WO2019006716A1

WO2019006716A1 - Method and apparatus for detecting security of distributed secure communication system

Info

Publication number: WO2019006716A1
Application number: PCT/CN2017/091914
Authority: WO
Inventors: 谢宁; 徐凯
Original assignee: Shenzhen University
Current assignee: Shenzhen University
Priority date: 2017-07-05
Filing date: 2017-07-05
Publication date: 2019-01-10
Anticipated expiration: 2020-01-05

Abstract

The present invention provides a method and apparatus for detecting the security of a distributed secure communication system. The method comprises : listening for first signals sent by multiple transmitting end devices to a receiving end device on a nth timeslot, the first signals comprising first artificial noise signals, the nth timeslot being a current timeslot, and n being a positive integer; determining a first signal to interference plus noise ratio (SINR) of an eavesdropping end device according to the first signals, and determining a first eavesdropping capacity of the eavesdropping end device on a nth timeslot according to the first SINR; determining a security capacity of the receiving end device according to the first eavesdropping capacity and an obtained receiving capacity of the receiving end device; and detecting the security of a distributed secure communication system according to a change trend of the security capacity, and adjusting a receiving beam weight of a beamforming device of the eavesdropping end device according to a third arrival angle from the transmitting end devices to the receiving end device. By means of embodiments of the preset invention, the security of the distributed secure communication system can be detected.

Description

Security detection method and device for distributed secure communication system

Technical field

本发明涉及通信技术领域，尤其涉及一种分布式安全通信系统的安全性检测方法及装置。The present invention relates to the field of communications technologies, and in particular, to a security detection method and apparatus for a distributed secure communication system.

Background technique

分布式波束成型(Distributed Beamforming)是一种协同通信技术，由多个发射端设备发送相同的信息给目标端设备，并通过控制发射端设备的发射相位使多个发射端设备的信号在目标端设备进行有效的合并。Distributed Beamforming is a cooperative communication technology in which multiple transmitting devices transmit the same information to the target device and control the transmitting phase of the transmitting device to make the signals of multiple transmitting devices at the target end. The device is effectively merged.

目前的通信环境一般比较复杂，当环境中存在窃听端设备时，窃听端设备可以根据发射端设备发送给接收端设备的信号来估计信道方向信息，据此来调整自身的波束成型器，使得自身的窃听容量提升，这样，分布式安全通信系统的安全性就会下降。如何对分布式安全通信系统的安全性进行检测是一个亟待解决的技术课题。The current communication environment is generally complicated. When there is a eavesdropping device in the environment, the eavesdropping device can estimate the channel direction information according to the signal sent by the transmitting device to the receiving device, thereby adjusting its own beamformer to make itself The eavesdropping capacity is increased, so that the security of the distributed secure communication system is degraded. How to detect the security of distributed secure communication systems is a technical issue to be solved urgently.

发明内容Summary of the invention

本发明实施例公开了一种分布式安全通信系统的安全性检测方法及装置，能够对分布式安全通信系统的安全性进行检测。The embodiment of the invention discloses a security detection method and device for a distributed secure communication system, which can detect the security of the distributed secure communication system.

本发明实施例第一方面公开一种分布式安全通信系统的安全性检测方法，应用于分布式安全通信系统包括的窃听端设备，所述分布式安全波束成型系统还包括多个发射端设备以及接收端设备，所述方法包括：A first aspect of the embodiments of the present invention discloses a security detection method for a distributed secure communication system, which is applied to a eavesdropping device included in a distributed secure communication system, where the distributed secure beamforming system further includes a plurality of transmitting devices and The receiving device, the method includes:

监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号，所述第一信号包括第一人工噪声信号，其中，所述第n时隙为当前时隙，所述n为正整数；Listening to the first signal sent by the multiple transmitting end devices to the receiving end device in the nth time slot, where the first signal includes a first artificial noise signal, where the nth time slot is a current time slot, Said n is a positive integer;

根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR；Determining, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device;

根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量； Determining, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device;

根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量；Determining a security capacity of the receiving end device according to the first eavesdropping capacity and the received receiving capacity of the receiving end device;

根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。The security of the distributed secure communication system is detected according to the changing trend of the security capacity.

作为一种可选的实施方式，在本发明实施例第一方面中，所述方法还包括：As an optional implementation manner, in the first aspect of the embodiments of the present invention, the method further includes:

根据所述第一信号，确定每个所述发射端设备到所述窃听端设备的第一到达角，以估计所述发射端设备到所述接收端设备的方向角度；Determining, according to the first signal, a first angle of arrival of each of the transmitting end devices to the eavesdropping device to estimate a direction angle of the transmitting end device to the receiving end device;

对所述第一信号建立第一波束成型器。A first beamformer is established for the first signal.

监听第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号，Listening to the feedback signal sent by the receiving end device to the plurality of the transmitting end devices in the nth time slot,

对所述反馈信号建立第二波束成型器；Establishing a second beamformer for the feedback signal;

根据所述反馈信号，确定所述窃听端设备的第二SINR。Determining, according to the feedback signal, a second SINR of the eavesdropping device.

根据所述反馈信号，确定所述接收端设备到所述窃听端设备的第二到达角；Determining, according to the feedback signal, a second angle of arrival of the receiving device to the eavesdropping device;

根据所述第一到达角以及所述第二到达角，确定所述发射端设备到所述接收端设备的第三到达角；Determining, according to the first angle of arrival and the second angle of arrival, a third angle of arrival of the transmitting device to the receiving device;

根据所述第三到达角，调整所述窃听端设备的第一波束成型器的接收波束权值。And adjusting a receive beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival.

作为一种可选的实施方式，在本发明实施例第一方面中，所述第一窃听容量取决于所述窃听端设备对所述发射端设备第n时隙发送所述第一人工噪声信号的零陷角度的估计误差，所述估计误差服从均值为0，方差为

的正态分布，其中，

SINR_E1为所述第一SINR，SINR_E2为所述第二SINR，k为常数。As an optional implementation manner, in the first aspect of the embodiments of the present invention, the first eavesdropping capacity is determined by the eavesdropping device transmitting the first artificial noise signal to the nth time slot of the transmitting end device. Estimation error of the null angle, the estimated error obeys a mean of 0, and the variance is

Normal distribution, where

SINR _E1 is the first SINR, SINR _E2 is the second SINR, and k is a constant.

作为一种可选的实施方式，在本发明实施例第一方面中，所述窃听端设备上安装有多个天线，所述多个天线用于接收所述第一信号或所述反馈信号。As an optional implementation manner, in a first aspect of the embodiments of the present invention, the eavesdropping device is installed with multiple antennas, and the multiple antennas are configured to receive the first signal or the feedback signal.

本发明实施例第二方面公开安全性检测装置，运行于分布式安全通信系统包括的窃听端设备，包括：The second aspect of the embodiment of the present invention discloses a security detecting device, which is operated by the eavesdropping device included in the distributed secure communication system, and includes:

监听单元，用于监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号，所述第一信号包括第一人工噪声信号，其中，所述第n时隙为当前时隙，所述n为正整数；a monitoring unit, configured to monitor a first signal sent by the multiple transmitting end devices to the receiving end device in an nth time slot, where the first signal includes a first artificial noise signal, where the nth time slot is The current time slot, the n is a positive integer;

确定单元，用于根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR；a determining unit, configured to determine, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device;

所述确定单元，还用于根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量；The determining unit is further configured to determine, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device;

所述确定单元，还用于根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量；The determining unit is further configured to determine a security capacity of the receiving end device according to the first eavesdropping capacity and the received receiving capacity of the receiving end device;

检测单元，用于根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。And a detecting unit, configured to detect the security of the distributed secure communication system according to the changing trend of the security capacity.

