CN110750802B

Movatterモバイル変換

Info

Publication number: CN110750802B
Application number: CN201910972845.XA
Authority: CN
Inventors: 申智灵; 周清雷; 邓淼磊; 张少华; 刘晶波; 王凡; 冯峰; 李斌; 董召; 薛正元
Original assignee: Chuangyuan Network Technology Co ltd
Current assignee: Chuangyuan Network Technology Co ltd
Priority date: 2019-10-14
Filing date: 2019-10-14
Publication date: 2023-01-10
Anticipated expiration: 2039-10-14
Also published as: CN110750802A

Abstract

The invention discloses a framework for protecting key data based on mimicry defense, which comprises a heterogeneous redundant executive body, a distributor, a resolver and a mimicry converter, wherein the heterogeneous redundant executive body is used for executing a plurality of tasks; inputting excitation from the distributor, and entering a heterogeneous redundant execution body, wherein the mimicry converter is connected with the distributor, the resolver and the mimicry converter, and performs mimicry conversion through dynamic scheduling and negative feedback control; the heterogeneous redundant executive body processes the input excitation of the distributor and outputs the processed excitation to the resolver, and the resolver outputs a response; according to the technical scheme, the data protection is carried out by using the framework, so that the difficulty of stealing and tampering the protected data can be greatly improved, and the key data can be better protected.

Description

Framework for protecting key data based on mimicry defense

Technical Field

The invention belongs to the technical field of protection of key data, and particularly relates to a framework for protecting the key data based on mimicry defense.

Background

Today, networks and information systems have become the infrastructure for human society to operate. However, with the rapid development of networks and information technology, information security issues become more severe. Therefore, the information security problem is also increasingly emphasized by various countries in the world. For the problem of information security, the traditional defense technology and means mostly adopt sheep-death reinforcement type defense, and the targeted 'point' type defense needs to be carried out by relying on an attack technology as priori knowledge. While the loophole and the backdoor are important entrances for attackers to successfully carry out attack behaviors, but the loophole and the backdoor are taken as defensive parties and have no ability to master all loopholes and backdoors, the traditional defense technology adopts accurate plugging or killing of the exposed loophole backdoor, and obviously, the traditional defense technology is not suitable for the backdoor restraint of unknown loopholes.

Mimicry defense is a revolutionary defense technology which is initiated in China in recent years and changes game rules, and theories and related technologies are developed rapidly at present. The mimicry defense is based on a relatively correct axiom, the structure determination safety is taken as a core idea, and a system applying the mimicry defense technology can deal with unknown security threats through a Dynamic Heterogeneous redundant architecture (DHR), so that the system has endogenous high safety and high reliability. The mimicry defense is a novel active defense technology, allows an executive body completing business functions to be toxic and bacteria-carrying, can simultaneously and effectively deal with the safety threat brought by known and unknown loopholes and is a 'surface' type defense. The mimicry defense guarantees the dynamics and the variability of a mimicry defense system through a dynamic scheduling mechanism and a negative feedback control mechanism, guarantees the robustness of the system and the active cognition of the attack behavior through a multi-mode arbitration mechanism, and can be understood by means of the first attached drawing.

As advanced productivity of human society, information technology is data representing material forms of wealth brought to human beings. Files, images, videos, applications, and the like belong to data, and therefore, protection of data is crucial. Important data leakage, tampering, loss and other events occur frequently, the technical means of data protection are various, but an effective method is to encrypt data to achieve the effect of 'one man in the close'. However, the security of encrypting data depends on the complexity of encryption algorithm and key, and there is still a possibility of being cracked because the complexity of data encryption increases the overhead and at the same time it is a static and single protection means.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides an architecture for protecting key data based on a mimicry defense technology, and the difficulty of stealing and tampering the protected data can be greatly improved by applying the architecture to protect the data.

In order to solve the technical problems, the invention provides the following specific technical scheme:

a framework for protecting key data based on a mimicry defense technology comprises a heterogeneous redundant executive body, a distributor, a resolver and a mimicry converter; inputting excitation from the distributor, and entering a heterogeneous redundant execution body, wherein the mimicry converter is connected with the distributor, the resolver and the mimicry converter, and performs mimicry conversion through dynamic scheduling and negative feedback control; and the heterogeneous redundant executive body processes the input excitation of the distributor and outputs the processed input excitation to the resolver, and the resolver outputs the corresponding excitation.

Preferably, a dynamic scheduler is included in the mimicry transformer to implement a dynamic scheduling mechanism.

Preferably, the mimic converter is provided with control parameters; the mimicry transducer is connected to a functionally equivalent isomer pool.

