CN109218018B - Identity-based unmanned aerial vehicle key management and networking authentication system and method - Google Patents
Identity-based unmanned aerial vehicle key management and networking authentication system and method Download PDFInfo
- Publication number
- CN109218018B CN109218018B CN201811076889.6A CN201811076889A CN109218018B CN 109218018 B CN109218018 B CN 109218018B CN 201811076889 A CN201811076889 A CN 201811076889A CN 109218018 B CN109218018 B CN 109218018B
- Authority
- CN
- China
- Prior art keywords
- authentication
- key
- unmanned aerial
- uav
- uav node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention belongs to the technical field of devices for checking the identity or the credential of a system user, and discloses an identity-based unmanned aerial vehicle key management and networking authentication system and method, wherein a ground authentication server is responsible for generating and distributing system parameters, identity information and keys required by unmanned aerial vehicles for key management and networking authentication; the unmanned aerial vehicle authentication client is the main body of the system; through mutual cooperation, a key pair used for networking authentication of the unmanned aerial vehicles can be generated in a distributed mode, and identity authentication and key agreement between the unmanned aerial vehicles are achieved through the key pair. The invention improves the problem of unequal node calculation in unmanned aerial vehicle network key management in the prior art, enhances the reliability of the system and realizes unmanned aerial vehicle self-organized key management; bidirectional authentication is realized among unmanned aerial vehicle nodes, and credibility and authenticity of both communication parties are ensured; the method is realized by using the identity public key and the bilinear pair, so that the calculation cost is low, and the realization efficiency is improved.
Description
Technical Field
The invention belongs to the technical field of devices for checking the identity or the credential of a system user, and particularly relates to an unmanned aerial vehicle key management and networking authentication system and method based on the identity.
Background
Currently, the current state of the art commonly used in the industry is such that: the unmanned aerial vehicle as one member of modern aerial military force has the advantages of no casualties, less use limitation, good concealment and the like, and occupies an increasingly important position in modern war. The countermeasure research aiming at the unmanned aerial vehicle becomes the key point of the research of all military and strong countries at present. Under the trend that the complexity and the communication antagonism of the electromagnetic environment are continuously improved, the problems of deception, interference, eavesdropping and the like of an attacker, which are faced by the unmanned aerial vehicle in the information transmission process, become more serious. The cryptographic technology can meet security requirements such as confidentiality, authentication, integrity and non-repudiation in the unmanned aerial vehicle network, and provides a secure communication link of the unmanned aerial vehicle. One of the cores of the cryptosystem is the premise and key for realizing the network security target of the unmanned aerial vehicle. The unmanned aerial vehicle network lacks infrastructure to unmanned aerial vehicle's relative velocity of movement is fast, leads to the topological structure of unmanned aerial vehicle network to change frequently, and the key management means in traditional wired network can't multiplex, and the key management in the unmanned aerial vehicle network must be accomplished by network terminal self-organization. In addition, the unmanned aerial vehicle has limited calculation and storage capacities, a wireless link is unstable, a complex cryptographic algorithm cannot be deployed due to large resource consumption and long response time, and the problems of calculation overhead and communication overhead need to be considered in a key management scheme. For the key management problem in the drone network, some solutions are proposed, among which: the prior art discloses a distributed unmanned aerial vehicle authentication and key agreement method based on a trusted platform in a distributed unmanned aerial vehicle environment, which realizes authentication between early warning machine service nodes through a hash chain of measurement information of an early warning machine platform and realizes key agreement between the early warning machine service nodes and the unmanned aerial vehicle through key exchange and message verification. However, the early warning engine as a service node limits the flexibility of the drone networking, and if a plurality of nodes providing services need to exist in the drone, the feasibility of key management is inevitably seriously affected due to the constraint of the service node. Therefore, in order to ensure the safety and high efficiency of unmanned aerial vehicle networking, the key management scheme needs equal calculation of nodes in the network. In the second prior art, "a mobile ad hoc network threshold secret distribution method" (application No. CN200910219160.4 application publication No. CN102223629A), a mobile ad hoc network threshold key distribution method is disclosed, which is based on multiple identity signcryption algorithms and uses a threshold mechanism to realize service node joint key distribution. The defects of the invention are as follows: firstly, the strong mobility of the unmanned aerial vehicle is not considered, and it is feasible that the moving unmanned aerial vehicle finds a plurality of one-hop neighbor service nodes: secondly, the process of distributing keys by serial execution among service nodes causes synchronization problems and generates high communication delay.
In summary, the problems of the prior art are as follows:
(1) in the prior art, a network has service nodes providing a trusted platform, the calculation between a common unmanned aerial vehicle node and the service nodes is unequal, the service nodes bear main calculation tasks, but the topological structure of the unmanned aerial vehicle network changes frequently, and the service nodes cannot provide effective services.
(2) In the prior art, the process of serially executing the key distribution between the two service nodes can cause synchronization problems, and high communication delay can be generated, so that the method is not suitable for being deployed in an unmanned aerial vehicle network.
The difficulty and significance for solving the technical problems are as follows:
the unmanned aerial vehicle network lacks infrastructure, and the topological structure changes frequently, and the key management suitable for the unmanned aerial vehicle network must be accomplished by unmanned aerial vehicle self-organization, and unmanned aerial vehicle in the network need calculate equally, cooperates with the distributed key management service that provides of cooperation. In addition, the computing power of the drone is limited, the wireless link is unstable, and the communication overhead and the computing overhead generated by the key management scheme need to be within the tolerance range of the drone.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an unmanned aerial vehicle key management and networking authentication system and method based on identity.
For convenience of description, the key used in the present invention and its functions will be described:
master key: the master key, denoted k, generated by the system is used to generate the subkey.
And (3) sub-key: and according to a threshold scheme, generating a main key based on the system, and recording a sub-key of the UAV node vi as ki for generating a key encryption key pair.
Key encryption key pair: generated by the system and distributed to unmanned aerial vehicles, UAV nodes viIs a key encryption public keyThe secret key encryption private key is marked as siThe method is used for identity authentication and private key share generation when the unmanned aerial vehicle joins a network or an authentication key pair is updated.
Private key share: UAV node v generated when UAV joins network or authentication key pair is updatediThe generated private key share is marked as XiAnd the method is used for recovering the authentication private key of the network-accessing unmanned aerial vehicle.
Authentication key pair: UAV node v generated after joining the networkiIs marked as PIDiAnd the authentication private key is marked as diAnd the network authentication module is used for carrying out networking authentication with other unmanned aerial vehicles in the network.
Communication key pair: generated during networking authentication of unmanned aerial vehicle, UAV node viIs denoted as PipubAnd the communication private key is marked as dipriFor use in and in networksAnd performing key agreement on other unmanned aerial vehicles to generate a session key.