作为一种可选的实施方式，在本发明实施例第二方面中，所述确定单元还用于根据所述第一信号，确定每个所述发射端设备到所述窃听端设备的第一到达角，以估计所述发射端设备到所述接收端设备的方向角度；As an optional implementation manner, in a second aspect of the embodiments of the present invention, the determining unit is further configured to determine, according to the first signal, a first one of each of the transmitting end devices to the eavesdropping device An angle of arrival to estimate a direction angle of the transmitting end device to the receiving end device;

所述安全性检测装置还包括：The security detecting device further includes:

建立单元，用于对所述第一信号建立第一波束成型器。And a establishing unit, configured to establish a first beamformer for the first signal.

作为一种可选的实施方式，在本发明实施例第二方面中，所述监听单元还用于监听第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号；As an optional implementation manner, in the second aspect of the embodiment of the present invention, the listening unit is further configured to monitor, by the nth time slot, the feedback signal sent by the receiving end device to the multiple sending end devices. number;

所述建立单元，还用于对所述反馈信号建立第二波束成型器；The establishing unit is further configured to establish a second beamformer for the feedback signal;

所述确定单元，还用于根据所述反馈信号，确定所述窃听端设备的第二SINR。The determining unit is further configured to determine, according to the feedback signal, a second SINR of the eavesdropping device.

作为一种可选的实施方式，在本发明实施例第二方面中，所述确定单元，还用于根据所述反馈信号，确定所述接收端设备到所述窃听端设备的第二到达角；As an optional implementation manner, in the second aspect of the embodiment of the present invention, the determining unit is further configured to determine, according to the feedback signal, a second angle of arrival of the receiving device to the eavesdropping device ;

所述确定单元，还用于根据所述第一到达角以及所述第二到达角，确定所述发射端设备到所述接收端设备的第三到达角；The determining unit is further configured to determine, according to the first angle of arrival and the second angle of arrival, a third angle of arrival of the transmitting device to the receiving device;

调整单元，用于根据所述第三到达角，调整所述窃听端设备的第一波束成型器的接收波束权值。And an adjusting unit, configured to adjust a received beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival.

作为一种可选的实施方式，在本发明实施例第二方面中，所述第一窃听容量取决于所述窃听端设备对所述发射端设备第n时隙发送所述第一人工噪声信号的零陷角度的估计误差，所述估计误差服从均值为0，方差为

的正态分布，其中，

SINR_E1为所述第一SINR，SINR_E2为所述第二SINR，k为常数。As an optional implementation manner, in the second aspect of the embodiment of the present invention, the first eavesdropping capacity is determined by the eavesdropping device transmitting the first artificial noise signal to the nth time slot of the transmitting end device. Estimation error of the null angle, the estimated error obeys a mean of 0, and the variance is

Normal distribution, where

SINR _E1 is the first SINR, SINR _E2 is the second SINR, and k is a constant.

作为一种可选的实施方式，在本发明实施例第二方面中，所述窃听端设备上安装有多个天线，所述多个天线用于接收所述第一信号或所述反馈信号。As an optional implementation manner, in a second aspect of the embodiments of the present invention, the eavesdropping device is configured with multiple antennas, and the multiple antennas are configured to receive the first signal or the feedback signal.

与现有技术相比，本发明实施例具备以下有益效果：Compared with the prior art, the embodiment of the invention has the following beneficial effects:

本发明实施例中，窃听端设备可以监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号，所述第一信号包括第一人工噪声信号，其中，所述第n时隙为当前时隙，所述n为正整数；进一步地，窃听端设备可以根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR；并根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量；更进一步地，窃听端设备可以根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量，并根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。可见，实施本发明实施例，可以通过窃听端设备确定的接收端设备的安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。In the embodiment of the present invention, the eavesdropping device can monitor the first signal sent by the multiple transmitting end devices to the receiving end device in the nth time slot, where the first signal includes a first artificial noise signal, where the The nth time slot is the current time slot, and the n is a positive integer; further, the eavesdropping device can determine the first signal to interference and noise ratio SINR of the eavesdropping device according to the first signal; a SINR, determining a first eavesdropping capacity of the nth time slot of the eavesdropping device; further The eavesdropping device may determine the security capacity of the receiving end device according to the first eavesdropping capacity and the received receiving capacity of the receiving end device, and according to the changing trend of the security capacity, the distributed The security of the secure communication system is detected. It can be seen that, in the embodiment of the present invention, the security of the distributed secure communication system can be detected by the trend of the security capacity of the receiving end device determined by the eavesdropping device.

DRAWINGS

为了更清楚地说明本发明实施例中的技术方案，下面将对实施例中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings to be used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.

图1是本发明实施例公开的一种分布式安全通信系统的模型示意图；1 is a schematic diagram of a model of a distributed secure communication system according to an embodiment of the present invention;

图2是本发明实施例公开的一种分布式安全通信系统的安全性检测方法的流程示意图；2 is a schematic flowchart of a security detection method of a distributed secure communication system according to an embodiment of the present invention;

图3是本发明实施例公开的另一种分布式安全通信系统的安全性检测方法的流程示意图；3 is a schematic flowchart of a security detection method of another distributed secure communication system according to an embodiment of the present invention;

图4是本发明实施例公开的一种人工噪声信号在不同估计误差下的收敛示意图；4 is a schematic diagram of convergence of an artificial noise signal under different estimation errors according to an embodiment of the present invention;

图5是本发明实施例公开的一种分布式安全通信系统的安全容量的收敛示意图；FIG. 5 is a schematic diagram of convergence of a security capacity of a distributed secure communication system according to an embodiment of the present invention; FIG.

图6是本发明实施例公开的另一种分布式安全通信系统的安全容量的收敛示意图；6 is a schematic diagram of convergence of a security capacity of another distributed secure communication system according to an embodiment of the present invention;

图7是本发明实施例公开的一种安全性检测装置的结构示意图；FIG. 7 is a schematic structural diagram of a security detecting apparatus according to an embodiment of the present invention; FIG.

图8是本发明实施例公开的另一种安全性检测装置的结构示意图。FIG. 8 is a schematic structural diagram of another security detecting apparatus according to an embodiment of the present invention.

Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and It is the entire embodiment. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

需要说明的是，本发明的说明书和权利要求书及上述附图中的术语“第一”和“第二”等是用于区别不同对象，而不是用于描述特定顺序。此外，术语“包括”和“具有”以及它们任何变形，意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元，而是可选地还包括没有列出的步骤或单元，或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first" and "second" and the like in the specification and claims of the present invention and the above drawings are used to distinguish different objects, and are not intended to describe a specific order. Furthermore, the terms "comprises" and "comprising" and "comprising" are intended to cover a non-exclusive inclusion. For example, a process, method, system, product, or device that comprises a series of steps or units is not limited to the listed steps or units, but optionally also includes steps or units not listed, or, optionally, Other steps or units inherent to these processes, methods, products or equipment.

本发明实施例公开了一种分布式安全通信系统的安全性检测方法及装置，能够对分布式安全通信系统的安全性进行检测。以下进行结合附图进行详细描述。The embodiment of the invention discloses a security detection method and device for a distributed secure communication system, which can detect the security of the distributed secure communication system. The details are described below in conjunction with the drawings.

