CN109428867B - Message encryption and decryption method, network equipment and system - Google Patents

Abstract

A message encryption and decryption method, network equipment and system are provided, the method comprises: the method comprises the steps that a first network device and a second network device negotiate in advance to determine an original key, then the first network device generates a sub-key set by using the original key, further determines a sub-key from the sub-key set, and performs encryption processing by using the sub-key and a first field of a serial number of a data message generated by the first network device, so that an encryption field is generated, the first network device replaces the first field of the serial number by using the encryption field, then obtains a modified data message, and sends the modified data message to the second network device.

Description

A message encryption and decryption method, network device and system

technical field

The present application relates to the field of information technology, and in particular, to a message encryption and decryption method, network device and system.

Background technique

At present, with the wide application of network communication in more and more government departments and enterprises, the sharing of information and online business is increasing, and network attacks and criminal activities are rampant. How to prevent the leakage and tampering of confidential information in the network, prevent and combat information crime, and ensure the security of the network and information, poses a serious challenge to people. Network communication is faced with a large number of attacks in various ways every day. Attacks can be divided into active attacks and passive attacks. Active attack refers to selectively destroying information in various ways, such as modification, deletion, forgery, addition, replay, out-of-order impersonation, etc. Passive attacks refer to reconnaissance, interception, stealing, and deciphering without interfering with the normal operation of the network system. Among them, replay is an important attack method.

A replay attack means that the attacker first intercepts the data packets of the normal communication between the communication peers through the network, and then leaves the data packets intact, or modifies them, and then sends them to the receiver of the data packets after waiting for a period of time, that is, " replay". The purpose of the replay is to impersonate a legitimate party to communicate with another party. The reason why the replay method is used instead of sending the forged data packets directly is because some systems will encrypt and authenticate some information. The data package can achieve this purpose.

In order to solve the problem of replay attacks in the prior art, each security network protocol (internet protocol security, IPSec) header contains a unique and monotonically increasing sequence number, through the sequence number of each data packet and a sequence number. The "sliding" receiving window is used to actively filter out the replayed packets. However, because the serial number is monotonically increasing, it is easy to guess, and it is easy to cause the failure of the anti-replaying mechanism.

SUMMARY OF THE INVENTION

In view of this, the present application provides a message encryption and decryption method, network device and system to solve the problem of effectively preventing replay attacks.

In a first aspect, an embodiment of the present application provides a message encryption method. The method includes: a first network device and a second network device pre-negotiate to determine an original key, and then the first network device uses the original key to generate a subkey set, and then determine a subkey from the subkey set, and use this subkey and the first field of the serial number of the generated data packet to perform encryption processing, thereby generating an encrypted field, and the first network device uses this The encrypted field replaces the first field of the serial number of the data packet, and then the modified data packet is obtained, and the modified data packet is sent to the second network device.

Because the sequence number in the data packet is encrypted, the attacker cannot decrypt the original sequence number even if he intercepts the data packet, so the problem of replay attacks can be effectively prevented.

The first network device and the second network device pre-negotiate to determine the original key by using IKE negotiation, and the negotiation process is that the first network device sends an Internet key exchange IKE negotiation request message to the second network device, The value of the predetermined identification bit in the IKE negotiation request message indicates that the first network device supports encrypted transmission of the sequence number; then the second network device sends an IKE negotiation response message to the first network device, wherein the IKE negotiation response message The value of the predetermined identification bit indicates that the second network device supports encrypted transmission of the serial number, and uses the key seed to generate an original key in the negotiation process.

Further, the first network device splits the original key negotiated with the second network device into N fields, then copies the N fields into M fields, and generates a sub-key consisting of the M fields The key set, the reason for doing this, is to increase the randomness and complexity of the subkey and avoid being guessed by an attacker.

In a possible design, the method for the first network device to determine a subkey from the subkey set may be that the first network device takes the second field included in the sequence number of the data packet to M modulo obtains a modulo value; then, using the modulo value as an index value, the subkey corresponding to the index value is found from the subkey set. The advantage of this is that the serial numbers are different, so the modulo values corresponding to the modulo are also different, so the determined subkey is also dynamic, so it is difficult for an attacker to crack the subkey, thus improving the reliability of the encryption method.

There are various methods for encrypting the data packet by the first network device. In a possible design, the first network device encrypts the first field included in the serial number of the data packet and the determined sub-field. The key is XORed to get the encrypted field. Generally, in order to ensure that the length of the data packet is as constant as possible, the number of bytes of the subkey is generally the same as the number of the first field. If the length of the data packet becomes longer, it will increase the overhead. If the length of the data packet becomes shorter, it is easy to be cracked by the attacker. It should be noted that the above encryption method can also be replaced by the same or, that is, the first field included in the serial number of the data packet. Perform the same OR operation with the determined subkey to obtain the encrypted field. In contrast, the XOR encryption method does not need to negate the same or operation during decryption, so the decryption process is relatively simple.

In addition, the first field above can be the high-order byte part of the serial number or the low-order byte part. Assuming that the serial number includes L bytes, the first field can be the serial number L/2 bytes The high-order byte part of the serial number, and the second field is the low-order byte part of the serial number L/2 bytes; or the first field can be the low-order byte part of the serial number L/2 bytes. , the second field is the high-order byte part of L/2 bytes of the serial number.

In the second aspect, corresponding to the above encryption method, an embodiment of the present invention further provides a packet decryption method, the method includes that after the second network device receives the data packet sent by the first network device, according to the first network device The network device determines a subkey in the same way, and then uses the subkey to decrypt the serial number in the received data message. The decryption method corresponds to the encryption method. The included first field and the determined subkey are decrypted to obtain a decrypted field, and then the decrypted field is used to replace the first field in the sequence number of the data message, thereby obtaining a decrypted message .

