CN109218018B - Identity-based unmanned aerial vehicle key management and networking authentication system and method - Google Patents

Identity-based unmanned aerial vehicle key management and networking authentication system and method Download PDF

Info

Publication number
CN109218018B
CN109218018B CN201811076889.6A CN201811076889A CN109218018B CN 109218018 B CN109218018 B CN 109218018B CN 201811076889 A CN201811076889 A CN 201811076889A CN 109218018 B CN109218018 B CN 109218018B
Authority
CN
China
Prior art keywords
authentication
key
unmanned aerial
uav
uav node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811076889.6A
Other languages
Chinese (zh)
Other versions
CN109218018A (en
Inventor
朱辉
张业平
张之义
李晖
武衡
于攀
王枫为
赵海强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
CETC 54 Research Institute
Original Assignee
Xidian University
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University, CETC 54 Research Institute filed Critical Xidian University
Priority to CN201811076889.6A priority Critical patent/CN109218018B/en
Publication of CN109218018A publication Critical patent/CN109218018A/en
Application granted granted Critical
Publication of CN109218018B publication Critical patent/CN109218018B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention belongs to the technical field of devices for checking the identity or the credential of a system user, and discloses an identity-based unmanned aerial vehicle key management and networking authentication system and method, wherein a ground authentication server is responsible for generating and distributing system parameters, identity information and keys required by unmanned aerial vehicles for key management and networking authentication; the unmanned aerial vehicle authentication client is the main body of the system; through mutual cooperation, a key pair used for networking authentication of the unmanned aerial vehicles can be generated in a distributed mode, and identity authentication and key agreement between the unmanned aerial vehicles are achieved through the key pair. The invention improves the problem of unequal node calculation in unmanned aerial vehicle network key management in the prior art, enhances the reliability of the system and realizes unmanned aerial vehicle self-organized key management; bidirectional authentication is realized among unmanned aerial vehicle nodes, and credibility and authenticity of both communication parties are ensured; the method is realized by using the identity public key and the bilinear pair, so that the calculation cost is low, and the realization efficiency is improved.