请参见图1，图1是本发明实施例公开的一种分布式安全通信系统的模型示意图。如图1所示，该分布式安全通信系统包括多个发射端设备S_i(i＝1，2,3….N，且N为正整数)、接收端设备D以及窃听端设备E。其中，每个发射端设备S_i与接收端设备D装备单天线，窃听端设备E装备多天线。Referring to FIG. 1, FIG. 1 is a schematic diagram of a model of a distributed secure communication system according to an embodiment of the present invention. As shown in FIG. 1, the distributed secure communication system includes a plurality of transmitting end devices S _i (i=1, 2, 3, . . . , N, and N is a positive integer), a receiving end device D, and a eavesdropping device E. Each of the transmitting end devices S _i and the receiving end device D is equipped with a single antenna, and the eavesdropping device E is equipped with multiple antennas.

其中，发射端设备S_i主要用于收发信号，比如发送人工噪声信号以及接收反馈信号等，该发射端设备S_i可以为基站。基站(例如接入点)可以是指接入网中在空中接口上通过一个或多个扇区与无线终端通信的设备。基站可用于将收到的空中帧与IP分组进行相互转换，作为无线终端与接入网的其余部分之间的路由器，其中，接入网的其余部分可包括网际协议(IP)网络。基站还可以协调对空中接口的属性管理。例如，基站可以是GSM或CDMA中的基站(BTS，Base Transceiver Station)，也可以是WCDMA中的基站(NodeB)，还可以是LTE中的演进型基站(NodeB或eNB或e-NodeB，evolutional Node B)，本发明实施例不做限定。The transmitting device S _{i is} mainly used for transmitting and receiving signals, such as transmitting an artificial noise signal and receiving a feedback signal, and the transmitting device S _i may be a base station. A base station (e.g., an access point) can refer to a device in an access network that communicates with a wireless terminal over one or more sectors over an air interface. The base station can be used to convert the received air frame to the IP packet as a router between the wireless terminal and the rest of the access network, wherein the remainder of the access network can include an Internet Protocol (IP) network. The base station can also coordinate attribute management of the air interface. For example, the base station may be a base station (BTS, Base Transceiver Station) in GSM or CDMA, or may be a base station (NodeB) in WCDMA, or may be an evolved base station in LTE (NodeB or eNB or e-NodeB, evolutional Node B), the embodiment of the present invention is not limited.

其中，接收端设备D主要用于收发信号，比如发送人工噪声信号以及接收有用信号等，该目标端设备D可以为基站。The receiving device D is mainly used for transmitting and receiving signals, such as transmitting an artificial noise signal and receiving a useful signal, and the target device D may be a base station.

其中，窃听设备E主要用于监听发射端设备S_i发送给接收端设备D的信号，以及监听接收端设备D发送给发射端设备S_i的信号，并根据接收到的信号调整自身的波束成型器，该窃听设备E可以包括但不限于基站、用户设备、通信车等。The eavesdropping device E is mainly used for monitoring the signal sent by the transmitting end device S _i to the receiving end device D, and monitoring the signal sent by the receiving end device D to the transmitting end device S _i , and adjusting its own beamforming according to the received signal. The eavesdropping device E may include, but is not limited to, a base station, a user equipment, a communication vehicle, and the like.

在图1所示的分布式安全通信系统中，接收端设备D的坐标表示为(0,r_D)，窃听端设备E的坐标表示为(r_E sinθ_E,r_E cosθ_E)，其中θ_E表示在图1所示的坐标下，窃听端设备E与y轴之间的夹角。N个已经经过频率同步的分布式发射端设备随机分布在半径为r_S的圆中，同时这些发射端设备的分布规律符合均匀分布，即每一个分布式发射端设备在圆中任一位置出现的概率相同。其中，第i个发射端设备S_i(i＝1,2,K,N)的坐标可以表示为

因此，第i个发射端设备到接收端设备D的自由空间路径损耗为

式中λ表示载波波长，

表示第i个发射端设备到接收端设备D的距离。

表示第i个发射端设备到接收端设备D的信道衰落。

表示第i个发射端设备到窃听端设备E的自由空间路径损耗，式中

表示第i个发射端设备到窃听端设备E的距离，

表示第i个发射端设备到窃听端设备E的信道衰落。L_DE＝λ/4πd_DE表示接收端设备D与窃听端设备E之间的自由空间路径损耗，

则表示接收端设备D与窃听端设备E之间的距离。h_DE则表示接收端设备D与窃听端设备E之间的信道衰落。类似于以上的定义方法，

分别表示接收端设备D在发送反馈信号时与第i个发射端设备间的自由空间路径损耗、距离以及信道衰落。In the distributed secure communication system shown in FIG. 1, the coordinates of the receiving device D are represented as (0, r _D ), and the coordinates of the eavesdropping device E are expressed as (r _E sin θ _E , r _E cos θ _E ), where θ _E represents the angle between the eavesdropping device E and the y-axis at the coordinates shown in FIG. N distributed transmitting devices that have been frequency-synchronized are randomly distributed in a circle with a radius of r _S , and the distribution rules of these transmitting devices are uniformly distributed, that is, each distributed transmitting device appears at any position in the circle. The probability is the same. The coordinates of the i-th transmitting end device S _i (i=1, 2, K, N) can be expressed as

Therefore, the free space path loss of the i-th transmitting end device to the receiving end device D is

Where λ represents the carrier wavelength,

Indicates the distance from the i-th transmitter device to the sink device D.

Indicates channel fading from the i-th transmitter device to the sink device D.

Indicates the free space path loss of the i-th transmitter device to the eavesdropping device E,

Indicates the distance from the i-th transmitter device to the eavesdrop device E.

Indicates the channel fading of the i-th transmitter device to the eavesdropping device E. L _DE = λ / 4πd _DE represents the free space path loss between the receiving device D and the eavesdropping device E,

It represents the distance between the receiving device D and the eavesdropping device E. h _DE represents the channel fading between the receiving device D and the eavesdropping device E. Similar to the above definition method,

It indicates the free space path loss, distance, and channel fading between the receiving device D and the ith transmitting device when transmitting the feedback signal, respectively.

其中，任一分布式发射端设备S_i(i＝1,2,K,N)与接收端设备D都装备全向单天线，窃听端设备E上则装备了多天线阵列以获取更多的信道方向信息，从而提升窃听端设备E自身的窃听容量，例如通过估计分布式发射端设备与接收端设备D之间的到达角(Direction of Arrival)以设计自身的波束成型器。Wherein, any of the distributed transmitting end devices S _i (i=1, 2, K, N) and the receiving end device D are equipped with an omnidirectional single antenna, and the eavesdropping device E is equipped with a multi-antenna array to obtain more Channel direction information, thereby improving the eavesdropping capacity of the eavesdropping device E itself, for example by estimating the Direction of Arrival between the distributed transmitting device and the receiving device D to design its own beamformer.