In this way, even if the serial number in the data packet is encrypted, the second network device can correctly decrypt it according to the decryption method to obtain the original serial number, and even if the attacker intercepts the data packet, the original serial number cannot be decrypted. It can effectively prevent the problem of replay attacks.

Of course, the second network device has pre-executed the IKE negotiation process with the first network device, and the negotiation process is the same as the above, so it is not repeated here. In addition, the manner of generating the sub-key set and the process of determining the sub-key from the sub-key set are also consistent with the above.

The decryption method of the packet by the second network device corresponds to the encryption method. In a possible design, if the encryption operation adopted by the first network device is XOR, the second network device will The first field contained in the serial number of the message is XORed with the determined subkey to obtain the decrypted field; in another possible design, if the encryption operation adopted by the first network device is XOR , then the second network device first inverts the received serial number, and then performs the XOR operation on the first field included in the serial number of the received data packet and the determined subkey to obtain the decrypted field. In contrast, the XOR encryption method does not need to negate the same or operation during decryption, so the decryption process is relatively simple.

In a third aspect, an embodiment of the present application further provides a network device, where the network device has a function of implementing the packet encryption behavior in the method example of the first aspect. The functions can be implemented by hardware, or can be implemented by hardware executing corresponding software. The hardware or the software includes one or more modules corresponding to the above functions.

In a possible design, the structure of the network device includes a determination unit, an encryption unit, a processing unit, and a sending unit, and these units can perform the corresponding functions in the above method examples. For details, please refer to the detailed description in the method examples. Do repeat.

In a fourth aspect, an embodiment of the present application further provides a first network device, where the first network device has a function of implementing the packet encryption behavior in the method example of the first aspect. The functions can be implemented by hardware. The structure of the first network device includes a communication interface, a processor, and a memory, wherein the processor invokes an instruction stored in the memory to perform the following processing:

Determine a subkey from the subkey set, encrypt the first field contained in the serial number of the generated data message and the determined subkey to obtain an encrypted field, and use the encrypted field to replace the first field in the serial number of the data message, so as to obtain the modified data message; and then send the data message containing the ciphertext of the serial number to the second network through the communication interface equipment.

Because the sequence number in the data packet is encrypted, the attacker cannot decrypt the original sequence number even if he intercepts the data packet, so the problem of replay attacks can be effectively prevented.

The first network device and the second network device pre-negotiate to determine the original key mainly through IKE negotiation, and the negotiation process is that, before determining the subkey, the processor is further configured to: send a message to the communication interface through the communication interface. In the Internet Key Exchange IKE negotiation request message sent by the second network device, the value of the predetermined identification bit in the IKE negotiation request message is a first value, wherein the first value indicates that encrypted transmission of the serial number is supported; The communication interface receives the IKE negotiation response message sent by the second network device, where the predetermined identification bit in the IKE negotiation response message is also the first value, the processor determines that the second network device supports the pairing sequence. encrypted transmission. And use the key seed to generate an original key during the negotiation process.

Further, the processor splits the original key negotiated with the second network device into N fields; copies the N fields into M fields, and generates a sub-key set consisting of the M fields. The reason for this is to increase the randomness and complexity of the subkey and avoid being guessed by an attacker.

In a possible design, the processor obtains a modulus value by taking the second field contained in the serial number modulo M; then, using the modulus value as an index value, find the The subkey corresponding to the index value described above.

There are various encryption methods for the message. In a possible design, the processor performs an XOR operation on the first field included in the serial number of the data message and the determined subkey to obtain Encrypted fields. Generally, in order to ensure that the length of the data packet is as constant as possible, the number of bytes of the subkey is generally the same as the number of the first field.

In addition, the first field above can be the high-order byte part of the serial number or the low-order byte part. Assuming that the serial number includes L bytes, the first field can be the serial number L/2 bytes The high-order byte part of the serial number, and the second field is the low-order byte part of the serial number L/2 bytes; or the first field can be the low-order byte part of the serial number L/2 bytes. , the second field is the high-order byte part of L/2 bytes of the serial number.

In a fifth aspect, an embodiment of the present application further provides a second network device, where the second network device has a function of implementing the packet decryption behavior in the method example of the second aspect. The functions can be implemented by hardware, or can be implemented by hardware executing corresponding software. The hardware or the software includes one or more modules corresponding to the above functions.

In a possible design, the structure of the second network device includes a determining unit, a receiving unit, a decrypting unit, and a processing unit, and these units can perform the corresponding functions in the above method examples. For details, please refer to the detailed description in the method examples. No further elaboration here.

In a sixth aspect, an embodiment of the present application further provides another structure of a second network device, where the second network device has a function of implementing the packet decryption behavior in the method example of the second aspect. The functions can be implemented by hardware. The structure of the network device includes a communication interface, a processor, and a memory, wherein the processor and the memory are connected through a bus; the processor invokes an instruction stored in the memory to execute the above method, the It is not repeated here.

In a seventh aspect, the embodiments of the present application further provide a computer storage medium, where a software program is stored in the storage medium, and when the software program is read and executed by one or more processors, the first aspect or the above-mentioned first aspect can be implemented. A method provided by any design of the aspect.

In an eighth aspect, the embodiments of the present application further provide a computer storage medium, where a software program is stored in the storage medium, and when the software program is read and executed by one or more processors, the second aspect or the above-mentioned second aspect can be implemented. A method provided by any design of the aspect.

In a ninth aspect, the present application also provides a computer program product containing instructions, which, when run on a computer, enables the computer to execute the message encryption method described in the above aspects or various possible implementation manners.

