摘要
针对流交换中网络抖动和流变换导致的流指纹不可用、不可信问题,提出了基于自适应流特征的半脆弱流指纹编码方案(ACSF)。首先,采用流特征参数作为生成哈希消息验证码(HMAC)密钥、确定HMAC置乱方式以及选择伪噪声(PN)码初始相位的依据,将密钥空间提高到O((k+1)·(S·O(KEN))),增加了敌手穷举的计算复杂度;同时,增加流指纹自适应性,将解码计算复杂度降低到O(k2·l·nf),提高了解码效率。其次,采用直接序列扩频(DSSS)技术,在多流互扰强度达到66.7%时,解码正确率可以达到90%以上,实现了过滤非恶意处理;而且,采用HMAC技术,使得篡改定位准确率为98.3%以上,使指纹具有半脆弱性。最后,对ACSF的安全性、篡改定位能力和抗干扰能力进行了理论分析和实验验证。
Aiming at unavailability and unreliability of net-flow fingerprint caused by net-flow transformation and network jitter, a semi-fragile net-flow fingerprint coding scheme based on adaptive net-flow characteristic (ACSF) was proposed. Firstly, ACSF generated Hash Message Authentication Code (HMAC) encryption key, determined HMAC scrambling method and chose the initial phase of the Pseudo-Noise (PN) code in accordance with net-flow characteristic parameters. The space of secret key was enlarged to O( (k + 1) · (S· O(K_EN))), so as to increase computational complexity of compromising. Besides, net-flow fingerprint was made to have the capability of self-adaption. It decreased the computational complexity of decoder to O (k^2 · l · n_f), which enhanced the efficiency of decoding. Secondly, in order to be semi-fragile net-flow fingerprint, Direct Sequence Spread Spectrum (DSSS) was used to flher non-malicious disposing. It can reach more than 90% correctness under the condition of 66.7% multi-flow disturbance rate. Besides, HMAC was used to locate malicious tamper, which could correctly locate malicious tamper at least 98. 3%. Finally, the security, accuracy of tamper localization and resisting disturbance capability of ACSF were analyzed and verified by experiments.
出处
《计算机应用》
CSCD
北大核心
2015年第3期704-711,721,共9页
journal of Computer Applications
基金
国家973计划项目(2011CB311801)
国家863计划项目(2012AA012704)
郑州市科技领军人才项目(131PLKRC644)
关键词
流交换
流特征
自适应
篡改定位
抗干扰能力
半脆弱流指纹
net-flow exchange
net-flow characteristic
self-adaption
temper localization
resisting disturbancecapability
semi-fragile net-flow fingerprint