在图1所示的分布式安全通信系统中，每个发射端设备可以在第n时隙向所述接收端设备发送携带有第一人工噪声信号的第一信号，所述第一人工噪声信号用于干扰所述窃听端设备对第一信道方向信息的估计准确度；同时，所述窃听端设备也会监听到每个发射端设备发送给接收端设备的第一信号，并根据接收到的信号建立第一波束成型器；接收端设备接收到每个发射端设备发送的携带有第一人工噪声信号的第一信号之后，就可以根据第一信号向发射端设备发送携带有第二人工噪声信号的反馈信号，所述第二人工噪声信号用于干扰所述窃听端设备对第二信道方向信息的估计准确度，同时，所述窃听端设备也会监听到接收端设备发送给每个发射端设备的反馈信号，并根据反馈信号建立第二波束成型器；发射端设备接收到所述接收端设备针对多个所述第一信号返回的反馈信号之后，根据所述反馈信号，调整第(n+1)时隙向所述接收端设备发送第三人工噪声信号的发射权值，以使所述第三人工噪声信号在所述接收端设备的干扰功率最小，从而可以提高分布式安全通信系统的安全性。In the distributed secure communication system shown in FIG. 1, each transmitting end device may send a first signal carrying a first artificial noise signal to the receiving end device in an nth time slot, the first artificial The noise signal is used to interfere with the estimation accuracy of the first channel direction information by the eavesdropping device; at the same time, the eavesdropping device also monitors the first signal sent by each transmitting end device to the receiving end device, and according to the receiving The received signal establishes a first beamformer; after receiving the first signal carried by each transmitting device and carrying the first artificial noise signal, the receiving device can send the second signal to the transmitting device according to the first signal. a feedback signal of the artificial noise signal, the second artificial noise signal is used to interfere with the estimation accuracy of the second channel direction information by the eavesdropping device, and the eavesdropping device also monitors the receiving device to send to each a feedback signal of the transmitting device, and establishing a second beamformer according to the feedback signal; after receiving the feedback signal returned by the receiving device for the plurality of the first signals, the transmitting device adjusts according to the feedback signal Transmitting, by the (n+1)th time slot, a transmission weight of the third artificial noise signal to the receiving end device, so that the third artificial noise signal Interference power in the receiving terminal apparatus minimized, thereby improving the security of a distributed security communication system.

请参阅图2，图2是本发明实施例公开的一种分布式安全通信系统的安全性检测方法的流程示意图。其中，该分布式安全通信系统的安全性检测方法应用于分布式安全通信系统包括的窃听端设备，如图2所示，该分布式安全通信系统的安全性检测方法可以包括以下步骤：Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of a security detection method of a distributed secure communication system according to an embodiment of the present invention. The security detection method of the distributed secure communication system is applied to the eavesdropping device included in the distributed secure communication system. As shown in FIG. 2, the security detection method of the distributed secure communication system may include the following steps:

步骤201、窃听端设备监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号。Step 201: The eavesdropping device monitors the first signal sent by the multiple transmitting end devices to the receiving end device in the nth time slot.

所述第一信号包括第一人工噪声信号，其中，所述第n时隙为当前时隙，所述n为正整数；所述窃听端设备上安装有多个天线，所述多个天线用于接收所述第一信号或所述反馈信号。The first signal includes a first artificial noise signal, where the nth time slot is a current time slot, and the n is a positive integer; the eavesdropping device is equipped with multiple antennas, and the multiple antennas are used by the antenna Receiving the first signal or the feedback signal.

本发明实施例中，发射端设备在第n时隙向所述接收端设备发送携带有第一人工噪声信号的第一信号可以表示为：In the embodiment of the present invention, the transmitting, by the transmitting device, the first signal carrying the first artificial noise signal to the receiving device in the nth time slot may be expressed as:

其中，x_C[n]表示第n个时隙内发送的保密信息，每一个分布式发射端设备在每个时隙内发送的保密信息是相同的，

表示第i个分布式发射端设备发送保密信息的功率，

表示第i个分布式发射端设备发送的第一人造噪声信号，它服从均值为0，方差为1的高斯分布，

表示第i个发射端设备发送第一人造噪声

的功率。其中，所有分布式发射端设备在每一个时隙内发送保密信息x_C[n]的功率相同，发送第一人造噪声

的功率相同，且它们满足如下条件：Where x _C [n] represents the secret information transmitted in the nth time slot, and the secret information transmitted by each distributed transmitting end device in each time slot is the same.

Indicates the power of the i-th distributed transmitting device to send confidential information.

Representing the first artificial noise signal transmitted by the ith distributed transmitting device, which obeys a Gaussian distribution with a mean of 0 and a variance of 1.

Indicates that the i-th transmitting device sends the first artificial noise

Power. Wherein all distributed transmitting devices transmit the same secret power x _C [n] in each time slot, and transmit the first artificial noise

The power is the same, and they meet the following conditions:

其中P_T表示每一个分布式发射端设备发送保密信息x_C[n]与第一人造噪声ξ_S,i[n]功率之和的上限。

表示第i个分布式发射端设备发送第一人造噪声ξ_S,i[n]的发射权值。当对每一个分布式发射端设备的发射相位进行优化时，该发射权值可表示为

Where P _T represents the upper limit of the sum of the power of the secret information x _C [n] and the first artificial noise ξ _{S, i} [n] transmitted by each distributed transmitting device.

Indicates the transmission weight of the first artificial transmitting device 发送_S,i [n] transmitted by the i-th distributed transmitting device. When the transmit phase of each distributed transmitting device is optimized, the transmit weight can be expressed as

接收端设备在第n时隙接收多个所述发射端设备发送的第一信号，可以表示为Receiving, by the receiving end device, the first signal sent by the multiple transmitting end devices in the nth time slot, which can be expressed as

其中

表示合法接收端D上的加性高斯白噪声(Additive White Gaussian Noise)，

表示第i个分布式发射节点S_i与合法接收端D之间的未知相位，它服从[0,2π)间的均匀分布，

表示第i个发射节点S_i与合法接收端D之间第一阶段信道的相位响应。among them

Indicates Additive White Gaussian Noise on the legal receiver D.

Representing the unknown phase between the i-th distributed transmitting node S _i and the legal receiving end D, which obeys a uniform distribution between [0, 2π),

Indicates the phase response of the first phase channel between the i-th transmitting node S _i and the legal receiving end D.

接收端设备在第n时隙的信干噪比可表示为：The signal to interference and noise ratio of the receiving device in the nth time slot can be expressed as:

第n时隙发射端设备与接收端设备之间的接收容量R_D[n]可以表示为：The receiving capacity R _D [n] between the transmitting device and the receiving device in the nth time slot can be expressed as:

R_D[n]＝log₂(1+SINR_D[n])R _D [n]=log ₂ (1+SINR _D [n])

本发明实施例中，窃听端设备也在监听发射端设备发送给接收端设备的信号，当窃听端设备装备M根接收天线时，窃听端设备的接收向量可以表示为：In the embodiment of the present invention, the eavesdropping device is also monitored by the transmitting end device and sent to the receiving end device. Signal, when the eavesdropping device is equipped with M receiving antennas, the receiving vector of the eavesdropping device can be expressed as:

其中

表示第i个发射端设备S_i到窃听端设备E的到达角，

表示窃听端设备E上对应的天线导向矢量(Steering Vector)。类似于

和

的描述，

表示第i个发射端设备S_i与监听者E之间的未知相位，

表示第i个发射端设备S_i与窃听端设备E之间的相位响应。

是窃听端设备E上的接收噪声矢量，它服从分布ε_E1～CN(0,Φ_E1)，其中Φ_E1∈□^M×M是对角矩阵，主对线上的每一个元素代表窃听端设备E每一根接收天线上加性高斯白噪声的方差。among them

Representing the angle of arrival of the i-th transmitting device S _i to the eavesdropping device E,

Indicates the corresponding antenna steering vector (Steering Vector) on the eavesdropping device E. Similar to

with

description of,

Indicates the unknown phase between the ith transmitter device S _i and the listener E,

Indicates the phase response between the i-th transmitting device S _i and the eavesdropping device E.

