Discussion on the security of engineering project information management?

Internet-Construction Project Information Management (I-CPIM) refers to the effective quantitative management of the progress, investment, contract and quality of construction projects based on advanced and mature project management software. On this basis, a new project management model (as shown in figure 1) uses modern communication technologies such as the Internet as a platform for project information communication and management coordination.

As the cornerstone of information management, engineering project management software assists the high-level decision-making, middle-level control and grass-roots operation of the project by collecting, storing and analyzing the relevant data in the process of project implementation, thus standardizing the management workflow, improving the efficiency of project management, enhancing the effectiveness of target control, and better adapting to the characteristics of wide coverage, heavy workload, strong constraint and large amount of information in engineering project management [1]oInternet, project extranet [2]. Compared with the traditional way of information exchange, the Internet will be able to obtain cheaper information through different software and hardware more freely and in time.

The construction of I-CPIM is based on the concept of networking. Internet technology is open to any project participants and the public, and any unit or individual can browse the project information [3]. Therefore, security issues such as ensuring the normal operation of the system, the authenticity and reliability of project information, the reasonable setting of user rights, and the system stability of the network environment cannot be ignored.

Typical network information security requirements include: confidentiality (when information is transmitted on the network, the content remains private); Integrity (information does not change during transmission); Undeniability (both the sender and the receiver agree to the occurrence of information exchange) and authenticity (the other party of communication can be identified and is a trusted person) [4]. These four requirements are indispensable, which are reflected in the following aspects in the I-CPIM model:

1 Intrusion by unauthorized users

The Internet is an equal and open system, and anyone can freely access and query the required information. However, this mechanism is based on the rational distribution of certain rights. For example, the owner inside the project can have the right to modify the information, while the general public who access the project information through the Internet outside the project should only have the right to browse, but not the right to modify. The so-called unauthorized user intrusion means that users without corresponding rights invade the network through technology infiltration and private terminal connection, illegally use, destroy and obtain data and system resources, and may intentionally inject illegal or false information and delete the original information, resulting in system confusion. This kind of unauthorized user is called "hacker" for short on the Internet. Hackers often take the form of password decoding, Trojan horse software, viruses and so on. Decrypting passwords is an infinite attempt to embed dictionary files with decryption software. This method is absolutely feasible in theory, but it is not completely effective in practice for various reasons. "Trojan Horse" refers to the background monitoring program that runs simultaneously with the normal program in the network. All the information in the user's local computer will be known by unauthorized users who send Trojan horse programs, and even have the right to operate the system like legitimate users.

Virus intrusion in the network often appears in the form of e-mail. For example, the famous "Melissa" and "Love Bug" viruses spread by hiding in e-mail. When a user accidentally opens an email with a virus, the virus will be activated, lurking in the user's machine, waiting for the opportunity to attack.

Once the conditions are ripe, the virus will explode with amazing destructive power: slow down the system running speed; Delete system information; It can even destroy the hardware facilities of the system. Hackers in the network are not all so horrible, most of them are just to meet their own challenges and stimuli. However, due to the particularity of project information to all parties involved in the project, it is not excluded that individuals deliberately invade and destroy it.

Firewall is the most effective technical scheme to prevent hackers from invading at present. Theoretically speaking, the concept of firewall refers to providing access control function to the network, protecting information resources and avoiding improper access. Physically speaking, the firewall is a filter and limiter set between the project intranet and the Internet, as shown in Figure 2 [[4]].

Using firewall technology to protect the project information network and monitor people's trust in two places:% revealing money to prevent improper intrusion, only allowing authorized information to pass through the firewall as the internal network security guarantee mechanism, which can enhance the internal security of the organization, determine which internal services can be accessed by the outside world, which external services can be accessed by outsiders and which external services can be accessed by insiders, limit the exposure of the project network to the Internet, and avoid the internal security problems of the Internet.

The ideal firewall should have high security, high transparency and good network performance. Because in order to make the firewall effective, all information entering and leaving the Internet must be filtered, checked and controlled by the firewall. If the firewall itself cannot effectively prevent penetration, it will not provide any effective protection for the breakthrough of the project intranet.

2 confidentiality of data transmission

In the process of project implementation, there is always a lot of information flow between the parties involved in the project and between the internal and external users of the project information network. Firewall technology can ensure the security of information data when it is stored in the user terminal, but it can't protect the security of information transmission. In fact, users communicate with each other on the network, and the security risks mainly come from illegal eavesdropping, such as intruders intercepting information transmitted on the line through eavesdropping. Project information contains a certain degree of trade secrets. Once leaked, it will definitely affect the implementation of the project, make the work passive, or fall into the trap set by the other party. Therefore, it is necessary to encrypt the information in the network transmission process and transmit the ciphertext on the network channel, so that even if there are many ciphertexts intercepted in the middle, there is not enough information in the ciphertext to enable the interceptors to uniquely determine the corresponding plaintext and cannot understand the information content.

As early as thousands of years ago, human beings had the idea and method of communication secrecy. In 1949, C.E.Shannon, the founder of information theory, demonstrated that almost all ciphertexts obtained by general encryption methods can be cracked [(4]]. In practical application, as long as a cryptographic system cannot be deciphered by the existing computing resources or the deciphering cost is higher than the information value itself, it can be called computational security.

At present, DES algorithm in block cipher is the earliest and most commonly used algorithm in data communication. This algorithm was successfully developed by IBM in 1975, and was officially confirmed as DES (Data Encryption Standard) in 1977. The encryption idea of ODES algorithm is to input 64-bit plaintext, change T to TO(TO=TP(T)) through initial transposition under the control of 64-bit key, and then pass it to 16 layer. In recent 20 years, people have not found an effective way to decrypt DES by evaluating the ability of existing decryption means. Because of this, DES still occupies an important position in encryption technology with tenacious vitality, although people constantly criticize and discuss DES algorithm.

Public key cryptosystem is another influential block cryptosystem. Different from the traditional cryptosystem, the user's encryption key and decryption key are not the same, so it is very difficult to decrypt the key from the encryption key. Therefore, the user's encryption key can be made public and registered in the network keystore, just as his own phone number is made public in the phone book. Anyone who wants to communicate with this user only needs to find the encryption key of this user in the public key base, encrypt the plaintext into ciphertext with this encryption key, and then send the ciphertext to the designated user. No one can recover plaintext without the decryption key. Users can decrypt the received ciphertext with the decryption key that only they know, and recover the plaintext, thus completing secure communication. The public key system fundamentally overcomes the difficulties of traditional cryptographic systems and solves the problems of key distribution and message authentication.

3 information identity authentication

Identity authentication is an important link to identify and confirm the true identities of both parties in information transmission. Complete and effective authentication functions include: reliability, integrity and non-repudiation, that is, the source of information is credible, and the receiver can confirm that the obtained information is not sent by an impostor; Ensure the integrity of the information during transmission, and the receiver can confirm that the obtained information has not been modified, delayed or replaced during transmission; It is required that the sender of the information cannot deny the information he sent, and similarly, the receiver of the information cannot deny that he received the information.

Traditional letters or documents are based on signatures or seals to prove the authenticity of information. For example, the payment voucher of the project progress payment must be signed by the chief supervision engineer before it can take effect, and the inspection sheet of engineering materials must be signed by the corresponding authorized personnel before it can be used in the project. File receiving and sending system is used to ensure the credibility, integrity and non-repudiation of various file information in transmission. Obviously, it is impossible and unnecessary to use this mixed mode of content network transmission and manual signature authentication for electronic information transmitted by computer network. Network construction itself is to improve the efficiency of information transmission, and the use of artificial mode loses the necessity of network existence.

There are several ways to realize the authentication of network transmission information, such as digital signature, digital certificate, Secure Sockets Layer (SSL) protocol and Certification Authority (CA), among which the digital signature technology generated by the combination of public key cryptosystem and digital digest technology has the advantages of relatively easy implementation and stable and reliable performance. The working principle is shown in Figure 3.

The system adopts three pairs of keys (As, Ag), (b, b) and (Cs, Cg) to realize digital signature technology. First of all, in the sending process of Figure 3-(a), the original text obtains the digest I with the characteristics of the original text through the HAsH algorithm, and digitally signs the information by encrypting the digest 1 with as. Both the original text and the digital signature * * * are encrypted by B to form ciphertext, while Cg encrypts B. Finally, the ciphertext and encryption key (B) are transmitted in the network. Figure 3-(b) When receiving information, the receiver decrypts B with Cs first, then decrypts the ciphertext with B to get the digital signature and the original text, and then gets the digest 2 with the hash algorithm of the original text, and decrypts the digital signature with Ag to get the digest 1. Compare the digest 1 with the digest 2 to confirm whether the original text has been tampered with during transmission, thus completing the whole process of information transmission.

For more information about project/service/procurement bidding, and to improve the winning rate, please click on the bottom of official website Customer Service for free consultation:/#/? source=bdzd