伪装协议为SCTP,以便接收端对伪装后的SCTP数据包进行解伪装,以确定数据内容;如果SCTP头后为原TCP数据包,则还需要在32位标识字段中标识原协议为TCP,以便接收端对解伪装后的内容(即原TCP数据包)进行解析,以确定数据内容。In actual operation, if there is data content behind the SCTP header, then in the 32-bit identification field, only the masquerading protocol adopted can be identified as SCTP, so that the receiving end de-masquerades the masquerading SCTP packet to determine the data content; If there is an original TCP packet behind the SCTP header, then it is also necessary to identify the original protocol as TCP in the 32-bit identification field, so that the receiving end parses the content (i.e. the original TCP packet) after de-masquerading to determine the data content.

通过在协议伪装时增加标识字段,可以使得接收端获知发送端采用何种伪装协议,使得发送端和接收端能够采用更加灵活的方式来伪装需要传输的数据。在不采用标识字段的情况下,还可以采用其它方式使得接收端可以进行解伪装,例如在发送端和接收端之间共享伪装协议列表,并按照列表上各个传输层协议的顺序依次进行伪装。By adding an identification field during protocol masquerading, the receiving end can know which masquerading protocol is used by the sending end, so that the sending end and the receiving end can adopt a more flexible way to masquerade the data to be transmitted. In the case of not using the identification field, other ways can also be used to enable the receiving end to de-masquerade, for example, sharing the masquerading protocol list between the sending end and the receiving end, and performing masquerading in sequence according to the order of the transport layer protocols on the list.

上述实例说明了根据本发明的泛在承载选择装置与协议池协同工作,以对原本的传输层协议进行伪装,从而使得GTP的数据结构不限于TCP和UDP,并且能够在数据的发送端和接收端(SGSN和GGSN节点)之间动态地改变数据结构,以为数据传输的安全性提供保障。The above examples illustrate that the ubiquitous bearer selection device according to the present invention works in cooperation with the protocol pool to disguise the original transport layer protocol, so that the data structure of GTP is not limited to TCP and UDP, and it can be used at the sending end and receiving end of data The data structure is dynamically changed between the ends (SGSN and GGSN nodes), so as to provide guarantee for the security of data transmission.

前文通过图3介绍了根据本发明的系统在GTP隧道发送端的协议池和泛在承载选择装置,相应地,在GTP隧道的接收端包括用于解除传输层协议伪装的解协议伪装单元。3 above introduces the protocol pool and ubiquitous bearer selection device at the sending end of the GTP tunnel according to the system of the present invention. Correspondingly, the receiving end of the GTP tunnel includes a de-masquerading unit for de-masking the transport layer protocol.

与图3相对应地,在所述系统的接收端(未示出),由解协议伪装单元将传输层协议被伪装成SCTP的数据包还原为原本的TCP数据包。Corresponding to FIG. 3 , at the receiving end (not shown) of the system, the protocol de-masquerading unit restores the data packet whose transport layer protocol is masqueraded as SCTP to the original TCP data packet.

所述解协议伪装单元,处于系统的接收端,其与处于发送端的所述协议池和所述泛在承载选择装置共享如前文所述的在标识与传输层协议之间的对应关系;其用于根据所述对应关系,解析出来自发送端的数据内容,例如根据伪装的数据包头中的标识,确定伪装协议以及伪装前所采用的传输层协议。The de-protocol masquerading unit is located at the receiving end of the system, and shares the correspondence between the identification and the transport layer protocol as described above with the protocol pool at the sending end and the ubiquitous bearer selection device; it uses According to the corresponding relationship, the content of the data from the sender is analyzed, for example, according to the identifier in the header of the data packet forged, the masquerading protocol and the transport layer protocol used before masquerading are determined.

例如,接收端收到了前述实例中的32位标识字段为1111 0100 0010 0001 00001011 1110 0010的数据包,根据与发送端的共同约定,解协议伪装单元可以确定其中第9-12位的“0010”标识了原传输层协议为TCP,第5-8位的“0100”标识了伪装协议为SCTP。For example, when the receiving end receives the data packet whose 32-bit identification field is 1111 0100 0010 0001 00001011 1110 0010 in the preceding example, according to the mutual agreement with the sending end, the de-protocol masquerading unit can determine the " 0010 " identification of the 9th to 12th bits The original transport layer protocol is TCP, and the "0100" in the 5th to 8th digits identifies the masquerading protocol as SCTP.

