通信学报 ›› 2014, Vol. 35 ›› Issue (11): 96-106.doi: 10.11959/j.issn.1000-436x.2014.11.011

• 网络安全 • 上一篇    下一篇

抗隐蔽通道的网络隔离通信方案

李凤华1,谈苗苗2,樊凯,耿魁1,2,赵甫3   

  1. 1 中国科学院 信息工程研究所 信息安全国家重点实验室,北京 100093
    2 西安电子科技大学 通信工程学院,陕西 西安 710071
    3 北京航天数控系统有限公司,北京100854
  • 出版日期:2014-11-25 发布日期:2017-06-20
  • 基金资助:
    国家自然科学基金资助项目;国家高技术研究发展计划(“863“计划)基金资助项目;国家高技术研究发展计划(“863“计划)基金资助项目;数字版权保护技术研发工程基金资助项目

Network isolation communication scheme to resist against covert channel

Feng-hua LI1,Miao-miao TAN2,Kai FAN,Kui GENG1,2,Fu ZHAO3   

  1. 1 State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Science,Beijing 100093
    2 School of Telecommunication Engineering,Xidian University,Xi’an 710071,China
    3 Beijing Aerospace Numerical Control System Co.,Ltd,Beijing 100854,China
  • Online:2014-11-25 Published:2017-06-20
  • Supported by:
    The National Natural Science Foundation of China;The National High-Tech R&D Program of China (863 Program);The National High-Tech R&D Program of China (863 Program);The Major Science and Technology Project of Press and Publication-Research and Development

摘要:

摘 要:随着网络技术的发展,广泛互联互通的异构网络间的信息交互越来越频繁。为有效保障信息跨网安全实时交换,提出了一种抗隐蔽通道的网络隔离通信方案(NICS,network isolation communication scheme)。建立了NICS理论模型,基于信息论理论证明了该方案的正确性,并给出了具体的实施方案。安全特性分析表明,NICS 可有效解决不同网络的通信协议均存在潜在的数据分组大小隐蔽通道与状态信息隐蔽通道的问题;在交互相同信息量的前提下,可实现与物理隔离等价的抗隐蔽通道的安全效果。

关键词: 网络隔离, 隐蔽通道, 数据分组长度, 状态信息

Abstract:

With the rapid development of network technologies,real-time information exchanging between heterogeneous networks becomes more frequently.To effectively guarantee the secure and real-time information exchanging crossing different networks,a network isolation communication scheme (NICS) is proposed to resist against covert channel.A newly theoretical model of NICS is designed and proved based on the information theory,and followed with a specific solution.Security analysis indicates that the NICS is able to effectively solve problems of the potential packet lengths’ covert channel (PLCC) and the status covert channel (SCC) in most of the existing work; and,given similar amount of information for exchanging,the NICS can achieve equivalent security degree with the physical isolation in terms of resisting against the covert channel.

Key words: network isolation, covert channel, length of the data packet, status information

No Suggested Reading articles found!