Preferably, the heterogeneous redundant executives include a plurality of heterogeneous executives to form an executor pool, and the service functions of the heterogeneous executives are encryption and decryption functions for data.

Preferably, the distributor comprises two distributors, namely an encryption distributor and a decryption distributor.

Preferably, the arbitrator performs multi-mode arbitration according to the arbitration parameters, and generates correct output and throw-out problem input according to the arbitration result.

Preferably, the dynamic scheduler dynamically schedules the heterogeneous redundant executors according to a policy.

Preferably, the invention also discloses a protection method for protecting the architecture aiming at the key data based on the mimicry defense technology, which comprises the following steps:

the first step is as follows: and (3) encryption process: and the plaintext ACL is copied through the encryption distributor, the copy number is consistent with the number of the on-line executors, and the redundant plaintext ACL is paired with the on-line executors without distinguishing marks.

The second step is that: and (3) decryption process: the redundant ciphertext ACL is paired with the 'on-line' executor through the decryption distributor according to the executor distinguishing mark.

The third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. And obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then performing multi-mode judgment.

The fourth step: and (3) dynamic scheduling process: and dynamically scheduling the heterogeneous encryption and decryption execution bodies by adopting a certain dynamic scheduling strategy, and determining an 'online' execution body.

Preferably, in the first step, after pairing without distinguishing mark, the pairing is encrypted by each "online" execution body to become a redundant ciphertext ACL, and the execution body distinguishing mark is marked.

Preferably, in the second step, after the pairing is performed, the redundant plaintext ACL is obtained after decryption by each "online" execution body.

Preferably, in the third step, if the redundant fingerprint vectors are inconsistent, it is determined that a tampered ACL exists, at this time, the problem ACL is thrown out and processed according to other designs, and the arbitrator shields the influence caused by tampering and outputs a correct plaintext ACL.

Preferably, the invention also discloses an operation excitation method for protecting the architecture aiming at the key data based on the mimicry defense technology, and the operation excitation method comprises the following steps:

the first step is as follows: and (3) initializing excitation: the process that MDADA will undergo at its excitation is d → a, which occurs during MDADA host system initialization.

The second step is that: access control query stimulus: what happens when an access request is intercepted and needs to be compared to an ACL is what the MDADA will go through under its stimulus is a query comparison of b → c → ACL.

The third step: access control modification stimuli: the process that MDADA will go through under its stimulus when a lawful modification update operation on an ACL occurs is b → c → a modification update of the ACL → a.

The fourth step: and (3) dynamic scheduling excitation: the processes that MDADA will go through under its incentives are b → c, d → a (c and d may be done simultaneously), which occurs when heterogeneous redundancy executors are dynamically scheduled according to policy.

Preferably, the encryption and decryption isomerization dimensions are three: (1) isomerization of an encryption and decryption algorithm; (2) isomerization of encryption and decryption keys; (3) implementation isomerization (e.g., programming language, coding style, etc.).

Preferably, the architecture of the protection can improve the security by enhancing the complexity of the corresponding algorithm, key, process, etc., optimize the corresponding algorithm, process, etc., and improve the performance.

Preferably, the hash storage and hiding of the redundant ciphertext ACL may be combined with some encryption techniques, such as putting it into a "dongle".

Preferably, the encryption/decryption algorithm, the auxiliary key generation algorithm, and the like may be implemented in an FPGA (Field-programmable gate array) manner.

Compared with the prior art, the invention has the beneficial effects that:

1. the framework for protecting the key data based on the mimicry defense technology enables the attack surface of the data to be in dynamic change through the dynamic scheduling encryption and decryption execution body, overcomes the defect that the logic can be analyzed indefinitely in the traditional static encrypted data, and effectively prevents the data from being leaked.

2. According to the framework for protecting the key data based on the mimicry defense technology, the difficulty of decrypting and tampering the data is improved by times compared with the single breaking difficulty of the traditional static encryption by combining the limitation of heterogeneous redundant data encryption and multi-mode arbitration.

3. The invention relates to an architecture for protecting key data based on a mimicry defense technology, which can effectively resist destructive attack of key data deletion by utilizing a redundancy idea and combining a necessary data hash storage and hiding technology.

4. The framework for protecting the key data based on the mimicry defense technology ensures that the normal output of the key data and the correctness of the key data can be ensured even if a few redundant ciphertexts are successfully tampered and attacked by the multi-mode arbitration in the aspect of robustness.

Drawings

FIG. 1 is a diagram of a proposed dynamic, heterogeneous, redundant architecture (DHR) for defense.

FIG. 2 is a diagram of the proposed data attack defense architecture (MDADA).