如前文所述,在本发明中,GTP隧道的发送端和接收端需要共享协议类型和标识的对应关系,以便还原伪装的数据。可以进一步地,定时修改协议类型和标识的对应关系,或者根据传输数据的流量来确定修改该对应关系的频率,例如在系统中设置定时器,以及流量监控装置,当系统传输的流量超过设定的阈值时,修改协议类型和标识的对应关系。As mentioned above, in the present invention, the sending end and the receiving end of the GTP tunnel need to share the corresponding relationship between the protocol type and the identifier, so as to restore the masqueraded data. Further, the corresponding relationship between the protocol type and the identification can be modified regularly, or the frequency of modifying the corresponding relationship can be determined according to the traffic of the transmitted data, for example, a timer is set in the system, and a traffic monitoring device, when the traffic transmitted by the system exceeds the set When the threshold is set, modify the correspondence between the protocol type and the identifier.

应当理解,根据本发明的协议池单元和/或泛在承载选择装置和/或解协议伪装单元可以以设置新硬件的方式实现,也可以在现有的设备上以软件模块的方式实现。It should be understood that the protocol pool unit and/or the ubiquitous bearer selection device and/or the protocol de-masquerading unit according to the present invention can be implemented by configuring new hardware, or can be implemented on existing equipment in the form of software modules.

根据本发明的一个实施例,还提出了一种用于GTP隧道通信的方法。参考图4,该方法包括:According to an embodiment of the present invention, a method for GTP tunnel communication is also proposed. Referring to Figure 4, the method includes:

S1:建立GTP隧道连接;S1: establish a GTP tunnel connection;

这里可以利用已有的传输协议建立发送端和接收端之间的连接关系,例如通过TCP的“三次握手”建立连接;Here, the existing transmission protocol can be used to establish the connection relationship between the sender and the receiver, such as establishing a connection through the "three-way handshake" of TCP;

S2:确定需要通过GTP隧道传输的核心数据;S2: Determine the core data that needs to be transmitted through the GTP tunnel;

通过对需要通过GTP隧道传输的数据进行解析,可以确定所述数据中的传输层协议以及核心数据,例如图3所示出的TCP数据包中的TCP包头和核心数据;By analyzing the data that needs to be transmitted through the GTP tunnel, the transport layer protocol and core data in the data can be determined, such as the TCP header and core data in the TCP data packet shown in Figure 3;

确定核心数据的目的在于,可以在随后的步骤中仅对核心数据进行协议伪装,从而减少需要传输的数据量;在不需要限制传输的数据量的情况下,也可以跳过此步骤S2,而在随后的步骤中直接在原本的TCP数据包前增加用于协议伪装的字段;The purpose of determining the core data is that only the core data can be protocol disguised in subsequent steps, thereby reducing the amount of data to be transmitted; if there is no need to limit the amount of data to be transmitted, this step S2 can also be skipped, and In subsequent steps, directly increase the field for protocol camouflage before the original TCP packet;

应理解,可以采用任何已知的方式截获或接收需要通过GTP隧道通信的数据包,以及可以采用任何现有技术来确定所述数据包中的数据内容;It should be understood that any known means can be used to intercept or receive data packets that need to be communicated through the GTP tunnel, and any existing technology can be used to determine the data content in the data packets;

S3:如果发现出现了尚不支持的传输层协议时,存储该传输层协议的数据包头;例如,采用贪婪算法将该数据包头与所支持的各种传输层协议的数据包头进行比对;S3: If an unsupported transport layer protocol is found, store the data packet header of the transport layer protocol; for example, use a greedy algorithm to compare the data packet header with the data packet headers of various supported transport layer protocols;

通过该步骤S3可以增加能够支持的传输层协议类型,在本发明的其他实施例中还可以不执行该步骤S3而直接继续随后的步骤;Through this step S3, the transport layer protocol type that can be supported can be increased, and in other embodiments of the present invention, this step S3 can also be directly continued without performing the subsequent steps;

