A method for controlling internal and external network access for a network security chip and the network security chip
A technology of network security and access control, which is applied in the field of internal and external network access control and network security chips, and can solve the problems of large white list and occupied storage space, etc.
Active Publication Date: 2022-06-03
XI AN JIAOTONG UNIV
View PDF7 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] Considering the current network protocol, it is more reasonable to use the IP address and its corresponding port or MAC address as the basis for whitelist filtering, but because the IP address or MAC address itself needs a certain space for storage (for example, at least 4 characters are required to store an IPv4 address). section, which corresponds to 16 bytes required for IPv6 addresses and 2 bytes for ports), for fine-grained destination IP port access control, it often results in very large whitelist lists, such as reaching millions or even tens of millions Combination of access destination IP and port
Storing such a large whitelist directly on the chip would take up a lot of on-chip storage space
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0056] The embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings and examples.
[0058] For IP address whitelisting, use data summaries (e.g. bloom filters, machine learning based bloom filters
[0061] (3) The data outline can achieve high query accuracy with a small storage space.
[0062] Based on the whitelist verification of the data summary, first, the IP address whitelist is compressed and stored using the data summary.
[0069] Element insertion: For each connection address x in the IP address whitelist, Bloom filter B uses k hash functions
[0073] The data security unit provides a secure encryption and decryption algorithm and an interactive protocol.
[0080] (4) Unique identification number: After the chip leaves the factory, it cannot be changed once programmed, so that the chip cannot be copied. broken on the outside
[0082] The network security control unit includes four main modules:
[0085] (3) the s...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
An internal and external network access control method for network security chips, using n independent data profiles to compress and store the complete white list, and only using one data profile for verification when connecting, and using the attack counter C for auxiliary judgment The present invention simultaneously provides a network security chip using the method, including: a data security unit, which provides a safe encryption and decryption algorithm and an interactive protocol; a network security management and control unit, which realizes the isolation of sensitive data, network access control, hot switching of security modes, Authentication and verification of identity; the network data processing unit communicates with the encryption and decryption algorithm control engine, uses the encryption and decryption algorithm control engine to encrypt and decrypt the load in the current data packet, and completes the verification in the network protocol, using the network security The device of the chip can freely access the external network and securely access the internal network data, and at the same time ensure that the internal network data will not be leaked to the external network through the device.
Description
An internal and external network access control method for a network security chip and the network security chip technical field The invention belongs to the technical field of network security, and relates to utilizing a compressed storage algorithm to realize that a security chip device is used to access the User control is an internal and external network access control method for a network security chip and the network security chip. Background technique [0002] The development of network information technology is giving birth to a new industrial and technological revolution, and also brings a huge security risk. In the information age, the importance of network security is self-evident. To fundamentally solve the problem of network security, it is necessary to Starting with the bottom layer design of the chip of information technology, on the one hand, it protects data resources from unauthorized access and tampering; A dedicated channel for chip-level secure ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/101H04L63/0876H04L63/1416Y02D30/50
Inventor 王平辉杨晨管晓宏
Owner XI AN JIAOTONG UNIV