Multi-level fragmented high-security-strength communication system

Abstract

The invention discloses a multi-level fragmented high-security-strength communication system, and solves the problem that the integrity and confidentiality of network communication still need to be improved in the prior art. The system comprises a system operation and maintenance management module which is responsible for management configuration, state monitoring and log management of the system, and a control module which is responsible for performing control plane processing on the system; the connection fragmentation module is responsible for the system to schedule data messages on different connections of the user to different VPN tunnels based on various connection fragmentation algorithms; the message fragmentation module is responsible for the system to schedule different data messages to multiple access links based on multiple message fragmentation algorithms; and the far-end server module establishes a plurality of encrypted tunnel connections with a plurality of far-end servers at the same time through a plurality of supported link access modes. The technology dynamically adapts to a complex network environment, fault states of all links are detected in real time, and stability and reliability of user communication are guaranteed.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a multi-level fragmented communication system with high security strength. Background technique [0002] In the construction process of the traditional network communication system, in order to solve the problem of communication integrity and confidentiality, the VPN scheme is generally adopted, by establishing a secure tunnel, using advanced digital encryption protocols (RSA, DES, etc.) The entire message or session is encrypted, and technologies such as digital signatures are used for identity verification. [0003] Commonly used VPN solutions include OpenVPN, PPTP, L2TP / IPSec, etc. Each VPN scheme has its own advantages and disadvantages. For example, the PPTP scheme is fast, easy to deploy, and applicable to a wide range of platforms, but its security is poor; the OpenVPN scheme has high security, but configuration difficulties and large delays; High performanc...

AI Technical Summary

Problems solved by technology

Each VPN scheme has its own advantages and disadvantages. For example, the PPTP scheme is fast, easy to deploy, and applicable to a wide range of platforms, but its security is poor; the OpenVPN scheme has high security, but configuration difficulties and large delays; High performance, easy to deploy, but slow, there is no perfect solution to solve all problems

[0004] Traditional network communication systems usually use a single Internet access method and a single VPN solution. Once a failure occurs, the normal development of the business cannot be guaranteed, and the possible backdoor of the loophole cannot be avoided, and there is a possibility of being cracked. What's more, Several existing VPN solutions have been found to contain malware,

[0005] The technical disadvantages of VPN itself make it vulnerable to eavesdropping, disguise, man-in-the-middle and other attacks

Traditional network communication systems usually use static Internet access methods, data encryption and identity verification methods basically use fixed algorithms, and network security devices generally use fixed security policies. Source traceability, vulnerable to new types of network attacks such as APT

[0006] The singleness, staticity, and fixity of the traditional network communication system make it have various security defects. The traffic characteristics of the communication system are obvious, easy to trace the source, a single Internet access method, static encryption and authentication algorithms, and fixed network security policies. , the traffic characteristics are relatively obvious, it is easy to be monitored and traced by network attackers, and it is difficult to resist various new types of network attacks, which is not conducive to the development of high-security services

Images