S4:从支持的多种传输层协议中选择其中一种,以将所确定的核心数据伪装成新的数据包;S4: Select one of the supported transport layer protocols to disguise the determined core data as a new data packet;

所选择的协议可以是与该接收到的数据包所采用的协议不相同的协议,也可以不作区分;The selected protocol may be different from the protocol adopted by the received data packet, or no distinction shall be made;

进行协议伪装的方法可以采用如前文所述在原传输层数据包之前或在数据内容之前增加32位标识字段的方法,以生成如下的IP数据包:The method for carrying out protocol masquerading can adopt the method of adding a 32-bit identification field before the original transport layer data packet or before the data content as described above, to generate the following IP data packet:

IP头IP header 32位标识字段32-bit identification field SCTP头SCTP header 原TCP数据包/数据内容Original TCP packet/data content

这里在标识与传输层协议之间的对应关系需要在GTP隧道的发送端和接收端共享,并且可以根据需要对所述对应关系进行修改,例如每隔一段时间修改一次;Here, the corresponding relationship between the identifier and the transport layer protocol needs to be shared between the sending end and the receiving end of the GTP tunnel, and the corresponding relationship can be modified as required, such as once every once in a while;

S5:从GTP隧道的发送端向GTP隧道的接收端发送伪装后的数据包;S5: sending a masqueraded data packet from the sending end of the GTP tunnel to the receiving end of the GTP tunnel;

S6:在GTP隧道的接收端接收数据包,并根据在标识与传输层协议之间的对应关系,针对伪装的数据包解析出数据内容。S6: Receive the data packet at the receiving end of the GTP tunnel, and analyze the data content of the masqueraded data packet according to the corresponding relationship between the identifier and the transport layer protocol.

在上述实施例,可以分别针对每个传输层数据包进行协议伪装,也可以对每多个传输层数据包进行一次协议伪装;在实际使用中,可以根据对复杂度和对安全性的需求进行选择。In the above-mentioned embodiment, the protocol masquerading can be performed on each transport layer data packet respectively, and can also be performed on each multiple transport layer data packets; in actual use, it can be performed according to the complexity and the security requirements. choose.

通过上述实施例可以看出,本发明在传输层与GTP隧道之间加入设置有各种协议类型的协议池,使得GTP隧道可以支持多种传输协议。当各种传输层协议的数据被发往GTP隧道时,均可以利用协议池来支持数据的接收、发送。并且,协议池还可以在发往GTP隧道的数据所采用的协议未被设置在该协议池中时,添加该数据所采用的协议。通过这种方式可以提高GTP数据传输层协议的扩展性与广泛性,加强了数据的安全性以及信息的复杂度、加强了信息安全的可靠性,使攻击者难以准确地捕获所传输信息的类型,从而提高数据传输的安全性。It can be seen from the above embodiments that the present invention adds a protocol pool with various protocol types between the transport layer and the GTP tunnel, so that the GTP tunnel can support multiple transport protocols. When the data of various transport layer protocols is sent to the GTP tunnel, the protocol pool can be used to support the receiving and sending of data. Moreover, the protocol pool may also add the protocol adopted by the data sent to the GTP tunnel when the protocol adopted by the data is not set in the protocol pool. In this way, the scalability and universality of the GTP data transport layer protocol can be improved, the security of data and the complexity of information can be enhanced, and the reliability of information security can be enhanced, making it difficult for attackers to accurately capture the type of transmitted information. , thereby improving the security of data transmission.

此外,本发明还可以通过泛在承载选择装置对将通过GTP隧道发送的数据进行协议伪装,使得GTP隧道所采用的传输协议不再局限于TCP和UDP协议。通过在伪装的数据包中增加标识来标注采用何种协议进行伪装,使得接收端可以确定应该采用何种方式来解析相应的传输层数据包头。本发明所采用的协议伪装可以改变数据原本所采用的协议,使得GTP隧道中数据的承载方式不再是一成不变的,确保攻击者难以准确获取数据包的重要信息。In addition, the present invention can also perform protocol camouflage on the data to be sent through the GTP tunnel through the ubiquitous bearer selection device, so that the transmission protocol adopted by the GTP tunnel is no longer limited to TCP and UDP protocols. By adding an identifier in the masquerading data packet to mark which protocol is used for masquerading, the receiving end can determine which method should be used to parse the corresponding transport layer data packet header. The protocol camouflage adopted by the present invention can change the protocol originally adopted by the data, so that the carrying mode of the data in the GTP tunnel is no longer invariable, ensuring that it is difficult for an attacker to accurately obtain important information of the data packet.

最后所应说明的是,以上实施例仅用以说明本发明的技术方案而非限制。尽管上文参照实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,对本发明的技术方案进行修改或者等同替换,都不脱离本发明技术方案的精神和范围,其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention rather than limit them. Although the present invention has been described in detail above with reference to the embodiments, those skilled in the art should understand that modifications or equivalent replacements to the technical solutions of the present invention do not depart from the spirit and scope of the technical solutions of the present invention, and all of them should be covered in Within the scope of the claims of the present invention.

Claims (10)

1.一种用于GTP隧道通信的系统,包括:设置在GTP隧道发送端的协议池单元、和泛在承载选择装置,以及设置在GTP隧道接收端的解协议伪装单元;其中,1. A system for GTP tunnel communication, comprising: a protocol pool unit arranged at a GTP tunnel sending end, and a ubiquitous bearer selection device, and a de-protocol masquerading unit arranged at a GTP tunnel receiving end; wherein, 所述协议池,用于存储各种传输层协议;The protocol pool is used to store various transport layer protocols; 所述泛在承载选择装置,用于从所述各种传输层协议中选择至少一种传输层协议对需要通过所述GTP隧道传输的数据进行伪装;The ubiquitous bearer selection device is used to select at least one transport layer protocol from the various transport layer protocols to camouflage the data that needs to be transmitted through the GTP tunnel; 所述解协议伪装单元,用于解析通过所述GTP隧道传输的数据内容。The protocol de-masquerading unit is configured to analyze the data content transmitted through the GTP tunnel. 2.根据权利要求1所述的系统,其中所述泛在承载选择装置还用于从所述各种传输层协议中选择至少一种传输层协议的数据包头和相应的标识字段来伪装所述需要通过所述GTP隧道传输的数据。2. The system according to claim 1, wherein said ubiquitous bearer selection means is also used to select at least one transport layer protocol packet header and corresponding identification field from said various transport layer protocols to camouflage said Data that needs to be transmitted through the GTP tunnel. 3.根据权利要求2所述的系统,其中所述在GTP隧道的发送端和接收端共享所述传输层协议与所述标识的对应关系。3. The system according to claim 2, wherein the sending end and the receiving end of the GTP tunnel share the corresponding relationship between the transport layer protocol and the identifier. 4.根据权利要求3所述的系统,其中所述解协议伪装单元,还用于根据所述传输层协议与所述标识的对应关系以及来自GTP隧道发送端的数据包中的标识字段,确定所述数据包所采用的用于伪装的传输层协议。4. The system according to claim 3, wherein the de-protocol masquerading unit is further configured to determine the identity field according to the correspondence between the transport layer protocol and the identity and the data packet from the sending end of the GTP tunnel. The transport layer protocol used for masquerading by the above data packets. 5.根据权利要求1-4中任意一项所述的系统,其中所述协议池还用于在需要通过所述GTP隧道传输的数据包所采用的协议的格式未被存储时,存储所述数据包的数据包头。5. The system according to any one of claims 1-4, wherein the protocol pool is also used to store the protocol pool when the format of the protocol adopted by the data packet that needs to be transmitted through the GTP tunnel is not stored. The packet header of the packet. 6.一种用于GTP隧道通信的方法,包括:6. A method for GTP tunnel communication, comprising: 1)从预先设定的传输层协议中选择一种,采用所选择的传输层协议来伪装需要通过GTP隧道传输的数据;1) Select one of the preset transport layer protocols, and use the selected transport layer protocol to disguise the data that needs to be transmitted through the GTP tunnel; 2)通过GTP隧道传输伪装后的数据;2) Transmit the masqueraded data through the GTP tunnel; 3)接收来自GTP隧道发送端的数据,还原数据内容。3) Receive the data from the sender of the GTP tunnel and restore the data content. 7.根据权利要求6所述的方法,其中,7. The method of claim 6, wherein, 所述步骤1)包括:采用所选择的传输层协议和对应的标识来伪装需要通过GTP隧道传输的数据;The step 1) includes: using the selected transport layer protocol and the corresponding identification to disguise the data that needs to be transmitted through the GTP tunnel; 所述步骤3)包括:根据预先设定的传输层协议和标识之间的对应关系,解析来自GTP隧道发送端的数据中的数据内容。The step 3) includes: analyzing the data content in the data from the sending end of the GTP tunnel according to the preset corresponding relationship between the transport layer protocol and the identifier. 8.根据权利要求7所述的方法,其中步骤1)包括:8. The method according to claim 7, wherein step 1) comprises: 1-1)从预先设定的传输层协议中选择一种;1-1) Select one of the preset transport layer protocols; 1-2)根据预先设定的传输层协议和标识之间的对应关系,在需要通过GTP隧道传输的数据的前端,添加所选择的传输层协议的数据包头和对应的标识字段。1-2) According to the preset correspondence between the transport layer protocol and the identification, add the data packet header of the selected transport layer protocol and the corresponding identification field at the front end of the data to be transmitted through the GTP tunnel. 9.根据权利要求8所述的方法,其中所述需要通过GTP隧道传输的数据为传输层数据包。9. The method according to claim 8, wherein the data to be transmitted through the GTP tunnel is a transport layer data packet. 10.根据权利要求8所述的方法,其中所述需要通过GTP隧道传输的数据为传输层数据包中的核心数据内容。10. The method according to claim 8, wherein the data to be transmitted through the GTP tunnel is the core data content in the transport layer data packet.
CN201611040603.XA 2016-11-10 2016-11-10 GTP tunnel communication system and method Pending CN106454814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611040603.XA CN106454814A (en) 2016-11-10 2016-11-10 GTP tunnel communication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611040603.XA CN106454814A (en) 2016-11-10 2016-11-10 GTP tunnel communication system and method

Publications (1)

Publication Number Publication Date
CN106454814A true CN106454814A (en) 2017-02-22

Family

ID=58220527

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611040603.XA Pending CN106454814A (en) 2016-11-10 2016-11-10 GTP tunnel communication system and method

Country Status (1)

Country Link
CN (1) CN106454814A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107770162A (en) * 2017-10-09 2018-03-06 武汉斗鱼网络科技有限公司 The method and device of brush present is prevented in a kind of live platform
CN109218261A (en) * 2017-07-03 2019-01-15 腾讯科技(深圳)有限公司 A kind of data processing method and data processing equipment
CN109819274A (en) * 2019-02-27 2019-05-28 聚好看科技股份有限公司 Data transmission method, data processing method and device
CN111711554A (en) * 2020-04-13 2020-09-25 北京天维信通科技有限公司 Data transmission method, device and equipment of UDP tunnel based on TCP
CN116866450A (en) * 2023-06-08 2023-10-10 兴华永恒(北京)科技有限责任公司 Data transmission method, device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1412987A (en) * 2001-10-15 2003-04-23 华为技术有限公司 Quick retransmission processing method of GTP data packet
CN1581803A (en) * 2004-05-20 2005-02-16 中国科学院软件研究所 Safety platform for network data exchange
CN101388881A (en) * 2007-09-13 2009-03-18 华为技术有限公司 Method, network element and system for communication protocol version negotiation
CN102006215A (en) * 2009-09-01 2011-04-06 中国移动通信集团公司 Data transmission method, system and apparatus
CN102244856A (en) * 2010-05-13 2011-11-16 电信科学技术研究院 Method and apparatus for controlling downlink data transmission of MTC device
CN103747502A (en) * 2014-02-18 2014-04-23 中国联合网络通信集团有限公司 Method and system for processing GTP tunnel
CN104038401A (en) * 2013-03-08 2014-09-10 国际商业机器公司 Interoperability for distributed overlay virtual environments
CN104813618A (en) * 2012-11-30 2015-07-29 阿尔卡特朗讯公司 Software-defined network overlay

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1412987A (en) * 2001-10-15 2003-04-23 华为技术有限公司 Quick retransmission processing method of GTP data packet
CN1581803A (en) * 2004-05-20 2005-02-16 中国科学院软件研究所 Safety platform for network data exchange
CN101388881A (en) * 2007-09-13 2009-03-18 华为技术有限公司 Method, network element and system for communication protocol version negotiation
CN102006215A (en) * 2009-09-01 2011-04-06 中国移动通信集团公司 Data transmission method, system and apparatus
CN102244856A (en) * 2010-05-13 2011-11-16 电信科学技术研究院 Method and apparatus for controlling downlink data transmission of MTC device
CN104813618A (en) * 2012-11-30 2015-07-29 阿尔卡特朗讯公司 Software-defined network overlay
CN104038401A (en) * 2013-03-08 2014-09-10 国际商业机器公司 Interoperability for distributed overlay virtual environments
CN103747502A (en) * 2014-02-18 2014-04-23 中国联合网络通信集团有限公司 Method and system for processing GTP tunnel

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218261A (en) * 2017-07-03 2019-01-15 腾讯科技(深圳)有限公司 A kind of data processing method and data processing equipment
CN109218261B (en) * 2017-07-03 2022-06-28 腾讯科技(深圳)有限公司 Data processing method and data processing device
CN107770162A (en) * 2017-10-09 2018-03-06 武汉斗鱼网络科技有限公司 The method and device of brush present is prevented in a kind of live platform
CN109819274A (en) * 2019-02-27 2019-05-28 聚好看科技股份有限公司 Data transmission method, data processing method and device
CN111711554A (en) * 2020-04-13 2020-09-25 北京天维信通科技有限公司 Data transmission method, device and equipment of UDP tunnel based on TCP
CN116866450A (en) * 2023-06-08 2023-10-10 兴华永恒(北京)科技有限责任公司 Data transmission method, device, electronic equipment and storage medium
CN116866450B (en) * 2023-06-08 2024-12-31 兴华永恒(北京)科技有限责任公司 Data transmission method, device, electronic device and storage medium

Similar Documents

Publication Publication Date Title
US11671868B2 (en) Methods and apparatus for optimizing tunneled traffic
KR101378647B1 (en) Providing apparatus and method capable of protecting privacy mac frame in ieee 802.15.4 networks
EP3162020B1 (en) System and method for optimizing tunneled traffic
JP5745626B2 (en) Method and apparatus for lightweight security solutions for host-based mobility and multihoming protocols
CN105376737B (en) Machine-to-machine cellular communication security
CN102377524B (en) Fragment processing method and system
EP1968272A1 (en) Loop detection for mobile IP home agents
CN106454814A (en) GTP tunnel communication system and method
US12238128B2 (en) Data processing method and apparatus
JP4191119B2 (en) Method and apparatus for facilitating layered implementation of encryption
WO2022144007A1 (en) Control frame processing method, control frame generating method, station, access point, and storage medium
CN104184646B (en) VPN data interactive method and system and its network data exchange equipment
CN104601541A (en) Data transmission method, server and user equipment
CN106656914A (en) Anti-attack data transmission method and apparatus
US8761007B1 (en) Method and apparatus for preventing a mobile device from creating a routing loop in a network
Chakraborty et al. 6LoWPAN security: classification, analysis and open research issues
CN113302877B (en) Method and apparatus for providing a message authentication code suitable for short messages
EP3340545B1 (en) Methods and apparatus for optimizing tunneled traffic
Cheng et al. Securing robust header compression (rohc)
CN114268473B (en) Method, system, terminal and storage medium for resisting DDOS attack by IKEv1 protocol main mode
CN101668009A (en) Method and system for safely processing routing address
CN110839231B (en) A method and device for obtaining terminal identification
EP2984783B1 (en) Secure radio information transfer over mobile radio bearer
Nguyen et al. Towards secure communications in heterogeneous Internet of Things
US20130133060A1 (en) Communication system, control device and control program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222