CN118139042B - Bidirectional encryption authentication method and system for decentralizing equipment - Google Patents
Bidirectional encryption authentication method and system for decentralizing equipment Download PDFInfo
- Publication number
- CN118139042B CN118139042B CN202410547002.6A CN202410547002A CN118139042B CN 118139042 B CN118139042 B CN 118139042B CN 202410547002 A CN202410547002 A CN 202410547002A CN 118139042 B CN118139042 B CN 118139042B
- Authority
- CN
- China
- Prior art keywords
- equipment
- authentication
- sensor
- node
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000002457 bidirectional effect Effects 0.000 title description 5
- 238000004364 calculation method Methods 0.000 claims description 14
- 230000015654 memory Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 description 12
- 238000004422 calculation algorithm Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000001502 supplementing effect Effects 0.000 description 6
- 230000010287 polarization Effects 0.000 description 5
- 102100036409 Activated CDC42 kinase 1 Human genes 0.000 description 3
- 101000928956 Homo sapiens Activated CDC42 kinase 1 Proteins 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 101100288236 Arabidopsis thaliana KRP4 gene Proteins 0.000 description 2
- 101100433979 Bos taurus TNK2 gene Proteins 0.000 description 2
- 101100385394 Zea mays ACK2 gene Proteins 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000005610 quantum mechanics Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012805 post-processing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a two-way encryption authentication method and a two-way encryption authentication system for a decentralization device, comprising the following steps: acquiring device codes of sensor devices and node devices, generating two different true random numbers by adopting a quantum random number generator, and generating a unique identifier of the sensor device and a unique identifier of the node device according to the different true random numbers and the corresponding device codes respectively; generating random position information on the sensor equipment according to the quantum random number generator, generating authentication request information of the sensor equipment according to the random position information, and transmitting the authentication request information to the corresponding node equipment; the node equipment randomly generates a third true random number according to the quantum random number generator, generates a session key and an identification field according to the third true random number, generates encryption information according to the session key, and executes encryption information feedback of the sensor terminal according to the session key; the sensor device receives the encryption information and judges to execute a re-initiation request or acquire an encryption authentication result according to the encryption information.
Description
Technical Field
The invention relates to the technical field of encryption, in particular to a bidirectional encryption authentication method and system for a decentralizing device.
Background
A wireless sensor network is a wireless network that is formed by combining tens of thousands of sensor nodes in an ad hoc and multi-hop manner via wireless communication technology to cooperatively sense, collect, process, and transmit information about perceived objects within a geographic area covered by the network, and ultimately transmit such information to the network's owners. Since sensor nodes are mostly deployed in unattended areas, they are easily damaged or captured, and safety issues are also followed. Therefore, there are special requirements in terms of authentication encryption and key management of wireless sensor networks. The nodes of a wireless sensor network have limited storage space, computing power and energy, and conventional encryption algorithms are not suitable in this environment. The traditional public key cryptosystem has advantages over the symmetric cryptosystem in terms of key management and security, but the algorithm is complex and usually requires PKl support. Therefore, a new scheme is needed for the wireless sensor network to overcome the defects of the symmetric cryptosystem and the traditional public key encryption system, but the wireless sensor network can adapt to the characteristics of the wireless sensor network.
The traditional wireless sensing equipment is characterized in that a random value is generated according to a certain rule by a pure software algorithm. However, the name can show that the random number is characterized by having certain randomness and cannot be unpredictable, namely, the random number is not a real random number. For example, the time of the MCU is used as a seed to generate a random number, and the generated random number is changed continuously because the time is a variable which is changed continuously. But the time variation is eventually regular.
Disclosure of Invention
One of the purposes of the invention is to provide a two-way encryption authentication method and system for a decentralizing device, which uses a true random number generated by a Quantum Random Number Generator (QRNG) as a parameter of a key and an authentication related program, wherein the quantum random number generator has the characteristics of high physical integration level, incapability of being predicted, incapability of being intercepted by a three party, satisfaction of OTP requirements, process monitoring and verification and the like, is suitable for scenes with large connection quantity of an internet of things (IoT) device and large instantaneous consumption of resources, and can realize key and authentication technical means with higher security level because the random number generated by the quantum random number generator is completely random and unpredictable.