Description

Identity-based unmanned aerial vehicle key management and networking authentication system and method
Technical Field
The invention belongs to the technical field of devices for checking the identity or the credential of a system user, and particularly relates to an unmanned aerial vehicle key management and networking authentication system and method based on the identity.
Background
Currently, the current state of the art commonly used in the industry is such that: the unmanned aerial vehicle as one member of modern aerial military force has the advantages of no casualties, less use limitation, good concealment and the like, and occupies an increasingly important position in modern war. The countermeasure research aiming at the unmanned aerial vehicle becomes the key point of the research of all military and strong countries at present. Under the trend that the complexity and the communication antagonism of the electromagnetic environment are continuously improved, the problems of deception, interference, eavesdropping and the like of an attacker, which are faced by the unmanned aerial vehicle in the information transmission process, become more serious. The cryptographic technology can meet security requirements such as confidentiality, authentication, integrity and non-repudiation in the unmanned aerial vehicle network, and provides a secure communication link of the unmanned aerial vehicle. One of the cores of the cryptosystem is the premise and key for realizing the network security target of the unmanned aerial vehicle. The unmanned aerial vehicle network lacks infrastructure to unmanned aerial vehicle's relative velocity of movement is fast, leads to the topological structure of unmanned aerial vehicle network to change frequently, and the key management means in traditional wired network can't multiplex, and the key management in the unmanned aerial vehicle network must be accomplished by network terminal self-organization. In addition, the unmanned aerial vehicle has limited calculation and storage capacities, a wireless link is unstable, a complex cryptographic algorithm cannot be deployed due to large resource consumption and long response time, and the problems of calculation overhead and communication overhead need to be considered in a key management scheme. For the key management problem in the drone network, some solutions are proposed, among which: the prior art discloses a distributed unmanned aerial vehicle authentication and key agreement method based on a trusted platform in a distributed unmanned aerial vehicle environment, which realizes authentication between early warning machine service nodes through a hash chain of measurement information of an early warning machine platform and realizes key agreement between the early warning machine service nodes and the unmanned aerial vehicle through key exchange and message verification. However, the early warning engine as a service node limits the flexibility of the drone networking, and if a plurality of nodes providing services need to exist in the drone, the feasibility of key management is inevitably seriously affected due to the constraint of the service node. Therefore, in order to ensure the safety and high efficiency of unmanned aerial vehicle networking, the key management scheme needs equal calculation of nodes in the network. In the second prior art, "a mobile ad hoc network threshold secret distribution method" (application No. CN200910219160.4 application publication No. CN102223629A), a mobile ad hoc network threshold key distribution method is disclosed, which is based on multiple identity signcryption algorithms and uses a threshold mechanism to realize service node joint key distribution. The defects of the invention are as follows: firstly, the strong mobility of the unmanned aerial vehicle is not considered, and it is feasible that the moving unmanned aerial vehicle finds a plurality of one-hop neighbor service nodes: secondly, the process of distributing keys by serial execution among service nodes causes synchronization problems and generates high communication delay.
In summary, the problems of the prior art are as follows:
(1) in the prior art, a network has service nodes providing a trusted platform, the calculation between a common unmanned aerial vehicle node and the service nodes is unequal, the service nodes bear main calculation tasks, but the topological structure of the unmanned aerial vehicle network changes frequently, and the service nodes cannot provide effective services.
(2) In the prior art, the process of serially executing the key distribution between the two service nodes can cause synchronization problems, and high communication delay can be generated, so that the method is not suitable for being deployed in an unmanned aerial vehicle network.
The difficulty and significance for solving the technical problems are as follows:
the unmanned aerial vehicle network lacks infrastructure, and the topological structure changes frequently, and the key management suitable for the unmanned aerial vehicle network must be accomplished by unmanned aerial vehicle self-organization, and unmanned aerial vehicle in the network need calculate equally, cooperates with the distributed key management service that provides of cooperation. In addition, the computing power of the drone is limited, the wireless link is unstable, and the communication overhead and the computing overhead generated by the key management scheme need to be within the tolerance range of the drone.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an unmanned aerial vehicle key management and networking authentication system and method based on identity.
For convenience of description, the key used in the present invention and its functions will be described:
master key: the master key, denoted k, generated by the system is used to generate the subkey.
And (3) sub-key: and according to a threshold scheme, generating a main key based on the system, and recording a sub-key of the UAV node vi as ki for generating a key encryption key pair.
Key encryption key pair: generated by the system and distributed to unmanned aerial vehicles, UAV nodes viIs a key encryption public key
Figure BDA0001800981590000031
The secret key encryption private key is marked as siThe method is used for identity authentication and private key share generation when the unmanned aerial vehicle joins a network or an authentication key pair is updated.
Private key share: UAV node v generated when UAV joins network or authentication key pair is updatediThe generated private key share is marked as XiAnd the method is used for recovering the authentication private key of the network-accessing unmanned aerial vehicle.
Authentication key pair: UAV node v generated after joining the networkiIs marked as PIDiAnd the authentication private key is marked as diAnd the network authentication module is used for carrying out networking authentication with other unmanned aerial vehicles in the network.
Communication key pair: generated during networking authentication of unmanned aerial vehicle, UAV node viIs denoted as PipubAnd the communication private key is marked as dipriFor use in and in networksAnd performing key agreement on other unmanned aerial vehicles to generate a session key.
The invention is realized in this way, a unmanned aerial vehicle key management and network deployment authentication method based on identity, the unmanned aerial vehicle key management and network deployment authentication method based on identity includes: initializing a key management and networking authentication system, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication by a ground authentication server; the unmanned aerial vehicle authentication client generates an authentication public key based on identity, and submits a key generation request to a UAV node in an unmanned aerial vehicle network; the unmanned aerial vehicle authentication client calculates to obtain private key shares according to the effective signcryption information, and recovers the authentication private key according to a threshold scheme after t effective private key shares are collected; an unmanned aerial vehicle authentication client in the unmanned aerial vehicle network performs identity authentication on the UAV node requesting key generation, and provides private key share generation service after authentication is passed; the unmanned aerial vehicle authentication client uses the authentication key to perform networking authentication on the UAV node in the unmanned aerial vehicle network, and negotiates a session key.
Further, the identity-based unmanned aerial vehicle key management and networking authentication method comprises the following steps:
firstly, selecting a cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
secondly, the unmanned aerial vehicle generates an authentication key pair, and the authentication key pair is executed when the UAV node joins the network in the process of executing the mission by the UAV or when the UAV node updates the authentication key pair;
thirdly, networking authentication between the unmanned aerial vehicles is executed after the UAV nodes are added into the unmanned aerial vehicle network, and networking authentication is carried out on the UAV nodes and other UAV nodes in the unmanned aerial vehicle network by using an authentication key;
and fourthly, the unmanned aerial vehicle updates the authentication key pair.
Further, the first step specifically includes:
selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
(1) ground authentication server generation using BDH parametersThe algorithm generates a prime q, two cyclic groups G of order q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1(ii) a Selecting a hash function
Figure BDA0001800981590000041
H2:G2→{0,1}m
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group EγAnd (a, b) generating element G (x, y), wherein the order delta of G is a large prime number. Selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKSelecting a hash function H on an integer field;
(3) the number of the unmanned aerial vehicles is n, the ground control server sets a threshold value t, and the unmanned aerial vehicles are in a limited domain ZpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
Figure BDA0001800981590000042
Figure BDA0001800981590000043
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code and the serial number of the communication modulei
(5) The ground authentication server selects a time interval delta T and a key updating time interval delta T which meet the message freshness requirement according to specific safety requirements;
step two, before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits a system initialization application to a ground authentication server;
step three, after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,E,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all drones, and identity information.
Further, the second step specifically includes:
the method comprises the following steps: UAV node viGenerating request information and sending a key generation request; UAV node viObtaining time parameters via an onboard clock
Figure BDA0001800981590000051
Based on the acquisition
Figure BDA0001800981590000052
And a preset IDiUAV node viComputing authentication public key PIDi
Figure BDA0001800981590000053
And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi. After the calculation is completed, viWill SigireqSending to a UAV node in the drone network along with a key generation request;
step two: UAV node vjFor SigireqJudging the effectiveness of the test result; after receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clock
Figure BDA0001800981590000054
Based on the acquisition
Figure BDA0001800981590000055
And a preset identity information IDiUAV node vjCalculate P of the nodeIDi
Figure BDA0001800981590000056
Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public key
Figure BDA0001800981590000057
The validity of the signature is determined, and the equation is verified:
Figure BDA0001800981590000058
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step three: UAV node vjGenerating and returning a signcryption message;
based on received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi
Step four: UAV node viFor SignCryptjresJudging the effectiveness of the test result;