FIG. 3 is a schematic representation of the isomerization dimensions of the present invention.

Fig. 4 is a logical schematic block diagram of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.

Example 1

For protecting data in an information system, different types of data have different protection strengths according to the importance degree of the data, otherwise, the breakthrough of the key data protection even threatens the whole protection system. Therefore, improper protection processing of the critical data becomes a security weak link of the whole information system. For example, for Access Control Lists (ACLs) maintained by firewalls, if malicious theft and tampering can occur, access control will be meaningless and the entire information system will be exposed to security threats. The following uses the ACL protection problem as a use case to describe the details of the present invention.

Mechanism of operation

The present invention introduces a mimicry defense mechanism. The mimicry Defense has different degrees of difference in specific application, and finally presented mechanism architectures are different, the invention performs mimicry construction on Data protection from Dynamic, heterogeneous and redundant architectures (DHR) of the mimicry Defense, forms a brand-new and unique mechanism architecture, and can understand the mimicry Defense architecture (MDADA) for preventing Data Attack by means of the attached drawing II.

The specific working mechanism of MDADA using ACL protection as a use case is as follows:

1-2, an architecture for protecting critical data based on a mimicry defense technique, comprising a heterogeneous redundant executor, a distributor, a resolver, and a dynamic scheduler; heterogeneous redundant executives: all heterogeneous redundant executors form an executors pool, and the service functions of the executors are encryption and decryption functions of data. It is emphasized that the heterogeneous redundant executables are abstract, as will be explained in the analysis of the heterogeneous dimensions. A distributor: the system comprises two distributors, namely an encryption distributor and a decryption distributor. A resolver: and performing multi-mode judgment, and generating correct output and throw-out problem input according to a judgment result. And (3) a dynamic scheduler: and dynamically scheduling the heterogeneous redundant executives according to the strategy.

In fig. 2, solid arrows indicate control flows, and dashed arrows indicate data flows.

The invention also discloses a protection method for protecting the architecture aiming at the key data based on the mimicry defense technology, which comprises the following steps:

the first step is as follows: and (3) an encryption process: and the plaintext ACL is copied by the encryption distributor, the number of copies is consistent with the number of the on-line executors, the redundant plaintext ACL is paired with the on-line executors without distinguishing marks, and the redundant plaintext ACL becomes a redundant ciphertext ACL after being encrypted by each on-line executors, and the execution distinguishing marks are marked.

The second step is that: and (3) decryption process: and the redundant ciphertext ACL is paired with the on-line execution body through the decryption distributor according to the execution body distinguishing mark, and becomes a redundant plaintext ACL after being decrypted by each on-line execution body.

The third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. And obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then performing multi-mode judgment. If the redundant fingerprint vectors are inconsistent, the fact that the ACL is tampered is indicated, the problem ACL is thrown out and is processed according to other designs, meanwhile, the resolver shields the influence caused by tampering, and the correct plaintext ACL is output.

Analytical evaluation

MDADA analysis using ACL protection as a case:

for innovativeness, the mimicry defense of the invention can protect heterogeneous redundant executors in mimicry brackets, and MDADA introduced by using ACL protection as a use case takes protected objects as data, namely, the invention enables the mimicry defense to be used for data protection. The innovation opens up a new way for the development of a mimicry defense theoretical system, and simultaneously provides a new idea and means for solving the problem of data protection.

For the isomerization dimension, the encryption and decryption isomerization dimensions given by the invention are three:

(1) and (4) isomerizing the encryption and decryption algorithms.

(2) Encryption and decryption keys are isomerized.

(3) Implementation isomerization (e.g., programming language, coding style, etc.).

According to the method, matching is carried out on different dimensions, a plurality of combined isomerization vectors can be derived, so that the isomerization mode is richer, and the reason why the heterogeneous redundancy execution body in the MDADA has abstraction can be understood by the aid of the three drawings. As shown in fig. 3, the X dimension is the isomerization degree of the encryption and decryption algorithm; the dimension Y is the isomerization degree of the encryption and decryption keys; the Z dimension is the degree of isomerization achieved.

As for the lifting means, the technical scheme of the invention also has a plurality of lifting means in the aspects of safety, performance and the like. The complexity of corresponding algorithms, keys, processes and the like is enhanced, the safety can be improved, and the performance can be improved by optimizing the realization of corresponding algorithms, processes and the like. In addition, the prior art can be used, for example: in terms of security, the hash storage and hiding of the redundant ciphertext ACL can be combined with some encryption technologies, for example, the redundant ciphertext ACL is put into a software dongle to be a good choice; in terms of performance, the encryption and decryption algorithm, the auxiliary key generation algorithm and the like can be realized in an FPGA (Field-Programmable Gate Array) mode, the method for realizing the algorithm in a hardware mode can certainly improve the operation speed, and the possibility that the hardware logic is reversed is far lower than that of software logic in a binary form.

MDADA evaluation using ACL protection as a case:

safety feature

It is emphasized here that the theory of mimicry defense has been clarified, and the theory of safety protection made by it can be broken through in the category of social engineering, which is the universality of mimicry defense and other defense techniques.

If an attacker wants to successfully tamper the ACL file, at least the first two capabilities of the following three capabilities need to be simultaneously provided. First, the ability to obtain most redundant ciphertext ACLs is provided, and as mentioned above, we can use some existing mature techniques to hash and hide the redundant ciphertext ACLs. Second, having the ability to decrypt and uniformly tamper with most redundant ciphertext ACLs and then re-encrypt and replace them requires that an attacker be able to reverse the corresponding encryption and decryption logic. Third, the ability to obtain its corresponding key for a particular ciphertext ACL requires that an attacker be able to reverse out the key generation logic. By analyzing the three abilities, when an attacker does not have the third ability, obtaining the key in a violent exhaustion mode is theoretically guaranteed, but in an actual process, a great cost is paid and a final result is unknown. The attacker needs to have at least the first two capabilities to have the possibility of realizing joint escape under the so-called multi-mode voting mechanism. However, the process of acquiring these abilities is extremely complex, and in addition, a dynamic scheduling mechanism enables the MDADA to be in dynamic change, so that cryptography and dynamics act together, the complexity of cryptography makes it difficult for an attacker to have the abilities in a short time, the dynamics makes an attacker time-critical and can make the effort of the attacker be abandoned, and the attacker wants to attack successfully is extremely difficult.

Loss of performance

The increased loss in performance of the information system using the present invention, as compared to the legacy information system not using the present invention, is mainly caused by the newly added MDADA. From the foregoing, it can be seen that the performance loss generated by MDADA using ACL protection as a case occurs during its operation, which is driven by the four aforementioned operation stimuli. Such performance loss is inevitable in order to obtain the safety gain brought by its operation. However, this level of performance loss is acceptable and can be reduced using some means.

It is assumed that the protection of the ACL by the original system is a single form of encryption/decryption protection. By contrast, the redundant encryption and decryption executors of the MDADA under the multi-core environment can be executed in parallel, the speed of the redundant encryption and decryption executors for completing the encryption and decryption process depends on the executors with the slowest operation speed, and the speed is compared with the original system under the same system process, so that the performance loss at the moment is strongly related to the quality of the redundant executors for carrying the encryption and decryption algorithm. The performance loss additionally caused by MDADA also includes an arbitration process, a distribution pairing process, a process caused by dynamic scheduling, and the like, and is also strongly related to the superiority and inferiority of implementing these processes.

The rationality of MDADA use is also an important factor in the high and low performance losses. The above MDADA using ACL protection as a case, the ACL protected by the MDADA is a "key weak link" of the firewall, and the ACL has specificity and criticality. In contrast, if MDADA is abused (without considering the hardware performance, the number of files, the importance of files, etc.) in the whole file system, the disadvantages of the large file system volume, the difficult management, the serious performance loss, etc. are undoubtedly brought about, so that the rationality of the use of the architecture in the specific application has a great influence on the performance.

Example 2

the first step is as follows: and (3) encryption process: and the plaintext ACL is copied by the encryption distributor, the number of copies is consistent with the number of the on-line executors, the redundant plaintext ACL is paired with the on-line executors without distinguishing marks, and the redundant plaintext ACL becomes a redundant ciphertext ACL after being encrypted by each on-line executors, and the execution distinguishing marks are marked.

The second step is that: and (3) decryption process: and the redundant ciphertext ACL is paired with the on-line execution body through the decryption distributor according to the execution body distinguishing mark, and becomes the redundant plaintext ACL after being decrypted by each on-line execution body.

The third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. And obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then carrying out multi-mode judgment. And if the redundant fingerprint vectors are inconsistent, the ACL which is tampered exists, the ACL which is a problem is thrown out and is processed according to other designs, meanwhile, the resolver shields the influence caused by tampering, and the correct clear ACL is output.

The fourth step: and (3) a dynamic scheduling process: and dynamically scheduling the heterogeneous encryption and decryption execution bodies by adopting a certain dynamic scheduling strategy, and determining an 'online' execution body.

