Design And Evaluation Of Multi-channel Security Isolation And Transmission Security Protection System Model

Due to the increasing demand for data interaction between classified organizations,public channel resources such as the Internet have to be sought to meet the transmission needs.Facing such demands and supporting their theoretical completeness has become an important issue to be faced and solved.To address the above issues,this thesis presents the basic security elements of a multi-channel security isolation and transmission security protection system,establishes a generic theoretical model of the system,and gives the provable security of the system under normal operation.The theoretical model is abstracted into a functional tree,according to which actual systems designed or evaluated can be mapped onto the theoretical model of proven security.For the fragmentation system,a key component of the system,the pseudo-entropy-based fragmentation scheme(PEFS)is designed,its correctness and security are analyzed,the fragmentation scheme design and evaluation method is proposed,and the PEFS is compared and analyzed to verify its superiority.A system evaluation method based on a combinatorial assignment method is proposed to realize the evaluation of its security and performance.Finally,the evaluation system is implemented and validated,and examples are analyzed.The main work and innovations of this paper are as follows:(1)First,a generic theoretical model is constructed.The basic conditions of a classified system are formally defined as permission configuration and data manipulation.A definition of secure data exchange is introduced,based on which a data interaction process in which an eavesdropper is present in the channel and still secure is defined as a secure data transfer.An innovative series of definitions of security: isolation security is defined formally by the probability of an adversary inferring the remaining information based on partial information;four definitions of isolation security with different strengths and weaknesses are given by distinguishing adversary capabilities into collaborative and non-collaborative categories;fragmentation schemes are graded using pseudo-entropy,and their security is analyzed.Based on the above security elements,a Turing machinebased system model is innovatively proposed to give provable security under normal operation of the system,providing theoretical security validation for the theoretical model.(2)A system evaluation scheme is designed.The system function tree is used as an example of an abstraction strategy for the theoretical model.The function tree describes the process of transmission of various functional components of both the transmitter and the receiver through multiple channels.For one of the key components,the fragmentation component,innovative design of the PEFS,which prevents eavesdroppers from colluding with each other to form more powerful attacks.The correctness and security of the scheme are analyzed,and an evaluation algorithm for the fragmentation scheme is proposed.By comparing the experiments with the traditional continuous fragmentation scheme,it is shown that PEFS is superior in practical transmission scenarios.The evaluation method of the system based on the combinatorial assignment method is proposed.(3)The evaluation method of the system is designed and implemented.The overall evaluation system is completed by using the GUI component that comes with Python;the effectiveness of the evaluation system is verified in a realistic scenario;and the quantitative evaluation of the overall performance of the system is achieved,which provides a reference for the system design and evaluation while completing the practical verification of the system.