In a tenth aspect, the present application further provides a computer program, which, when running on a computer, enables the computer to execute the message decryption method described in the above aspects or various possible implementation manners.

In this application, because the sub-key is transmitted in the encrypted channel negotiated and determined between the first network device and the second network device, and is dynamically changed, the encrypted data message has high security, and the serial number The encrypted sub-key is determined by modulo, so the randomness is high, and the encrypted serial number cannot be guessed, so replay attacks can be effectively prevented.

Description of drawings

FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present application;

2 is a schematic diagram of a system architecture based on IKE negotiation provided by an embodiment of the present application;

3 is a schematic flowchart of a message encryption method provided by an embodiment of the present application;

FIG. 4 is a schematic diagram of IKE negotiation interaction provided by an embodiment of the present application;

5a-5b are schematic diagrams of the locations of message reserved fields provided by the embodiments of the present application;

6 is a schematic flowchart of a message decryption method provided by an embodiment of the present application;

FIG. 7 is a first device schematic diagram of a network device according to an embodiment of the present application;

FIG. 8 is a second device schematic diagram of a network device according to an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a network device according to an embodiment of the present application.

Detailed ways

The present application will be described in further detail below with reference to the accompanying drawings.

The message encryption and decryption method in the present application can be applied to various system architectures, and FIG. 1 is a schematic diagram of a system architecture to which the present application is applied. As shown in FIG. 1 , the system architecture includes: a sending end server 101 , a sending end gateway 102 , a receiving end gateway 103 , and a receiving end server 104 .

Among them, in order to ensure the security of the data packet transmission between the sending end gateway 102 and the receiving end gateway 103 , the IPSec protocol is used to transmit packets between the sending end gateway 102 and the receiving end gateway 103 .

It should be noted that IPSec is a three-layer tunnel encryption protocol formulated by the Internet Engineering Task Force (IETF) to ensure the security and confidentiality of data transmitted on the Internet. IPSec provides security services for IP packets at the network layer (internet protocol, IP). The IPSec protocol itself defines how to add fields to IP data packets to ensure the integrity, privacy and authenticity of IP data packets, and how to encrypt data packets. Using IPsec, data can be securely transmitted over the public network. IPsec provides protection between two hosts, between two security gateways, or between a host and a security gateway.

IPSec includes two protocols, a packet authentication header (authentication header, AH) (protocol number 51) and a packet security encapsulation protocol (encapsulated security payload, ESP) (protocol number 50). AH can provide data source verification and data integrity verification functions; ESP can provide data verification and integrity verification functions as well as encryption functions for IP packets. The security features of the IPSec protocol are 1. Data confidentiality, that is, the IPSec sender encrypts the packets before transmitting them through the network. 2. Data integrity, that is, the IPSec receiver authenticates the packets sent by the sender to ensure that the data has not been tampered with during transmission. 3. Data source authentication, that is, the IPSec receiver authenticates the source address of the IPSec packet. This service is based on the Data Integrity Service. 4. Anti-replay attack, that is, the IPSec receiver can detect and refuse to receive outdated or duplicate packets.

The so-called replay attack means that the attacker first intercepts the data packets of the normal communication between the communication peers through the network, and then leaves the data packets intact, or modifies them, and then sends them to the receiver of the data packets after waiting for a period of time, that is, "Replay". The purpose of the replay is to impersonate a legitimate party to communicate with another party. The reason why attackers use replay instead of directly sending forged data packets is because some systems encrypt and authenticate some information, and the forged data packets may not be trusted by the recipient of the data packets, and replay is used. Originally legitimate data packets can achieve this purpose. For example, in Mobile IP, a mobile node registers when it finds that its network has switched from one link to another. For the purpose of registration, on the one hand, the mobile node can obtain the routing service of the foreign agent on the foreign link, and on the other hand, it can notify the home agent of the mobile node's care-of address. The registration message is a User Datagram Protocol (UDP) data packet contained in an IP data packet. If an attacker intercepts the packet, modifies the care-of address field, and then resends the message, the attacker is registered with a fake care-of address. Then all the data packets sent to the mobile node in the network will be forwarded to the care-of address registered by the attacker, and the mobile node will never receive any information.

Although the IPSec protocol is used to transmit packets, the receiver can detect and refuse to receive outdated or duplicate packets, which can prevent replay attacks to a certain extent. However, because the serial number of the packet transmitted by the IPSec protocol is plaintext, the serial number has a monotonically increasing sequence number. Or the characteristics of decreasing, so once an attacker intercepts a message, it is easy to guess the serial number of the subsequent message based on the serial number of the message, and then pretend to be the sender to communicate with the receiver, and the receiver simply parses the serial number by parsing the serial number. , if the judgment is not repeated or outdated, the packet will be considered legitimate, so the attacker's illegal packet cannot be accurately identified, which will easily cause the IPSec protocol's anti-replay function to fail.

In the prior art, a new check field is also added to perform additional check on the serial number of the message, so that an attacker can obtain a valid serial number, but cannot pass the message verification, but the disadvantage of this is that the A new field is added to the header, so the length of the message needs to be adjusted, which brings a lot of extra overhead.

Considering that the existing IPSec packets also include the Internet key exchange (IKE) protocol, the main function of IKE negotiation is to achieve key negotiation between the two parties. In the case of IPsec Security Association (Security Association, SA). Based on the above reasons, an embodiment of the present application provides a packet encryption and decryption method, which combines the use of the IKE negotiation mechanism, generates a key by using the key seed determined by the IKE negotiation, and uses the key to convert the serial number of the plaintext Encrypt it into cipher text, so that the attacker cannot crack the key, so even if the attacker intercepts the data packet, he cannot guess the subsequent sequence number, so replay attacks can be effectively prevented.

