防火墻功能外包的隱私保護技術研究
發(fā)布時間:2019-05-07 06:09
【摘要】:隨著互聯網技術和通信技術的不斷發(fā)展,網絡已經融入到人們生活的方方面面,給人們的生活帶來了極大的方便。但是與此同時,各種網絡攻擊手段層出不窮,網絡空間的安全受到極大的威脅。因此,我們需要各種網絡防御技術來抵御網絡攻擊。防火墻技術是抵御網絡攻擊、保障網絡安全的關鍵技術之一。防火墻可以監(jiān)視和檢查傳入和傳出內網的網絡流量,阻止攻擊者的惡意分組數據包進入到內網,將惡意的分組數據包扼殺在內網的入口。但是部署和管理防火墻會帶來很大的開銷,這會增加公司的經營成本。為了減少公司的開銷,公司開始考慮將防火墻功能外包給云服務提供商去處理。然而防火墻功能外包會泄露公司的防火墻策略,現有的防火墻功能外包方案要么不保護防火墻策略的隱私,要么就是性能或者安全性不高,這使得防火墻策略的隱私保護問題成為了公司采用防火墻功能外包技術的阻礙。本文旨在解決防火墻功能外包中防火墻策略的隱私保護問題。具體研究內容包括如下幾個方面:1.提出一種基于雙云的防火墻功能外包的系統(tǒng)架構。針對現有的防火墻功能外包系統(tǒng)架構中存在的問題,我們提出了一種基于兩個相互獨立的云平臺的防火墻功能外包的系統(tǒng)架構。這個系統(tǒng)架構中兩個云平臺,相互獨立同時又能遵循協議共同提供防火墻功能的外包服務。2.基于上述的雙云的外包系統(tǒng)架構,利用Paillier部分同態(tài)加密提出一種隱私保護的防火墻功能外包方案。這個方案中我們將Paillier部分同態(tài)加密和密碼學模糊器結合起來,設計了一個基于Paillier部分同態(tài)加密的密碼學模糊器,然后使用這個密碼學模糊器去模糊化防火墻策略,從而保證外包出去的防火墻策略的隱私。3.基于流量重定向的外包系統(tǒng)架構,利用前綴保持加密提出一種隱私保護的防火墻功能外包方案。這個方案使用前綴保持加密算法加密防火墻策略,從而保證外包的防火墻策略的隱私。4.使用Click模塊化路由器分別實現了上述兩個方案的仿真實驗,驗證了提出的方案的可行性。同時我們測試了兩個方案的處理延時與吞吐量兩個指標,驗證了這兩個方案的性能。
[Abstract]:With the continuous development of Internet technology and communication technology, network has been integrated into all aspects of people's lives, which brings great convenience to people's lives. But at the same time, a variety of cyber attacks emerge one after another, and the security of cyberspace is greatly threatened. Therefore, we need a variety of network defense technology to resist network attacks. Firewall technology is one of the key technologies to resist network attack and guarantee network security. The firewall can monitor and check the incoming and outgoing network traffic, prevent the malicious packet from entering the intranet, and kill the malicious packet at the entrance of the intranet. But deploying and managing firewalls brings a lot of overhead, which increases the company's operating costs. To reduce the company's overhead, the company began to consider outsourcing firewall capabilities to cloud service providers to handle. However, firewall function outsourcing will reveal the company's firewall policy, the existing firewall function outsourcing scheme either does not protect the privacy of the firewall policy, or the performance or security is not high. This makes the privacy protection of firewall policy become a hindrance to the company adopting firewall function outsourcing technology. The purpose of this paper is to solve the privacy protection problem of firewall policy in firewall function outsourcing. The specific contents of the study include the following aspects: 1. This paper presents a dual cloud-based firewall function outsourcing system architecture. In view of the problems existing in the existing firewall function outsourcing system architecture, we propose a firewall function outsourcing system architecture based on two independent cloud platforms. The two cloud platforms in this system architecture are independent of each other and can provide firewall functions in accordance with the protocol. 2. Based on the above-mentioned dual-cloud outsourcing system architecture, a privacy-protected firewall outsourcing scheme is proposed by using Paillier partial homomorphism encryption. In this scheme, we combine Paillier partial homomorphism encryption with cryptology fuzzizer, design a cryptology fuzzer based on Paillier partial homomorphism encryption, and then use this cryptology fuzzizer to defuzzify firewall strategy. Thus ensuring the privacy of the outsourced firewall policy. 3. Based on the outsourced system architecture of traffic redirection, a privacy-protected firewall outsourcing scheme is proposed by using prefix-preserving encryption. This scheme uses prefix-preserving encryption algorithms to encrypt firewall policies, thus ensuring the privacy of outsourced firewall policies. 4. The simulation experiments of the above two schemes are carried out by using Click modular router, and the feasibility of the proposed scheme is verified. At the same time, we test the processing delay and throughput of the two schemes, and verify the performance of the two schemes.
【學位授予單位】:中國科學技術大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.08
本文編號:2470828
[Abstract]:With the continuous development of Internet technology and communication technology, network has been integrated into all aspects of people's lives, which brings great convenience to people's lives. But at the same time, a variety of cyber attacks emerge one after another, and the security of cyberspace is greatly threatened. Therefore, we need a variety of network defense technology to resist network attacks. Firewall technology is one of the key technologies to resist network attack and guarantee network security. The firewall can monitor and check the incoming and outgoing network traffic, prevent the malicious packet from entering the intranet, and kill the malicious packet at the entrance of the intranet. But deploying and managing firewalls brings a lot of overhead, which increases the company's operating costs. To reduce the company's overhead, the company began to consider outsourcing firewall capabilities to cloud service providers to handle. However, firewall function outsourcing will reveal the company's firewall policy, the existing firewall function outsourcing scheme either does not protect the privacy of the firewall policy, or the performance or security is not high. This makes the privacy protection of firewall policy become a hindrance to the company adopting firewall function outsourcing technology. The purpose of this paper is to solve the privacy protection problem of firewall policy in firewall function outsourcing. The specific contents of the study include the following aspects: 1. This paper presents a dual cloud-based firewall function outsourcing system architecture. In view of the problems existing in the existing firewall function outsourcing system architecture, we propose a firewall function outsourcing system architecture based on two independent cloud platforms. The two cloud platforms in this system architecture are independent of each other and can provide firewall functions in accordance with the protocol. 2. Based on the above-mentioned dual-cloud outsourcing system architecture, a privacy-protected firewall outsourcing scheme is proposed by using Paillier partial homomorphism encryption. In this scheme, we combine Paillier partial homomorphism encryption with cryptology fuzzizer, design a cryptology fuzzer based on Paillier partial homomorphism encryption, and then use this cryptology fuzzizer to defuzzify firewall strategy. Thus ensuring the privacy of the outsourced firewall policy. 3. Based on the outsourced system architecture of traffic redirection, a privacy-protected firewall outsourcing scheme is proposed by using prefix-preserving encryption. This scheme uses prefix-preserving encryption algorithms to encrypt firewall policies, thus ensuring the privacy of outsourced firewall policies. 4. The simulation experiments of the above two schemes are carried out by using Click modular router, and the feasibility of the proposed scheme is verified. At the same time, we test the processing delay and throughput of the two schemes, and verify the performance of the two schemes.
【學位授予單位】:中國科學技術大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.08
【相似文獻】
相關期刊論文 前10條
1 ;防火墻功能分類及其局限性分析[J];計算機與網絡;2010年07期
2 林琪;如何評價防火墻功能[J];計算機安全;2002年03期
3 清涼心;;防火墻功能指標詳解[J];網絡與信息;2007年04期
4 陳德模;用LRP實現防火墻功能[J];電腦知識與技術;2001年16期
5 山德魯;;學用Windows防火墻,做好安全防護[J];電腦知識與技術(經驗技巧);2014年08期
6 ;業(yè)界要聞[J];電子產品世界;1997年04期
7 曹喜波;;基于ASP的主頁防火墻功能的實現[J];中國科技信息;2004年24期
8 曹偉;利用Linux防火墻功能保護校園網的安全[J];丹東紡專學報;2005年01期
9 龐亞賓;任治洪;;思科IOS系統(tǒng)的防火墻功能實現研究[J];甘肅科技;2008年09期
10 ;擴展防火墻功能 再創(chuàng)性價比新高 SonicWALL推出防火墻新品—PRO230和PRO330[J];信息安全與通信保密;2003年04期
相關重要報紙文章 前9條
1 ;阿爾卡特Speed Touch 511路由器兼具防火墻功能[N];中國計算機報;2003年
2 ;東軟:用虛擬防火墻為用戶護航[N];中國計算機報;2007年
3 甘肅 飛揚;激活Windows XP的防火墻[N];中國電腦教育報;2001年
4 離子翼;安全無處不在[N];中國電腦教育報;2005年
5 陳會安;揭開FTP服務器無法訪問之謎[N];中國電腦教育報;2004年
6 雷燕;美國網屹登陸中國[N];通信產業(yè)報;2000年
7 ;奧聯科技 APN GW 5000[N];中國計算機報;2006年
8 孫曉明;移動辦公更要安全[N];中國計算機報;2002年
9 ;迷你的SAFE[N];網絡世界;2002年
相關碩士學位論文 前1條
1 盛化龍;防火墻功能外包的隱私保護技術研究[D];中國科學技術大學;2017年
,本文編號:2470828
本文鏈接:http://www.lk138.cn/guanlilunwen/ydhl/2470828.html
最近更新
教材專著
