CN-122027213-A - Method and system for rapidly checking data integrity of unidirectional link

Abstract

The invention discloses a method and a system for rapidly checking the integrity of unidirectional link data, which relate to the technical field of communication safety, and the method comprises the steps of determining whistle frame intervals and fingerprint sampling layout in a window according to a preset rule, sending whistle frames and forming effective anchor points on a receiving side according to tolerance check; dividing data to be checked according to block length and generating a block-level quick check value, checking according to arrival, extracting sparse fingerprints on a data stream according to a fingerprint sampling layout, sending, reckoning and comparing at corresponding positions, judging that a window does not pass when whistle frame interval is accumulated out of range or an effective anchor point is insufficient, otherwise, establishing an anchor neighborhood by the effective anchor point, counting expected sampling hit and free, synthesizing whistle finger coupling steady quantity, and judging that the window passes when the block-level quick check passes, the sparse fingerprints are consistent and the whistle finger coupling steady quantity is larger than a threshold value. The unidirectional link transmission consistency assessment is realized by combining whistle frame time sequence, block check and fingerprint sampling in a time window, and the abnormal screening and tampering detection capability is improved.

Inventors

• GAO LIFANG
• SHEN PEIPEI
• LIU ZIZHOU
• SONG ZHENGZHENG
• SUN ZHIHUAN
• CHEN LIANDONG
• ZHAO LINCONG
• ZHAO JIANBIN
• LIU XIANTONG
• LI CHENGZHU
• CHENG KAI
• Guo Chenhu
• ZHANG LEI

Assignees

• 国网河北省电力有限公司信息通信分公司

Dates

Publication Date

20260512

Application Date

20251231

Claims (10)

1. 1. A method for rapidly verifying the integrity of unidirectional link data, comprising: determining whistle frame intervals and fingerprint sampling layout in a window according to a preset rule, transmitting whistle frames, and checking adjacent intervals according to tolerance on a receiving side to form effective anchor points; Dividing data to be checked according to the block length, generating a block-level quick check value for each block, and checking immediately according to arrival; Extracting sparse fingerprints on a data stream according to a fingerprint sampling layout, sending the sparse fingerprints, and recalculating and comparing the sparse fingerprints at corresponding positions; if the number of adjacent whistle frame interval crossing accumulation reaches the preset times or the number of effective anchor points is smaller than the preset number, judging that the window does not pass, otherwise, establishing an anchor neighborhood by the effective anchor points, counting expected sampling hit and free, and synthesizing whistle finger coupling stability; and when the block-level quick check of all the data blocks in the window passes, the sparse fingerprints are consistent, and the whistle finger coupling stability is larger than a threshold value, determining that the data integrity check of the window passes.
2. 2. The method for quickly checking the integrity of unidirectional link data according to claim 1, wherein the preset rule comprises: determining a reference whistle frame interval based on a target latency and an expected throughput of the link; Constructing an interval tolerance interval by taking a reference whistle frame interval as a center; determining the preset number of effective anchor points according to the number of whistle frames scheduled to be sent in a window and the preset proportion; And determining the accumulated preset times of adjacent whistle frame interval crossing according to the maximum allowable abnormal whistle frame proportion in the window.
3. 3. The method of claim 1, wherein an anchor neighborhood time window is established for each active anchor point based on a reference whistle frame interval, and the width of the anchor neighborhood time window is determined according to a combination of the reference whistle frame interval and the tolerance interval, and each anchor neighborhood comprises at least one expected sampling position.
4. 4. The method for quickly checking the integrity of unidirectional link data according to claim 1, wherein when the data to be checked is divided into blocks, the block length is selected from a preset set of block lengths, when the link occupation approaches to an upper limit or the processing capacity is reduced, the block length is automatically switched to a smaller block length gear in the set of block lengths, and the number of parallel check channels is increased at the receiving side so as to maintain the completion time limit of the instant check of the data blocks in the window.
5. 5. The method of claim 1, wherein the block-level fast check value is generated by performing cyclic redundancy check on the content of the data block and the block sequence information and the window identification information corresponding to the data block, and the receiving side independently calculates and compares the block-level fast check value to the data block according to the same check polynomial, the block sequence information and the window identification information.
6. 6. The method of claim 1, wherein the fingerprint sampling layout is determined by combining fixed-step sampling with session-related offset sampling, wherein the fixed-step sampling selects sampling positions at equal intervals of the sequence number of the data block, and the session-related offset sampling calculates an offset direction and an offset distance according to the window identifier and the session identifier and is limited within a preset maximum offset range.
7. 7. The method for quickly verifying the data integrity of the unidirectional link according to claim 1, wherein the neighborhood content of the sparse fingerprint formed by the data block with the sampling position and a plurality of data blocks before and after the data block is calculated by an irreversible digest algorithm, the maximum span of the neighborhood is limited by configuration parameters, and each sparse fingerprint records the corresponding block sequence range and digest type in directory information.
8. 8. The method for quickly verifying the data integrity of the unidirectional link according to claim 1, wherein the synthesizing of the whistle finger coupling stability quantity comprises the steps of counting hit times of expected sampling positions in each anchor neighborhood and obtaining hit ratios, counting the number of sampling positions outside any anchor neighborhood and obtaining free duty ratios, dividing the whistle finger coupling stability quantity into Gao Wenheng grades, medium stability grade and low stability grade according to the combination relation of the hit ratios and the free duty ratios relative to a preset hit threshold value and the free threshold value, and enabling the whistle finger coupling stability quantity corresponding to the high stability grade to be larger than the threshold value.
9. 9. The method for rapidly verifying the data integrity of a unidirectional link according to claim 1, wherein the transmission sequence is a whistle frame, a catalogue frame, a data block frame and a fingerprint frame, the catalogue frame at least comprises a window identifier, a planned whistle frame number, a total number of data blocks in a window, a data block sequence number corresponding to each fingerprint sampling position and an offset mode, the receiving side pre-allocates a buffer area and a verification task according to the catalogue frame, and outputs an error data block sequence number, an anchor neighborhood which does not meet the condition and a corresponding free sampling position when the window verification fails.
10. 10. A unidirectional link data integrity quick verification system for implementing a unidirectional link data integrity quick verification method as claimed in any one of claims 1 to 9, comprising: the anchor point generating module is used for determining whistle frame intervals and fingerprint sampling layout in a window according to a preset rule, sending whistle frames and checking adjacent intervals according to tolerance on a receiving side to form effective anchor points; the block verification module is used for dividing the data to be verified according to the block length and generating a block-level quick verification value for each block, and verifying immediately according to the arrival; A fingerprint comparison module, which is to extract sparse fingerprints on a data stream according to a fingerprint sampling layout and send the sparse fingerprints, and to recalculate and compare the sparse fingerprints at corresponding positions; The coupling steady module judges that the window does not pass when the accumulation of the interval crossing of adjacent whistle frames reaches the preset times or the number of the effective anchor points is smaller than the preset number, otherwise, the effective anchor points are used for establishing anchor neighborhoods, counting expected sampling hits and wander, and synthesizing whistle finger coupling steady quantity; and the integrity judging module is used for judging that the data integrity of the window passes when the block level quick check of all the data blocks in the window passes, the sparse fingerprints are consistent and the whistle coupling stability is greater than a threshold value.

Description

Method and system for rapidly checking data integrity of unidirectional link Technical Field The invention relates to the technical field of communication safety, in particular to a method and a system for rapidly checking the data integrity of a unidirectional link. Background In the prior art, data integrity check on a unidirectional link generally depends on a frame check sequence, a cyclic redundancy check, a message digest and other modes to perform integrity detection on a single message or a data block. The method can find out bit level errors or obvious tampering behaviors, but lacks correlation analysis on the overall data transmission behaviors in a time window, and is difficult to identify attack means such as cache rearrangement, selective forwarding, delay injection and the like realized by utilizing time sequence and scheduling behaviors in time. In addition, the existing unidirectional link integrity checking scheme generally carries out time sequence detection and content detection splitting treatment, namely a heartbeat message or sequence number mechanism is only used for judging whether a link is interrupted or not or whether a message is lost, data content checking is only carried out on a single message or a single data block, a mechanism for carrying out coupling measurement on time anchoring behaviors and content sampling behaviors is lacked, and the unidirectional link transmission process cannot be rapidly and reliably integrally evaluated from the joint consistency of time dimension and content dimension. Particularly, under the scene of high concurrency and high throughput, if the full-strength verification is simply relied on, the calculation load is easy to be too high, the time delay is easy to be increased, and the dual constraint on instantaneity and resource consumption in engineering application is difficult to be met. In summary, in the prior art, the one-way link data integrity verification has the common problems that the whole transmission behavior is lack, the stable and effective time anchor point is difficult to construct by utilizing whistle frame and other time information, the sampling fingerprint is decoupled from the link time characteristic, the cache rearrangement, the selective forwarding and other behaviors are difficult to be identified in a targeted manner, an index system for carrying out joint quantization on a time sequence anchor result and a content sampling result is lacked, and the quick judgment and positioning are difficult to realize while the detection capability is ensured. Therefore, it is necessary to provide a method and a system for quickly verifying the data integrity, which are oriented to unidirectional links and establish a coupling relationship between time sequence anchoring and content sampling, and the computing overhead and the instantaneity are both considered on the premise of ensuring the safety. Disclosure of Invention Based on the above-mentioned drawbacks of the prior art, the present invention is directed to a method and a system for fast checking the integrity of unidirectional link data, so as to solve the above-mentioned technical problems. In order to achieve the purpose, the invention provides the following technical scheme that the method for rapidly checking the data integrity of the unidirectional link comprises the following steps: determining whistle frame intervals and fingerprint sampling layout in a window according to a preset rule, transmitting whistle frames, and checking adjacent intervals according to tolerance on a receiving side to form effective anchor points; Dividing data to be checked according to the block length, generating a block-level quick check value for each block, and checking immediately according to arrival; Extracting sparse fingerprints on a data stream according to a fingerprint sampling layout, sending the sparse fingerprints, and recalculating and comparing the sparse fingerprints at corresponding positions; if the number of adjacent whistle frame interval crossing accumulation reaches the preset times or the number of effective anchor points is smaller than the preset number, judging that the window does not pass, otherwise, establishing an anchor neighborhood by the effective anchor points, counting expected sampling hit and free, and synthesizing whistle finger coupling stability; and when the block-level quick check of all the data blocks in the window passes, the sparse fingerprints are consistent, and the whistle finger coupling stability is larger than a threshold value, determining that the data integrity check of the window passes. The invention is further configured that the preset rule includes: determining a reference whistle frame interval based on a target latency and an expected throughput of the link; Constructing an interval tolerance interval by taking a reference whistle frame interval as a center; determining the preset number of effective anchor points according to