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public key
Figure BDA0001800981590000059
And the calculated SigireqThe validity of the message is determined, and the equation is verified:
Figure BDA00018009815900000510
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step five: UAV node viCalculating UAV node vjA private key share of;
based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjRecording the number j and then storing;
step six: UAV node viRecovering the authentication private key;
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei
Figure BDA0001800981590000061
Wherein lθ(z) is the Lagrange interpolation formula,
Figure BDA0001800981590000062
zθ,zjis the node number.
Further, the third step specifically includes:
the method comprises the following steps: UAV node viTo UAV node vjInitiating an authentication request;
(1a) generating a communication key pair;
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG. UAV node viGenerating a large random number ri
Figure BDA0001800981590000063
Calculating RANDij+1 and store;
(1b) encrypting the authentication parameters;
obtaining the current time T by an airborne clockiAnd time parameter
Figure BDA0001800981590000064
Based on the acquisition
Figure BDA0001800981590000065
And a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj
Figure BDA0001800981590000066
Based on acquired TiCalculated PIDjAnd generated ri、RANDijUAV node viThe ciphertext C is calculated and is,
Figure BDA0001800981590000067
wherein g isij=e(di,PIDj)∈G2
(1c) Signing the authentication parameters;
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
Figure BDA0001800981590000068
(xt,yt)=riG;
Figure BDA0001800981590000069
s=(1+dipri)-1·(k-r·dipri)modδ;
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0. After signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj
Step two: UAV node vjJudging the freshness and the validity of the authentication request;
(2a) decrypting to obtain an authentication parameter;
after receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti:
Figure BDA0001800981590000071
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, continuing to perform the step (2c), otherwise, releasing the connection if the authentication fails;
(2c) validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'). And (3) calculating:
Figure BDA0001800981590000072
t′=(r'+s′)modδ;
(x′t,y′t)=s'G+t'Pipub
Figure BDA0001800981590000073
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released;
step three: UAV node vjEncrypting and returning authentication parameters;
(3a) generating a communication key pair and a session key;
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG. Based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji);
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj. Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand
Figure BDA0001800981590000074
After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei
Step four: UAV node viJudging the freshness and the validity of the returned authentication parameters;
(4a) decrypting to obtain an authentication parameter;
based on d generated in (3a)ipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij). Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj
Figure BDA0001800981590000075
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TjSatisfy T-TjIf the request meets the freshness requirement, continuing to perform the step (4c), otherwise, releasing the connection if the authentication fails;
(4c) validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not; if the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails.
Further, the fourth step specifically includes: UAV node viIs generated in relation to time, at the current time t (of the system) oftβ≤t≤tβ+1) At the moment of time, the time of day,
Figure BDA0001800981590000081
UAV node viCalculate its public key PIDi
Figure BDA0001800981590000082
UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
Another object of the present invention is to provide an identity-based key management and networking authentication system for an unmanned aerial vehicle, which implements the identity-based key management and networking authentication method for the unmanned aerial vehicle, the identity-based key management and networking authentication system comprising:
the ground authentication server is used for finishing the initialization of key management and networking authentication systems, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication;
the unmanned aerial vehicle authentication client is used for generating an authentication public key based on identity and submitting a key generation request to a UAV node in an unmanned aerial vehicle network; calculating to obtain private key shares according to the effective signcryption information, and recovering the authentication private key according to a threshold scheme after t effective private key shares are collected; identity authentication is carried out on UAV nodes added into the network, and private key share generation service is provided after authentication is passed; and carrying out networking authentication on the UAV node in the unmanned aerial vehicle network by using the authentication key, and negotiating a session key.
Further, the ground authentication server includes:
the system initialization module is used for completing the initialization of the key management and networking authentication system, namely transmitting the system parameters generated by the system parameter generation module, the identity information generated by the identity information generation module, the key encryption public keys of all the unmanned aerial vehicles generated by the key generation module and the key encryption private keys of the specific unmanned aerial vehicles to the key management and networking authentication system of the unmanned aerial vehicles;
the system parameter generation module is used for generating initialization parameters of a cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system, selecting a proper hash function and a symmetric cryptographic algorithm, setting a time interval for updating a secret key and a time interval for meeting the message freshness requirement according to different safety requirements, counting the number n of unmanned aerial vehicle nodes in the system, and setting a corresponding threshold value t;
the identity information generation module is used for generating the required identity information for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the like;
and the key generation module is used for generating a system master key, generating sub keys for all unmanned aerial vehicles in the system based on the master key and the initialization parameters of the cryptographic algorithm, and finally generating a key encryption key pair based on the sub keys.
Further, the unmanned aerial vehicle authentication client includes:
the system initialization module is used for completing key management on the unmanned aerial vehicle and initialization of a networking authentication system, namely acquiring system parameters and identity information required by the unmanned aerial vehicle for key management and networking authentication, and key encryption public keys of all the unmanned aerial vehicles and key encryption private keys of the unmanned aerial vehicles from a ground authentication server;
the key management module comprises three sub-modules: a request information generating sub-module, a key processing sub-module and an authentication sub-module. The request information generation submodule is used for generating an authentication parameter for requesting the generation of a secret key according to the identity information distributed by the system and the generated authentication public key; the key processing submodule is used for collecting private key shares and recovering the authentication private key after t effective private key shares are collected; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid;
the identity authentication module comprises two sub-modules: authentication submodule and private key share generation submodule. The authentication submodule is used for interacting authentication parameters with an unmanned aerial vehicle authentication client terminal generated by a request key, analyzing the authentication parameters and checking whether the received authentication parameters are valid; the private key share generation submodule is used for generating a private key share for the unmanned aerial vehicle authentication client side which requests key generation according to the received authentication parameters and signing and encrypting the private key share;
the networking authentication module comprises four sub-modules: the key pair generation sub-module, the data processing sub-module, the authentication sub-module and the key negotiation sub-module. The key pair generation submodule is used for generating a communication key pair for carrying out key agreement with other unmanned aerial vehicle authentication clients; the data processing submodule is used for generating parameters for identity authentication with other unmanned aerial vehicle authentication clients; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the key negotiation submodule is used for carrying out key negotiation with other unmanned aerial vehicle authentication clients to generate a session key.
The invention also aims to provide the unmanned aerial vehicle applying the identity-based unmanned aerial vehicle key management and networking authentication method.
In summary, the advantages and positive effects of the invention are: the invention uses the threshold technology to realize the distributed generation of the authentication key pair by the nodes in the unmanned aerial vehicle network, improves the problem of unequal unmanned aerial vehicle calculation in the network caused by the existence of service nodes required by unmanned aerial vehicle network key management in the prior art, realizes unmanned aerial vehicle self-organized key management, and compared with the prior art, the invention utilizes the characteristic of strong mobility of the unmanned aerial vehicle, distributes private key shares in parallel, does not have the synchronization problem and the problem of higher communication delay caused by the serial execution of the key distribution process, enhances the reliability of key management, and provides a safety foundation for the networking authentication of the unmanned aerial vehicle.
The invention realizes bidirectional identity authentication between unmanned nodes, and the UAV node v is used for networking authentication when the unmanned aerial vehicle carries out networking authenticationjBy verification of the signature (RAND'ijValidation of r ', s') to UAV node viThe identity authentication of (2); UAV node viBy determining the RAND of the local storeij+1 and the RAND ″, obtained by decryptionij+1 equal or not to UAV node vjThe identity authentication of (1). Double isThe identity authentication mechanism can resist network attacks such as impersonation and tampering in the networking process of the unmanned aerial vehicle, and the safe and orderly networking of the unmanned aerial vehicle is ensured.
The unmanned aerial vehicle key management and networking authentication method has less calculation overhead, and the unmanned aerial vehicle key management and networking authentication method is realized by using an identity public key and a bilinear pair based on an elliptic curve cryptosystem; under the condition of keeping equal safety, compared with the existing asymmetric key management scheme based on the discrete logarithm problem on the finite field, the method has the advantages of less calculation overhead and improved realization efficiency.
Drawings
Fig. 1 is a schematic structural diagram of an identity-based unmanned aerial vehicle key management and networking authentication system provided in an embodiment of the present invention;
in the figure: 1. a ground authentication server; 2. unmanned aerial vehicle authentication client.
Fig. 2 is a flowchart of an identity-based key management and networking authentication method for an unmanned aerial vehicle according to an embodiment of the present invention.
Fig. 3 is a flowchart of an implementation of the identity-based key management and networking authentication method for the unmanned aerial vehicle according to the embodiment of the present invention.