The invention is realized in this way, a unmanned aerial vehicle key management and network deployment authentication method based on identity, the unmanned aerial vehicle key management and network deployment authentication method based on identity includes: initializing a key management and networking authentication system, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication by a ground authentication server; the unmanned aerial vehicle authentication client generates an authentication public key based on identity, and submits a key generation request to a UAV node in an unmanned aerial vehicle network; the unmanned aerial vehicle authentication client calculates to obtain private key shares according to the effective signcryption information, and recovers the authentication private key according to a threshold scheme after t effective private key shares are collected; an unmanned aerial vehicle authentication client in the unmanned aerial vehicle network performs identity authentication on the UAV node requesting key generation, and provides private key share generation service after authentication is passed; the unmanned aerial vehicle authentication client uses the authentication key to perform networking authentication on the UAV node in the unmanned aerial vehicle network, and negotiates a session key.
Further, the identity-based unmanned aerial vehicle key management and networking authentication method comprises the following steps:
firstly, selecting a cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
secondly, the unmanned aerial vehicle generates an authentication key pair, and the authentication key pair is executed when the UAV node joins the network in the process of executing the mission by the UAV or when the UAV node updates the authentication key pair;
thirdly, networking authentication between the unmanned aerial vehicles is executed after the UAV nodes are added into the unmanned aerial vehicle network, and networking authentication is carried out on the UAV nodes and other UAV nodes in the unmanned aerial vehicle network by using an authentication key;
and fourthly, the unmanned aerial vehicle updates the authentication key pair.
Further, the first step specifically includes:
selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
(1) ground authentication server generation using BDH parametersThe algorithm generates a prime q, two cyclic groups G of order q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1(ii) a Selecting a hash functionH2:G2→{0,1}m;
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group EγAnd (a, b) generating element G (x, y), wherein the order delta of G is a large prime number. Selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKSelecting a hash function H on an integer field;
(3) the number of the unmanned aerial vehicles is n, the ground control server sets a threshold value t, and the unmanned aerial vehicles are in a limited domain ZpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code and the serial number of the communication modulei;
(5) The ground authentication server selects a time interval delta T and a key updating time interval delta T which meet the message freshness requirement according to specific safety requirements;
step two, before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits a system initialization application to a ground authentication server;
step three, after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,E,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all drones, and identity information.
Further, the second step specifically includes:
the method comprises the following steps: UAV node viGenerating request information and sending a key generation request; UAV node viObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset IDiUAV node viComputing authentication public key PIDi,And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi. After the calculation is completed, viWill SigireqSending to a UAV node in the drone network along with a key generation request;
step two: UAV node vjFor SigireqJudging the effectiveness of the test result; after receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset identity information IDiUAV node vjCalculate P of the nodeIDi,Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public keyThe validity of the signature is determined, and the equation is verified:
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step three: UAV node vjGenerating and returning a signcryption message;
based on received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi;
Step four: UAV node viFor SignCryptjresJudging the effectiveness of the test result;
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public keyAnd the calculated SigireqThe validity of the message is determined, and the equation is verified:
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step five: UAV node viCalculating UAV node vjA private key share of;
based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjRecording the number j and then storing;
step six: UAV node viRecovering the authentication private key;
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei,Wherein lθ(z) is the Lagrange interpolation formula,zθ,zjis the node number.
Further, the third step specifically includes:
the method comprises the following steps: UAV node viTo UAV node vjInitiating an authentication request;
(1a) generating a communication key pair;
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG. UAV node viGenerating a large random number ri,Calculating RANDij+1 and store;
(1b) encrypting the authentication parameters;
obtaining the current time T by an airborne clockiAnd time parameterBased on the acquisitionAnd a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj,Based on acquired TiCalculated PIDjAnd generated ri、RANDijUAV node viThe ciphertext C is calculated and is,wherein g isij=e(di,PIDj)∈G2;
(1c) Signing the authentication parameters;
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0. After signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj;
Step two: UAV node vjJudging the freshness and the validity of the authentication request;
(2a) decrypting to obtain an authentication parameter;
after receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti:
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, continuing to perform the step (2c), otherwise, releasing the connection if the authentication fails;
(2c) validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'). And (3) calculating:
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released;
step three: UAV node vjEncrypting and returning authentication parameters;
(3a) generating a communication key pair and a session key;
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG. Based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji);
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj. Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand,After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei;
Step four: UAV node viJudging the freshness and the validity of the returned authentication parameters;
(4a) decrypting to obtain an authentication parameter;
based on d generated in (3a)ipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij). Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj,
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TjSatisfy T-TjIf the request meets the freshness requirement, continuing to perform the step (4c), otherwise, releasing the connection if the authentication fails;
(4c) validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not; if the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails.
Further, the fourth step specifically includes: UAV node viIs generated in relation to time, at the current time t (of the system) oftβ≤t≤tβ+1) At the moment of time, the time of day,UAV node viCalculate its public key PIDi,UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
Another object of the present invention is to provide an identity-based key management and networking authentication system for an unmanned aerial vehicle, which implements the identity-based key management and networking authentication method for the unmanned aerial vehicle, the identity-based key management and networking authentication system comprising:
the ground authentication server is used for finishing the initialization of key management and networking authentication systems, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication;
the unmanned aerial vehicle authentication client is used for generating an authentication public key based on identity and submitting a key generation request to a UAV node in an unmanned aerial vehicle network; calculating to obtain private key shares according to the effective signcryption information, and recovering the authentication private key according to a threshold scheme after t effective private key shares are collected; identity authentication is carried out on UAV nodes added into the network, and private key share generation service is provided after authentication is passed; and carrying out networking authentication on the UAV node in the unmanned aerial vehicle network by using the authentication key, and negotiating a session key.
Further, the ground authentication server includes:
the system initialization module is used for completing the initialization of the key management and networking authentication system, namely transmitting the system parameters generated by the system parameter generation module, the identity information generated by the identity information generation module, the key encryption public keys of all the unmanned aerial vehicles generated by the key generation module and the key encryption private keys of the specific unmanned aerial vehicles to the key management and networking authentication system of the unmanned aerial vehicles;
the system parameter generation module is used for generating initialization parameters of a cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system, selecting a proper hash function and a symmetric cryptographic algorithm, setting a time interval for updating a secret key and a time interval for meeting the message freshness requirement according to different safety requirements, counting the number n of unmanned aerial vehicle nodes in the system, and setting a corresponding threshold value t;
the identity information generation module is used for generating the required identity information for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the like;
and the key generation module is used for generating a system master key, generating sub keys for all unmanned aerial vehicles in the system based on the master key and the initialization parameters of the cryptographic algorithm, and finally generating a key encryption key pair based on the sub keys.
Further, the unmanned aerial vehicle authentication client includes:
the system initialization module is used for completing key management on the unmanned aerial vehicle and initialization of a networking authentication system, namely acquiring system parameters and identity information required by the unmanned aerial vehicle for key management and networking authentication, and key encryption public keys of all the unmanned aerial vehicles and key encryption private keys of the unmanned aerial vehicles from a ground authentication server;
the key management module comprises three sub-modules: a request information generating sub-module, a key processing sub-module and an authentication sub-module. The request information generation submodule is used for generating an authentication parameter for requesting the generation of a secret key according to the identity information distributed by the system and the generated authentication public key; the key processing submodule is used for collecting private key shares and recovering the authentication private key after t effective private key shares are collected; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid;
the identity authentication module comprises two sub-modules: authentication submodule and private key share generation submodule. The authentication submodule is used for interacting authentication parameters with an unmanned aerial vehicle authentication client terminal generated by a request key, analyzing the authentication parameters and checking whether the received authentication parameters are valid; the private key share generation submodule is used for generating a private key share for the unmanned aerial vehicle authentication client side which requests key generation according to the received authentication parameters and signing and encrypting the private key share;
the networking authentication module comprises four sub-modules: the key pair generation sub-module, the data processing sub-module, the authentication sub-module and the key negotiation sub-module. The key pair generation submodule is used for generating a communication key pair for carrying out key agreement with other unmanned aerial vehicle authentication clients; the data processing submodule is used for generating parameters for identity authentication with other unmanned aerial vehicle authentication clients; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the key negotiation submodule is used for carrying out key negotiation with other unmanned aerial vehicle authentication clients to generate a session key.
The invention also aims to provide the unmanned aerial vehicle applying the identity-based unmanned aerial vehicle key management and networking authentication method.
In summary, the advantages and positive effects of the invention are: the invention uses the threshold technology to realize the distributed generation of the authentication key pair by the nodes in the unmanned aerial vehicle network, improves the problem of unequal unmanned aerial vehicle calculation in the network caused by the existence of service nodes required by unmanned aerial vehicle network key management in the prior art, realizes unmanned aerial vehicle self-organized key management, and compared with the prior art, the invention utilizes the characteristic of strong mobility of the unmanned aerial vehicle, distributes private key shares in parallel, does not have the synchronization problem and the problem of higher communication delay caused by the serial execution of the key distribution process, enhances the reliability of key management, and provides a safety foundation for the networking authentication of the unmanned aerial vehicle.
The invention realizes bidirectional identity authentication between unmanned nodes, and the UAV node v is used for networking authentication when the unmanned aerial vehicle carries out networking authenticationjBy verification of the signature (RAND'ijValidation of r ', s') to UAV node viThe identity authentication of (2); UAV node viBy determining the RAND of the local storeij+1 and the RAND ″, obtained by decryptionij+1 equal or not to UAV node vjThe identity authentication of (1). Double isThe identity authentication mechanism can resist network attacks such as impersonation and tampering in the networking process of the unmanned aerial vehicle, and the safe and orderly networking of the unmanned aerial vehicle is ensured.
The unmanned aerial vehicle key management and networking authentication method has less calculation overhead, and the unmanned aerial vehicle key management and networking authentication method is realized by using an identity public key and a bilinear pair based on an elliptic curve cryptosystem; under the condition of keeping equal safety, compared with the existing asymmetric key management scheme based on the discrete logarithm problem on the finite field, the method has the advantages of less calculation overhead and improved realization efficiency.
Drawings
Fig. 1 is a schematic structural diagram of an identity-based unmanned aerial vehicle key management and networking authentication system provided in an embodiment of the present invention;
in the figure: 1. a ground authentication server; 2. unmanned aerial vehicle authentication client.
Fig. 2 is a flowchart of an identity-based key management and networking authentication method for an unmanned aerial vehicle according to an embodiment of the present invention.
Fig. 3 is a flowchart of an implementation of the identity-based key management and networking authentication method for the unmanned aerial vehicle according to the embodiment of the present invention.
Fig. 4 is a flowchart of a drone generating an authentication key pair according to an embodiment of the present invention.
Fig. 5 is a flowchart of networking authentication between drones according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problem that service nodes are required to exist in key management of an unmanned aerial vehicle network in the prior art, and the calculation between common unmanned aerial vehicle nodes and the service nodes is not equal; the problem of synchronization and higher communication delay can be caused by the serial execution of the key distribution process among the service nodes; the invention provides an identity-based unmanned aerial vehicle key management and networking authentication system and method, which can enable nodes in an unmanned aerial vehicle network to generate key pairs for networking authentication in a distributed manner under the condition of no trusted third party, realize networking authentication among the nodes and establish a safe communication link.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, an identity-based unmanned aerial vehicle key management and networking authentication system provided in an embodiment of the present invention includes: ground authentication server 1, unmanned aerial vehicle authentication client 2.
And the ground authentication server 1 is used for finishing the initialization of the key management and networking authentication system, namely generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication.
An Unmanned Aerial Vehicle (UAV) authentication client 2 for generating an authentication public key based on identity and submitting a key generation request to a UAV node in an UAV network; calculating to obtain private key shares according to the effective signcryption information, and recovering the authentication private key according to a threshold scheme after t effective private key shares are collected; the identity authentication method is used for carrying out identity authentication on the UAV node added into the network and providing private key share generation service after the authentication is passed; and the UAV network is responsible for carrying out networking authentication on the UAV node in the unmanned aerial vehicle network by using the authentication key and negotiating a session key.
The ground authentication server 1 includes:
the system initialization module is used for completing the initialization of the key management and networking authentication system, namely, the system parameters generated by the system parameter generation module, the identity information generated by the identity information generation module, the key encryption public keys of all the unmanned aerial vehicles generated by the key generation module and the key encryption private keys of specific unmanned aerial vehicles are transmitted to the key management and networking authentication system of the unmanned aerial vehicles.
The system parameter generation module is used for generating initialization parameters of a cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system, selecting a proper hash function and a symmetric cryptographic algorithm, setting a time interval for updating a secret key and a time interval for meeting the message freshness requirement according to different safety requirements, counting the number n of unmanned aerial vehicle nodes in the system, and setting a corresponding threshold value t.
And the identity information generation module is used for generating the required identity information for the unmanned aerial vehicle according to the unmanned aerial vehicle manufacturer approval code, the production assembly code, the serial number of the communication module and the like.
And the key generation module is used for generating a system master key, generating sub keys for all unmanned aerial vehicles in the system based on the master key and the initialization parameters of the cryptographic algorithm, and finally generating a key encryption key pair based on the sub keys.
The unmanned aerial vehicle authentication client 2 includes:
the system initialization module is used for completing key management on the unmanned aerial vehicle and initialization of a networking authentication system, namely acquiring system parameters and identity information required by the unmanned aerial vehicle for key management and networking authentication, and key encryption public keys of all the unmanned aerial vehicles and key encryption private keys of the unmanned aerial vehicles from a ground authentication server.
The key management module comprises three sub-modules: a request information generating sub-module, a key processing sub-module and an authentication sub-module. The request information generation submodule is used for generating an authentication parameter for requesting the generation of a secret key according to the identity information distributed by the system and the generated authentication public key; the key processing submodule is used for collecting private key shares and recovering the authentication private key after t effective private key shares are collected; and the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid or not.
