CN105978681A - Anti-eavesdrop safe switcher - Google Patents
Anti-eavesdrop safe switcher Download PDFInfo
- Publication number
- CN105978681A CN105978681A CN201610314744.XA CN201610314744A CN105978681A CN 105978681 A CN105978681 A CN 105978681A CN 201610314744 A CN201610314744 A CN 201610314744A CN 105978681 A CN105978681 A CN 105978681A
- Authority
- CN
- China
- Prior art keywords
- message
- switch
- switcher
- eavesdrop
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an anti-eavesdrop safe switcher, and the switcher is additionally provide with a disturbance module on the basis of a universal two-layer/three-layer switcher, wherein the disturbance module enables a message transmitted by the switcher in a subnet to be an out-of-order message. Meanwhile, a specified receiving equipment network card is provided with a descramble module, and the descramble module enables the received out-of-order message to be reverted to a correct message, and then carries out the next operation and uploads the message to a transmission layer. The switcher can meet the application demands of occasions which exert higher requirements for information safety and need to prevent internal eavesdroppers, and also guarantees the safety use of information.
Description
Technical field
The present invention relates to encryption technology field, be specifically related to the security switch of a kind of anti-eavesdrop, increase a kind of network message monitoring module based on FPGA.
Background technology
Layer2 switching technology is development comparative maturity, Layer 2 switch belongs to data link layer device, the mac address information in packet can be identified, forward according to MAC Address, and be exactly the switch with detail router function by these MAC Address and corresponding port record three-tier switch in the address table that oneself is internal, the most important purpose of three-tier switch is to speed up the data exchange within large-scale LAN, the routing function being had also services for this purpose, can accomplish once to route, repeatedly forward.The regular processes such as packet forwarding are realized by High-Speed Hardware, and as functions such as updating route information, routing table maintenance, router-level topology, route determine, software realizes.Tri-level exchange is exactly+three layers of retransmission technique of Layer2 switching technology.Tradition switching technology operates in OSI network standard model second layer data link layer, and tri-level exchange is the high speed forward that the third layer in network model achieves packet, both can realize network routing function, optimal network performance can have been accomplished according to heterogeneous networks situation again.
Structure DMAC+SMAC+Type+Data+CRC of Ethernet EthernetII frame, maximum Frame be 1518Bytes so, shoot off frame head (the DMAC target MAC (Media Access Control) address 48bit=6Bytes+SMAC source MAC 48bit=6Bytes+Type territory 2bytes) 14Bytes of ethernet frame and postamble CRC check part 4Bytes, place i.e. the Data territory maximum of remaining carrying upper-layer protocol just can only have 1500Bytes, this value we just it is referred to as MTU MTU.
Along with the development of network is with universal, the exchange of people is more and more frequently with convenient.The thing followed, be emerge in an endless stream secrets disclosed by net, assault, network interception event, the information security of people is caused huge threat.At present, most popular information safety protection mode is that data are encrypted transmission, but the encryption of data is the transport layer in seven layer network agreements and above each layer operation, can only the listener-in of protection against external.If organization internal exists listener-in, in two layers of ad-hoc network, all grabbing by the data transmitted in network, use powerful decoding tool to be decrypted data, private data still has the possibility being cracked.
Summary of the invention
The technical problem to be solved in the present invention is: for above not enough and demand, the invention provides the security switch of a kind of anti-eavesdrop, on the basis of general two layers/three-tier switch, add an interference module, the message that switch is transmitted inside subnet, is out of order message.Because heading is out of order, unless installed special descrambling module, otherwise common network interface card None-identified message, thus realize the anti-eavesdrop function of inside.
The technical solution adopted in the present invention is:
A kind of security switch of anti-eavesdrop, described switch is on the basis of general two layers/three-tier switch, add an interference module, make the message that switch transmits inside subnet, it it is out of order message, unless installed special descrambling module, otherwise common network interface card None-identified message, thus realize the anti-eavesdrop function of inside;
Meanwhile, the network interface card specifying the equipment received is equipped with descrambling module, after the out of order message received is reduced into correct message, carries out next step operation, submit transport layer.
It is configured without the equipment of descrambling module, it is impossible to identify the out of order message in subnet, it is impossible to packet capturing analysis.
The communication between subnet and outer net of the described switch, is order message, encrypts in transport layer and above enforcement and possess audit function.
Described interference module and descrambling module are network message monitoring module based on FPGA.
The invention have the benefit that
Security switch of the present invention disclosure satisfy that and information security requires higher, need to prevent internal listener-in applications demand, it is ensured that the safe handling of information.
Accompanying drawing explanation
Fig. 1 is anti-eavesdrop security switch operation principle schematic diagram of the present invention.
Detailed description of the invention
Below by Figure of description, in conjunction with detailed description of the invention, the present invention is further described:
Embodiment 1:
A kind of security switch of anti-eavesdrop, described switch is on the basis of general two layers/three-tier switch, add an interference module, make the message that switch transmits inside subnet, it is out of order message, as it is shown in figure 1, unless installed special descrambling module, otherwise common network interface card None-identified message, thus realize the anti-eavesdrop function of inside;
Meanwhile, the network interface card specifying the equipment received is equipped with descrambling module, after the out of order message received is reduced into correct message, carries out next step operation, submit transport layer.
It is configured without the equipment of descrambling module, it is impossible to identify the out of order message in subnet, it is impossible to packet capturing analysis.
Embodiment 2:
On the basis of embodiment 1, the communication between subnet and outer net of the switch described in the present embodiment, it is order message, encrypts in transport layer and above enforcement and possess audit function.
Embodiment 3:
On the basis of embodiment 1 or 2, interference module described in the present embodiment and descrambling module are network message monitoring module based on FPGA.
Embodiment of above is merely to illustrate the present invention; and not limitation of the present invention; those of ordinary skill about technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; the technical scheme of the most all equivalents falls within scope of the invention, and the scope of patent protection of the present invention should be defined by the claims.
Claims (3)
1. the security switch of an anti-eavesdrop, it is characterised in that: described switch, on the basis of general two layers/three-tier switch, adds an interference module so that the message that switch transmits inside subnet, is out of order message;
Meanwhile, the network interface card specifying the equipment received is equipped with descrambling module, after the out of order message received is reduced into correct message, carries out next step operation, submit transport layer.
The security switch of a kind of anti-eavesdrop the most according to claim 1, it is characterised in that described switch communication between subnet and outer net, is order message, encrypts in transport layer and above enforcement and possess audit function.
The security switch of a kind of anti-eavesdrop the most according to claim 1 and 2, it is characterised in that described interference module and descrambling module are network message monitoring module based on FPGA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610314744.XA CN105978681A (en) | 2016-05-13 | 2016-05-13 | Anti-eavesdrop safe switcher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610314744.XA CN105978681A (en) | 2016-05-13 | 2016-05-13 | Anti-eavesdrop safe switcher |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105978681A true CN105978681A (en) | 2016-09-28 |
Family
ID=56991782
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610314744.XA Pending CN105978681A (en) | 2016-05-13 | 2016-05-13 | Anti-eavesdrop safe switcher |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105978681A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108803744A (en) * | 2018-07-02 | 2018-11-13 | 张家港市鸿嘉数字科技有限公司 | A kind of market environmental monitoring system and its working method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1319209A (en) * | 1998-05-08 | 2001-10-24 | 摩托罗拉公司 | Digital communications processor |
| CN101079753A (en) * | 2007-06-28 | 2007-11-28 | 深圳市中科新业信息科技发展有限公司 | A multi-link packet snapping system, method and network audit system |
| CN103401675A (en) * | 2013-07-15 | 2013-11-20 | 江苏智联天地科技有限公司 | Paired earphone end-to-end communication scrambling-descrambling method, device and scrambling-descrambling earphone |
| US20140059180A1 (en) * | 2012-08-22 | 2014-02-27 | Futurewei Technologies, Inc. | Carriage of ISO-BMFF Event Boxes in an MPEG-2 Transport Stream |
-
2016
- 2016-05-13 CN CN201610314744.XA patent/CN105978681A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1319209A (en) * | 1998-05-08 | 2001-10-24 | 摩托罗拉公司 | Digital communications processor |
| CN101079753A (en) * | 2007-06-28 | 2007-11-28 | 深圳市中科新业信息科技发展有限公司 | A multi-link packet snapping system, method and network audit system |
| US20140059180A1 (en) * | 2012-08-22 | 2014-02-27 | Futurewei Technologies, Inc. | Carriage of ISO-BMFF Event Boxes in an MPEG-2 Transport Stream |
| CN103401675A (en) * | 2013-07-15 | 2013-11-20 | 江苏智联天地科技有限公司 | Paired earphone end-to-end communication scrambling-descrambling method, device and scrambling-descrambling earphone |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108803744A (en) * | 2018-07-02 | 2018-11-13 | 张家港市鸿嘉数字科技有限公司 | A kind of market environmental monitoring system and its working method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100472487C (en) | Virtual broadcast network for inter-domain communications | |
| US8386772B2 (en) | Method for generating SAK, method for realizing MAC security, and network device | |
| CN102932377B (en) | Method and device for filtering IP (Internet Protocol) message | |
| CN102307136B (en) | Method for processing message and device thereof | |
| US10284471B2 (en) | AIA enhancements to support lag networks | |
| CN103067290B (en) | The VPN tunnel implementation of load balancing network is adapted to based on virtual network interface card | |
| US10097633B2 (en) | Automated mirroring and remote switch port analyzer (RSPAN)/encapsulated remote switch port analyzer (ERSPAN) functions using fabric attach (FA) signaling | |
| CN104243270A (en) | Tunnel setup method and tunnel setup device | |
| CN101175014A (en) | General wireless grouping service wireless router with virtual special network function | |
| CN105610790B (en) | The user face data processing method that ipsec encryption card is cooperateed with CPU | |
| CN103200123A (en) | Safety control method of switchboard port | |
| CN101262429B (en) | A system and method for realizing virtual private network communication | |
| WO2023124880A1 (en) | Packet processing method and device based on macsec network | |
| CN102480485A (en) | System, method and switching device for realizing cross-device isolation of ports in same VLAN (virtual local area network) | |
| EP3200398A1 (en) | Automated mirroring and remote switch port analyzer (rspan)/encapsulated remote switch port analyzer (erspan) functions using fabric attach (fa) signaling | |
| CN105635154A (en) | Flexible MACSec message encryption and authentication implementation method and device on chip | |
| CN111698245A (en) | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm | |
| CN105791459B (en) | A kind of method for mapping business of IP network to AdHoc networks | |
| CN105978681A (en) | Anti-eavesdrop safe switcher | |
| CN112637237B (en) | Service encryption method, system, equipment and storage medium based on SRoU | |
| CN102868615B (en) | The method and system of message transmission between a kind of local area network (LAN) | |
| CN115941389A (en) | Method for realizing IPSec VPN two-layer networking and IPSec VPN gateway | |
| KR101845776B1 (en) | MACsec adapter apparatus for Layer2 security | |
| KR102694199B1 (en) | L2-based virtual private network management device for network separation between apartment houses | |
| CN102957591B (en) | Implementation method of distributed VPLS (Virtual Private Lan Service) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160928 |
|
| RJ01 | Rejection of invention patent application after publication |