Fig. 4 is a flowchart of a drone generating an authentication key pair according to an embodiment of the present invention.
Fig. 5 is a flowchart of networking authentication between drones according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problem that service nodes are required to exist in key management of an unmanned aerial vehicle network in the prior art, and the calculation between common unmanned aerial vehicle nodes and the service nodes is not equal; the problem of synchronization and higher communication delay can be caused by the serial execution of the key distribution process among the service nodes; the invention provides an identity-based unmanned aerial vehicle key management and networking authentication system and method, which can enable nodes in an unmanned aerial vehicle network to generate key pairs for networking authentication in a distributed manner under the condition of no trusted third party, realize networking authentication among the nodes and establish a safe communication link.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, an identity-based unmanned aerial vehicle key management and networking authentication system provided in an embodiment of the present invention includes: ground authentication server 1, unmanned aerial vehicle authentication client 2.
And the ground authentication server 1 is used for finishing the initialization of the key management and networking authentication system, namely generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication.
An Unmanned Aerial Vehicle (UAV) authentication client 2 for generating an authentication public key based on identity and submitting a key generation request to a UAV node in an UAV network; calculating to obtain private key shares according to the effective signcryption information, and recovering the authentication private key according to a threshold scheme after t effective private key shares are collected; the identity authentication method is used for carrying out identity authentication on the UAV node added into the network and providing private key share generation service after the authentication is passed; and the UAV network is responsible for carrying out networking authentication on the UAV node in the unmanned aerial vehicle network by using the authentication key and negotiating a session key.
The ground authentication server 1 includes:
the system initialization module is used for completing the initialization of the key management and networking authentication system, namely, the system parameters generated by the system parameter generation module, the identity information generated by the identity information generation module, the key encryption public keys of all the unmanned aerial vehicles generated by the key generation module and the key encryption private keys of specific unmanned aerial vehicles are transmitted to the key management and networking authentication system of the unmanned aerial vehicles.
The system parameter generation module is used for generating initialization parameters of a cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system, selecting a proper hash function and a symmetric cryptographic algorithm, setting a time interval for updating a secret key and a time interval for meeting the message freshness requirement according to different safety requirements, counting the number n of unmanned aerial vehicle nodes in the system, and setting a corresponding threshold value t.
And the identity information generation module is used for generating the required identity information for the unmanned aerial vehicle according to the unmanned aerial vehicle manufacturer approval code, the production assembly code, the serial number of the communication module and the like.
And the key generation module is used for generating a system master key, generating sub keys for all unmanned aerial vehicles in the system based on the master key and the initialization parameters of the cryptographic algorithm, and finally generating a key encryption key pair based on the sub keys.
The unmanned aerial vehicle authentication client 2 includes:
the system initialization module is used for completing key management on the unmanned aerial vehicle and initialization of a networking authentication system, namely acquiring system parameters and identity information required by the unmanned aerial vehicle for key management and networking authentication, and key encryption public keys of all the unmanned aerial vehicles and key encryption private keys of the unmanned aerial vehicles from a ground authentication server.
The key management module comprises three sub-modules: a request information generating sub-module, a key processing sub-module and an authentication sub-module. The request information generation submodule is used for generating an authentication parameter for requesting the generation of a secret key according to the identity information distributed by the system and the generated authentication public key; the key processing submodule is used for collecting private key shares and recovering the authentication private key after t effective private key shares are collected; and the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid or not.
The identity authentication module comprises two sub-modules: authentication submodule and private key share generation submodule. The authentication submodule is used for interacting authentication parameters with an unmanned aerial vehicle authentication client terminal generated by a request key, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the private key share generation submodule is used for generating a private key share for the unmanned aerial vehicle authentication client side which requests key generation according to the received authentication parameters and signing and encrypting the private key share.
The networking authentication module comprises four sub-modules: the key pair generation sub-module, the data processing sub-module, the authentication sub-module and the key negotiation sub-module. The key pair generation submodule is used for generating a communication key pair for carrying out key agreement with other unmanned aerial vehicle authentication clients; the data processing submodule is used for generating parameters for identity authentication with other unmanned aerial vehicle authentication clients; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the key negotiation submodule is used for carrying out key negotiation with other unmanned aerial vehicle authentication clients to generate a session key.
As shown in fig. 2, the identity-based key management and networking authentication method for the unmanned aerial vehicle according to the embodiment of the present invention includes the following steps:
s201: initializing a key management and networking authentication system;
s202: the unmanned aerial vehicle generates an authentication key pair;
s203: networking authentication between the unmanned aerial vehicles;
s204: and the unmanned aerial vehicle updates the authentication key pair.
The identity-based unmanned aerial vehicle key management and networking authentication method provided by the embodiment of the invention specifically comprises the following steps:
1. key management and networking authentication system initialization
(1a) The ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1、G2The operations are addition and multiplication, respectively, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1. Selecting a hash function
Figure BDA0001800981590000131
H2:G2→{0,1}m
(1b) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group Eγ(a, b) a generator G (x, y) for selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKA hash function H over the integer field is selected.
(1c) Setting the number of unmanned aerial vehicles in the system as n, setting a threshold value as t by the ground control server, and setting a threshold value as Z in a finite fieldpSelects a random number as a master key k, and randomly generates a t-1 degree polynomial f (x) -k + l1x+l2x2+…+lt-1xt -1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
Figure BDA0001800981590000141
Figure BDA0001800981590000142
(1d) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the likei
(1e) The ground authentication server selects the time interval delta T and the key updating time interval delta T meeting the message freshness requirement according to specific safety requirements.
(1f) Before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits system initialization application to a ground authentication server.
(1g) After receiving the application, the ground authentication server transmits system parameters, a specific key encryption private key, key encryption public keys of all unmanned aerial vehicles and identity information to the unmanned aerial vehicle authentication client.
2. Unmanned aerial vehicle generates authentication key pair
(2a) UAV node viObtaining time parameters via an onboard clock
Figure BDA0001800981590000143
Based on the acquisition
Figure BDA0001800981590000144
And a preset IDiUAV node viComputing authentication public key PIDi
Figure BDA0001800981590000145
And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi. After the computation is completed, SigireqSent to a UAV node in the drone network along with a key generation request.
(2b) After receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clock
Figure BDA0001800981590000146
Based on the acquisition
Figure BDA0001800981590000147
And a preset IDiUAV node vjCalculate P of the nodeIDi
Figure BDA0001800981590000148
Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public key
Figure BDA0001800981590000149
For SigireqThe validity of (2) is judged.
(2c) After passing the verification, based on the received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi
(2d) Receiving SignCryptjresRear, UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public key
Figure BDA0001800981590000151
And (2a) inCalculated SigireqFor SignCryptjresThe validity of (2) is judged.
(2e) After the verification is passed, based on the received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node viNumber j of (a) is recorded and saved.
(2f) UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei
Figure BDA0001800981590000152
Wherein lθ(z) is Lagrange's interpolation formula.
3. Networking authentication between unmanned aerial vehicles
(3a) UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG. UAV node viGenerating a large random number ri
Figure BDA0001800981590000153
Calculating RANDij+1 and store, obtaining the current time T by means of an onboard clockiAnd a time parameter T. Based on the acquisition
Figure BDA0001800981590000159
And a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj
Figure BDA0001800981590000154
Based on acquired TiAnd P obtained by calculationIDjUAV node viThe ciphertext C is calculated and is,
Figure BDA0001800981590000155
wherein g isij=e(di,PIDj)∈G2. UAV node viUse ofdipriFor random number RANDijAnd (3) signature:
Figure BDA0001800981590000156
(xt,yt)=riG;
Figure BDA0001800981590000157
s=(1+dipri)-1·(k-r·dipri)modδ;
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0. After signature verification is passed, the UAV node viWill message { r, s, C, PipubSending } to a UAV node v in the drone network, together with an authentication requestj
(3b) After receiving the authentication request, the UAV node vjUsing djAnd C obtained by extraction is decrypted, and the calculation is as follows:
Figure BDA0001800981590000158
t obtained by calculationiDetermining freshness of the authentication request, and verifying the signature (RAND'ijAnd r ', s') the validity of the authentication request is determined.
(3c) After verification, UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG. Based on generated djpriAnd received PipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji). UAV node vjObtaining the current time T by an airborne clockj. Based on acquired TjCalculated KijRAND 'of (a) and (3 b)'ijUAV node vjComputingCiphertext Crand
Figure BDA0001800981590000161
After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei
(3d) Receive (C)rand,PjpubAfter v, UAV nodeiUsing d generated in (3a)ipriAnd received PjpubComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij|yij). Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj
Figure BDA0001800981590000162
T obtained by calculationjJudging the freshness of the authentication parameters, and comparing the calculated RAND ″)ij+1 and stored RANDij+1 determines the validity of the authentication parameter.
4. Unmanned aerial vehicle updates authentication key pair
UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,
Figure BDA0001800981590000163
UAV node viCalculate its public key PIDi
Figure BDA0001800981590000164
UAV node viIs required to be at tβ+1The authentication key pair is regenerated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
The application of the principles of the present invention will be further described with reference to fig. 3-5.
1. Key management and networking authentication system initialization
The key management and networking authentication system initialization of the invention comprises the following steps:
the method comprises the following steps: and selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system.
(1) The ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1. Selecting a hash function
Figure BDA0001800981590000176
H2:G2→{0,1}m
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group EγAnd (a, b) generating element G (x, y), wherein the order delta of G is a large prime number. Selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKThe selection of the hash function H over the integer domain can be implemented with reference to the ECB-SM4 (national secret SM4 algorithm codebook mode), and can be implemented with reference to the national secret SM3 algorithm.
(3) Setting the number of unmanned aerial vehicles in the system as n, setting a threshold value t by the ground control server, and setting a threshold value Z in a limited domainpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
Figure BDA0001800981590000171
Figure BDA0001800981590000172
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the likei
(5) The ground authentication server selects the time interval delta T and the key updating time interval delta T meeting the message freshness requirement according to specific safety requirements.
Step two: before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits system initialization application to a ground authentication server.
Step three: after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,e,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all drones, and identity information.
2. Unmanned aerial vehicle generates authentication key pair
The unmanned aerial vehicle in the method generates the authentication key pair, and the authentication key pair is executed when the UAV node joins the network or when the UAV node updates the authentication key pair in the process of executing the mission by the UAV, and the method comprises the following steps:
the method comprises the following steps: UAV node viGenerating request information and transmitting a key generation request.
UAV node viObtaining time parameters via an onboard clock
Figure BDA0001800981590000173
Based on the acquisition
Figure BDA0001800981590000174
And a preset IDiUAV node viComputing authentication public key PIDi
Figure BDA0001800981590000175
And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi. After the calculation is completed, viWill SigireqSent to a UAV node in the drone network along with a key generation request.
Step two: UAV node vjFor SigireqThe validity of (2) is judged.
After receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clock
Figure BDA0001800981590000181
Based on the acquisition
Figure BDA0001800981590000182
And a preset identity information IDiUAV node vjCalculate P of the nodeIDi
Figure BDA0001800981590000183
Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public key
Figure BDA0001800981590000184
Determining the validity of the signature, verifying the equation
Figure BDA0001800981590000185
And if the equation is established, the validity verification is passed, otherwise, the verification fails, and the connection is released.
Step three: UAV node vjA signcryption message is generated and returned.
Based on received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi
Step four: UAV node viFor SignCryptjresThe validity of (2) is judged.
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public key
Figure BDA0001800981590000189
Sig calculated in (2a) and (2b)ireqThe validity of the message is determined, and the equation is verified:
Figure BDA0001800981590000186
and if the equation is established, the validity verification is passed, otherwise, the verification fails, and the connection is released.
Step five: UAV node viCalculating UAV node vjThe private key share of.
Based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjAnd recording and storing the number j.
Step six: UAV node viAnd recovering the authentication private key.
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei
Figure BDA0001800981590000187
Wherein lθ(z) is the Lagrange interpolation formula,
Figure BDA0001800981590000188
zθ,zjis the node number.
3. Networking authentication between unmanned aerial vehicles
The networking authentication between unmanned aerial vehicle nodes in the method is executed after the UAV nodes are added into the unmanned aerial vehicle network, and the authentication key is used for networking authentication with other UAV nodes in the unmanned aerial vehicle network, and the method comprises the following steps:
the method comprises the following steps: UAV node viTo UAV node vjAn authentication request is initiated.
(1a) A communication key pair is generated.
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG. UAV node viGenerating a large random number ri
Figure BDA0001800981590000191
Calculating RANDij+1 and store.
(1b) The authentication parameters are encrypted.
Obtaining the current time T by an airborne clockiAnd time parameter
Figure BDA0001800981590000192
Based on the acquisition
Figure BDA0001800981590000193
And a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj
Figure BDA0001800981590000194
Based on acquired TiCalculated PIDjR generated in (1a) andi、RANDijUAV node viThe ciphertext C is calculated and is,
Figure BDA0001800981590000195
wherein g isij=e(di,PIDj)∈G2
(1c) The authentication parameters are signed.
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
Figure BDA0001800981590000196
(xt,yt)=riG;
Figure BDA0001800981590000197
s=(1+dipri)-1·(k-r·dipri)modδ;
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0. After signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj
Step two: UAV node vjThe freshness and validity of the authentication request are determined.
(2a) And decrypting to obtain the authentication parameters.
After receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti:
Figure BDA0001800981590000201
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, the step (2c) is continued, otherwise, the connection is released if the authentication fails.
(2c) Validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'). And (3) calculating:
Figure BDA0001800981590000202
t′=(r'+s′)modδ;
(x′t,y′t)=s'G+t'Pipub
Figure BDA0001800981590000203
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released.
Step three: UAV node vjEncrypt and return authentication parameters.
(3a) A communication key pair and a session key are generated.
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG. Based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji)。
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj. Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand
Figure BDA0001800981590000204
After the calculation is completed, the UAV node vjMessage (C)rand,PjpubV returned to UAV nodei
Step four: UAV node viAnd judging the freshness and the validity of the returned authentication parameters.
(4a) And decrypting to obtain the authentication parameters.
Based on d generated in (3a)ipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij). Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj
Figure BDA0001800981590000205
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TjSatisfy T-TjIf the request meets the freshness requirement, the step (4c) is continued, otherwise, the connection is released if the authentication fails.
(4c) Validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not. If the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails.
4. Unmanned aerial vehicle updates authentication key pair
UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,
Figure BDA0001800981590000211
UAV node viCalculate its public key PIDi
Figure BDA0001800981590000212
UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
In a preferred embodiment of the invention, the master key: the master key, denoted k, generated by the system is used to generate the subkey.
And (3) sub-key: UAV node v based on master key generation of the system according to a threshold schemeiIs denoted as kiFor generating a key encryption key pair.
Key encryption key pair: generated by the system and distributed to unmanned aerial vehicles, UAV nodes viIs a key encryption public key
Figure BDA0001800981590000213
The secret key encryption private key is marked as siThe method is used for identity authentication and private key share generation when the unmanned aerial vehicle joins a network or an authentication key pair is updated.
Private key share: UAV node v generated when UAV joins network or authentication key pair is updatediThe generated private key share is marked as XiAnd the method is used for recovering the authentication private key of the unmanned aerial vehicle.
Authentication key pair: UAV node v generated after joining the networkiIs marked as PIDiAnd the authentication private key is marked as diAnd the network authentication module is used for carrying out networking authentication with other unmanned aerial vehicles in the network.
Communication key pair: generated during networking authentication of unmanned aerial vehicle, UAV node viIs denoted as PipubAnd the communication private key is marked as dipriAnd the method is used for carrying out key agreement with other unmanned planes in the network to generate a session key.
The application effect of the present invention will be described in detail with reference to the simulation.
The identity-based unmanned aerial vehicle key management and networking authentication system is realized by simulation on an Intel Xeon E3-12313.4 GHz Linux platform, the key length of an elliptic curve cryptosystem is set to be 160 bits, a hash algorithm uses SM3-128bits, and a symmetric cryptographic algorithm selects SM4-128 bits. The key management and networking authentication initialization are pre-executed in a ground authentication server, and the process of generating an authentication key pair and networking authentication by an unmanned aerial vehicle is mainly considered for evaluating the performance of the system. In the process that the unmanned aerial vehicle generates the authentication key pair, the unmanned aerial vehicle participating in identity authentication needs to communicate with the target unmanned aerial vehicle for 2 times, the calculation cost is about 3.45ms, the unmanned aerial vehicle moves randomly, and the probability that the unmanned aerial vehicle participates in identity authentication is t/n, so that the average calculation cost of nodes in the unmanned aerial vehicle network is about
Figure BDA0001800981590000221
The unmanned aerial vehicle requesting key generation needs to communicate with the target unmanned aerial vehicle for 2t times, calculation overhead is positively correlated with a threshold value t, and when t is 100, calculation of the unmanned aerial vehicle is carried outThe overhead is about 270 ms. In the networking authentication process of the unmanned aerial vehicles, the unmanned aerial vehicles communicate for 2 times, the calculation overhead of the unmanned aerial vehicle requesting the networking authentication is 4.51ms, and the calculation overhead of the target unmanned aerial vehicle is 3.34 ms. Simulation implementation shows that the identity-based unmanned aerial vehicle key management and networking authentication method can be executed in an unmanned aerial vehicle environment, can establish a safe communication link for the unmanned aerial vehicle, and is suitable for unmanned aerial vehicle networking.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (5)