The identity authentication module comprises two sub-modules: authentication submodule and private key share generation submodule. The authentication submodule is used for interacting authentication parameters with an unmanned aerial vehicle authentication client terminal generated by a request key, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the private key share generation submodule is used for generating a private key share for the unmanned aerial vehicle authentication client side which requests key generation according to the received authentication parameters and signing and encrypting the private key share.
The networking authentication module comprises four sub-modules: the key pair generation sub-module, the data processing sub-module, the authentication sub-module and the key negotiation sub-module. The key pair generation submodule is used for generating a communication key pair for carrying out key agreement with other unmanned aerial vehicle authentication clients; the data processing submodule is used for generating parameters for identity authentication with other unmanned aerial vehicle authentication clients; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the key negotiation submodule is used for carrying out key negotiation with other unmanned aerial vehicle authentication clients to generate a session key.
As shown in fig. 2, the identity-based key management and networking authentication method for the unmanned aerial vehicle according to the embodiment of the present invention includes the following steps:
s201: initializing a key management and networking authentication system;
s202: the unmanned aerial vehicle generates an authentication key pair;
s203: networking authentication between the unmanned aerial vehicles;
s204: and the unmanned aerial vehicle updates the authentication key pair.
The identity-based unmanned aerial vehicle key management and networking authentication method provided by the embodiment of the invention specifically comprises the following steps:
1. key management and networking authentication system initialization
(1a) The ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1、G2The operations are addition and multiplication, respectively, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1. Selecting a hash functionH2:G2→{0,1}m。
(1b) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group Eγ(a, b) a generator G (x, y) for selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKA hash function H over the integer field is selected.
(1c) Setting the number of unmanned aerial vehicles in the system as n, setting a threshold value as t by the ground control server, and setting a threshold value as Z in a finite fieldpSelects a random number as a master key k, and randomly generates a t-1 degree polynomial f (x) -k + l1x+l2x2+…+lt-1xt -1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
(1d) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the likei。
(1e) The ground authentication server selects the time interval delta T and the key updating time interval delta T meeting the message freshness requirement according to specific safety requirements.
(1f) Before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits system initialization application to a ground authentication server.
(1g) After receiving the application, the ground authentication server transmits system parameters, a specific key encryption private key, key encryption public keys of all unmanned aerial vehicles and identity information to the unmanned aerial vehicle authentication client.
2. Unmanned aerial vehicle generates authentication key pair
(2a) UAV node viObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset IDiUAV node viComputing authentication public key PIDi,And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi. After the computation is completed, SigireqSent to a UAV node in the drone network along with a key generation request.
(2b) After receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset IDiUAV node vjCalculate P of the nodeIDi,Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public keyFor SigireqThe validity of (2) is judged.
(2c) After passing the verification, based on the received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi。
(2d) Receiving SignCryptjresRear, UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public keyAnd (2a) inCalculated SigireqFor SignCryptjresThe validity of (2) is judged.
(2e) After the verification is passed, based on the received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node viNumber j of (a) is recorded and saved.
(2f) UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei,Wherein lθ(z) is Lagrange's interpolation formula.
3. Networking authentication between unmanned aerial vehicles
(3a) UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG. UAV node viGenerating a large random number ri,Calculating RANDij+1 and store, obtaining the current time T by means of an onboard clockiAnd a time parameter T. Based on the acquisitionAnd a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj,Based on acquired TiAnd P obtained by calculationIDjUAV node viThe ciphertext C is calculated and is,wherein g isij=e(di,PIDj)∈G2. UAV node viUse ofdipriFor random number RANDijAnd (3) signature:
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0. After signature verification is passed, the UAV node viWill message { r, s, C, PipubSending } to a UAV node v in the drone network, together with an authentication requestj。
(3b) After receiving the authentication request, the UAV node vjUsing djAnd C obtained by extraction is decrypted, and the calculation is as follows:
t obtained by calculationiDetermining freshness of the authentication request, and verifying the signature (RAND'ijAnd r ', s') the validity of the authentication request is determined.
(3c) After verification, UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG. Based on generated djpriAnd received PipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji). UAV node vjObtaining the current time T by an airborne clockj. Based on acquired TjCalculated KijRAND 'of (a) and (3 b)'ijUAV node vjComputingCiphertext Crand,After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei。
(3d) Receive (C)rand,PjpubAfter v, UAV nodeiUsing d generated in (3a)ipriAnd received PjpubComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij|yij). Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj,T obtained by calculationjJudging the freshness of the authentication parameters, and comparing the calculated RAND ″)ij+1 and stored RANDij+1 determines the validity of the authentication parameter.
4. Unmanned aerial vehicle updates authentication key pair
UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,UAV node viCalculate its public key PIDi,UAV node viIs required to be at tβ+1The authentication key pair is regenerated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
The application of the principles of the present invention will be further described with reference to fig. 3-5.
1. Key management and networking authentication system initialization
The key management and networking authentication system initialization of the invention comprises the following steps:
the method comprises the following steps: and selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system.
(1) The ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1. Selecting a hash functionH2:G2→{0,1}m。
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group EγAnd (a, b) generating element G (x, y), wherein the order delta of G is a large prime number. Selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKThe selection of the hash function H over the integer domain can be implemented with reference to the ECB-SM4 (national secret SM4 algorithm codebook mode), and can be implemented with reference to the national secret SM3 algorithm.
(3) Setting the number of unmanned aerial vehicles in the system as n, setting a threshold value t by the ground control server, and setting a threshold value Z in a limited domainpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the likei。
(5) The ground authentication server selects the time interval delta T and the key updating time interval delta T meeting the message freshness requirement according to specific safety requirements.
Step two: before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits system initialization application to a ground authentication server.
Step three: after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,e,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all drones, and identity information.
2. Unmanned aerial vehicle generates authentication key pair
The unmanned aerial vehicle in the method generates the authentication key pair, and the authentication key pair is executed when the UAV node joins the network or when the UAV node updates the authentication key pair in the process of executing the mission by the UAV, and the method comprises the following steps:
the method comprises the following steps: UAV node viGenerating request information and transmitting a key generation request.
UAV node viObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset IDiUAV node viComputing authentication public key PIDi,And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi. After the calculation is completed, viWill SigireqSent to a UAV node in the drone network along with a key generation request.
Step two: UAV node vjFor SigireqThe validity of (2) is judged.
After receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset identity information IDiUAV node vjCalculate P of the nodeIDi,Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public keyDetermining the validity of the signature, verifying the equation
And if the equation is established, the validity verification is passed, otherwise, the verification fails, and the connection is released.
Step three: UAV node vjA signcryption message is generated and returned.
Based on received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi。
Step four: UAV node viFor SignCryptjresThe validity of (2) is judged.
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public keySig calculated in (2a) and (2b)ireqThe validity of the message is determined, and the equation is verified:
and if the equation is established, the validity verification is passed, otherwise, the verification fails, and the connection is released.
Step five: UAV node viCalculating UAV node vjThe private key share of.
Based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjAnd recording and storing the number j.
Step six: UAV node viAnd recovering the authentication private key.
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei,Wherein lθ(z) is the Lagrange interpolation formula,zθ,zjis the node number.
3. Networking authentication between unmanned aerial vehicles
The networking authentication between unmanned aerial vehicle nodes in the method is executed after the UAV nodes are added into the unmanned aerial vehicle network, and the authentication key is used for networking authentication with other UAV nodes in the unmanned aerial vehicle network, and the method comprises the following steps:
the method comprises the following steps: UAV node viTo UAV node vjAn authentication request is initiated.
(1a) A communication key pair is generated.
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG. UAV node viGenerating a large random number ri,Calculating RANDij+1 and store.
(1b) The authentication parameters are encrypted.
Obtaining the current time T by an airborne clockiAnd time parameterBased on the acquisitionAnd a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj,Based on acquired TiCalculated PIDjR generated in (1a) andi、RANDijUAV node viThe ciphertext C is calculated and is,wherein g isij=e(di,PIDj)∈G2。
(1c) The authentication parameters are signed.
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0. After signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj。
Step two: UAV node vjThe freshness and validity of the authentication request are determined.
(2a) And decrypting to obtain the authentication parameters.
After receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti:
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, the step (2c) is continued, otherwise, the connection is released if the authentication fails.
(2c) Validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'). And (3) calculating:
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released.
Step three: UAV node vjEncrypt and return authentication parameters.
(3a) A communication key pair and a session key are generated.
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG. Based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji)。
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj. Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand,After the calculation is completed, the UAV node vjMessage (C)rand,PjpubV returned to UAV nodei。
Step four: UAV node viAnd judging the freshness and the validity of the returned authentication parameters.
(4a) And decrypting to obtain the authentication parameters.
Based on d generated in (3a)ipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij). Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj,
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TjSatisfy T-TjIf the request meets the freshness requirement, the step (4c) is continued, otherwise, the connection is released if the authentication fails.
(4c) Validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not. If the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails.
4. Unmanned aerial vehicle updates authentication key pair
UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,UAV node viCalculate its public key PIDi,UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
In a preferred embodiment of the invention, the master key: the master key, denoted k, generated by the system is used to generate the subkey.
And (3) sub-key: UAV node v based on master key generation of the system according to a threshold schemeiIs denoted as kiFor generating a key encryption key pair.
Key encryption key pair: generated by the system and distributed to unmanned aerial vehicles, UAV nodes viIs a key encryption public keyThe secret key encryption private key is marked as siThe method is used for identity authentication and private key share generation when the unmanned aerial vehicle joins a network or an authentication key pair is updated.
Private key share: UAV node v generated when UAV joins network or authentication key pair is updatediThe generated private key share is marked as XiAnd the method is used for recovering the authentication private key of the unmanned aerial vehicle.
Authentication key pair: UAV node v generated after joining the networkiIs marked as PIDiAnd the authentication private key is marked as diAnd the network authentication module is used for carrying out networking authentication with other unmanned aerial vehicles in the network.
Communication key pair: generated during networking authentication of unmanned aerial vehicle, UAV node viIs denoted as PipubAnd the communication private key is marked as dipriAnd the method is used for carrying out key agreement with other unmanned planes in the network to generate a session key.
The application effect of the present invention will be described in detail with reference to the simulation.
The identity-based unmanned aerial vehicle key management and networking authentication system is realized by simulation on an Intel Xeon E3-12313.4 GHz Linux platform, the key length of an elliptic curve cryptosystem is set to be 160 bits, a hash algorithm uses SM3-128bits, and a symmetric cryptographic algorithm selects SM4-128 bits. The key management and networking authentication initialization are pre-executed in a ground authentication server, and the process of generating an authentication key pair and networking authentication by an unmanned aerial vehicle is mainly considered for evaluating the performance of the system. In the process that the unmanned aerial vehicle generates the authentication key pair, the unmanned aerial vehicle participating in identity authentication needs to communicate with the target unmanned aerial vehicle for 2 times, the calculation cost is about 3.45ms, the unmanned aerial vehicle moves randomly, and the probability that the unmanned aerial vehicle participates in identity authentication is t/n, so that the average calculation cost of nodes in the unmanned aerial vehicle network is aboutThe unmanned aerial vehicle requesting key generation needs to communicate with the target unmanned aerial vehicle for 2t times, calculation overhead is positively correlated with a threshold value t, and when t is 100, calculation of the unmanned aerial vehicle is carried outThe overhead is about 270 ms. In the networking authentication process of the unmanned aerial vehicles, the unmanned aerial vehicles communicate for 2 times, the calculation overhead of the unmanned aerial vehicle requesting the networking authentication is 4.51ms, and the calculation overhead of the target unmanned aerial vehicle is 3.34 ms. Simulation implementation shows that the identity-based unmanned aerial vehicle key management and networking authentication method can be executed in an unmanned aerial vehicle environment, can establish a safe communication link for the unmanned aerial vehicle, and is suitable for unmanned aerial vehicle networking.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (5)
1. An identity-based unmanned aerial vehicle key management and networking authentication method is characterized by comprising the following steps: initializing a key management and networking authentication system, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication by a ground authentication server; the unmanned aerial vehicle authentication client generates an authentication public key based on identity, and submits a key generation request to a UAV node in an unmanned aerial vehicle network; the unmanned aerial vehicle authentication client calculates to obtain private key shares according to the effective signcryption information, and recovers the authentication private key according to a threshold scheme after t effective private key shares are collected; an unmanned aerial vehicle authentication client in the unmanned aerial vehicle network performs identity authentication on the UAV node requesting key generation, and provides private key share generation service after authentication is passed; the unmanned aerial vehicle authentication client uses the authentication key to perform networking authentication on the UAV node in the unmanned aerial vehicle network, and negotiates a session key;
the identity-based unmanned aerial vehicle key management and networking authentication method comprises the following steps:
firstly, selecting a cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
secondly, the unmanned aerial vehicle generates an authentication key pair, and the authentication key pair is executed when the UAV node joins the network in the process of executing the mission by the UAV or when the UAV node updates the authentication key pair;
thirdly, networking authentication between the unmanned aerial vehicle nodes is executed after the UAV nodes are added into the unmanned aerial vehicle network, and networking authentication is carried out on the UAV nodes and other UAV nodes in the unmanned aerial vehicle network by using an authentication key;
fourthly, the unmanned aerial vehicle updates the authentication key pair;
the first step specifically comprises:
selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
(1) the ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1(ii) a Selecting a hash function H1:H2:G2→{0,1}m;
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group Eγ(a, b) a generator G (x, y) requiring that the order δ of G be a large prime number; selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKSelecting a hash function H on an integer field;
(3) the number of the unmanned aerial vehicles is n, the ground control server sets a threshold value t, and the unmanned aerial vehicles are in a limited domain ZpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiSecret (secret)The key encrypts a public key of
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code and the serial number of the communication modulei;
(5) The ground authentication server selects a time interval delta T and a key updating time interval delta T which meet the message freshness requirement according to specific safety requirements;
step two, before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits a system initialization application to a ground authentication server;
step three, after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,e,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all unmanned aerial vehicles and identity information;
the second step specifically comprises:
the method comprises the following steps: UAV node viGenerating request information and sending a key generation request; UAV node viObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset IDiUAV node viComputing authentication public key PIDi,And encrypts the private key s using its keyiCarry out signature to obtainSigireq,Sigireq=siPIDi(ii) a After the calculation is completed, viWill SigireqSending to a UAV node in the drone network along with a key generation request;
step two: UAV node viFor SigireqJudging the effectiveness of the test result; after receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset identity information IDiUAV node vjCalculate P of the nodeIDi,Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public keyThe validity of the signature is determined, and the equation is verified:
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step three: UAV node vjGenerating and returning a signcryption message;
based on received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi;
Step (ii) ofFourthly, the method comprises the following steps: UAV node viFor SignCryptjresJudging the effectiveness of the test result;
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public keyAnd the calculated SigireqThe validity of the message is determined, and the equation is verified:
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step five: UAV node viCalculating UAV node vjA private key share of;
based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjRecording the number j and then storing;
step six: UAV node viRecovering the authentication private key;
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei,Wherein lθ(z) is the Lagrange interpolation formula,zθ,zjis the node number;
the third step specifically comprises:
the method comprises the following steps: UAV node viTo UAV node vjInitiating an authentication request;
(1a) generating a communication key pair;
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG; UAV node viGenerating large random numbers vi,Calculating RANDij+1 and store;
(1b) encrypting the authentication parameters;
obtaining the current time T by an airborne clockiAnd time parameterBased on the acquisitionAnd a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj,Based on acquired TiCalculated PIDjAnd generated ri、RANDijUAV node viThe ciphertext C is calculated and is,wherein g isij=e(di,PIDj)∈G2;
(1c) Signing the authentication parameters;
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0; after signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj;
Step two: UAV node vjJudging the freshness and the validity of the authentication request;
(2a) decrypting to obtain an authentication parameter;
after receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti:
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, continuing to perform the step (2c), otherwise, releasing the connection if the authentication fails;
(2c) validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'); and (3) calculating:
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released;
step three: UAV node vjEncrypting and returning authentication parameters;
(3a) generating a communication key pair and a session key;
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG; based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji);
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj(ii) a Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand,After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei;
Step four: UAV node viJudging the freshness and the validity of the returned authentication parameters;
(4a) decrypting to obtain an authentication parameter;
based on d generated in (3a)ipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij) (ii) a Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj,
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TjSatisfy T-TjIf the request meets the freshness requirement, continuing to perform the step (4c), otherwise, releasing the connection if the authentication fails;
(4c) validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not; if the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails;
the fourth step specifically includes: UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,UAV node viCalculate its public key PIDi,UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
2. An identity-based unmanned aerial vehicle key management and networking authentication system implementing the identity-based unmanned aerial vehicle key management and networking authentication method of claim 1, wherein the identity-based unmanned aerial vehicle key management and networking authentication system comprises:
the ground authentication server is used for finishing the initialization of key management and networking authentication systems, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication;
the unmanned aerial vehicle authentication client is used for generating an authentication public key based on identity and submitting a key generation request to a UAV node in an unmanned aerial vehicle network; calculating to obtain private key shares according to the effective signcryption information, and recovering the authentication private key according to a threshold scheme after t effective private key shares are collected; identity authentication is carried out on UAV nodes added into the network, and private key share generation service is provided after authentication is passed; using an authentication key to perform networking authentication on the UAV node in the unmanned aerial vehicle network, and negotiating a session key;
selecting a password algorithm and generating an initialization parameter of the password algorithm according to a password parameter generation algorithm built in the system; the method specifically comprises the following steps:
selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
(1) the ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1(ii) a Selecting a hash function H1:H2:G2→{0,1}m;
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group Eγ(a, b) a generator G (x, y) requiring that the order δ of G be a large prime number; selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKSelecting a hash function H on an integer field;
(3) the number of the unmanned aerial vehicles is n, the ground control server sets a threshold value t, and the unmanned aerial vehicles are in a limited domain ZpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of (2)Key ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code and the serial number of the communication modulei;
(5) The ground authentication server selects a time interval delta T and a key updating time interval delta T which meet the message freshness requirement according to specific safety requirements;
step two, before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits a system initialization application to a ground authentication server;
step three, after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,e,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all unmanned aerial vehicles and identity information;
the method for the unmanned aerial vehicle to generate the authentication key pair when the UAV node joins the network or when the UAV node updates the authentication key pair in the process of the UAV executing the mission specifically includes:
the method comprises the following steps: UAV node viGenerating request information and sending a key generation request; UAV node viObtaining time parameters via an onboard clockBased on the acquisitionAnd presetIDiUAV node viComputing authentication public key PIDi,And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi(ii) a After the calculation is completed, viWill SigireqSending to a UAV node in the drone network along with a key generation request;
step two: UAV node vjFor SigireqJudging the effectiveness of the test result; after receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clockBased on the acquisitionAnd a preset identity information IDiUAV node vjCalculate P of the nodeIDi,Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public keyThe validity of the signature is determined, and the equation is verified:
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step three: UAV node vjGenerating and returning a signcryption message;
based on received SigireqAnd a preset keyEncrypting the private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi;
Step four: UAV node viFor SignCryptjresJudging the effectiveness of the test result;
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public keyAnd the calculated SigireqThe validity of the message is determined, and the equation is verified:
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step five: UAV node viCalculating UAV node vjA private key share of;
based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjRecording the number j and then storing;
step six: UAV node viRecovering the authentication private key;
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei,Wherein lθ(z) is the Lagrange interpolation formula,zθ,zjis the node number;
networking authentication between unmanned aerial vehicle nodes is executed after the UAV nodes join the unmanned aerial vehicle network, and the networking authentication of the UAV nodes and other UAV nodes in the unmanned aerial vehicle network by using an authentication key specifically comprises the following steps:
the method comprises the following steps: UAV node viTo UAV node vjInitiating an authentication request;
(1a) generating a communication key pair;
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG; UAV node viGenerating a large random number ri,Calculating RANDij+1 and store;
(1b) encrypting the authentication parameters;
obtaining the current time T by an airborne clockiAnd time parameterBased on the acquisitionAnd a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj,Based on acquired TiCalculated PIDjAnd generated ri、RANDijUAV node viThe ciphertext C is calculated and is,wherein g isij=e(di,PIDj)∈G2;
(1c) Signing the authentication parameters;
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0; after signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj;
Step two: UAV node vjJudging the freshness and the validity of the authentication request;
(2a) decrypting to obtain an authentication parameter;
after receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti:
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, continuing to perform the step (2c), otherwise, releasing the connection if the authentication fails;
(2c) validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'); and (3) calculating:
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released;
step three: UAV node vjEncrypting and returning authentication parameters;
(3a) generating a communication key pair and a session key;
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG; based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji);
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj(ii) a Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand,After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei;
Step four: UAV node viJudging the freshness and the validity of the returned authentication parameters;
(4a) decrypting to obtain an authentication parameter;
based on the generation in (3a)dipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij) (ii) a Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj,
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TiSatisfy T-TjIf the request meets the freshness requirement, continuing to perform the step (4c), otherwise, releasing the connection if the authentication fails;
(4c) validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not; if the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails;
the unmanned aerial vehicle updates the authentication key pair; the method specifically comprises the following steps: UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,UAV node viCalculate its public key PIDi,UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
3. The identity-based drone key management and networking authentication system of claim 2, wherein the ground authentication server comprises:
the system initialization module is used for completing the initialization of the key management and networking authentication system, namely transmitting the system parameters generated by the system parameter generation module, the identity information generated by the identity information generation module, the key encryption public keys of all the unmanned aerial vehicles generated by the key generation module and the key encryption private keys of the specific unmanned aerial vehicles to the key management and networking authentication system of the unmanned aerial vehicles;
the system parameter generation module is used for generating initialization parameters of a cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system, selecting a proper hash function and a symmetric cryptographic algorithm, setting a time interval for updating a secret key and a time interval for meeting the message freshness requirement according to different safety requirements, counting the number n of unmanned aerial vehicle nodes in the system, and setting a corresponding threshold value t;
the identity information generation module is used for generating the required identity information for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the like;
and the key generation module is used for generating a system master key, generating sub keys for all unmanned aerial vehicles in the system based on the master key and the initialization parameters of the cryptographic algorithm, and finally generating a key encryption key pair based on the sub keys.
4. The identity-based drone key management and networking authentication system of claim 2, wherein the drone authentication client comprises:
the system initialization module is used for completing key management on the unmanned aerial vehicle and initialization of a networking authentication system, namely acquiring system parameters and identity information required by the unmanned aerial vehicle for key management and networking authentication, and key encryption public keys of all the unmanned aerial vehicles and key encryption private keys of the unmanned aerial vehicles from a ground authentication server;
the key management module comprises three sub-modules: a request information generation sub-module, a key processing sub-module and an authentication sub-module; the request information generation submodule is used for generating an authentication parameter for requesting the generation of a secret key according to the identity information distributed by the system and the generated authentication public key; the key processing submodule is used for collecting private key shares and recovering the authentication private key after t effective private key shares are collected; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid;
the identity authentication module comprises two sub-modules: the authentication submodule and the private key share generation submodule; the authentication submodule is used for interacting authentication parameters with an unmanned aerial vehicle authentication client terminal generated by a request key, analyzing the authentication parameters and checking whether the received authentication parameters are valid; the private key share generation submodule is used for generating a private key share for the unmanned aerial vehicle authentication client side which requests key generation according to the received authentication parameters and signing and encrypting the private key share;
the networking authentication module comprises four sub-modules: a key pair generation sub-module, a data processing sub-module, an authentication sub-module and a key negotiation sub-module; the key pair generation submodule is used for generating a communication key pair for carrying out key agreement with other unmanned aerial vehicle authentication clients; the data processing submodule is used for generating parameters for identity authentication with other unmanned aerial vehicle authentication clients; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the key negotiation submodule is used for carrying out key negotiation with other unmanned aerial vehicle authentication clients to generate a session key.
5. An unmanned aerial vehicle applying the identity-based unmanned aerial vehicle key management and networking authentication method of claim 1.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811076889.6A CN109218018B (en) | 2018-09-14 | 2018-09-14 | Identity-based unmanned aerial vehicle key management and networking authentication system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811076889.6A CN109218018B (en) | 2018-09-14 | 2018-09-14 | Identity-based unmanned aerial vehicle key management and networking authentication system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109218018A CN109218018A (en) | 2019-01-15 |
CN109218018B true CN109218018B (en) | 2021-08-10 |
Family
ID=64983543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811076889.6A Active CN109218018B (en) | 2018-09-14 | 2018-09-14 | Identity-based unmanned aerial vehicle key management and networking authentication system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109218018B (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110120869B (en) * | 2019-03-27 | 2022-09-30 | 上海隔镜信息科技有限公司 | Key management system and key service node |
CN110086825B (en) * | 2019-05-08 | 2021-06-08 | 国网江苏省电力有限公司 | Unmanned aerial vehicle power inspection data safety transmission system and method |
CN110290109B (en) * | 2019-05-20 | 2022-04-19 | 蚂蚁蓉信(成都)网络科技有限公司 | Data processing method and device, and processing authority acquisition method and device |
CN110233836B (en) * | 2019-05-31 | 2021-06-08 | 顾宏超 | Communication verification method, device, system and computer readable storage medium |
CN110324828B (en) * | 2019-07-03 | 2022-02-01 | 中国联合网络通信集团有限公司 | Road condition acquisition method and system and vehicle-mounted device |
CN110311778A (en) * | 2019-07-09 | 2019-10-08 | 北京航空航天大学 | A kind of unmanned plane queue identity authentication method based on ECC Threshold Signature |
CN110427762B (en) * | 2019-07-23 | 2021-03-23 | 湖南匡安网络技术有限公司 | Encryption and decryption method for realizing video security transmission of power monitoring system |
CN110972132B (en) * | 2019-11-12 | 2023-07-18 | 江苏恒宝智能系统技术有限公司 | Unmanned aerial vehicle queue identity authentication method |
CN111278008B (en) * | 2020-01-13 | 2022-04-08 | 山东大学 | Safety communication method and system for military unmanned aerial vehicle group keyless management center |
CN111277583B (en) * | 2020-01-15 | 2022-02-25 | 东方红卫星移动通信有限公司 | Identity authentication method for monitoring system of mobile cloud computing |
CN114079560A (en) * | 2020-07-31 | 2022-02-22 | 中移(苏州)软件技术有限公司 | Communication encryption method, aircraft and computer readable storage medium |
CN112073964B (en) * | 2020-10-26 | 2021-11-19 | 河南大学 | Unmanned aerial vehicle and base station communication identity authentication method based on elliptic curve encryption |
CN112561422B (en) * | 2020-12-04 | 2023-07-25 | 中国联合网络通信集团有限公司 | Commodity transportation method based on network-connected unmanned aerial vehicle, user and key management platform |
CN112910655B (en) * | 2021-01-25 | 2021-11-19 | 北京航空航天大学 | Certificateless bilinear pairing-free broadcast signcryption method suitable for UAANET |
CN114071698B (en) * | 2021-10-19 | 2024-01-09 | 四川九洲空管科技有限责任公司 | Ad hoc network data receiving and transmitting method and device with parameter dynamic configuration and state sensing |
CN114125728B (en) * | 2021-12-02 | 2022-11-29 | 暨南大学 | Trust evaluation method and system for lightweight and privacy protection in unmanned aerial vehicle network |
CN114157488B (en) * | 2021-12-03 | 2023-06-16 | 北京明朝万达科技股份有限公司 | Key acquisition method, device, electronic equipment and storage medium |
CN114143774B (en) * | 2021-12-15 | 2023-04-28 | 暨南大学 | Lightweight trusted message exchange method and system in unmanned aerial vehicle network |
CN114301606B (en) * | 2021-12-31 | 2023-07-21 | 北京三快在线科技有限公司 | Unmanned equipment key management system, method, device, equipment and storage medium |
CN115459972B (en) * | 2022-08-26 | 2024-04-16 | 西安电子科技大学 | Safe anonymous core network access method based on multi-unmanned aerial vehicle relay |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1530867A1 (en) * | 2002-08-12 | 2005-05-18 | Harris Corporation | Wireless local or metropolitan area network with intrusion detection features and related methods |
CN1668136A (en) * | 2005-01-18 | 2005-09-14 | 中国电子科技集团公司第三十研究所 | A method for implementing security communication between mobile self-organized network nodes |
CN1667999A (en) * | 2005-01-18 | 2005-09-14 | 中国电子科技集团公司第三十研究所 | A secure communication method between mobile nodes in mobile self-organized network |
CN101262333A (en) * | 2008-04-21 | 2008-09-10 | 上海大学 | A secure communication method between nodes in vehicular network |
CN101335612A (en) * | 2008-07-30 | 2008-12-31 | 浙江工业大学 | Bilinear cipher key pair pre-distributing method oriented to safety of mobile self-organizing network |
CN102223629A (en) * | 2009-11-26 | 2011-10-19 | 中国人民解放军空军工程大学 | Distribution method of threshold keys of mobile Ad hoc network |
CN103702326A (en) * | 2013-12-02 | 2014-04-02 | 北京理工大学 | Certificateless key agreement method on basis of mobile Ad Hoc network |
CN104883372A (en) * | 2015-06-19 | 2015-09-02 | 中国电子科技集团公司第五十四研究所 | Anti-cheating and anti-attack data transmission method based on wireless Ad Hoc network |
CN106453428A (en) * | 2016-12-15 | 2017-02-22 | 中国科学院上海微系统与信息技术研究所 | Anonymous safety communication method applicable to MANET (mobile ad-hoc network) network layer |
CN107634837A (en) * | 2017-11-01 | 2018-01-26 | 安徽大学 | The efficient message authentication method of car networking based on edge calculations |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004016581A1 (en) * | 2004-03-31 | 2005-10-27 | Nec Europe Ltd. | Procedures for Settlement and Compensation Processes in Ad Hoc Networks |
US20060233377A1 (en) * | 2005-03-31 | 2006-10-19 | Hwang-Daw Chang | Key distribution method of mobile ad hoc network |
-
2018
- 2018-09-14 CN CN201811076889.6A patent/CN109218018B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1530867A1 (en) * | 2002-08-12 | 2005-05-18 | Harris Corporation | Wireless local or metropolitan area network with intrusion detection features and related methods |
CN1668136A (en) * | 2005-01-18 | 2005-09-14 | 中国电子科技集团公司第三十研究所 | A method for implementing security communication between mobile self-organized network nodes |
CN1667999A (en) * | 2005-01-18 | 2005-09-14 | 中国电子科技集团公司第三十研究所 | A secure communication method between mobile nodes in mobile self-organized network |
CN101262333A (en) * | 2008-04-21 | 2008-09-10 | 上海大学 | A secure communication method between nodes in vehicular network |
CN101335612A (en) * | 2008-07-30 | 2008-12-31 | 浙江工业大学 | Bilinear cipher key pair pre-distributing method oriented to safety of mobile self-organizing network |
CN102223629A (en) * | 2009-11-26 | 2011-10-19 | 中国人民解放军空军工程大学 | Distribution method of threshold keys of mobile Ad hoc network |
CN103702326A (en) * | 2013-12-02 | 2014-04-02 | 北京理工大学 | Certificateless key agreement method on basis of mobile Ad Hoc network |
CN104883372A (en) * | 2015-06-19 | 2015-09-02 | 中国电子科技集团公司第五十四研究所 | Anti-cheating and anti-attack data transmission method based on wireless Ad Hoc network |
CN106453428A (en) * | 2016-12-15 | 2017-02-22 | 中国科学院上海微系统与信息技术研究所 | Anonymous safety communication method applicable to MANET (mobile ad-hoc network) network layer |
CN107634837A (en) * | 2017-11-01 | 2018-01-26 | 安徽大学 | The efficient message authentication method of car networking based on edge calculations |
Non-Patent Citations (2)
Title |
---|
"Key Management Protocol Based on Finely Granular Multi-level Security Method in Wireless Networks";Li Yahui;《2011 Seventh International Conference on Computational Intelligence and Security》;20111231;全文 * |
"适合ad hoc网络无需安全信道的密钥管理方案";李慧贤;《通信学报》;20100131;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN109218018A (en) | 2019-01-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109218018B (en) | Identity-based unmanned aerial vehicle key management and networking authentication system and method | |
Liu et al. | Blockchain empowered cooperative authentication with data traceability in vehicular edge computing | |
Wei et al. | Secure and lightweight conditional privacy-preserving authentication for securing traffic emergency messages in VANETs | |
CN108566240B (en) | Inter-satellite networking authentication system and method suitable for double-layer satellite network | |
Wang et al. | Ultra super fast authentication protocol for electric vehicle charging using extended chaotic maps | |
CN113079016B (en) | Identity-based authentication method facing space-based network | |
CN110402560B (en) | System and method for computing public session keys in identity-based authenticated key exchange scheme with forward security | |
CN108521401B (en) | Method for enhancing safety of MANET network of unmanned aerial vehicle | |
US11044081B2 (en) | System and method for obtaining a common session key between devices | |
Han et al. | A self-authentication and deniable efficient group key agreement protocol for VANET | |
CN109640325B (en) | Motorcade-oriented safety management method based on extensible contribution group key negotiation | |
Dolev et al. | Optical PUF for non-forwardable vehicle authentication | |
Tan et al. | Secure and efficient authenticated key management scheme for UAV-assisted infrastructure-less IoVs | |
Chaturvedi et al. | A secure zero knowledge authentication protocol for wireless (mobile) ad-hoc networks | |
Ozmen et al. | IoD-crypt: A lightweight cryptographic framework for Internet of drones | |
Gao et al. | An Improved Online/Offline Identity-Based Signature Scheme for WSNs. | |
Kanchan et al. | An efficient and privacy-preserving federated learning scheme for flying ad hoc networks | |
Xie et al. | Provable secure and lightweight vehicle message broadcasting authentication protocol with privacy protection for VANETs | |
Wazid et al. | Secure communication framework for blockchain-based internet of drones-enabled aerial computing deployment | |
CN103796200A (en) | Method for achieving key management in wireless mobile ad hoc network based on identities | |
Chen et al. | Provable secure group key establishment scheme for fog computing | |
CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
Singh et al. | Efficient and secure message transfer in VANET | |
Xiong et al. | A cloud based three layer key management scheme for VANET | |
Hafeez et al. | BETA-UAV: Blockchain-based efficient and trusted authentication for UAV communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |