Design And Implementation Of Multi-level Information Security Interaction USB Flash Disk

USB flash disk is widely used in applications of data storage and information interaction.However,due to its lack of necessary security mechanisms,there is no difference in the protection and control of information of different security levels,resulting in leakage of information and failure of hierarchical protection of military information systems.Although the existing security USB flash disk has enhanced security,it can only be used on a single security level host,and information cannot be exchanged in close level.The above defects limit the application of USB flash disk in the military multi-level environment,and at the same time pose a serious threat to the security of multi-level information interaction.Therefore,there is an urgent need to design security enhancement mechanisms for requirements of multi-level information interaction to implement a multi-level information security interaction USB flash disk to solve the problem of multi-level information interaction security in military information systems.According to the security requirements of USB flash disk in the military multi-level environment,a system security model is established to define the security mechanisms the system should have and the security functions it provides.Based on this model,the realization layers of security functions are divided,and the overall structure of the system is designed,which lays a theoretical foundation for the research and implementation of multi-level information security interaction USB flash disk.Aiming at the problems that on line authentication center cannot be set up in multi-level environment and the existing authentication protocol does not mark the host’s security level,a mutual authentication and key agreement protocol is designed,which supports off-line authentication and is able to mark and identify the host’s security level.The protocol uses a trusted third party to distribute identity certificates containing label of security level for hosts and devices.Identity authentication and key negotiation are implemented by verifying the validity of the certificates and the correctness of negotiated keys.The analysis shows that the proposed protocol achieves high security with low storage cost and small number of pre-shared authentication parameters,which can meet the security requirements of identifying the host’s security level and negotiating key for removable storage device in a military multi-level environment.Aiming at the problem of low security and lack of universality in the current access control scheme of USB flash disk,an access control scheme of memory is designed,whose security policy is user-defined,and control logic is implemented by hardware.According to structural features and pin’s functions of Nand Flash,physical isolation and gating logic of memory is designed to achieve multi-partitions physical isolation for USB flash disk.And read-write control logic of memory is designed to achieve multi-partitions controlled access based on security policy for USB flash disk.The proposed scheme has high security and strong universality,meeting the security requirements of multi-partitions physical isolation and controlled access for USB flash disk.Aiming at the problem that the existing schemes cannot hierarchically encrypt and decrypt for multi-level information,a multi-level encryption and decryption scheme is designed.The scheme uses a one-way hash function to construct the relational parameters and designs a key derivation algorithm.The key component of the level is the only need for the host to derive the target partition key with the permission to read or write,thereby realizing multi-level encryption and decryption.Under the premise of ensuring the security of keys,multi-level key management is simplified,and multi-level encryption and decryption is realized,which meets the security needs of data classification protection and encrypted storage for multiple partitions of USB flash disk.Combined with the above three security mechanisms,a prototype system of multi-level information security interaction USB flash disk was implemented based on the overall architecture of the system,and its security functions were tested.Experimental results show that the prototype system can achieve security functions such as identifying the host’s security level,transmission encryption,multi-partitions controlled access and multi-partitions hierarchical encryption.It can meet the security requirements of USB flash disk in multi-level environment,and is of great significance on strengthening the security of multi-level information interaction in military information systems.