1. An identity-based unmanned aerial vehicle key management and networking authentication method is characterized by comprising the following steps: initializing a key management and networking authentication system, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication by a ground authentication server; the unmanned aerial vehicle authentication client generates an authentication public key based on identity, and submits a key generation request to a UAV node in an unmanned aerial vehicle network; the unmanned aerial vehicle authentication client calculates to obtain private key shares according to the effective signcryption information, and recovers the authentication private key according to a threshold scheme after t effective private key shares are collected; an unmanned aerial vehicle authentication client in the unmanned aerial vehicle network performs identity authentication on the UAV node requesting key generation, and provides private key share generation service after authentication is passed; the unmanned aerial vehicle authentication client uses the authentication key to perform networking authentication on the UAV node in the unmanned aerial vehicle network, and negotiates a session key;
the identity-based unmanned aerial vehicle key management and networking authentication method comprises the following steps:
firstly, selecting a cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
secondly, the unmanned aerial vehicle generates an authentication key pair, and the authentication key pair is executed when the UAV node joins the network in the process of executing the mission by the UAV or when the UAV node updates the authentication key pair;
thirdly, networking authentication between the unmanned aerial vehicle nodes is executed after the UAV nodes are added into the unmanned aerial vehicle network, and networking authentication is carried out on the UAV nodes and other UAV nodes in the unmanned aerial vehicle network by using an authentication key;
fourthly, the unmanned aerial vehicle updates the authentication key pair;
the first step specifically comprises:
selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
(1) the ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1(ii) a Selecting a hash function H1
Figure FDA0003014146670000011
H2:G2→{0,1}m
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group Eγ(a, b) a generator G (x, y) requiring that the order δ of G be a large prime number; selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKSelecting a hash function H on an integer field;
(3) the number of the unmanned aerial vehicles is n, the ground control server sets a threshold value t, and the unmanned aerial vehicles are in a limited domain ZpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of generates subkey ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiSecret (secret)The key encrypts a public key of
Figure FDA0003014146670000021
Figure FDA0003014146670000022
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code and the serial number of the communication modulei
(5) The ground authentication server selects a time interval delta T and a key updating time interval delta T which meet the message freshness requirement according to specific safety requirements;
step two, before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits a system initialization application to a ground authentication server;
step three, after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,e,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all unmanned aerial vehicles and identity information;
the second step specifically comprises:
the method comprises the following steps: UAV node viGenerating request information and sending a key generation request; UAV node viObtaining time parameters via an onboard clock
Figure FDA0003014146670000023
Based on the acquisition
Figure FDA0003014146670000024
And a preset IDiUAV node viComputing authentication public key PIDi
Figure FDA0003014146670000028
And encrypts the private key s using its keyiCarry out signature to obtainSigireq,Sigireq=siPIDi(ii) a After the calculation is completed, viWill SigireqSending to a UAV node in the drone network along with a key generation request;
step two: UAV node viFor SigireqJudging the effectiveness of the test result; after receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clock
Figure FDA0003014146670000025
Based on the acquisition
Figure FDA0003014146670000026
And a preset identity information IDiUAV node vjCalculate P of the nodeIDi
Figure FDA0003014146670000027
Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public key
Figure FDA0003014146670000031
The validity of the signature is determined, and the equation is verified:
Figure FDA0003014146670000032
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step three: UAV node vjGenerating and returning a signcryption message;
based on received SigireqAnd a preset key encryption private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi
Step (ii) ofFourthly, the method comprises the following steps: UAV node viFor SignCryptjresJudging the effectiveness of the test result;
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public key
Figure FDA0003014146670000033
And the calculated SigireqThe validity of the message is determined, and the equation is verified:
Figure FDA0003014146670000034
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step five: UAV node viCalculating UAV node vjA private key share of;
based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjRecording the number j and then storing;
step six: UAV node viRecovering the authentication private key;
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei
Figure FDA0003014146670000035
Wherein lθ(z) is the Lagrange interpolation formula,
Figure FDA0003014146670000036
zθ,zjis the node number;
the third step specifically comprises:
the method comprises the following steps: UAV node viTo UAV node vjInitiating an authentication request;
(1a) generating a communication key pair;
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG; UAV node viGenerating large random numbers vi
Figure FDA0003014146670000037
Calculating RANDij+1 and store;
(1b) encrypting the authentication parameters;
obtaining the current time T by an airborne clockiAnd time parameter
Figure FDA0003014146670000041
Based on the acquisition
Figure FDA0003014146670000042
And a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj
Figure FDA0003014146670000049
Based on acquired TiCalculated PIDjAnd generated ri、RANDijUAV node viThe ciphertext C is calculated and is,
Figure FDA0003014146670000043
wherein g isij=e(di,PIDj)∈G2
(1c) Signing the authentication parameters;
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
Figure FDA0003014146670000044
(xt,yt)=riG;
Figure FDA0003014146670000045
s=(1+dipri)-1·(k-r·dipri)modδ;
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0; after signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj
Step two: UAV node vjJudging the freshness and the validity of the authentication request;
(2a) decrypting to obtain an authentication parameter;
after receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti
Figure FDA0003014146670000046
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, continuing to perform the step (2c), otherwise, releasing the connection if the authentication fails;
(2c) validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'); and (3) calculating:
Figure FDA0003014146670000047
t′=(r′+s′)modδ;
(x′t,y′t)=s′G+t′Pipub
Figure FDA0003014146670000048
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released;
step three: UAV node vjEncrypting and returning authentication parameters;
(3a) generating a communication key pair and a session key;
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG; based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji);
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj(ii) a Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand
Figure FDA0003014146670000051
After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei
Step four: UAV node viJudging the freshness and the validity of the returned authentication parameters;
(4a) decrypting to obtain an authentication parameter;
based on d generated in (3a)ipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij) (ii) a Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj
Figure FDA0003014146670000052
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TjSatisfy T-TjIf the request meets the freshness requirement, continuing to perform the step (4c), otherwise, releasing the connection if the authentication fails;
(4c) validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not; if the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails;
the fourth step specifically includes: UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,
Figure FDA0003014146670000053
UAV node viCalculate its public key PIDi
Figure FDA0003014146670000054
UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
2. An identity-based unmanned aerial vehicle key management and networking authentication system implementing the identity-based unmanned aerial vehicle key management and networking authentication method of claim 1, wherein the identity-based unmanned aerial vehicle key management and networking authentication system comprises:
the ground authentication server is used for finishing the initialization of key management and networking authentication systems, and generating and distributing system parameters, keys and identity information required by the unmanned aerial vehicle for key management and networking authentication;
the unmanned aerial vehicle authentication client is used for generating an authentication public key based on identity and submitting a key generation request to a UAV node in an unmanned aerial vehicle network; calculating to obtain private key shares according to the effective signcryption information, and recovering the authentication private key according to a threshold scheme after t effective private key shares are collected; identity authentication is carried out on UAV nodes added into the network, and private key share generation service is provided after authentication is passed; using an authentication key to perform networking authentication on the UAV node in the unmanned aerial vehicle network, and negotiating a session key;
selecting a password algorithm and generating an initialization parameter of the password algorithm according to a password parameter generation algorithm built in the system; the method specifically comprises the following steps:
selecting a proper cryptographic algorithm and generating an initialization parameter of the cryptographic algorithm according to a cryptographic parameter generation algorithm built in a system;
(1) the ground authentication server utilizes a BDH parameter generation algorithm to generate a prime number q, and two cyclic groups G with the order of q1,G2The operations thereon being addition and multiplication, respectively, and G1Is a GDH group, a bilinear map e: g1×G1→G2Selecting a random generator P ∈ G1(ii) a Selecting a hash function H1
Figure FDA0003014146670000061
H2:G2→{0,1}m
(2) The ground authentication server selects a compliant elliptic curve and the points on the curve form a group Eγ(a, b) a generator G (x, y) requiring that the order δ of G be a large prime number; selecting a symmetric cryptographic algorithm, wherein the cryptographic algorithm is ENCKThe decryption algorithm is DECKSelecting a hash function H on an integer field;
(3) the number of the unmanned aerial vehicles is n, the ground control server sets a threshold value t, and the unmanned aerial vehicles are in a limited domain ZpA random number is selected as a master key k, and a t-1 degree polynomial is randomly generated: f (x) k + l1x+l2x2+…+lt-1xt-1(modp) then generates sub-keys and key-encryption key pairs for all UAV nodes, based on UAV node viNumber i of (2)Key ki,kiF (i), finally generating a key encryption key pair based on the subkey, wherein the key encryption private key is si,si=kiThe secret key encrypts the public key to
Figure FDA0003014146670000071
Figure FDA0003014146670000072
(4) The ground authentication server generates the required identity information ID for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code and the serial number of the communication modulei
(5) The ground authentication server selects a time interval delta T and a key updating time interval delta T which meet the message freshness requirement according to specific safety requirements;
step two, before the unmanned aerial vehicle executes the flight mission, the unmanned aerial vehicle submits a system initialization application to a ground authentication server;
step three, after receiving the application, the ground authentication server transmits system parameters { E ] to the unmanned aerial vehicle authentication clientγ(a,b),G,δ,G1,G2,e,Zp,P,H,H1,H2,ENCK,DECKΔ T, Δ T }, a specific key encryption private key, key encryption public keys of all unmanned aerial vehicles and identity information;
the method for the unmanned aerial vehicle to generate the authentication key pair when the UAV node joins the network or when the UAV node updates the authentication key pair in the process of the UAV executing the mission specifically includes:
the method comprises the following steps: UAV node viGenerating request information and sending a key generation request; UAV node viObtaining time parameters via an onboard clock
Figure FDA0003014146670000073
Based on the acquisition
Figure FDA0003014146670000074
And presetIDiUAV node viComputing authentication public key PIDi
Figure FDA00030141466700000710
And encrypts the private key s using its keyiSigning to obtain Sigireq,Sigireq=siPIDi(ii) a After the calculation is completed, viWill SigireqSending to a UAV node in the drone network along with a key generation request;
step two: UAV node vjFor SigireqJudging the effectiveness of the test result; after receiving the key generation request, the UAV node vjObtaining time parameters via an onboard clock
Figure FDA0003014146670000075
Based on the acquisition
Figure FDA0003014146670000076
And a preset identity information IDiUAV node vjCalculate P of the nodeIDi
Figure FDA0003014146670000077
Then using the calculated PIDiAnd pre-assigned UAV node viIs encrypted with a public key
Figure FDA0003014146670000078
The validity of the signature is determined, and the equation is verified:
Figure FDA0003014146670000079
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step three: UAV node vjGenerating and returning a signcryption message;
based on received SigireqAnd a preset keyEncrypting the private key sjUAV node vjCalculating SignCrypt message SignCryptjres,SignCryptjres=sjsiPIDiAfter the calculation is finished, SignCrypt is addedjresReturned to UAV node vi
Step four: UAV node viFor SignCryptjresJudging the effectiveness of the test result;
UAV node viUsing pre-assigned UAV nodes vjIs encrypted with a public key
Figure FDA0003014146670000081
And the calculated SigireqThe validity of the message is determined, and the equation is verified:
Figure FDA0003014146670000082
if the equation is established, the validity verification is passed if the equation is established, otherwise, the connection is released if the verification fails;
step five: UAV node viCalculating UAV node vjA private key share of;
based on received SignCryptjresAnd preset siUAV node viComputing private key share Xj,Xj=sjPIDiAfter the calculation is finished, X is addedjAnd UAV node vjRecording the number j and then storing;
step six: UAV node viRecovering the authentication private key;
UAV node viAfter private key shares of t legal nodes are collected, recovering the authentication private key d according to a threshold schemei
Figure FDA0003014146670000083
Wherein lθ(z) is the Lagrange interpolation formula,
Figure FDA0003014146670000084
zθ,zjis the node number;
networking authentication between unmanned aerial vehicle nodes is executed after the UAV nodes join the unmanned aerial vehicle network, and the networking authentication of the UAV nodes and other UAV nodes in the unmanned aerial vehicle network by using an authentication key specifically comprises the following steps:
the method comprises the following steps: UAV node viTo UAV node vjInitiating an authentication request;
(1a) generating a communication key pair;
UAV node viSelecting a random number dipri∈[1,δ-1]As a communication private key, and calculates a communication public key Pipub,Pipub=dipriG; UAV node viGenerating a large random number ri
Figure FDA0003014146670000085
Calculating RANDij+1 and store;
(1b) encrypting the authentication parameters;
obtaining the current time T by an airborne clockiAnd time parameter
Figure FDA0003014146670000086
Based on the acquisition
Figure FDA0003014146670000087
And a preset UAV node vjIdentity information ID ofjUAV node viCalculating PIDj
Figure FDA0003014146670000088
Based on acquired TiCalculated PIDjAnd generated ri、RANDijUAV node viThe ciphertext C is calculated and is,
Figure FDA0003014146670000091
wherein g isij=e(di,PIDj)∈G2
(1c) Signing the authentication parameters;
UAV node viUsing dipriFor random number RANDijAnd (3) signature:
Figure FDA0003014146670000092
(xt,yt)=riG;
Figure FDA0003014146670000093
s=(1+dipri)-1·(k-r·dipri)modδ;
verifying the validity of the signature (r, s) after the computation is completed, i.e. r ≠ 0, r + riNot equal to 0, s not equal to 0; after signature verification is passed, the UAV node viWill message { r, s, C, PipubH sent to UAV node v along with authentication requestj
Step two: UAV node vjJudging the freshness and the validity of the authentication request;
(2a) decrypting to obtain an authentication parameter;
after receiving the authentication request, the UAV node vjUsing an authentication private key djDecrypting the extracted ciphertext information C to obtain RAND'ij、Ti
Figure FDA0003014146670000094
(2b) Freshness authentication
UAV node vjObtaining the current time T through an onboard clock, if TiSatisfy T-TiIf the request meets the freshness requirement, continuing to perform the step (2c), otherwise, releasing the connection if the authentication fails;
(2c) validity authentication
UAV node vjExtraction of r ', s', PipubPost, verify the signature (RAND'ijR ', s'); and (3) calculating:
Figure FDA0003014146670000095
t′=(r′+s′)modδ;
(x′t,y′t)=s′G+t′Pipub
Figure FDA0003014146670000096
if R ═ R', the UAV node v is completed through validity verificationiThe authentication of (1); otherwise, the authentication fails, and the connection is released;
step three: UAV node vjEncrypting and returning authentication parameters;
(3a) generating a communication key pair and a session key;
UAV node vjGenerating a random number djpri∈[1,δ-1]As a communication private key, and calculates a communication public key Pjpub,Pjpub=djpriG; based on generated djpriP received in (3b) andipubUAV node vjComputing a session key Kij,(xji,yji)=djpriPipub,Kij=(xji||yji);
(3b) Encrypting authentication parameters
UAV node vjObtaining the current time T by an airborne clockj(ii) a Based on acquired TjK is calculatedijAnd RAND 'calculated in (3 b)'ijUAV node vjComputing ciphertext Crand
Figure FDA0003014146670000101
After the calculation is completed, the UAV node vjMessage { Crand,PjpubV returned to UAV nodei
Step four: UAV node viJudging the freshness and the validity of the returned authentication parameters;
(4a) decrypting to obtain an authentication parameter;
based on the generation in (3a)dipriAnd received PjpubUAV node viComputing a session key Kij,(xij,yij)=dipriPjpub,Kij=(xij||yij) (ii) a Based on calculated KijAnd received CrandUAV node viDecrypting to obtain RANDij+1、Tj
Figure FDA0003014146670000102
(4b) Freshness authentication
UAV node viObtaining the current time T through an airborne clock, if the obtained TiSatisfy T-TjIf the request meets the freshness requirement, continuing to perform the step (4c), otherwise, releasing the connection if the authentication fails;
(4c) validity authentication
UAV node viComparing the calculated RANDij+1 and stored RANDij+1 is equal or not; if the values are equal, the UAV node v is verified through validity verificationjThe authentication of (1); otherwise, authentication fails;
the unmanned aerial vehicle updates the authentication key pair; the method specifically comprises the following steps: UAV node viIs generated in time-dependent manner at the current time t (t) of the systemβ≤t≤tβ+1) At the moment of time, the time of day,
Figure FDA0003014146670000103
UAV node viCalculate its public key PIDi
Figure FDA0003014146670000104
UAV node viIs required to be at tβ+1The authentication key pair is updated at any moment, the updating period is delta t, and t is satisfiedβ+1=tβ+Δt。
3. The identity-based drone key management and networking authentication system of claim 2, wherein the ground authentication server comprises:
the system initialization module is used for completing the initialization of the key management and networking authentication system, namely transmitting the system parameters generated by the system parameter generation module, the identity information generated by the identity information generation module, the key encryption public keys of all the unmanned aerial vehicles generated by the key generation module and the key encryption private keys of the specific unmanned aerial vehicles to the key management and networking authentication system of the unmanned aerial vehicles;
the system parameter generation module is used for generating initialization parameters of a cryptographic algorithm according to a cryptographic parameter generation algorithm built in the system, selecting a proper hash function and a symmetric cryptographic algorithm, setting a time interval for updating a secret key and a time interval for meeting the message freshness requirement according to different safety requirements, counting the number n of unmanned aerial vehicle nodes in the system, and setting a corresponding threshold value t;
the identity information generation module is used for generating the required identity information for the unmanned aerial vehicle according to the approval code of the unmanned aerial vehicle manufacturer, the production assembly code, the serial number of the communication module and the like;
and the key generation module is used for generating a system master key, generating sub keys for all unmanned aerial vehicles in the system based on the master key and the initialization parameters of the cryptographic algorithm, and finally generating a key encryption key pair based on the sub keys.
4. The identity-based drone key management and networking authentication system of claim 2, wherein the drone authentication client comprises:
the system initialization module is used for completing key management on the unmanned aerial vehicle and initialization of a networking authentication system, namely acquiring system parameters and identity information required by the unmanned aerial vehicle for key management and networking authentication, and key encryption public keys of all the unmanned aerial vehicles and key encryption private keys of the unmanned aerial vehicles from a ground authentication server;
the key management module comprises three sub-modules: a request information generation sub-module, a key processing sub-module and an authentication sub-module; the request information generation submodule is used for generating an authentication parameter for requesting the generation of a secret key according to the identity information distributed by the system and the generated authentication public key; the key processing submodule is used for collecting private key shares and recovering the authentication private key after t effective private key shares are collected; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid;
the identity authentication module comprises two sub-modules: the authentication submodule and the private key share generation submodule; the authentication submodule is used for interacting authentication parameters with an unmanned aerial vehicle authentication client terminal generated by a request key, analyzing the authentication parameters and checking whether the received authentication parameters are valid; the private key share generation submodule is used for generating a private key share for the unmanned aerial vehicle authentication client side which requests key generation according to the received authentication parameters and signing and encrypting the private key share;
the networking authentication module comprises four sub-modules: a key pair generation sub-module, a data processing sub-module, an authentication sub-module and a key negotiation sub-module; the key pair generation submodule is used for generating a communication key pair for carrying out key agreement with other unmanned aerial vehicle authentication clients; the data processing submodule is used for generating parameters for identity authentication with other unmanned aerial vehicle authentication clients; the authentication submodule is used for interacting authentication required parameters with other unmanned aerial vehicle authentication clients, analyzing the authentication parameters and checking whether the received authentication parameters are valid; and the key negotiation submodule is used for carrying out key negotiation with other unmanned aerial vehicle authentication clients to generate a session key.
5. An unmanned aerial vehicle applying the identity-based unmanned aerial vehicle key management and networking authentication method of claim 1.
CN201811076889.6A 2018-09-14 2018-09-14 Identity-based unmanned aerial vehicle key management and networking authentication system and method Active CN109218018B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811076889.6A CN109218018B (en) 2018-09-14 2018-09-14 Identity-based unmanned aerial vehicle key management and networking authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811076889.6A CN109218018B (en) 2018-09-14 2018-09-14 Identity-based unmanned aerial vehicle key management and networking authentication system and method