Is the receiving noise vector on the eavesdropping device E, which obeys the distribution ε _E1 ～ CN(0, Φ _E1 ), where Φ _E1 ∈ □ ^{M × M} is a diagonal matrix, and each element on the main pair represents the eavesdropping device E The variance of the additive white Gaussian noise on each of the receiving antennas.

步骤202、窃听端设备根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR。Step 202: The eavesdropping device determines, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device.

本发明实施例中，窃听端设备E根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR可以表示为：In the embodiment of the present invention, the eavesdropping device E determines that the first signal to interference and noise ratio SINR of the eavesdropping device can be expressed as:

其中w₁∈□^M×1表示窃听端设备E上波束成型器的权值向量，w₁对应于

其中，

为窃听端设备上接收到的人工噪声信号的零陷角度，θ为固定值，

为对

的估计误差。Where w ₁ ∈ □ ^{M × 1} represents the weight vector of the beamformer on the eavesdropping device E, w ₁ corresponds to

among them,

In order to eavesdrop the angle of the artificial noise signal received on the end device, θ is a fixed value.

Right

Estimated error.

步骤203、窃听端设备根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量。Step 203: The eavesdropping device determines, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device.

窃听端设备E根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量可以表示为：The eavesdropping device E determines, according to the first SINR, that the first eavesdropping capacity of the nth time slot of the eavesdropping device can be expressed as:

R_E1＝log₂(1+SINR_E1) R _E1 =log ₂ (1+SINR _E1 )

其中，所述第一窃听容量取决于所述窃听端设备对所述发射端设备第n时隙发送所述第一人工噪声信号的零陷角度的估计误差，所述估计误差服从均值为0，方差为

的正态分布，其中，

SINR_E1为所述第一SINR，SINR_E2为所述窃听端设备第n时隙的第二SINR(具体参见图3中的相关描述)，k为常数，可选的，k可以根据具体波束成型算法确定。The first eavesdropping capacity depends on the estimation error of the eavesdropping device transmitting the null angle of the first artificial noise signal to the nth time slot of the transmitting end device, and the estimated error obeys a mean value of 0. Variance is

Normal distribution, where

SINR _E1 is the first SINR, SINR _E2 is the second SINR of the nth slot of the eavesdropping device (refer to the related description in FIG. 3), k is a constant, and optionally, k can be formed according to specific beamforming. The algorithm determines.

步骤204、窃听端设备根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量。Step 204: The eavesdropping device determines the security capacity of the receiving end device according to the first eavesdropping capacity and the acquired receiving capacity of the receiving end device.

本发明的实施例中，接收端设备在确定接收容量R_D[n]之后，接收端设备可以将接收容量发送给窃听端设备，这样窃听端设备就可以获取到所述接收端设备的接收容量，进而确定所述接收端设备的安全容量，接收端设备D上的安全容量R_S[n]可以表示为：In the embodiment of the present invention, after determining the receiving capacity R _D [n], the receiving device can send the receiving capacity to the eavesdropping device, so that the eavesdropping device can obtain the receiving capacity of the receiving device. And determining the security capacity of the receiving device, and the security capacity R _S [n] on the receiving device D can be expressed as:

R_S[n]＝[R_D[n]-R_E[n]]⁺ R _S [n]=[R _D [n]-R _E [n]] ⁺

其中，[x]⁺□max{0,x}，即保证接收端设备D上可实现的安全容量R_S≥0。Where [x] ⁺ □max{0, x}, that is, the safe capacity R _S ≥ 0 achievable on the receiving device D is guaranteed.

步骤205、窃听端设备根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。Step 205: The eavesdropping device detects the security of the distributed secure communication system according to the changing trend of the security capacity.

本发明的实施例中，窃听端设备可以将所述接收端设备第n时隙的安全容量与所述接收端设备第(n-1)时隙的安全容量进行比较，确定安全容量的变化趋势，该变化趋势可以包括提升或下降，进一步地，可以根据该变化趋势，对所述分布式安全通信系统的安全性进行检测，通常，若接收端设备的安全容量提升，则可以表明分布式安全通信系统的安全性升高，反之，若接收端设备的安全容量下降，则可以表明分布式安全通信系统的安全性降低。In an embodiment of the present invention, the eavesdropping device may compare the security capacity of the nth time slot of the receiving end device with the security capacity of the (n-1)th time slot of the receiving end device to determine a change trend of the security capacity. The change trend may include an increase or decrease. Further, the security of the distributed secure communication system may be detected according to the change trend. Generally, if the security capacity of the receiving end device is increased, the distributed security may be indicated. The security of the communication system is increased. Conversely, if the security capacity of the receiving device is decreased, it can be indicated that the security of the distributed secure communication system is reduced.

在图2所描述的方法中，窃听端设备可以监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号，所述第一信号包括第一人工噪声信号，其中，所述第n时隙为当前时隙，所述n为正整数；进一步地，窃听端设备可以根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR；并根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量；更进一步地，窃听端设备可以根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量，并根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。可见，实施本发明实施例，可以通过窃听端设备确定的接收端设备的安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。In the method described in FIG. 2, the eavesdropping device can monitor the first signal sent by the plurality of transmitting end devices to the receiving end device in the nth time slot, where the first signal includes a first artificial noise signal, where The nth time slot is a current time slot, and the n is a positive integer. Further, the eavesdropping device may determine, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device; Determining, by the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device; further, the eavesdropping device may be configured according to the first eavesdropping capacity and the obtained receiving end The receiving capacity of the device determines the security capacity of the receiving device, and detects the security of the distributed secure communication system according to the changing trend of the security capacity. It can be seen that, in the embodiment of the present invention, the security of the distributed secure communication system can be detected by the trend of the security capacity of the receiving end device determined by the eavesdropping device.

请参阅图3，图3是本发明实施例公开的另一种分布式安全通信系统的安全性检测方法的流程示意图；其中，该分布式安全通信系统的安全性检测方法应用于分布式安全通信系统包括的窃听端设备，如图3所示，该分布式安全通信系统的安全性检测方法可以包括以下步骤：Referring to FIG. 3, FIG. 3 is a schematic flowchart of a security detection method of another distributed secure communication system according to an embodiment of the present invention; wherein the security detection method of the distributed secure communication system is applied to distributed secure communication The eavesdropping device included in the system, as shown in FIG. 3, the security detecting method of the distributed secure communication system may include the following steps:

步骤301、窃听端设备监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号。Step 301: The eavesdropping device monitors the first signal sent by the multiple transmitting end devices to the receiving end device in the nth time slot.

步骤302、窃听端设备根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR。Step 302: The eavesdropping device determines, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device.

步骤303、窃听端设备根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量。Step 303: The eavesdropping device determines, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device.

步骤304、窃听端设备根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量。Step 304: The eavesdropping device determines the security capacity of the receiving end device according to the first eavesdropping capacity and the acquired receiving capacity of the receiving end device.

步骤305、窃听端设备根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。Step 305: The eavesdropping device detects the security of the distributed secure communication system according to the changing trend of the security capacity.