The invention also aims to provide a two-way encryption authentication method and a two-way encryption authentication system for the decentralization equipment, wherein the method and the two-way encryption authentication system adopt a challenge-response mechanism, so that the message interaction times of an authentication link can be effectively reduced, the technical effect of lightweight identity authentication is realized, the method adopted by the invention does not store and share a secret key among any entity, and only generates a session secret key through a true random number generated by the quantum random number generator in the session process of each authentication, so that the session secret key is dynamically changed in the whole authentication process, and the forward security of the authentication process is realized because of the unpredictability of the true random number.
Another object of the present invention is to provide a two-way encryption authentication method and system for a decentralized device, which, after authentication of a node and a device is completed, obtain a negotiated session key by acting a true random number generated by the quantum random number generator called on the node or the device on an identification field, and since each session is implemented by the true random number, the negotiated session key is not authenticated and broken in a replay attack manner when intercepted by a third party,
The invention further aims to provide a two-way encryption authentication method and a two-way encryption authentication system for the decentralization equipment, wherein the two-way encryption authentication method and the two-way encryption authentication system only store equipment numbers and serial numbers in the sensor equipment terminals, so that the sensor equipment terminals do not store shared secret keys, and encrypted communication is adopted between the sensor equipment or nodes, so that the communication between the sensor equipment or the nodes cannot acquire core information related to the nodes, and therefore attacks in a mode of not realizing node capturing or a mode of impersonating the nodes, and the safety performance of the nodes is greatly improved.
In order to achieve at least one of the above objects, the present invention further provides a bidirectional encryption authentication method for a decentralizing apparatus, the method comprising:
Respectively acquiring equipment codes of sensor equipment and node equipment, generating different first true random numbers and second true random numbers by adopting a quantum random number generator, and generating a unique identifier of the sensor equipment and a unique identifier of the node equipment according to the first true random numbers and the second true random numbers and the corresponding equipment codes;
Generating random position information on the sensor equipment according to the quantum random number generator, generating authentication request information of the sensor equipment according to the random position information, and transmitting the authentication request information to corresponding node equipment;
The node equipment randomly generates a third true random number according to a quantum random number generator, generates a session key and an identification field according to the third true random number, generates encryption information according to the session key, and executes encryption information feedback of a sensor terminal according to the session key;
the sensor equipment receives the encryption information and judges to execute a re-initiation request or acquire an encryption authentication result according to the encryption information.
According to one preferred embodiment of the present invention, after the device codes of the sensor device and the node device are obtained, hash operation is performed on the first true random number and the sensor device code to obtain the unique identifier of the sensor device, hash operation is performed on the second true random number and the node device code to obtain the unique identifier of the node device, and a serial number value with an initial value of 0 is generated in the corresponding device.
According to another preferred embodiment of the present invention, the method comprises a device registration step: transmitting the generated unique identifier of the sensor equipment and the generated unique code of the sensor equipment to corresponding node equipment, and storing the unique identifier and the unique code of the sensor equipment in a memory of the corresponding node equipment to finish registration of the sensor equipment in the node equipment; and sending the generated unique node equipment identifier and the node equipment code to the corresponding sensor equipment, and storing the unique node equipment identifier and the node equipment code in a memory of the corresponding sensor equipment to finish the registration of the node equipment in the sensor equipment.
According to another preferred embodiment of the present invention, the authentication request generation method includes: the target sensor device obtains the unique identifier of the own sensor device, the unique identifier of the target node device and the serial number which are currently stored, carries out hash operation through the generated random position information to obtain first authentication encryption information, and sends the first encryption information and the target node device code to the node device.
According to another preferred embodiment of the present invention, the identity authentication method includes: after the node equipment acquires the first encryption information and the target node equipment code, comparing the acquired target node equipment code with the equipment code of the current node equipment, and if the acquired target node equipment code and the equipment code of the current node equipment are different, terminating the authentication flow of the current node to the target sensor equipment.
According to another preferred embodiment of the present invention, after the node device obtains the first authentication encryption information and the target node device code, hash operation is performed according to the unique identifier of the sensor device, the unique identifier of the node device, the serial number and the random location information stored in the node device to obtain second authentication encryption information, whether the second authentication encryption information is identical to the first authentication encryption information is judged, if the second authentication encryption information is different from the first authentication encryption information, first feedback information is transmitted to the corresponding sensor device, and the sensor node regenerates the authentication request according to the first authentication feedback information.
According to another preferred embodiment of the present invention, when the first authentication encryption information obtained by the node device is the same as the second authentication encryption information of the node device after comparison, the quantum random number generator is further called to generate a third true random number, hash calculation is performed according to the third true random number, the unique identifier of the sensor device stored by the node and the unique identifier of the node device to obtain an identifier field, hash calculation is performed according to the identifier field and the random location information to obtain a session key, and second authentication feedback information is calculated and sent to the corresponding sensor device.
According to another preferred embodiment of the present invention, after the sensor device obtains the first authentication feedback information, the sensor device decrypts the first authentication feedback information, extracts whether the corresponding sensor identifier is the same as itself after decryption, and re-initiates an authentication request if the sensor identifier is different from the corresponding sensor identifier; after the first authentication feedback information is obtained, the first authentication feedback information is decrypted to obtain random position information, the random position information is compared with the random position information stored by the sensor equipment, if the random position information is the same, authentication is passed, and otherwise, the sensor equipment reinitiates an authentication request.
In order to achieve at least one of the above objects, the present invention further provides a two-way encryption authentication system of a decentralizing apparatus, which performs the two-way encryption authentication method of a decentralizing apparatus described above.
The present invention further provides a computer-readable storage medium storing a computer program that is executed by a processor to implement a decentralised apparatus bidirectional encryption authentication method as described above.
Drawings
Fig. 1 shows a schematic flow chart of a two-way encryption authentication method of the decentralizing device.
FIG. 2 is a schematic diagram of a lightweight hash function construction in accordance with the present invention.
Fig. 3 is a schematic diagram of a device registration initialization procedure in the present invention.
Fig. 4 is a schematic diagram of a device identity authentication and key generation flow in the present invention.
Detailed Description
The following description is presented to enable one of ordinary skill in the art to make and use the invention. The preferred embodiments in the following description are by way of example only and other obvious variations will occur to those skilled in the art. The basic principles of the invention defined in the following description may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
It will be understood that the terms "a" and "an" should be interpreted as referring to "at least one" or "one or more," i.e., in one embodiment, the number of elements may be one, while in another embodiment, the number of elements may be plural, and the term "a" should not be interpreted as limiting the number.
To explain the meaning of the parameters in the various formulas of the present invention, the present invention provides the parameter meaning table of table 1:
TABLE 1
The invention discloses a two-way encryption authentication method and a two-way encryption authentication system for a decentralizing device, combining with fig. 1-4 and the parameter meanings in the table 1, wherein the method mainly comprises the following steps: firstly, the sensor equipment code ID sensor and the node equipment code ID node are required to be acquired, a lightweight hash algorithm is further adopted to carry out hash operation on the sensor equipment code ID sensor and the node equipment code ID node after the corresponding equipment codes are acquired, The lightweight hash operation formulas are respectively as follows: SID sensor= h1(IDsensor||Randomsensor) and SID node = h1(IDnode||Randomnode), random represents a Random number, resulting in a corresponding sensor device unique identification SID sensor and node device unique identification SID node. And simultaneously recording the serial numbers N s,n with the initialization values of 0 of the sensor equipment and the node equipment, transmitting the unique sensor equipment identification SID sensor from the sensor equipment to the corresponding node equipment through a related communication module, and storing the unique sensor equipment identification SID sensor in a flash memory and the like of the corresponding node equipment so as to enable the unique sensor equipment identification SID sensor to finish registration in the corresponding node equipment. And similarly, transmitting the unique node equipment identification SID node from the node equipment to the corresponding sensor equipment through a related communication module, and storing the unique node equipment identification SID node in memories such as flash and the like of the corresponding sensor equipment, so that the unique node equipment identification SID node is registered in the corresponding sensor, and the corresponding sensor equipment and the node equipment are simultaneously stored with the unique corresponding sensor equipment identification SID sensor and the unique node equipment identification SID node.
Specifically, please combine the parameter meanings in fig. 2 and table 1, the implementation method of the lightweight hash algorithm of the present invention includes the following steps:
s100: constructing a hash function with an output of 64bits
S101: setting filling rules: and (3) supplementing a1 after the original data, supplementing a plurality of bits of 0, and finally supplementing a binary string with 16 bits representing the length of the original data, so as to construct an input value with the length of 64bits multiple.
S102: the following calculation rules are further set: dividing the constructed input value into a plurality of blocks according to 64bits, dividing each block into two groups of binary strings of 32bits, performing first round calculation, performing exclusive OR operation on the obtained result and the two groups of binary strings of the second block, taking the result as the input of the next round until all 24 rounds of calculation are finished, performing exclusive OR operation on the output and the two groups of binary strings of the first block, and taking the result as the 64bits hash value obtained by final calculation.
S200: constructing a hash function with an output of 128bits
As shown in the box of fig. 2, the round functions of the lightweight encryption algorithm are modified, wherein the round functions are 24 in total.
S201: the two groups of encryption algorithms run simultaneously and adopt different keys Key 1 and Key 2;
S202: generating round keys RK 1i and RK 2i from keys Key 1 and Key 2;
S203: the inputs of the first group are a 1 and b 1, the inputs of the second group are c 1 and d 1, and the lengths are 32bits. After each round function calculation is completed, the positions of a i+1 of the first group and c i+ 1 of the second group are exchanged as inputs of the next round function.
S204: the above calculation is performed until the end of 24 rounds, and each input and output is xored (e.g., a 1⊕an), and the calculation result is taken as the final hash value.
S205: filling rules: and (3) supplementing a1 after the original data, supplementing a plurality of bits of 0, and finally supplementing a binary string with 32 bits representing the length of the original data, so as to construct an input value with the length being a multiple of 128 bits.
S206: calculating rules: dividing the constructed input value into a plurality of blocks according to 128bits, dividing each block into four groups of binary strings of 32bits, performing first round of calculation, performing exclusive OR operation on the obtained result and the four groups of binary strings of the second block, taking the result as the input of the next round until all 24 rounds of calculation are finished, performing exclusive OR operation on the output and the four groups of binary strings of the first block, and taking the result as the 128bits hash value obtained by final calculation.
It is worth mentioning that the invention adopts the true random number generated by the Quantum Random Number Generator (QRNG) as the key and the parameter of the relevant program of authentication in the authentication process, wherein the working principle of the quantum random number generator is based on the principle of quantum mechanics. Quantum mechanics is a physical theory describing the microscopic world, with the most fundamental unit being the quantum. The quantum has the characteristics of uncertainty and superposition, which enables the quantum generator to generate truly random numbers. The quantum random number generation comprises four steps of random source selection, digital sampling, data post-processing and randomness checking, and the method adopts a quantum generator based on single photon. Single photon quantum generators use the polarization state of a single photon to generate random numbers. Specifically, the single photon quantum generator divides the polarization state of photons into two directions by passing the photons through a polarizing beam splitter, and then passes the photons through a random rotator to randomly rotate the polarization state of the photons by a certain angle. Finally, the photons are passed through a polarization analyzer to divide the polarization state of the photons into "0" or "1". After the state variables are digitally collected, a series of correction processing methods and checking are performed to generate true random numbers. The associated sensor device or node device controls the length of the random number generation by function calls.
With continued reference to fig. 3, fig. 4 and the parameter meanings of table 1, the present invention performs the following device authentication method based on the lightweight hash encryption algorithm and the true random number: first, a first true Random number Random sensor and a second true Random number Random node are randomly generated according to the true quantum Random number generator, the first true Random number Random sensor and the second true Random number Random node are subjected to lightweight hash operation according to the equipment initialization registration stage to respectively generate a sensor equipment unique identification SID sensor and a node equipment unique identification SID node, and the sensor equipment unique identification SID sensor and the node equipment unique identification SID node are transmitted to corresponding equipment to be saved and registered.