Publications (2)

Publication Number Publication Date
CN109218018A CN109218018A (en) 2019-01-15
CN109218018B true CN109218018B (en) 2021-08-10

Family

ID=64983543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811076889.6A Active CN109218018B (en) 2018-09-14 2018-09-14 Identity-based unmanned aerial vehicle key management and networking authentication system and method

Country Status (1)

Country Link
CN (1) CN109218018B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110120869B (en) * 2019-03-27 2022-09-30 上海隔镜信息科技有限公司 Key management system and key service node
CN110086825B (en) * 2019-05-08 2021-06-08 国网江苏省电力有限公司 Unmanned aerial vehicle power inspection data safety transmission system and method
CN110290109B (en) * 2019-05-20 2022-04-19 蚂蚁蓉信(成都)网络科技有限公司 Data processing method and device, and processing authority acquisition method and device
CN110233836B (en) * 2019-05-31 2021-06-08 顾宏超 Communication verification method, device, system and computer readable storage medium
CN110324828B (en) * 2019-07-03 2022-02-01 中国联合网络通信集团有限公司 Road condition acquisition method and system and vehicle-mounted device
CN110311778A (en) * 2019-07-09 2019-10-08 北京航空航天大学 A kind of unmanned plane queue identity authentication method based on ECC Threshold Signature
CN110427762B (en) * 2019-07-23 2021-03-23 湖南匡安网络技术有限公司 Encryption and decryption method for realizing video security transmission of power monitoring system
CN110972132B (en) * 2019-11-12 2023-07-18 江苏恒宝智能系统技术有限公司 Unmanned aerial vehicle queue identity authentication method
CN111278008B (en) * 2020-01-13 2022-04-08 山东大学 Safety communication method and system for military unmanned aerial vehicle group keyless management center
CN111277583B (en) * 2020-01-15 2022-02-25 东方红卫星移动通信有限公司 Identity authentication method for monitoring system of mobile cloud computing
CN114079560A (en) * 2020-07-31 2022-02-22 中移(苏州)软件技术有限公司 Communication encryption method, aircraft and computer readable storage medium
CN112073964B (en) * 2020-10-26 2021-11-19 河南大学 Unmanned aerial vehicle and base station communication identity authentication method based on elliptic curve encryption
CN112561422B (en) * 2020-12-04 2023-07-25 中国联合网络通信集团有限公司 Commodity transportation method based on network-connected unmanned aerial vehicle, user and key management platform
CN112910655B (en) * 2021-01-25 2021-11-19 北京航空航天大学 Certificateless bilinear pairing-free broadcast signcryption method suitable for UAANET
CN114071698B (en) * 2021-10-19 2024-01-09 四川九洲空管科技有限责任公司 Ad hoc network data receiving and transmitting method and device with parameter dynamic configuration and state sensing
CN114125728B (en) * 2021-12-02 2022-11-29 暨南大学 Trust evaluation method and system for lightweight and privacy protection in unmanned aerial vehicle network
CN114157488B (en) * 2021-12-03 2023-06-16 北京明朝万达科技股份有限公司 Key acquisition method, device, electronic equipment and storage medium
CN114143774B (en) * 2021-12-15 2023-04-28 暨南大学 Lightweight trusted message exchange method and system in unmanned aerial vehicle network
CN114301606B (en) * 2021-12-31 2023-07-21 北京三快在线科技有限公司 Unmanned equipment key management system, method, device, equipment and storage medium
CN115459972B (en) * 2022-08-26 2024-04-16 西安电子科技大学 Safe anonymous core network access method based on multi-unmanned aerial vehicle relay

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1530867A1 (en) * 2002-08-12 2005-05-18 Harris Corporation Wireless local or metropolitan area network with intrusion detection features and related methods
CN1668136A (en) * 2005-01-18 2005-09-14 中国电子科技集团公司第三十研究所 A method for implementing security communication between mobile self-organized network nodes
CN1667999A (en) * 2005-01-18 2005-09-14 中国电子科技集团公司第三十研究所 A secure communication method between mobile nodes in mobile self-organized network
CN101262333A (en) * 2008-04-21 2008-09-10 上海大学 A secure communication method between nodes in vehicular network
CN101335612A (en) * 2008-07-30 2008-12-31 浙江工业大学 Bilinear cipher key pair pre-distributing method oriented to safety of mobile self-organizing network
CN102223629A (en) * 2009-11-26 2011-10-19 中国人民解放军空军工程大学 Distribution method of threshold keys of mobile Ad hoc network
CN103702326A (en) * 2013-12-02 2014-04-02 北京理工大学 Certificateless key agreement method on basis of mobile Ad Hoc network
CN104883372A (en) * 2015-06-19 2015-09-02 中国电子科技集团公司第五十四研究所 Anti-cheating and anti-attack data transmission method based on wireless Ad Hoc network
CN106453428A (en) * 2016-12-15 2017-02-22 中国科学院上海微系统与信息技术研究所 Anonymous safety communication method applicable to MANET (mobile ad-hoc network) network layer
CN107634837A (en) * 2017-11-01 2018-01-26 安徽大学 The efficient message authentication method of car networking based on edge calculations

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004016581A1 (en) * 2004-03-31 2005-10-27 Nec Europe Ltd. Procedures for Settlement and Compensation Processes in Ad Hoc Networks
US20060233377A1 (en) * 2005-03-31 2006-10-19 Hwang-Daw Chang Key distribution method of mobile ad hoc network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1530867A1 (en) * 2002-08-12 2005-05-18 Harris Corporation Wireless local or metropolitan area network with intrusion detection features and related methods
CN1668136A (en) * 2005-01-18 2005-09-14 中国电子科技集团公司第三十研究所 A method for implementing security communication between mobile self-organized network nodes
CN1667999A (en) * 2005-01-18 2005-09-14 中国电子科技集团公司第三十研究所 A secure communication method between mobile nodes in mobile self-organized network
CN101262333A (en) * 2008-04-21 2008-09-10 上海大学 A secure communication method between nodes in vehicular network
CN101335612A (en) * 2008-07-30 2008-12-31 浙江工业大学 Bilinear cipher key pair pre-distributing method oriented to safety of mobile self-organizing network
CN102223629A (en) * 2009-11-26 2011-10-19 中国人民解放军空军工程大学 Distribution method of threshold keys of mobile Ad hoc network
CN103702326A (en) * 2013-12-02 2014-04-02 北京理工大学 Certificateless key agreement method on basis of mobile Ad Hoc network
CN104883372A (en) * 2015-06-19 2015-09-02 中国电子科技集团公司第五十四研究所 Anti-cheating and anti-attack data transmission method based on wireless Ad Hoc network
CN106453428A (en) * 2016-12-15 2017-02-22 中国科学院上海微系统与信息技术研究所 Anonymous safety communication method applicable to MANET (mobile ad-hoc network) network layer
CN107634837A (en) * 2017-11-01 2018-01-26 安徽大学 The efficient message authentication method of car networking based on edge calculations

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Key Management Protocol Based on Finely Granular Multi-level Security Method in Wireless Networks";Li Yahui;《2011 Seventh International Conference on Computational Intelligence and Security》;20111231;全文 *
"适合ad hoc网络无需安全信道的密钥管理方案";李慧贤;《通信学报》;20100131;全文 *

Also Published As

Publication number Publication date
CN109218018A (en) 2019-01-15

Similar Documents

Publication Publication Date Title
CN109218018B (en) Identity-based unmanned aerial vehicle key management and networking authentication system and method
Liu et al. Blockchain empowered cooperative authentication with data traceability in vehicular edge computing
Wei et al. Secure and lightweight conditional privacy-preserving authentication for securing traffic emergency messages in VANETs
CN108566240B (en) Inter-satellite networking authentication system and method suitable for double-layer satellite network
Wang et al. Ultra super fast authentication protocol for electric vehicle charging using extended chaotic maps
CN113079016B (en) Identity-based authentication method facing space-based network
CN110402560B (en) System and method for computing public session keys in identity-based authenticated key exchange scheme with forward security
CN108521401B (en) Method for enhancing safety of MANET network of unmanned aerial vehicle
US11044081B2 (en) System and method for obtaining a common session key between devices
Han et al. A self-authentication and deniable efficient group key agreement protocol for VANET
CN109640325B (en) Motorcade-oriented safety management method based on extensible contribution group key negotiation
Dolev et al. Optical PUF for non-forwardable vehicle authentication
Tan et al. Secure and efficient authenticated key management scheme for UAV-assisted infrastructure-less IoVs
Chaturvedi et al. A secure zero knowledge authentication protocol for wireless (mobile) ad-hoc networks
Ozmen et al. IoD-crypt: A lightweight cryptographic framework for Internet of drones
Gao et al. An Improved Online/Offline Identity-Based Signature Scheme for WSNs.
Kanchan et al. An efficient and privacy-preserving federated learning scheme for flying ad hoc networks
Xie et al. Provable secure and lightweight vehicle message broadcasting authentication protocol with privacy protection for VANETs
Wazid et al. Secure communication framework for blockchain-based internet of drones-enabled aerial computing deployment
CN103796200A (en) Method for achieving key management in wireless mobile ad hoc network based on identities
Chen et al. Provable secure group key establishment scheme for fog computing
CN116388995A (en) Lightweight smart grid authentication method based on PUF
Singh et al. Efficient and secure message transfer in VANET
Xiong et al. A cloud based three layer key management scheme for VANET
Hafeez et al. BETA-UAV: Blockchain-based efficient and trusted authentication for UAV communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant