Search

CN-121690860-B - Self-adaptive real-time digital signal encryption processing system

CN121690860BCN 121690860 BCN121690860 BCN 121690860BCN-121690860-B

Abstract

The invention discloses a self-adaptive real-time digital signal encryption processing system which comprises a signal processing module, a risk assessment module, a parameter control module, an association mapping module, an encryption processing module, a blockchain certification module and a security updating module, wherein the signal processing module is used for acquiring multi-source digital signals, marking time stamps and standardizing to generate standard signal streams, the risk assessment module is used for assessing risk to generate security grades according to terminal security, firewall and historical attack characteristics, the parameter control module is used for constructing a control vector to determine elliptic curve encryption parameters, key length and updating period, the association mapping module is used for hash generation of an abstract and mapping the control vector of a sliding window, the encryption processing module is used for encrypting elliptic curve segments to generate encryption signal streams, the blockchain certification module is used for writing blockchains in time to form verifiable certificates, and the security updating module is used for outputting encryption signals and synchronously updating terminal security and firewall strategies. The invention realizes the self-adaptive encryption, hash check and blockchain storage of the digital signal, and improves the safety, the integrity and the traceability.

Inventors

  • ZHANG XIAOFENG
  • ZHU YUNFENG
  • LI HONGXING
  • ZHANG ZHIYONG

Assignees

  • 东华理工大学南昌校区

Dates

Publication Date
20260508
Application Date
20260207

Claims (8)

  1. 1. An adaptive real-time digital signal encryption processing system, comprising: the system comprises a signal processing module, a risk assessment module, a parameter control module, an association mapping module, an encryption processing module, a block chain evidence storage module and a security updating module; the modules are realized by the following method: S1, acquiring real-time digital signals from a plurality of signal sources in an Internet of things environment through a signal processing module, and performing time stamp marking and signal format standardization processing on the real-time digital signals to generate standardized digital signal streams; s2, performing risk assessment on the digital signal stream through a risk assessment module, and generating a corresponding security risk level identifier based on the security state of the terminal, the firewall policy parameters and the historical attack characteristic data; The step S2 specifically comprises the following steps: S21, carrying out terminal binding analysis on the digital signal stream, reading terminal identification information corresponding to the digital signal stream, and calling terminal security state data associated with the terminal identification information, wherein the terminal security state data comprises terminal firmware integrity marks, running environment credibility marks and access behavior statistical characteristics; S22, matching the transmission path information of the digital signal stream with the current firewall policy parameters, extracting firewall rule hit records, port access sequences and protocol behavior characteristics, and forming firewall behavior characteristic vectors corresponding to the digital signal stream, wherein the method specifically comprises the following steps: Extracting transmission path information of a digital signal stream, wherein the transmission path information comprises a source IP, a destination IP, a source port, a destination port and a protocol type; the transmission path information is compared with the access control rules recorded in the firewall policy table one by one, wherein the firewall policy table stores network access control rules, including source IP, destination IP, source port, destination port, protocol type and rule priority information, and the method specifically comprises the following steps: Screening hit rules according to the strategy priority; performing rule condition verification on hit rules, including port range matching, protocol consistency check and time window limit judgment, and simultaneously counting hit times and hit sequences of each rule; Converting the hit result into a numeric feature vector, wherein the numeric feature vector comprises a rule hit mark, an access frequency, a port abnormality index and a protocol abnormality index; Arranging the feature vectors according to the time sequence of the digital signal stream to form a complete firewall behavior feature vector sequence, and providing input basis for security risk level generation; S23, based on time sequence characteristics, frequency domain characteristics and data packet structure characteristics of the digital signal stream, performing characteristic alignment processing from a historical attack characteristic data set to generate an attack similarity characteristic set matched with the current digital signal stream; s24, carrying out joint evaluation processing on the terminal security state data, the firewall behavior feature vector and the attack similarity feature set, generating a unique determined security risk level identifier according to a preset risk classification rule, and establishing a one-to-one correspondence between the security risk level identifier and the digital signal stream; s3, constructing a parameter control vector according to the security risk level mark through a parameter control module, wherein the parameter control vector is used for determining curve parameters, key length and updating period of an elliptic curve encryption algorithm; The step S3 specifically comprises the following steps: S31, receiving a security risk level identifier corresponding to a digital signal stream, and mapping the security risk level identifier to a preset parameter mapping table, wherein the parameter mapping table records elliptic curve types, curve parameter ranges, key length intervals and key updating period intervals corresponding to different risk levels; S32, calculating a selected curve parameter value according to the curve parameter range of the corresponding risk level in the parameter mapping table and according to the characteristic intensity, the encryption performance requirement and the real-time processing delay limit of the digital signal stream, wherein the curve parameter value is determined by a base point coordinate, a curve coefficient and a finite field prime number through a dynamic weighting algorithm, and the weight is determined by the risk level and the signal fluctuation characteristic; S33, calculating the key length of an elliptic curve encryption algorithm by combining the security risk level identifier and the data packet length and the transmission rate of the digital signal stream, wherein the key length is generated in a selected key length interval in a scaling mapping mode and is adjusted to ensure that the encryption strength is matched with the instantaneity; s34, determining an updating period of the elliptic curve key according to the security risk level identification and the updating frequency of the digital signal stream, wherein the updating period is adjusted by a risk weighting factor, so that a high risk level corresponds to a shorter key updating period and a low risk level corresponds to a longer updating period; s35, integrating curve parameters, key length and key updating period into parameter control vectors; s4, performing hash operation on the digital signal stream according to the sliding time window through an association mapping module, generating hash abstract sequences corresponding to the sliding time window one by one, and carrying out association mapping on the hash abstract sequences and parameter control vectors; s5, performing real-time segment encryption processing on the digital signal stream by adopting an elliptic curve encryption algorithm based on the parameter control vector through an encryption processing module to generate an encrypted digital signal stream consistent with the hash digest sequence; S6, writing the hash abstract sequence corresponding to the encrypted digital signal stream and the security risk level identifier into a blockchain account book according to a time sequence through a blockchain evidence storage module to form an verifiable encrypted signal evidence storage record; s7, outputting the encrypted digital signal stream written in by the block chain to a transmission channel through a security updating module, and executing synchronous updating on the security state of the terminal and the firewall policy parameters based on the block chain account book record.
  2. 2. The adaptive real-time digital signal encryption processing system according to claim 1, wherein the real-time digital signals are accessed in parallel through a multi-channel acquisition interface disposed at a terminal side of the internet of things, a uniform time stamp generated by a high-precision clock source is added to each path of real-time digital signals in the acquisition process, consistency correction processing is performed on a sampling rate, a quantized bit width and a data frame length according to a preset signal type identifier, byte order rearrangement, data field alignment and redundant control field stripping operations are performed on the real-time digital signals with finished time stamp marks, real-time digital signals with different sources and different formats are recombined into a standardized data frame sequence with continuous time and uniform structure, and finally a standardized digital signal stream capable of being processed sequentially is formed according to the time stamp sequence.
  3. 3. The adaptive real-time digital signal encryption processing system according to claim 1, wherein S32 specifically comprises: s321, extracting base point coordinates, curve coefficients and finite field prime numbers from a predefined parameter set of an elliptic curve type; S322, generating a dynamic weighting coefficient according to the amplitude change rate, the time sequence fluctuation amplitude and the risk level weight of the digital signal stream, normalizing the weights, and then performing linear combination to calculate the final value of the curve coefficient; s323, carrying out modular operation adjustment on the base point coordinates according to the finite field prime numbers to enable the curve to meet the requirements of non-singularities and encryption intensity, and outputting curve parameter values matched with the characteristics of the digital signal stream.
  4. 4. The adaptive real-time digital signal encryption processing system according to claim 1, wherein S35 specifically comprises: S351, sequentially writing the base point coordinates of the elliptic curve, the curve coefficients and the finite field prime numbers into an initial storage area according to a fixed byte sequence by distributing continuous storage units in a memory; s352, attaching the calculated key length to the back of the curve parameters in a binary form; S353, adding the key update period to the key length by a millisecond count value, and simultaneously storing a corresponding security risk level identifier and a digital signal stream time window identifier in the control vector head; S354, performing checksum generation operation, performing exclusive OR and accumulation operation on curve parameters, key length and data blocks of a key updating period to generate a check value, and attaching the check value to the tail part of the vector; S355, finally forming a parameter control vector to realize unified management and serializable transmission.
  5. 5. The adaptive real-time digital signal encryption processing system according to claim 1, wherein S4 specifically comprises: S41, segmenting the digital signal stream according to preset sliding time windows, wherein each time window comprises a fixed number of continuous data frames, and generating a unique identifier for each time window for indexing the corresponding data segment; S42, sequentially reading byte streams of the data segments of each time window in a memory buffer area, performing byte-by-byte accumulation and nonlinear replacement operation according to a preset hash algorithm, performing exclusive or and shift operation on hash state values of each byte and the previous byte, and performing iterative calculation to generate a preliminary hash value; S43, carrying out mixed mapping on the preliminary hash value, the unique identifier of the current time window, the security risk level in the parameter control vector and the curve parameter index, executing multiple rounds of nonlinear hash operation, generating a final hash abstract, and storing the final hash abstract in a time sequence array to form a hash abstract sequence corresponding to each sliding time window one by one; S44, adding a time stamp and a sliding window index to each hash digest in the hash digest sequence, realizing accurate corresponding relation with the original digital signal stream, the parameter control vector and the security risk level, and providing an input mapping basis for real-time segmentation encryption processing.
  6. 6. The adaptive real-time digital signal encryption processing system according to claim 1, wherein S5 specifically comprises: S51, dividing the digital signal stream into a plurality of segmented data units according to a sliding time window, and distributing a continuous storage buffer area in a memory for each segmented data unit for temporarily storing an original data frame before encryption; S52, reading elliptic curve base point coordinates, curve coefficients, finite field prime numbers, key length and key updating period of a corresponding time window from the parameter control vector, applying the key length to generate elliptic curve public and private key pairs of the time window, and disturbing an initial key seed according to a risk level weighted random number in the key generation process to ensure the uniqueness and the safety of the key; S53, for each segmented data unit, byte-by-byte encryption operation is carried out according to an elliptic curve encryption algorithm, the data value of each byte is mapped into point coordinates on an elliptic curve, ciphertext coordinates are generated through public key operation, and then the ciphertext coordinate sequences are stored in an encryption buffer area according to the sequence of original data frames to form an encrypted digital signal unit corresponding to a time window; s54, after encryption is completed, each encrypted digital signal unit and the corresponding hash digest sequence are subjected to check mapping, so that the encrypted data and the hash digest sequence are ensured to be accurately corresponding, then the encrypted digital signal units are combined according to the time window sequence, and an encrypted digital signal stream consistent with the hash digest sequence is output, so that real-time segmented encryption processing is realized.
  7. 7. The adaptive real-time digital signal encryption processing system according to claim 1, wherein S6 specifically comprises: S61, combining the digital signal stream subjected to real-time segmented encryption with a corresponding hash abstract sequence and a corresponding security risk level identifier according to a time window sequence to form encrypted data blocks, and attaching a time stamp, a sliding window index and a parameter control vector identifier to the head of each encrypted data block for uniquely identifying the data block and the corresponding security attribute thereof; S62, sequentially inputting a time stamp, a hash abstract sequence, a security risk level identifier and a block hash value of a previous block into hash operation aiming at an encrypted data block to generate a block-level hash value, and attaching the block-level hash value to the tail part of the data block to realize the integrity connection of a chain structure; And S63, verifying the generated blocks according to a block chain consensus protocol, and executing distributed synchronization among nodes, wherein the distributed synchronization comprises verification of time sequence, hash consistency and risk level identification mapping relation, writing the blocks into a block chain account book after consensus verification, and updating a block index table to realize verifiable certificate storage records of each encrypted digital signal and hash abstract and security risk level thereof.
  8. 8. The adaptive real-time digital signal encryption processing system according to claim 7, wherein the generating process of the block-level hash value specifically comprises: Sequentially loading a head time stamp, a sliding window index, a hash abstract sequence, a security risk level identifier and a block hash value of a previous block of each encrypted data block into a memory buffer area; splicing the byte streams into a continuous byte stream according to a fixed byte sequence, performing iterative operation of a cryptographic hash algorithm on the byte stream section by section, and updating the current hash state value by exclusive or, shift, nonlinear replacement and accumulation operation on each section; And finally, finishing iteration to generate a unique block-level hash value, attaching the block-level hash value to the tail of a data block, and simultaneously establishing a chain reference pointer pointing to the previous block hash value in a memory to realize the logical association of the integrity check of a block chain data block and the sequence of the previous block and the next block, thereby providing basic data for distributed verification and account book writing.

Description

Self-adaptive real-time digital signal encryption processing system Technical Field The invention relates to the technical field of information security and cryptography, in particular to a self-adaptive real-time digital signal encryption processing system. Background In the field of the existing internet of things communication and digital signal processing, real-time digital signals are easy to be threatened by data tampering, signal leakage and malicious attack in the transmission and processing processes. The traditional encryption method generally adopts a fixed algorithm and a static key to encrypt the digital signals, and the method can not dynamically adjust the encryption strategy according to the security states, signal characteristics and network environments of different terminals, so that the security is insufficient in a high-risk environment, and the computing resources and the transmission bandwidth are wasted in a low-risk environment. In addition, the existing real-time digital signal encryption technology mainly performs signal processing and encryption processing as independent processes sequentially, lacks an adaptive control mechanism aiming at time sequence signal characteristics and network dynamic changes, and is difficult to ensure signal instantaneity and segmentation processing efficiency while ensuring encryption strength. Especially in large-scale Internet of things deployment, the security states, firewall policies and historical attack behaviors of different terminals are obviously different, and the dynamic changes cannot be effectively treated by traditional static encryption, so that the security and reliability of the whole system are affected. In terms of digital signal integrity verification, the prior art generally relies on a single hash or message digest algorithm, but lacks a close association with encryption policies, risk levels, and segmentation time windows, and cannot accurately verify and trace back a real-time segmented signal. In addition, the conventional method is limited to local or centralized storage for storing the encrypted data, so that the method cannot realize non-falsification, verification and distributed management, and is difficult to meet the end-to-end data security and compliance requirements in the environment of the Internet of things. Therefore, how to provide an adaptive real-time digital signal encryption processing system is a problem that needs to be solved by those skilled in the art. Disclosure of Invention The invention aims to provide a self-adaptive real-time digital signal encryption processing system, which fully utilizes the acquisition technology of the Internet of things, elliptic curve encryption algorithm, sliding time window hash operation and blockchain distributed evidence storage technology, and describes the specific implementation processes of risk assessment, parameter control vector construction, real-time segmented encryption and verifiable evidence storage of digital signal streams in detail, and has the advantages of high safety, strong real-time performance, good traceability and distributed tamper resistance. An adaptive real-time digital signal encryption processing system according to an embodiment of the present invention includes: The signal processing module is used for collecting real-time digital signals from a plurality of signal sources, performing time stamp marking and signal format normalization processing on the real-time digital signals and generating a standardized digital signal stream; the risk assessment module is used for carrying out risk assessment on the digital signal stream and generating a corresponding security risk level identifier based on the security state of the terminal, the firewall policy parameters and the historical attack characteristic data; the parameter control module is used for constructing a parameter control vector according to the security risk level identification, wherein the parameter control vector is used for determining curve parameters, key length and updating period of the elliptic curve encryption algorithm; the association mapping module is used for performing hash operation on the digital signal stream according to the sliding time window, generating a corresponding hash digest sequence and carrying out association mapping on the hash digest sequence and the parameter control vector; The encryption processing module is used for performing real-time segmented encryption processing on the digital signal stream by adopting an elliptic curve encryption algorithm to generate an encrypted digital signal stream consistent with the hash digest sequence; the block chain certification module is used for writing the hash abstract sequence corresponding to the encrypted digital signal flow and the security risk level identifier into the block chain account book according to the time sequence to form a verifiable encrypted signal certification record; And the securit