步骤306、窃听端设备根据所述第一信号，确定每个所述发射端设备到所述窃听端设备的第一到达角，以估计所述发射端设备到所述接收端设备的方向角度。Step 306: The eavesdropping device determines, according to the first signal, a first angle of arrival of each of the transmitting end devices to the eavesdropping device to estimate a direction angle of the transmitting end device to the receiving end device.

本发明实施例中，窃听端设备E还可以根据多天线得到

即第i个发射端设备S_i到窃听端设备E的到达角，然后可以根据这些到达角估计图1中的分布式发射端设备所在圆的圆心到接收端设备D的方向，即：In the embodiment of the present invention, the eavesdropping device E can also be obtained according to multiple antennas.

That is, the angle of arrival of the i-th transmitting device S _i to the eavesdropping device E, and then the direction from the center of the circle of the distributed transmitting device in FIG. 1 to the receiving device D can be estimated according to these angles of arrival, namely:

其中w_i由监听者E对每一个分布式发射节点发送的信息到合法接收端D的信噪比的估计来决定。Where w _{i is} determined by the estimate of the signal-to-noise ratio of the information transmitted by the listener E to each of the distributed transmitting nodes to the legitimate receiving end D.

步骤307、窃听端设备对所述第一信号建立第一波束成型器。Step 307: The eavesdropping device establishes a first beamformer for the first signal.

其中，窃听端设备E装备多天线时，可以根据零陷角度的方向对接收的第一信号y_E1建立波束成型器，且输出可以表示为：Wherein, when the eavesdropping device E is equipped with multiple antennas, the beamformer can be established according to the direction of the null angle to the received first signal y _E1 , and the output can be expressed as:

其中w₁∈□^M×1表示第一阶段监听者E上波束成型器的权值向量。Where w ₁ ∈ □ ^{M × 1} represents the weight vector of the beamformer on the first stage listener E.

步骤308、窃听端设备监听第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号。Step 308: The eavesdropping device monitors the feedback signal sent by the receiving end device to the plurality of the transmitting end devices in the nth time slot.

其中，接收端设备在第n时隙接收多个所述发射端设备发送的第一信号，可以表示为The receiving end device receives, in the nth time slot, a plurality of first signals sent by the transmitting end device, which may be represented as

其中

Indicates Additive White Gaussian Noise on the legal receiver D.

第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号可以表示为：The feedback signal sent by the receiving end device to the plurality of transmitting end devices in the nth time slot may be expressed as:

其中P_C2表示接收端设备D反馈单比特控制信息x_B[n]的发射功率，P_ξ2表示接收端设备D发射第二人工噪声信号ξ_D[n]的功率，ξ_D[n]～CN(0,1)。其中，接收端设备只需要反馈单比特控制信息，能够节省网络资源。Wherein P _C2 indicates that the receiving device D feeds back the transmission power of the single bit control information x _B [n], and P _{ξ 2} indicates that the receiving device D transmits the power of the second artificial noise signal ξ _D [n], ξ _D [n] ～ CN (0,1). The receiving end device only needs to feed back single-bit control information, which can save network resources.

窃听端设备监听第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号可以表示为： The feedback signal sent by the eavesdropping device to the nth time slot by the receiving end device to the plurality of the transmitting end devices may be expressed as:

其中q_DE表示监听者E接收合法接收端D反馈信号

时的到达角，

是监听者E上对应的天线导向矢量，γ_DE表示监听者E与合法接收端D之间未知的相位，它服从[0,2π)间的均匀分布，ψ_DE表示合法接收端D与监听者E之间在第二阶段的信道相位响应。

表示第二阶段监听者E上的接收噪声矢量，它服从分布ε_E2～CN(0,Φ_E2)，其中Φ_E2∈□^M×M是对角矩阵，主对线上的每一个元素代表监听者E每一根接收天线上加性高斯白噪声的方差。Where q _DE indicates that the listener E receives the legal receiver D feedback signal

Angle of arrival,

Is the corresponding antenna steering vector on the listener E, γ _DE represents the unknown phase between the listener E and the legal receiver D, it obeys a uniform distribution between [0, 2π), ψ _DE represents the legal receiver D and the listener Channel phase response between E in the second phase.

Represents the received noise vector on the second stage listener E, which obeys the distribution ε _E2 ～ CN(0, Φ _E2 ), where Φ _E2 ∈ □ ^{M × M} is a diagonal matrix, and each element on the main pair represents the listener The variance of the additive white Gaussian noise on each of the receiving antennas.

作为一种可选的实施方式，所述方法还可以包括以下步骤：As an optional implementation manner, the method may further include the following steps:

11)根据所述反馈信号，确定所述接收端设备到所述窃听端设备的第二到达角；11) determining, according to the feedback signal, a second angle of arrival of the receiving device to the eavesdropping device;

12)根据所述第一到达角以及所述第二到达角，确定所述发射端设备到所述接收端设备的第三到达角；12) determining, according to the first angle of arrival and the second angle of arrival, a third angle of arrival of the transmitting device to the receiving device;

13)根据所述第三到达角，调整所述窃听端设备的第一波束成型器的接收波束权值。13) adjusting a receive beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival.

在该可选的实施方式中，窃听端设备可以根据第一信号确定每个所述发射端设备到所述窃听端设备的第一到达角，窃听端设备还可以根据所述反馈信号，确定所述接收端设备到所述窃听端设备的第二到达角，进一步地，窃听端设备可以根据所述第一到达角以及所述第二到达角，确定所述发射端设备到所述接收端设备的第三到达角，以及根据所述第三到达角，调整所述窃听端设备的第一波束成型器的接收波束权值，这样，窃听端设备就可以将窃听端设备的第一波束成型器的接收波束对准发射端设备到所述接收端设备的方向，这样可以增大窃听端设备的窃听容量，从而使得对分布式安全通信系统的安全性的检测更有效。In this optional implementation, the eavesdropping device may determine a first angle of arrival of each of the transmitting end devices to the eavesdropping device according to the first signal, and the eavesdropping device may further determine, according to the feedback signal, The second angle of arrival of the receiving device to the eavesdropping device, further, the eavesdropping device may determine the transmitting device to the receiving device according to the first angle of arrival and the second angle of arrival a third angle of arrival, and adjusting a receive beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival, such that the eavesdropping device can use the first beamformer of the eavesdropping device The receiving beam is aligned with the direction of the transmitting end device to the receiving end device, so that the eavesdropping capacity of the eavesdropping device can be increased, thereby making the distributed secure communication system The detection of security is more effective.

步骤309、窃听端设备对所述反馈信号建立第二波束成型器。Step 309: The eavesdropping device establishes a second beamformer on the feedback signal.

其中，窃听端设备E可以对接收到的反馈信号y_E2建立第二波束成型器，且输出可以表示为：The eavesdropping device E can establish a second beamformer on the received feedback signal y _E2 , and the output can be expressed as:

其中w₂∈□^M×1代表第二阶段监听者E上的权值向量。Where w ₂ ∈ □ ^{M × 1} represents the weight vector on the second stage listener E.

步骤310、窃听端设备根据所述反馈信号，确定所述窃听端设备的第二SINR。Step 310: The eavesdropping device determines a second SINR of the eavesdropping device according to the feedback signal.

其中，窃听端设备根据所述反馈信号，确定所述窃听端设备的第二SINR可以表示为：The eavesdropping device determines, according to the feedback signal, that the second SINR of the eavesdropping device can be expressed as:

请一并参见图4、图5及图6，其中，图4是本发明实施例公开的一种人工噪声信号在不同估计误差下的收敛示意图；图5是本发明实施例公开的一种分布式安全通信系统的安全容量的收敛示意图；图6是本发明实施例公开的另一种分布式安全通信系统的安全容量的收敛示意图。如图4及图5所示，窃听端设备接收到的人工噪声信号的接收信号强度(Received Signal Strength，RSS)在不同估计误差下的收敛情况不同，所述窃听端设备对所述发射端设备第n时隙发送所述第一人工噪声信号的零陷角度的估计误差不同时，分布式安全通信系统的安全容量不同，估计误差越大，RSS越大，越容易干扰窃听端设备对信道方向信息的估计准确度，分布式安全通信系统的安全容量越大，即分布式安全通信系统的安全性就越高。如图6所示，窃听端设备上安装的天线的数量不同，分布式安全通信系统的安全容量不同，安装的天线越多，分布式安全通信系统的安全容量越低，即分布式安全通信系统的安全性就越低，反之，安装的天线越少，分布式安全通信系统的安全容量越高，即分布式安全通信系统的安全性就越高。Referring to FIG. 4, FIG. 5 and FIG. 6, FIG. 4 is a schematic diagram of convergence of an artificial noise signal under different estimation errors according to an embodiment of the present invention; FIG. 5 is a distribution disclosed in an embodiment of the present invention; A schematic diagram of the convergence of the security capacity of the secure communication system; FIG. 6 is a schematic diagram of the convergence of the security capacity of another distributed secure communication system disclosed in the embodiment of the present invention. As shown in FIG. 4 and FIG. 5, the received signal strength (RSS) of the artificial noise signal received by the eavesdropping device is different under different estimation errors, and the eavesdropping device is configured to the transmitting device. When the estimation error of the null angle of the first artificial noise signal is different in the nth time slot, the safety capacity of the distributed safety communication system is different, and the larger the estimation error is, the larger the RSS is, and the easier it is to interfere with the channel direction of the eavesdropping device. The accuracy of the estimation of the information, the greater the security capacity of the distributed secure communication system, that is, the higher the security of the distributed secure communication system. As shown in Figure 6, the number of antennas installed on the eavesdropping device is different, the security capacity of the distributed secure communication system is different, and the more installed antennas, the lower the security capacity of the distributed secure communication system, that is, the distributed secure communication system. The lower the security, the fewer the installed antennas, the higher the security capacity of the distributed secure communication system, ie the higher the security of the distributed secure communication system.

在图3所描述的方法中，窃听端设备可以根据所述第一信号，确定每个所述发射端设备到所述窃听端设备的第一到达角，并对所述第一信号建立第一波束成型器，此外，窃听端设备还可以根据监听到的第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号，确定所述窃听端设备的第二SINR；并对所述反馈信号建立第二波束成型器。In the method described in FIG. 3, the eavesdropping device can determine each according to the first signal Transmitting the device to the first angle of arrival of the eavesdropping device, and establishing a first beamformer for the first signal, and further, the eavesdropping device may further receive the receiving end according to the monitored nth slot Determining, by the device, a feedback signal sent by the plurality of the transmitting end devices, determining a second SINR of the eavesdropping device; and establishing a second beamformer for the feedback signal.

请参阅图7，图7是本发明实施例公开的一种安全性检测装置的结构示意图。其中，图7所描述的安全性检测装置可以用于执行图2或图3所描述的分布式安全通信系统的安全性检测方法中的部分或全部步骤，具体请参见图2或图3中的相关描述，在此不再赘述。如图7所示，该安全性检测装置可以包括：Please refer to FIG. 7. FIG. 7 is a schematic structural diagram of a security detecting apparatus according to an embodiment of the present invention. The security detection device described in FIG. 7 may be used to perform some or all of the steps in the security detection method of the distributed secure communication system described in FIG. 2 or FIG. 3 . For details, refer to FIG. 2 or FIG. 3 . Related descriptions are not described here. As shown in FIG. 7, the security detecting apparatus may include:

监听单元701，用于监听第n时隙多个所述发射端设备向所述接收端设备发送的第一信号，所述第一信号包括第一人工噪声信号，其中，所述第n时隙为当前时隙，所述n为正整数；The monitoring unit 701 is configured to monitor, by the nth time slot, a first signal sent by the multiple transmitting end devices to the receiving end device, where the first signal includes a first artificial noise signal, where the nth time slot For the current time slot, the n is a positive integer;

确定单元702，用于根据所述第一信号，确定所述窃听端设备的第一信干噪比SINR；The determining unit 702 is configured to determine, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device;

所述确定单元702，还用于根据所述第一SINR，确定所述窃听端设备第n时隙的第一窃听容量；The determining unit 702 is further configured to determine, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device;

所述确定单元702，还用于根据所述第一窃听容量以及获取的所述接收端设备的接收容量，确定所述接收端设备的安全容量；The determining unit 702 is further configured to determine, according to the first eavesdropping capacity and the acquired receiving capacity of the receiving end device, a security capacity of the receiving end device;

检测单元703，用于根据所述安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。The detecting unit 703 is configured to detect the security of the distributed secure communication system according to the change trend of the security capacity.

其中，实施图7所描述的安全性检测装置，能够可以通过窃听端设备确定的所述接收端设备的安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。The security detecting apparatus described in FIG. 7 can implement the security of the distributed secure communication system by detecting the change trend of the security capacity of the receiving end device determined by the eavesdropping device.

请参阅图8，图8是本发明实施例公开的另一种安全性检测装置的结构示意图。其中，图8所描述的安全性检测装置可以用于执行图2或图3所描述的分布式安全通信系统的安全性检测方法中的部分或全部步骤，具体请参见图2或图3中的相关描述，在此不再赘述。其中，图8所描述的安全性检测装置是在图7所描述的安全性检测装置的基础上进一步优化得到的，与图7所描述的安全性检测装置相比，Please refer to FIG. 8. FIG. 8 is a schematic structural diagram of another security detecting apparatus according to an embodiment of the present invention. The security detecting apparatus described in FIG. 8 may be used to perform some or all of the steps in the security detecting method of the distributed secure communication system described in FIG. 2 or FIG. Referring to the related description in FIG. 2 or FIG. 3, details are not described herein again. Wherein, the security detecting device described in FIG. 8 is further optimized based on the security detecting device described in FIG. 7, compared with the security detecting device described in FIG.

所述确定单元702，还用于根据所述第一信号，确定每个所述发射端设备到所述窃听端设备的第一到达角，以估计所述发射端设备到所述接收端设备的方向角度；The determining unit 702 is further configured to determine, according to the first signal, a first angle of arrival of each of the transmitting end devices to the eavesdropping device, to estimate the transmitting end device to the receiving end device Direction angle

图8所描述的所述安全性检测装置还包括：The security detecting apparatus described in FIG. 8 further includes:

建立单元704，用于对所述第一信号建立第一波束成型器。The establishing unit 704 is configured to establish a first beamformer for the first signal.

所述监听单元701，还用于监听第n时隙所述接收端设备向多个所述发射端设备发送的反馈信号；The monitoring unit 701 is further configured to monitor a feedback signal sent by the receiving end device to the plurality of the transmitting end devices in the nth time slot;

所述建立单元704，还用于对所述反馈信号建立第二波束成型器；The establishing unit 704 is further configured to establish a second beamformer for the feedback signal;

所述确定单元702，还用于根据所述反馈信号，确定所述窃听端设备的第二SINR。The determining unit 702 is further configured to determine, according to the feedback signal, a second SINR of the eavesdropping device.

可选的，所述确定单元702，还用于根据所述反馈信号，确定所述接收端设备到所述窃听端设备的第二到达角；Optionally, the determining unit 702 is further configured to determine, according to the feedback signal, a second angle of arrival of the receiving device to the eavesdropping device;

所述确定单元702，还用于根据所述第一到达角以及所述第二到达角，确定所述发射端设备到所述接收端设备的第三到达角；The determining unit 702 is further configured to determine, according to the first angle of arrival and the second angle of arrival, a third angle of arrival of the transmitting end device to the receiving end device;

调整单元705，用于根据所述第三到达角，调整所述窃听端设备的第一波束成型器的接收波束权值。The adjusting unit 705 is configured to adjust a receive beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival.

的正态分布，其中，

SINR_E1为所述第一SINR，SINR_E2为所述第二SINR，k为常数。The first eavesdropping capacity depends on the estimation error of the eavesdropping device transmitting the null angle of the first artificial noise signal to the nth time slot of the transmitting end device, and the estimated error obeys a mean value of 0. Variance is

Normal distribution, where

SINR _E1 is the first SINR, SINR _E2 is the second SINR, and k is a constant.

其中，所述窃听端设备上安装有多个天线，所述多个天线用于接收所述第一信号或所述反馈信号。The antenna is installed on the eavesdropping device, and the plurality of antennas are configured to receive the first signal or the feedback signal.

其中，实施图8所描述的安全性检测装置，能够可以通过窃听端设备确定的所述接收端设备的安全容量的变化趋势，对所述分布式安全通信系统的安全性进行检测。Wherein, the security detecting apparatus described in FIG. 8 can implement the change trend of the security capacity of the receiving end device determined by the eavesdropping end device, and the distributed secure communication system Security is tested.

在上述实施例中，对各个实施例的描述都各有侧重，某个实施例中没有详述的部分，可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the details that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.

在本申请所提供的几个实施例中，应该理解到，所揭露的装置，可通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如所述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性或其它的形式。In the several embodiments provided herein, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical or otherwise.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

另外，在本发明各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现，也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储器中。基于这样的理解，本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储器中，包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储器包括：U盘、只读存储器(ROM，Read-Only Memory)、随机存取存储器(RAM，Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present invention may contribute to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a memory. A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing memory includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like, which can store program codes.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成，该程序可以存储于一计算机可读存储器中，存储器可以包括：闪存盘、只读存储器(英文：Read-Only Memory，简称：ROM)、随机存取器(英文：Random Access Memory，简称：RAM)、磁盘或光盘等。One of ordinary skill in the art can understand all or part of the various methods of the above embodiments. The program can be completed by a program to instruct the related hardware, the program can be stored in a computer readable memory, the memory can include: a flash disk, a read-only memory (English: Read-Only Memory, abbreviation: ROM), random memory Take (English: Random Access Memory, referred to as: RAM), disk or CD.

以上对本发明实施例公开的一种分布式安全通信系统的安全性检测方法及装置进行了详细介绍，本文中应用了具体个例对本发明的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法及其核心思想；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本发明的限制。 The method and device for detecting security of a distributed secure communication system disclosed in the embodiments of the present invention are described in detail. The principles and implementation manners of the present invention are described in the specific examples. The description of the above embodiments is only The method for understanding the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in specific embodiments and application scopes. The description should not be construed as limiting the invention.

Claims

A security detection method for a distributed secure communication system is characterized in that it is applied to a eavesdropping device included in a distributed secure communication system, and the distributed secure beamforming system further includes a plurality of transmitting end devices and receiving end devices. The method includes:

Listening to the first signal sent by the multiple transmitting end devices to the receiving end device in the nth time slot, where the first signal includes a first artificial noise signal, where the nth time slot is a current time slot, Said n is a positive integer;

Determining, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device;

Determining, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device;

Determining a security capacity of the receiving end device according to the first eavesdropping capacity and the received receiving capacity of the receiving end device;

The security of the distributed secure communication system is detected according to the changing trend of the security capacity.

The method of claim 1 further comprising:

Determining, according to the first signal, a first angle of arrival of each of the transmitting end devices to the eavesdropping device to estimate a direction angle of the transmitting end device to the receiving end device;

A first beamformer is established for the first signal.

The method of claim 2, wherein the method further comprises:

Monitoring a feedback signal sent by the receiving end device to the plurality of the transmitting end devices in the nth time slot;

Establishing a second beamformer for the feedback signal;

Determining, according to the feedback signal, a second SINR of the eavesdropping device.

The method of claim 3, wherein the method further comprises:

Determining, according to the feedback signal, a second angle of arrival of the receiving device to the eavesdropping device;

Determining, according to the first angle of arrival and the second angle of arrival, a third angle of arrival of the transmitting device to the receiving device;

And adjusting a receive beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival.

The method according to claim 3, wherein the first eavesdropping capacity is determined by an estimation of a nulling angle of the first artificial noise signal sent by the eavesdropping device to the nth time slot of the transmitting end device. Error, the estimated error obeys a mean of 0, and the variance is

Normal distribution, where

SINR _E1 is the first SINR, SINR _E2 is the second SINR, and k is a constant.

The method according to any one of claims 1 to 5, wherein a plurality of antennas are mounted on the eavesdropping device, and the plurality of antennas are configured to receive the first signal or the feedback signal.

A security detecting device, characterized in that the eavesdropping device included in the distributed secure communication system comprises:

a monitoring unit, configured to monitor a first signal sent by the multiple transmitting end devices to the receiving end device in an nth time slot, where the first signal includes a first artificial noise signal, where the nth time slot is The current time slot, the n is a positive integer;

a determining unit, configured to determine, according to the first signal, a first signal to interference and noise ratio SINR of the eavesdropping device;

The determining unit is further configured to determine, according to the first SINR, a first eavesdropping capacity of the nth time slot of the eavesdropping device;

The determining unit is further configured to determine a security capacity of the receiving end device according to the first eavesdropping capacity and the received receiving capacity of the receiving end device;

And a detecting unit, configured to detect the security of the distributed secure communication system according to the changing trend of the security capacity.

The security detecting apparatus according to claim 7, wherein the determining unit is further configured to determine, according to the first signal, a first angle of arrival of each of the transmitting end devices to the eavesdropping device, Estimating a direction angle of the transmitting end device to the receiving end device;

The security detecting device further includes:

And a establishing unit, configured to establish a first beamformer for the first signal.

The security detecting apparatus according to claim 8, wherein the monitoring unit is further configured to monitor a feedback signal sent by the receiving end device to the plurality of transmitting end devices in the nth time slot;

The establishing unit is further configured to establish a second beamformer for the feedback signal;

The determining unit is further configured to determine, according to the feedback signal, a second SINR of the eavesdropping device.

The security detecting apparatus according to claim 9, wherein the determining unit is further configured to determine, according to the feedback signal, a second angle of arrival of the receiving device to the eavesdropping device;

The determining unit is further configured to determine, according to the first angle of arrival and the second angle of arrival, a third angle of arrival of the transmitting device to the receiving device;

The security detecting device further includes:

And an adjusting unit, configured to adjust a received beam weight of the first beamformer of the eavesdropping device according to the third angle of arrival.