In detail, the main function of the IKE protocol contained in IPSec packets is to negotiate, distribute, manage keys, verify identities, and establish security associations securely on an insecure network. SA is an agreement reached by both communication parties. Only when all the information of the agreement is known, the correct IPSec processing can be performed. For example, if it is agreed to use the ESP method for encapsulation, the AH method cannot be used for decapsulation; similarly, if the agreement is to use 3DES encryption, the AES method cannot be used for decryption.

To ensure smooth IPSec communication, the IKE protocol performs two-phase negotiation. The two phases are Main Mode negotiation and Quick Mode negotiation.

1. Main mode (also known as Phase 1) IKE negotiation establishes a secure channel called an ISAKMP SA between two computers. The secure channel is mainly used to protect secure negotiation.

2. Quick Mode (also known as Phase 2) IKE negotiation establishes a tunnel between two computers to protect data. Since this phase involves the creation of SAs, the SAs established during Quick Mode are called IPSec SAs. During fast mode, the cryptographic material will be refreshed, or new keys generated if necessary. A protection suite for protecting specific IP traffic is also selected during this period.

After the above negotiation, a shared key material, that is, a key seed (SKEYSEED), can be generated. The formula for calculating the key seed is as follows:

SKEYSEED=prf(Ni|Nr, ^gΛir )………………………….Formula [1]

SKEYSEED={SK_d|SK_ai|SK_ar|SK_ei|SK_er|SK_pi|SK_pr}

=prf+(SKEYSEED,Ni|Nr|SPIi|SPIr)………………Formula [2]

Among them, SK_d is used for the second-stage extended key (only it is non-directional), SK_ai and SK_ar are used as the MAC keys of the initiator and the responder, respectively, and SK_ei and SK_er are used for the encryption of the initiator and the responder, respectively. The keys, SK_pi and SK_pr are used in the authentication payload calculation for the initiator and responder.

In addition, through the above negotiation, the two parties can determine whether they need to decrypt the data packets sent by the other party in the future according to the negotiation results. For example, if the negotiation result is that the other party does not support encryption, the sender will not treat the data packets sent The data is encrypted and sent directly to the receiving side. At the same time, the receiving side receives the data packet without decrypting it, but directly obtains the serial number for verification. Of course, if the negotiation result is that the other party supports encryption, the sender will encrypt the data packet to be sent, and then send the encrypted data packet to the receiving side, and the receiving side will decrypt the data packet received at the same time.

Specifically, the packet encryption and decryption methods provided by the embodiments of the present application include a packet encryption method and a packet decryption method. A communication system applying the packet encryption and decryption methods provided by the embodiments of the present application is shown in FIG. 2 . It mainly includes the following process: firstly establish IKE SA negotiation between the sending end gateway 102 and the receiving end gateway 103, and then the sending end gateway 102 encrypts the IPSec message by using the encryption algorithm determined by the negotiation, generates an encrypted IPSec message, and then The encrypted IPSec packet is sent to the receiving end gateway 103, wherein the receiving end gateway 103 decrypts the encrypted data packet with the decryption algorithm determined by negotiation, and restores the serial number of the original IPSec packet.

The following is disassembled into the two processes of the encryption process and the decryption process, which will be described in detail respectively.

As shown in FIG. 3 , a schematic flowchart of a message encryption method provided by an embodiment of the present application, the specific steps are as follows:

Step 301, the first network device generates a data packet.

Step 302, the first network device determines a subkey from the subkey set. For example, the first network device may be the sender gateway 102 in FIG. 2 .

Step 303, the first network device encrypts the first field included in the sequence number of the message to be sent and the determined subkey to obtain an encrypted field.

Step 304, the first network device replaces the first field in the serial number of the data packet with the encrypted field, thereby obtaining a modified data packet.

Step 305, the first network device sends the modified data packet to the second network device. For example, the second network device may be the receiving end gateway 103 in FIG. 2 .

It should be noted that before step 301 is executed, the first network device needs to determine that the second network device at the opposite end supports encrypted transmission, that is, the second network device can decrypt the encrypted data packet after receiving it. Therefore, before performing step 301, an IKE negotiation process needs to be performed between the first network device and the second network device. The schematic diagram of the negotiation interaction is shown in Figure 4, including:

Step 401: The first network device sends an IKE negotiation request message to the second network device.

Step 402: The first network device receives the IKE negotiation response message sent by the second network device.

The IKE negotiation request message sent by the first network device carries a predetermined identification bit, and the predetermined identification bit is a first value, and the first value indicates that the first network device supports encrypted transmission of the sequence number. If the second network device also supports For encrypted transmission of the sequence number, the IKE negotiation response message fed back by the second network device also carries the predetermined identifier, and the value of the predetermined identifier is also the first value. In this way, the first network device may determine that the second network device supports encrypted transmission of the sequence number according to the first value of the identification bit in the IKE negotiation response message.

After the first network device determines that the second network device at the opposite end supports encrypted transmission, the first network device performs the encryption process described in FIG. 3 on the data message, and then sends the encrypted data message to the second network device; Otherwise, the first network device omits the encryption process, and directly sends the unencrypted data packet to the second network device. Doing so can be compatible with network devices that do not support encrypted transmission and avoid communication failures.

The identification bits used by the first network device and the second network device are unused reserved fields in the IKE packet. For example, the first network device uses RESERVED (reserved field) in the Security Association payload header. The first bit in the 7bit of the 1st network device is used to identify whether the first network device supports encryption of the serial number, and the 10th bit is occupied in the entire Payload (load) header. As shown in Fig. 5a, E represents the used identification bit, the value of the identification bit is 0, which means that the serial number is not supported to be encrypted, and the value of the identification bit is 1, which means that the encryption of the serial number is supported. In this way, when the second network device receives the IKE negotiation request message, it parses and judges the first bit in the RESERVED (reserved field) in the Security Association payload header. The network device supports encryption of the data packet, and when subsequently receiving the data packet sent by the first network device, it first performs a decryption operation on it.

In addition, as shown in FIG. 5b, E represents the used identification bit, the value of 0 means that the serial number is not supported to be encrypted, and the value of 1 means that the serial number is supported to be encrypted. The second network device receives the IKE negotiation request message, and judges the value of the flag in the payload. If the value is 1, it is considered that the first network device supports encryption of the data message, and subsequently receives the data sent by the first network device. When the message is sent, it is first decrypted.

In addition, after the first network device completes the IKE negotiation with the second network device of the opposite end and determines that the opposite end supports encrypted transmission, the first network device first uses the key seed formula determined by the negotiation to generate the original key, and then uses the original key Generate a set of subkeys. Specifically, the first network device splits the original key negotiated with the second network device into N fields; then the first network device copies the N fields into M fields, and then Generate a subkey set consisting of M fields, generally M will be greater than N.

For example, split the original key Key value in Table 1 into 8 2-bytes, arrange the 8 2-bytes in descending order of value, and fill a table 2 with a length of 100 in turn in a loop Key table shown.

Table I

0x2fe0 0x1fd9 0x1ee1 0x1fe5 0x1fa0 0x11a1 0x21c3 0x1fe9

Table II

0x2fe0 0x21c3 0x1fe9 0x1fe5 0x1fd9 0x1fa0 0x1ee1 ... 0x1fe5 0x1fd9 0x1fa0 0x1ee1

In addition, after dividing the original key Key value in Table 1 into 8 2-bytes, you can also deform each 2-byte in Table 1, and then use the deformed 2-bytes to generate the Key table. The deformation method It may be adding 1, or other existing methods, which will not be repeated here.

In a possible design, the first network device determines a subkey from the subkey set, and the determination method may be that the first network device compares the second field included in the serial number of the data packet to M The modulus value is obtained by taking the modulus; the first network device uses the modulus value as an index value to find the subkey corresponding to the index value from the subkey set.

For example, the lower 16-bit 0x1b21 of the serial number 0xefac 0x1b21 is modulo M (for example, M is 100) to obtain a modulo value of 45, and look up the 45th subkey 0x1fd9 in the Key table in Table 2. Of course, in addition to this, in the IKE negotiation stage, the first network device and the second network device can negotiate to specify a certain index number of the subkey set as a subkey, for example, specify the 45th index number in the KEY table in Table 2. A value of 0x1fd9 is used as a subkey. Obviously, the subkey can be determined more dynamically by using the modulo method, which is not easy to be cracked by an attacker.

After the sub-key is determined, the serial number can be encrypted by using the determined sub-key. In a possible design, the first network device encrypts the first field included in the serial number of the data packet and all the Perform the XOR operation on the determined subkey to obtain the encrypted field. For example, XOR the subkey 0x1fd9 with the high-order 16-bit 0xefac of the serial number to obtain a new encrypted value 0xf075, and replace the high-order 16-bit 0xefac of the serial number with the new encrypted value 0xf075 to obtain a new serial number 0xf075 0x1b21, Replace the serial number in the original data packet with the new serial number 0xf075 0x1b21, and send the replaced data packet to the peer second network device. In this way, the second network device can still restore the original serial number by using the XOR operation, and the decryption algorithm is also very simple.

Generally, in order to ensure that the length of the data packet is as constant as possible, the number of bytes of the subkey is generally the same as the number of the first field. On the one hand, it is convenient to perform the XOR operation, on the other hand, the length of the data packet will increase the overhead, and if the length of the data packet is shortened, it is easy to be cracked by the attacker. It should be noted that, the above encryption method can also adopt the same-or substitution, that is, perform the same-or operation on the first field included in the serial number of the data packet and the determined subkey to obtain the encrypted field. Compared with the XOR encryption method, in which the XOR operation is adopted, the second network device needs to negate first and then perform the XOR operation during decryption, and the decryption process is relatively complicated.

In the above example, the first field is the high-order 16-bit 0xefac of the serial number, and the second field is the low-order 16-bit 0x1b21. It should be noted that in other possible designs, the first field may not be half of the serial number. For example, the serial number is 4 bytes, the first field is a 1-byte part, and the second field is a 3-byte part. In this way, the above method can also be implemented, that is, the second field is modulo determined to determine the subkey, and then the encryption operation is performed. . Similarly, in the above example, the first field can also be the lower 16-bit 0x1b21 of the serial number, and the second field is the upper 16-bit 0xefac, that is, the upper 16 bits are modulo to obtain the modulo value, and then the lower 16 bits correspond to the modulo value The key value of the encryption operation is performed.

Corresponding to the above message encryption method, the embodiment of the present application further describes the specific process of the message decryption method in detail, and the specific steps are shown in FIG. 6 .

Step 601: The second network device receives the data packet sent by the first network device. For example, the first network device may be the sending end gateway 102 in FIG. 2 , and the second network device may be the receiving end gateway 103 in FIG. 2 .

Step 602, the second network device determines a subkey from the subkey set.

Step 602, the second network device receives the packet sent by the first network device.

Step 603: The second network device decrypts the first field included in the serial number of the received data packet and the determined subkey to obtain a decrypted field.

Step 604, the second network device replaces the first field in the serial number of the data packet with the decryption field, thereby obtaining a decrypted data packet.

Similar to the above message encryption method, before receiving the data message sent by the first network device, the second network device has completed the IKE negotiation with the first network device, and uses the key seed formula determined by the negotiation to generate the original key, The original key is then used to generate a sub-key set, wherein the generation method of the sub-key set is the same as the above, so it is not repeated here.

That is to say, the second network device also determines a subkey set according to the same method as the first network device, and further determines a subkey from the subkey set according to the same rules as the first network device, For example, if the first network device takes the modulo of the second field, and uses the modulo value as an index value to determine the subkey, then the second network device also determines the subkey according to the same rule.

In a possible design, the second network device obtains a modulo value by modulo M in the second field included in the serial number of the data packet; the second network device uses the modulo value as an index value, and find the subkey corresponding to the index value from the subkey set.

For example, still taking the serial number 0xefac 0x1b21 as an example, in the above, the first network device encrypts it with the 45th subkey 0x1fd9 in the Key table of Table 2 to obtain a new serial number 0xf075 0x1b21, then the second network device After receiving the data message containing the serial number 0xf075 0x1b21, the 45th subkey 0x1fd9 is still used to perform XOR operation on the high 16-bit 0xf075 of 0xf0750x1b21, and a new decrypted value 0xefac will be obtained, and the serial number will be replaced with the new decrypted value 0xefac After the high 16 bits of 0xf075, a new serial number 0xefac 0x1b21 is obtained, that is, the original serial number corresponding to the data message sent by the first network device is obtained by restoration. Of course, if the first network device adopts other rules to determine the sub-key, and uses the sub-key to encrypt the serial number, such as XOR operation on the lower byte part, to obtain a new encrypted value, then the second network The device also performs an XOR operation on the lower byte part to obtain a new decrypted value.

In another possible design, if the first network device performs an exclusive OR operation on the first field included in the serial number of the data packet and the determined subkey to obtain the encrypted field, then the second network device When decrypting, it needs to be negated first, and then the XOR operation is performed. For example, the first network device uses the 45th subkey 0x1fd9 to perform the same-or operation on the high 16-bit 0xf075 of 0xf075 0x1b21, then the second network device needs to first invert the serial number 0xf0750x1b21 of the data packet, and then The serial number after the inversion is decrypted according to the method in the above example.

In view of the above method flow, the present application provides a network device. For the specific execution content of the network device, reference may be made to the corresponding embodiments of the above message encryption method.

FIG. 7 is a schematic structural diagram of a first network device provided by this application. As shown in FIG. 7 , the first network device includes:

The generating unit 701 is used for generating a data message.

Determining unit 702, configured to determine a subkey from a subkey set, where the subkey set includes M subkeys, and the M subkeys are generated according to N fields obtained by splitting the original key Yes, the original key is pre-negotiated and determined by the first network device and the second network device, and M is greater than or equal to N.

The encryption unit 703 is configured to perform encryption processing on the first field included in the serial number of the data packet and the determined subkey to obtain an encrypted field, wherein the serial number includes multiple fields.

The processing unit 704 is configured to replace the first field in the sequence number of the data packet with the encrypted field, so as to obtain the modified data packet.

The sending unit 705 is configured to send the modified data packet to the second network device.

Optionally, the determining unit 702 is specifically configured to: obtain a modulo value by taking the second field included in the serial number modulo M; and use the modulo value as an index value to search from the subkey set to the subkey corresponding to the index value.

Optionally, the encryption unit 703 is specifically configured to: perform an XOR operation on the first field included in the serial number of the data packet and the determined subkey to obtain an encrypted field, wherein the determined The number of bytes of the subkey is the same as the number of bytes of the first field.

Wherein, the serial number includes L bytes, the first field is the high-order byte part of the serial number L/2 bytes, and the second field is the serial number L/2 words The lower byte part of the section; or the first field is the lower byte part of the L/2 bytes of the sequence number, and the second field is the upper byte of the L/2 bytes of the sequence number part.

The first network device further includes: a generating unit 701, configured to split the original key negotiated with the second network device into N fields; copy the N fields into M fields, and generate A subkey set consisting of M fields.

Optionally, the sending unit 705 is further configured to: send an Internet Key Exchange IKE negotiation request message to the second network device, where the value of the identification bit in the IKE negotiation request message indicates that it supports the pairing of the serial number. encrypted transmission;

The network device further includes: a receiving unit 706, further configured to receive an IKE negotiation response message sent by the second network device;

Optionally, the determining unit 702 is further configured to determine, according to the value of the identification bit in the IKE negotiation response message, that the second network device supports encrypted transmission of the sequence number.

FIG. 8 is a schematic structural diagram of a second network device corresponding to the packet decryption method provided by this application. As shown in FIG. 8 , the second network device includes: a determining unit 801, a receiving unit 802, a decrypting unit 803, and a processing unit 801. Unit 804; specifically:

The receiving unit 801 is configured to receive a data packet sent by a first network device.

Determining unit 802, configured to determine a subkey from a subkey set, where the subkey set includes M subkeys, and the M subkeys are generated according to N fields obtained by splitting the original key Yes, the original key is pre-negotiated and determined by the first network device and the second network device, and M is greater than or equal to N.

The decryption unit 803 is configured to perform decryption processing on the first field included in the serial number of the received data packet and the determined subkey to obtain a decrypted field, wherein the serial number includes multiple fields.

The processing unit 804 is configured to replace the first field in the sequence number of the data packet with the decrypted field, so as to obtain the decrypted packet.

Optionally, the determining unit 802 is specifically configured to: take the second field included in the serial number modulo M to obtain a modulo value; use the modulo value as an index value to search from the subkey set to the subkey corresponding to the index value.

Optionally, the decryption unit 803 is specifically configured to: perform an XOR operation on the first field included in the serial number of the received data packet and the determined subkey to obtain a decrypted field, wherein the The determined number of bytes of the subkey is the same as the number of bytes of the first field.

Wherein, the serial number includes L bytes, the first field is the high-order byte part of the serial number L/2 bytes, and the second field is the serial number L/2 words The lower byte part of the section; or the first field is the lower byte part of the L/2 bytes of the sequence number, and the second field is the upper byte of the L/2 bytes of the sequence number part.

The second network device further includes:

The generating unit 805 is configured to split the original key negotiated with the first network device into N fields; copy the N fields into M fields, and generate a sub-key consisting of the M fields key set.

Optionally, the receiving unit 802 is further configured to receive an IKE negotiation request message sent by the first network device, where the value of the identification bit in the IKE negotiation request message indicates that the first network device supports pairing. Serial number encrypted transmission;

The second network device further includes:

A sending unit 806, configured to send an IKE negotiation response message to the first network device, wherein the value of the identification bit in the IKE negotiation response message indicates that the second network device supports encryption of the sequence number transmission.

FIG. 9 is a schematic structural diagram of another network device provided by this application. The network device can execute the above message encryption method or message decryption method. As shown in FIG. 9 , the network device 900 includes: a communication interface 901 , a processing 902, memory 903 and bus system 904;

Among them, the memory 903 is used for storing programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory 903 may be random-access memory (RAM), or may be non-volatile memory (NVM), such as at least one disk storage. Only one memory is shown in the figure, of course, the number of memories can also be set as many as required. Memory 903 may also be memory in processor 902 .

Memory 903 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set of them:

Operation instructions: including various operation instructions, which are used to realize various operations.

Operating System: Includes various system programs for implementing various basic services and handling hardware-based tasks.

The processor 902 controls the operation of the network device 900, and the processor 902 may also be referred to as a central processing unit (English: central processing unit, CPU). In a specific application, various components of the network device 900 are coupled together through a bus system 904, where the bus system 904 may include a power bus, a control bus, a status signal bus, and the like in addition to a data bus. For clarity, however, the various buses are labeled as bus system 904 in the figure. For convenience of representation, only a schematic drawing is shown in FIG. 9 .

Specifically, if the method executed by the network device 900 is a message encryption method, then the network device 900 corresponds to the sending end gateway 102 in FIG. 2 . Referring to FIG. 3 , the communication interface 901 is used to execute step 305, that is, to The second network device sends the modified data message. If the method executed by the network device 900 is a packet decryption method, then the network device 900 corresponds to the receiving end gateway 103 in FIG. 2 . Referring to FIG. 6 , the communication interface 901 is used to perform step 601, that is, to receive the first network device data packets sent.

Likewise, if the method executed by the network device 900 is a packet encryption method, the processor 902 is configured to execute steps 301 to 304 in FIG. 3 . If the method executed by the network device 900 is a packet decryption method, the processor 902 is configured to execute steps 602 to 604 in FIG. 6 . For details of the execution of the processor 902, please refer to the descriptions in the foregoing method embodiments, which will not be described in detail here.

The processor 902 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above-mentioned method may be completed by an integrated logic circuit of hardware in the processor 902 or an instruction in the form of software. The above-mentioned processor 902 may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The methods, steps, and logic block diagrams disclosed in the embodiments of this application can be implemented or executed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory 903, and the processor 902 reads the information in the memory 903, and performs the above method steps in combination with its hardware.

It can be seen from the above that in this embodiment of the present application, because the subkey is transmitted in the encrypted channel negotiated between the first network device and the second network device and changes dynamically, the encrypted datagram In addition, the sub-key for encrypting the serial number is determined by modulo, so the randomness is high, and the encrypted serial number cannot be guessed, so replay attacks can be effectively prevented; The second network device only uses the unused reserved field to identify whether it encrypts the data packet, so the length of the data packet is not increased, and the overhead is not increased.

It should be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, a system, or a computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product implemented on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, CD-ROM, optical storage, and the like.

Embodiments of the present invention are described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present invention without departing from the scope of the present application. Thus, if these modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.

Claims (17)

1. a message encryption method, is characterized in that, this method comprises: The first network device generates a data packet; The first network device determines a subkey from the subkey set, the subkey set includes M subkeys, and the M subkeys are generated according to N fields obtained by splitting the original key , the original key is pre-negotiated and determined by the first network device and the second network device, and M is greater than or equal to N; The first network device encrypts the first field contained in the serial number of the data packet and the determined subkey to obtain an encrypted field, wherein the serial number includes multiple fields; The first network device uses the encrypted field to replace the first field in the serial number of the data packet, thereby obtaining a modified data packet; The first network device sends the modified data message to the second network device. 2. The method according to claim 1, wherein the subkey set further comprises an index value corresponding to each subkey, and the first network device determines a subkey from the subkey set ,include: The first network device obtains a modulo value by taking the second field included in the serial number modulo M; The first network device uses the modulus value as an index value to find a subkey corresponding to the index value from the subkey set. 3. The method according to claim 1 or 2, wherein the first network device performs encryption processing on the first field included in the serial number of the data packet and the determined subkey , get encrypted fields, including: The first network device performs an XOR operation on the first field included in the serial number of the data packet and the determined subkey to obtain an encrypted field, wherein the determined subkey is The number of bytes is the same as the number of bytes of the first field. 4. The method according to any one of claims 1 to 2, wherein before the first network device determines the first subkey from the subkey set, the method further comprises: The first network device sends an Internet Key Exchange IKE negotiation request message to the second network device, and the value of the predetermined identification bit in the IKE negotiation request message is set to a first value, and the first value Indicates support for encrypted transmission of serial numbers; The first network device receives the IKE negotiation response message sent by the second network device, and the value of the predetermined identification bit in the IKE negotiation response message is set to the first value; The first network device determines that the second network device supports encrypted transmission of the sequence number according to the value of the predetermined identification bit in the IKE negotiation response message. 5. A message decryption method, characterized in that the method comprises: The second network device receives the data packet sent by the first network device; The second network device determines a subkey from the subkey set, the subkey set includes M subkeys, and the M subkeys are generated according to N fields obtained by splitting the original key , the original key is determined in advance by the first network device and the second network device through negotiation, and M is greater than or equal to N; The second network device decrypts the first field contained in the serial number of the received data packet and the determined subkey to obtain a decrypted field, wherein the serial number contains multiple fields ; The second network device replaces the first field in the sequence number of the data packet with the decryption field, thereby obtaining a decrypted data packet. 6. The method according to claim 5, wherein the subkey set further comprises an index value corresponding to each subkey, and the second network device determines a subkey from the subkey set ,include: The second network device obtains a modulo value by modulo M of the second field included in the serial number of the data packet; The second network device uses the modulus value as an index value to find a subkey corresponding to the index value from the subkey set. 7. The method according to claim 5 or 6, wherein the second network device decrypts the first field contained in the serial number of the data packet and the determined subkey , to get the decrypted fields, including: The second network device performs an XOR operation on the first field included in the serial number of the data packet and the determined subkey to obtain a decryption field, wherein the determined subkey is The number of bytes is the same as the number of bytes of the first field. 8. The method according to any one of claims 5 to 6, wherein before the second network device determines the first subkey from the subkey set, the method further comprises: The second network device receives the Internet Key Exchange IKE negotiation request message sent by the first network device, and the value of the predetermined identification bit in the IKE negotiation request message is set to a first value, and the first The value indicates that encrypted transmission of serial numbers is supported; If the second network device supports encrypted transmission of the sequence number, the second network device sends an IKE negotiation response message to the first network device, wherein the predetermined identifier in the IKE negotiation response message The value of the bit is set to the first value. 9. A first network device, characterized in that the first network device comprises: a communication interface, a processor, and a memory; The processor invokes the instructions stored in the memory to perform the following processing: Generate a data message; A subkey is determined from the subkey set, the subkey set includes M subkeys, and the M subkeys are generated according to N fields obtained by splitting the original key. The key is determined by the first network device and the second network device through negotiation in advance, and M is greater than or equal to N; Encrypting the first field contained in the serial number of the data message and the determined subkey to obtain an encrypted field, wherein the serial number contains multiple fields; Replace the first field in the sequence number of the data message with the encrypted field, thereby obtaining the modified data message; Send the modified data message to the second network device through the communication interface. 10. The network device according to claim 9, wherein the processor is specifically configured to: The second field contained in the serial number is modulo M to obtain a modulo value; Using the modulus value as an index value, the subkey corresponding to the index value is found from the subkey set. 11. The network device according to claim 9 or 10, wherein the processor is specifically configured to: Perform an exclusive OR operation on the first field contained in the serial number of the data message and the determined sub-key to obtain an encrypted field, wherein the determined sub-key has the same number of bytes as the determined sub-key. The first field has the same number of bytes. 12. The network device according to any one of claims 9 to 10, wherein the processor is further configured to: In the Internet Key Exchange IKE negotiation request message sent to the second network device through the communication interface, the value of the predetermined identification bit in the IKE negotiation request message is set to a first value, and the first value Indicates support for encrypted transmission of serial numbers; receiving an IKE negotiation response message sent by the second network device through the communication interface, where the value of a predetermined identification bit in the IKE negotiation response message is set to the first value; It is determined according to the value of the predetermined identification bit in the IKE negotiation response message that the second network device supports encrypted transmission of the sequence number. 13. A second network device, characterized in that the second network device comprises: a communication interface, a processor, and a memory; The processor invokes the instructions stored in the memory to perform the following processing: receiving, through the communication interface, a data message sent by the first network device; A subkey is determined from the subkey set, the subkey set includes M subkeys, and the M subkeys are generated according to N fields obtained by splitting the original key. The key is pre-negotiated and determined by the first network device and the second network device, and M is greater than or equal to N; Decrypt the first field contained in the serial number of the received data message and the determined subkey to obtain a decrypted field, wherein the serial number contains multiple fields; The first field in the sequence number of the data packet is replaced with the decrypted field, so as to obtain the decrypted data packet. 14. The network device according to claim 13, wherein the processor is specifically configured to: The second field contained in the serial number of the data message is modulo M to obtain a modulo value; Using the modulus value as an index value, the subkey corresponding to the index value is found from the subkey set. 15. The network device according to claim 13 or 14, wherein the processor is specifically configured to: Perform an XOR operation on the first field contained in the serial number of the data message and the determined subkey to obtain a decryption field, wherein the determined subkey has the same number of bytes as the determined subkey. The first field has the same number of bytes. 16. The network device according to any one of claims 13 to 14, wherein, An Internet Key Exchange IKE negotiation request message sent by the first network device is received through the communication interface, the value of a predetermined identification bit in the IKE negotiation request message is set to a first value, and the first value Indicates support for encrypted transmission of serial numbers; If the encrypted transmission of the sequence number is supported, an IKE negotiation response message is sent to the first network device through the communication interface, wherein the value of the predetermined identification bit in the IKE negotiation response message is set to the specified value. the first value. 17 . A communication system, characterized in that it comprises executing the first network device according to any one of the preceding claims 9 to 12 , and executing the second network device according to any one of the preceding claims 13 to 16 . 18 .

Images