As shown in fig. 4, the present invention also discloses an operation excitation method for protecting a framework based on a mimicry defense technology with respect to key data, the operation excitation method includes the following steps:

The second step is that: access control query stimulus: i.e., a business request, occurs when an access request is intercepted and needs to be compared to an ACL, the process that MDADA will go through under its stimulus is a query comparison of b → c → ACL.

Compared with the prior art, the framework for protecting the key data based on the mimicry defense technology enables the attack surface of the data to be in the middle of dynamic change through the dynamic scheduling encryption and decryption execution body, overcomes the defect that the logic can be analyzed indefinitely in the traditional static encrypted data, and effectively prevents the data from being leaked. The difficulty of decrypting and tampering the data is improved by more than multiple times compared with the single-property breaking difficulty of the traditional static encryption by the limit of heterogeneous redundant data encryption and multi-mode arbitration. By utilizing the redundancy idea and combining with the necessary data hash storage and hiding technology, the destructive attack of key data deletion can be effectively resisted. In the aspect of robustness, normal output of key data and correctness of the key data can be guaranteed even if a few redundant ciphertexts are subjected to successful tampering attack through multi-mode arbitration.

In addition, the technical scheme of the invention can greatly improve the difficulty of stealing and tampering the protected data by using the framework to protect the data.

Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims

1. An architecture for protecting key data based on mimicry defense is characterized by comprising a heterogeneous redundancy executive body, a distributor, a resolver and a mimicry converter; inputting excitation from the distributor, and entering a heterogeneous redundant execution body, wherein the mimicry converter is connected with the distributor, the resolver and the mimicry converter, and performs mimicry conversion through dynamic scheduling and negative feedback control; the heterogeneous redundant executive body processes the input excitation of the distributor and outputs the processed excitation to the resolver, and the resolver outputs a response;

the architecture for protecting the key data based on the mimicry defense adopts the following protection method, and the protection method comprises the following steps:

the first step is as follows: and (3) an encryption process: the plaintext ACL is copied through the encryption distributor, the number of copies is consistent with the number of the on-line executors, and the redundant plaintext ACL is paired with the on-line executors without distinguishing marks; after pairing without distinguishing marks, encrypting each 'online' execution body to form a redundant ciphertext ACL, and marking an execution body distinguishing mark;

the second step: and (3) decryption process: the redundant ciphertext ACL is matched with an online executive body through a decryption distributor according to the executive body distinguishing mark; after pairing, the data is decrypted into a redundant plaintext ACL through each 'online' executive body;

the third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of data, and the process is packaged in an arbitrator; obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then carrying out multi-mode judgment; if the redundant fingerprint vectors are inconsistent, the tampered ACL is shown, the problem ACL is thrown out and is processed according to other designs, meanwhile, the resolver shields the influence caused by tampering, and the correct plaintext ACL is output;

the fourth step: and (3) dynamic scheduling process: adopting a dynamic scheduling strategy to dynamically schedule the heterogeneous encryption and decryption execution bodies and determining an 'online' execution body;

the mimicry defense technology-based architecture for protecting the key data adopts the following operation excitation method, and the operation excitation method comprises the following steps:

the first step is as follows: and (3) initializing excitation: what happens during initialization of the MDADA host system is that at its excitation the process through which MDADA will go is d → a;

the second step is that: access control query stimulus: what happens when an access request is intercepted and needs to be compared to an ACL, the process that MDADA will go through under its stimulus is a query comparison of b → c → ACL;

the third step: access control modification stimuli: the process that MDADA will undergo under its excitation, occurring when a lawful modification update operation on an ACL, is b → c → a the modified update of the ACL → a;

the fourth step: and (3) dynamic scheduling excitation: the process that MDADA will go through under its incentive is b → c, d → a, occurring when heterogeneous redundancy executors are dynamically scheduled according to policy.

2. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the mimicry transformer includes a dynamic scheduler to implement a dynamic scheduling mechanism.

3. An architecture for protection against critical data based on mimicry defense according to claim 1 or 2, characterized in that: control parameters are set in the mimicry converter; the mimicry converter is connected to a functionally equivalent isomer pool.

4. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the heterogeneous redundant executors comprise a plurality of heterogeneous executors to form an executer pool, and the service functions of the heterogeneous executors are encryption and decryption functions of data.

5. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the distributor comprises two distributors, namely an encryption distributor and a decryption distributor.

6. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the arbitrator carries out multi-mode arbitration according to the arbitration parameters, and generates correct output and throw-out problem input according to the arbitration result.

7. The architecture for protecting against critical data based on mimicry defense of claim 2, wherein: and the dynamic scheduler dynamically schedules the heterogeneous redundant executives according to the strategy.