| With the rapid development and the wide application of network technology and information technology, and with the continues innovation of service patterns, the needs of the extensive connectivity and the real-time information exchange of heterogeneous networks are promoted. At present, networks did not form large-scale connectivity. The basic reason is that they are all using physical isolation to prevent network attacks, which has become the constraints of the widespread use of the informationization application. Nowadays, the contradiction among the demand of information interaction of high real-time, high reliability, high safety performance, the isolation scheme which is not yet perfect and the foreground and background secure communication protocol which can reflect the business characteristics are becoming aculeate increasingly. Therefore, in view of the typical application requirements of two networks and two entities for secure communication, We major contributions are as follows in this thesis:Contrapose the packet lengths’ covert channel(PLCC) and the statues covert channel(SCC) problems existing in heterogeneous networks while exchanging information with each other, and in view of the requirements of high real-time, high reliability and high safty while communication systems communicate with each other in the ubiquitous network environment, a network isolation communication model is designed, and the relevant definition and its security proof is given. A Network Isolation Communication Scheme(NICS) is proposed to resist against covert channel on the basis of the model. The NICS is able to not only resist against the PLCC by ensuring the length of the front and the rear splits do not exist fixed maps, but also resist against the SCC and get hign reliability by letting each packet carry check code and the error-correcting code. Security analysis indicates that the NICS is able to effectively solve problems of the potential Packet Lengths’ Covert Channel(PLCC) and the Status Covert Channel(SCC) in most of the existing work; and, given similar amount of information for exchanging, the NICS can achieve equivalent security degree with the physical isolation in terms of resisting against the covert channel. The results of the hardware implementation of Network Isolation device in "a border security gateway" project shows that it owes the ability to resist against covert channel, the high reliability and high feasibility performance.Contrapose the requirements of safty and real-time information exchange between the two entities in ubiquitous network, take the communication between the administration program of foreground and the control program of background as example, a easy-to-use, safe and reliable communication protocol is designed based on the structure design thought, which can guarantee the safty communication between the front and back end system. We introduces data transmission flow, data format and so on, shows the concrete realization instance, and analyzes the security of the protocol. |
PDF Full Text Request