| Nowadays,with the frequent occurrence of network security issues,the state and society have increasingly attached importance to the security of cyberspace such as network security and data security.In order to ensure the information security of government,military,and enterprise departments,physical isolation technology has to some extent solved some information security issues and improved certain security.However,at the same time,it has also brought about issues of information isolation between different networks and information systems,lack of interconnection,and difficulty in sharing resources,forming "information islands".Therefore,a secure data exchange method is needed to balance the issues of physical isolation and data sharing.Currently,manual data transmission,security gateway and one-way transmission are commonly used,but there are still high costs,low transmission efficiency and difficulties in landing applications.In order to solve these problems,this paper proposes an authenticated encryption scheme of self-synchronous-like ZUC algorithm,and a parallel and authenticable dynamic two-dimensional code stream transmission scheme.Based on these two schemes,this paper designs and implements data security exchange system based on stream cryptography between physical isolation networks.The research content mainly includes the following aspects:(1)An authenticated encryption scheme of self-synchronous-like ZUC algorithm is proposed.Aiming at solve data security issues in data exchange between physical isolation networks,this paper modifies the process of linear feedback shift registers in the internal structure of ZUC stream ciphers,and designs and implements a selfsynchronous-like stream cipher algorithm which is similar to self-synchronizing stream ciphers.This algorithm implements the characteristics of the key stream related to ciphertext,improves its security and complexity,and increases the difficulty of ciphertext cracking.According to the algorithm,an authenticated encryption scheme(ZUCAE)is designed to implement the authenticated encryption function.The results show that ZUCAE has high security and complexity,and its authenticated encryption efficiency is comparable to that of mainstream stream cipher authenticated encryption schemes.(2)A parallel and verifiable dynamic two-dimensional code stream transmission scheme is proposed.In order to solve the problem of data exchange between physical isolated networks,this paper uses two-dimensional code as a data exchange carrier,proposes a two-dimensional code stream fragmentation and aggregation authentication mechanism.The mechanism combines with the ZUCAE authentication encryption scheme to construct a parallel and verifiable dynamic two-dimensional code stream transmission scheme,which is applied to physical isolated networks.Meanwhile,parallel mode is adopted during the transmission process,effectively improving the efficiency of data transmission.Experimental results show that this scheme can perform efficient and secure data exchange,and the data exchange process meets the requirements of confidentiality,authenticity,and non-repudiation.(3)Design and implement a data security exchange system for physical isolation networks based on stream ciphers.Based on the research scheme and related technologies,t the actual scenarios and business requirements were analyzed,and the system was designed in detail.The paper achieved efficient and secure data exchange between physical isolation networks,and improved system functions.Test analysis shows that this system not only achieves the purpose of security and authentication of data exchange,but also provides higher security,and improves transmission efficiency compared to previous two-dimensional code transmission systems. |
PDF Full Text Request