Further, the sensing terminal calls the quantum random number generator to generate random position information P, and first authentication encryption information is calculated: mp=p ∈h 2(SIDsensor||SIDnode||Ns,n) and v=h 2(SIDsensor||P|| Ns,n), and then obtaining the corresponding node code ID node and the first authentication encryption information MP and V package to generate an authentication request message, and sending the authentication request message to the node device;
After receiving the authentication request message, the corresponding node device verifies whether the ID node in the authentication message is the ID of the own node device. If not, the unregistered equipment communication exists, and authentication is terminated; otherwise, based on the stored SIDs sensor,SIDnode and N 's,n, the second authentication messages MP' =p 'h 2(SIDsensor||SIDnode||Ns,n) and V' =h 2(SIDsensor||P|| Ns,n are then calculated. Verifying whether V' =v is true, if not, generating a corresponding first feedback information to request to reinitiate authentication, calculating encryption information aps=lea (ID sensor||N's,n, SIDnode), and then transmitting the self node device code ID node and the encryption information APS to the sensing terminal; if so, a quantum random number generator is called to generate a third true random number R, an identification field IDF=h 2(SIDsensor||SIDnode ||R is generated according to the third true random number R, an encryption and decryption key K '=IEA (IDF, P'), M=R_h 2(SIDsensor||SIDnode |P ') and APS=LEA (P', K '), a session key SK=K' is set, and then node equipment codes ID node and M and encryption information APS are sent to be packed to generate second feedback information to a sensor terminal;
When the sensor equipment receives the message, for errors, calculating (ID 'sensor||N''s,n) = LDA(APS, SIDnode), if ID' sensor ≠ IDsensor is carried out, and re-initiating an authentication application after feeding back ACK 1; and if not, enabling N' s,n= N'''s,n to feed back ACK1 and then reinitiating the authentication application. For pass, R' = M⊕h2(SIDsensor||SIDnode||P),IDF' = h2(SIDsensor||SIDnode||R'),K = IEA(IDF', P) and p″=lda (APS, K) are calculated. If P '' is not equal to P, the verification is not passed, and an authentication application is restarted after ACK1 is sent; otherwise, setting a session key SK=K, enabling N s,n = Ns,n +1, and finally sending an acknowledgement message ACK2 to the node equipment; when the node device receives ACK2, let N s,n = Ns,n +1.
The processes described above with reference to flowcharts may be implemented as computer software programs in accordance with the disclosed embodiments of the application. Embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via a communication portion, and/or installed from a removable medium. The above-described functions defined in the method of the present application are performed when the computer program is executed by a Central Processing Unit (CPU). The computer readable medium of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wire segments, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood by those skilled in the art that the embodiments of the present invention described above and shown in the drawings are merely illustrative and not restrictive of the current invention, and that this invention has been shown and described with respect to the functional and structural principles thereof, without departing from such principles, and that any modifications or adaptations of the embodiments of the invention may be possible and practical.
Claims (10)
1. A method for two-way encryption authentication of a decentralised device, the method comprising:
Respectively acquiring equipment codes of sensor equipment and node equipment, generating different first true random numbers and second true random numbers by adopting a quantum random number generator, and generating a unique identifier of the sensor equipment and a unique identifier of the node equipment according to the first true random numbers and the second true random numbers and the corresponding equipment codes;
Generating random position information on the sensor equipment according to the quantum random number generator, generating identity authentication request information of the sensor equipment according to the random position information, and transmitting the identity authentication request information to corresponding node equipment;
The node equipment randomly generates a third true random number according to a quantum random number generator, generates a session key and an identification field according to the third true random number, generates encryption information according to the session key, and executes encryption information feedback of a sensor terminal according to the session key;
the sensor equipment receives the encryption information and judges to execute the re-initiation of the identity authentication request or acquire the encryption authentication result according to the encryption information.
2. The two-way encryption authentication method of a decentralizing device according to claim 1, wherein after device codes of the sensor device and the node device are acquired, hash operation is performed on the first true random number and the sensor device code to obtain a unique identifier of the sensor device, hash operation is performed on the second true random number and the node device code to obtain a unique identifier of the node device, and a serial number value with an initial value of 0 is generated in a corresponding device.
3. The method for two-way encryption authentication of a decentralised device according to claim 1, comprising the step of device registration: transmitting the generated unique identifier of the sensor equipment and the generated unique code of the sensor equipment to corresponding node equipment, and storing the unique identifier and the unique code of the sensor equipment in a memory of the corresponding node equipment to finish registration of the sensor equipment in the node equipment; and sending the generated unique node equipment identifier and the node equipment code to the corresponding sensor equipment, and storing the unique node equipment identifier and the node equipment code in a memory of the corresponding sensor equipment to finish the registration of the node equipment in the sensor equipment.
4. The method for two-way encryption authentication of a decentralizing device according to claim 1, wherein the method for generating an authentication request comprises: the target sensor device obtains the unique identifier of the own sensor device, the unique identifier of the target node device and the serial number which are currently stored, carries out hash operation through the generated random position information to obtain first authentication encryption information, and sends the first authentication encryption information and the target node device code to the node device.
5. The method for two-way encryption authentication of a decentralizing device of claim 4, wherein the method for authentication comprises: after the node equipment acquires the first encryption information and the target node equipment code, comparing the acquired target node equipment code with the equipment code of the current node equipment, and if the acquired target node equipment code and the equipment code of the current node equipment are different, terminating the authentication flow of the current node to the target sensor equipment.
6. The two-way encryption authentication method of the decentralizing equipment according to claim 5, wherein after the node equipment obtains the first authentication encryption information and the target node equipment codes, hash operation is carried out according to the unique identifier of the self-stored sensor equipment, the unique identifier of the node equipment, the serial number and the random position information to obtain second authentication encryption information, whether the second authentication encryption information is identical to the first authentication encryption information is judged, if the second authentication encryption information is different from the first authentication encryption information, first feedback information is transmitted to the corresponding sensor equipment, and the sensor node regenerates an authentication request according to the first authentication feedback information.
7. The two-way encryption authentication method of the decentralizing equipment according to claim 6, wherein when the first authentication encryption information obtained by the node equipment is the same as the second authentication encryption information of the node equipment after comparison, the quantum random number generator is further called to generate a third true random number, an identification field is obtained by carrying out hash calculation according to the third true random number, the unique identification of the sensor equipment stored by the node and the unique identification of the node equipment, a session key is obtained by carrying out hash calculation according to the identification field and the random position information, second authentication feedback information is calculated, and the second authentication feedback information is sent to the corresponding sensor equipment.
8. The two-way encryption authentication method of the decentralizing equipment according to claim 4, wherein after the sensor equipment obtains the first authentication feedback information, the first authentication feedback information is decrypted, whether the corresponding sensor identification is the same as the sensor equipment or not is extracted after decryption, and if the sensor identification is different from the sensor equipment, an authentication request is reinitiated; after the first authentication feedback information is obtained, the first authentication feedback information is decrypted to obtain random position information, the random position information is compared with the random position information stored by the sensor equipment, if the random position information is the same, authentication is passed, and otherwise, the sensor equipment reinitiates an authentication request.
9. A system for two-way encryption authentication of a decentralised device, the system performing a two-way encryption authentication method of a decentralised device as claimed in any one of claims 1 to 8.
10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which is executed by a processor to implement a two-way encryption authentication method of a decentralizing device according to any one of the claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410547002.6A CN118139042B (en) | 2024-05-06 | 2024-05-06 | Bidirectional encryption authentication method and system for decentralizing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410547002.6A CN118139042B (en) | 2024-05-06 | 2024-05-06 | Bidirectional encryption authentication method and system for decentralizing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118139042A CN118139042A (en) | 2024-06-04 |
| CN118139042B true CN118139042B (en) | 2024-08-09 |
Family
ID=91233993
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410547002.6A Active CN118139042B (en) | 2024-05-06 | 2024-05-06 | Bidirectional encryption authentication method and system for decentralizing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118139042B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118740369B (en) * | 2024-09-02 | 2025-01-07 | 华能(浙江)能源开发有限公司清洁能源分公司 | Cooperative authentication method and system for electrical equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
| CN112533195A (en) * | 2019-09-19 | 2021-03-19 | 华为技术有限公司 | Equipment authentication method and device |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ES2549104T1 (en) * | 2012-04-01 | 2015-10-23 | Authentify, Inc. | Secure authentication in a multi-part system |
| EP3937455A1 (en) * | 2020-07-09 | 2022-01-12 | Thales DIS France SA | Method, user device, server, device and system for authenticating a device |
| CN115086958B (en) * | 2021-03-12 | 2025-06-24 | 中国电信股份有限公司 | Device identity authentication method, device, terminal, authentication node and storage medium |
| CN114567423B (en) * | 2022-01-17 | 2024-12-03 | 北京航空航天大学杭州创新研究院 | Authentication and key negotiation method, sensor and aggregation device |
| CN115225263B (en) * | 2022-06-08 | 2024-12-31 | 中国电子科技集团公司电子科学研究院 | A video stream secure transmission system based on quantum random numbers |
| GB2620579B (en) * | 2022-07-11 | 2024-11-13 | Arqit Ltd | Systems and methods for encrypted gossip communication |
| WO2024044837A1 (en) * | 2022-08-31 | 2024-03-07 | Photonic Inc. | Methods, devices and systems for securely transmitting and receiving data and for replenishing pre-shared keys |
| CN115664643B (en) * | 2022-09-13 | 2024-11-08 | 国网江苏省电力有限公司电力科学研究院 | Bidirectional identity authentication method and system based on aggregate key distribution |
| CN117915328A (en) * | 2024-01-29 | 2024-04-19 | 复旦大学 | Access authentication method adapting to network twinning scene |
-
2024
- 2024-05-06 CN CN202410547002.6A patent/CN118139042B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
| CN112533195A (en) * | 2019-09-19 | 2021-03-19 | 华为技术有限公司 | Equipment authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118139042A (en) | 2024-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | A secure and efficient multiserver authentication and key agreement protocol for internet of vehicles | |
| US12047519B2 (en) | Physical unclonable function based mutual authentication and key exchange | |
| CN109510818B (en) | Data transmission system, method, device, equipment and storage medium of block chain | |
| JP6497747B2 (en) | Key exchange method, key exchange system | |
| CN111431897A (en) | Multi-attribute mechanism attribute-based encryption method with tracking function for cloud-assisted Internet of things | |
| KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques | |
| CN112311537A (en) | Block chain-based equipment access authentication system and method | |
| CN113193957B (en) | Quantum key service method and system separated from quantum network | |
| CN118139042B (en) | Bidirectional encryption authentication method and system for decentralizing equipment | |
| CN108989309A (en) | Encryption communication method and its encrypted communication device based on narrowband Internet of Things | |
| CN109995739A (en) | A kind of information transferring method, client, server and storage medium | |
| Pardeshi et al. | SMAP fog/edge: A secure mutual authentication protocol for fog/edge | |
| WO2018067865A1 (en) | Generating an authentication result by using a secure base key | |
| CN114244531B (en) | Lightweight self-updating message authentication method based on strong PUF | |
| CN107637013B (en) | Key exchange method, key exchange system, key distribution apparatus, communication apparatus, and recording medium | |
| CN117828673B (en) | Block chain-based data circulation and privacy protection method and device | |
| CN119561680A (en) | A communication method based on post-quantum key encapsulation algorithm | |
| CN117640082B (en) | Batch ciphertext equivalent test method and device | |
| Farooq et al. | Quantiot novel quantum resistant cryptographic algorithm for securing iot devices: Challenges and solution | |
| WO2024119030A1 (en) | Method of wireless security communication using physical layer shared security key in ambient internet-of-things network and related devices | |
| CN116684870A (en) | Access authentication method, device and system of electric power 5G terminal | |
| CN102624748B (en) | Peer-to-peer (P2P) network access control method | |
| Huang et al. | A secure wireless communication system integrating PRNG and Diffie-Hellman PKDS by using a Data Connection Core | |
| CN113806755B (en) | Power data privacy protection and access control method based on blockchain | |
| Hole et al. | Effective Quantum Key Distribution Using Modified Key Sifting Scheme for Cloud Storage Security. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |