CN110430063B - Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes - Google Patents

Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes Download PDF

Info

Publication number
CN110430063B
CN110430063B CN201910680311.XA CN201910680311A CN110430063B CN 110430063 B CN110430063 B CN 110430063B CN 201910680311 A CN201910680311 A CN 201910680311A CN 110430063 B CN110430063 B CN 110430063B
Authority
CN
China
Prior art keywords
sensor network
node
heterogeneous sensor
network node
ecom
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910680311.XA
Other languages
Chinese (zh)
Other versions
CN110430063A (en
Inventor
沈士根
刘建华
周海平
冯晟
胡珂立
赵利平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Shaoxing
Original Assignee
University of Shaoxing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Shaoxing filed Critical University of Shaoxing
Priority to CN201910680311.XA priority Critical patent/CN110430063B/en
Publication of CN110430063A publication Critical patent/CN110430063A/en
Application granted granted Critical
Publication of CN110430063B publication Critical patent/CN110430063B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a heterogeneous sensor network node anonymous identity authentication system and method based on a fog computing architecture. The system comprises a heterogeneous sensor network, a fog computing node and a global key management system; the heterogeneous sensing network comprises a plurality of heterogeneous sensing network nodes, and the heterogeneous sensing network nodes are respectively connected with corresponding fog calculation nodes; the heterogeneous sensor network node calls a fog computing node connected with the heterogeneous sensor network node and provided with a fog computing node security middleware to execute a security function; the global key management system distributes a shared key to all devices which communicate with each other. The system provided by the invention solves the problem of key management of heterogeneous sensing nodes through a global key management system. By using the method provided by the invention, the heterogeneous sensing network nodes can realize the anonymous identity authentication of the heterogeneous sensing network nodes without providing identity information, thereby ensuring the node identity authenticity during the communication of the heterogeneous sensing network.

Description

Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes
Technical Field
The invention belongs to the technical field of Internet of things security, and particularly relates to a heterogeneous sensing network node anonymous identity authentication system and method based on a fog computing architecture.
Background
The heterogeneous sensing network is used as the basis of the internet of things and has great influence on the life of people. At present, heterogeneous sensing networks are widely deployed in smart homes, smart cities, smart power grids, car networking and other fields. In order to standardize management of resources such as equipment and information in the heterogeneous sensor network, different standard frameworks of the internet of things are proposed by many internet of things alliances, but the frameworks only consider basic communication security such as authentication key exchange and access control in heterogeneous sensor network communication. In the face of the current situation that heterogeneous sensor networks need to support different types of sensor nodes, the comprehensive safety protection of the heterogeneous sensor networks needs to be enhanced urgently.
The identity authentication technology is used for realizing identity confirmation of the node in the heterogeneous sensing network and determining the access authority possessed by the node based on the identity confirmation. The anonymous identity authentication technology mainly solves the problem that node information is excessively exposed in the identity authentication process, emphasizes that the identity of the heterogeneous sensing network node is anonymous, ensures the authenticity of the anonymous identity of the heterogeneous sensing network node and cannot be counterfeited.
Currently, different organizations disclose methods regarding identity authentication of sensor network nodes. Patent application document CN104994085A discloses a sensing network identity authentication method and system, which can authenticate the identity of a node, but the encryption and decryption operations used in the whole identity authentication process are completed by the sensing node, resulting in a large computational load on the sensing node. Patent application document CN103079199A discloses a bidirectional identity authentication method and system for a sensor network, which also has the problem of large calculation load of sensor nodes. Patent application document CN103179562A discloses a node identity authentication method based on zero knowledge proof in a sensor network, and the node identity authentication is established on the basis of a broadcast key, which has the problem of difficult key management. Patent application document CN102612035A discloses an energy-efficient identity authentication method in a multi-level clustering sensing network, wherein encryption and decryption operations are completed by sensing nodes, and the problem of large computational load of the sensing nodes exists. Patent application document CN103731819A discloses an authentication method for sensor network nodes, in the process of node identity authentication, each sensor node needs to store information such as a certificate, a secret key, a base station random number, a node random number, and a response message, and when a large number of sensor nodes need to perform identity authentication with each other, there is a problem that key management is difficult.
In conclusion, the existing identity authentication technology is generally problematic when applied to a heterogeneous sensor network. On one hand, each different heterogeneous sensor network node needs to retain a different key during identity authentication, so that key management becomes a challenging problem. On the other hand, most heterogeneous sensor network nodes have limited computing resources, and how to solve the computing cost when an advanced encryption and decryption algorithm is applied becomes another challenging problem.
Disclosure of Invention
Aiming at the defects or the improvement requirements in the prior art, the invention provides a heterogeneous sensor network node anonymous identity authentication system and method based on a fog computing architecture, and aims to perform the heterogeneous sensor network node anonymous identity authentication through a fog computing node, provide higher computing power and shorten response time by the fog computing node, thereby solving the technical problem that the heterogeneous sensor network node needs to perform identity authentication when in communication, and the heterogeneous sensor network node needs to distribute higher computing power performance requirements and transmission requirements for realizing operations such as data abstract computation, data encryption and decryption, digital signature verification and the like, so that the work of the heterogeneous sensor network node is influenced.
In order to achieve the above object, according to an aspect of the present invention, there is provided a heterogeneous sensor network node anonymous identity authentication system based on a fog computing architecture, including a heterogeneous sensor network, a fog computing node, and a global key management system; the heterogeneous sensing network comprises a plurality of heterogeneous sensing network nodes, and the heterogeneous sensing network nodes are respectively connected with corresponding fog calculation nodes; the heterogeneous sensor network node calls a fog computing node connected with the heterogeneous sensor network node and provided with a fog computing node security middleware to execute a security function; the global key management system distributes a shared key to all devices which communicate with each other.
According to another aspect of the invention, a heterogeneous sensor network node anonymous identity authentication method based on a fog computing architecture is provided, which comprises the following steps:
when heterogeneous sensing network node HSiTo heterogeneous sensor network nodes HSjWhen an anonymous authentication request is initiated:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information of (1); the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A2, heterogeneous sensor network node HSjReceiving and decrypting the authentication request information, and extracting the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbEncrypted and sent to heterogeneous sensor network nodes HSi
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbExchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting the group signature gamma and sending the group signature gamma to the fog computing node FSi
Step A6, the fog calculation node FSiReceiving and decrypting to obtain the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 based on the fog computing node FSjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
Preferably, in the method for authenticating the anonymous identity of the heterogeneous sensor network node based on the fog computing architecture, in steps a1 to a5, the encrypting and sending specifically includes:
and combining the content to be sent with the abstract, preferably calling the fog computing node to obtain the abstract, encrypting based on the shared secret key of the sending node and the receiving node, and preferably calling the fog computing node to perform encryption operation.
Preferably, in the method for authenticating an anonymous identity of a heterogeneous sensor network node based on a fog computing architecture, in steps a2 to a6, the receiving and decrypting specifically includes:
and decrypting the received content based on the shared secret key of the sending node and the receiving node, preferably calling the fog computing node to perform decryption operation, and preferably calling the fog computing node to run a digest algorithm to obtain the digest through digest integrity verification.
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 1:
step A11, heterogeneous sensor network node HSiGenerating heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A12, heterogeneous sensor network node HSiCombined DHKaAnd RandiGet authentication request information AR ═ DHKa||Randi
Step A13, heterogeneous sensor network node HSiCalling a fog calculation node FSiSHA-512 digest function SHA512() in the security middleware calculates the digest of the authentication request AR to obtain the digest value Hash1= SHA512(AR);
Step A14, heterogeneous sensor network node HSiCombined authentication request AR and digest value Hash1Obtaining combined information Com1=AR||Hash1
Step A15, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Encryption combination information Com1Get the ciphertext ECom1=EAES(Com1,SK1);
Step A16, heterogeneous sensor network node HSiWill cipher text ECom1Sending to heterogeneous sensor network node HSj
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 2:
step A21, heterogeneous sensor network node HSjValidating ECom1Data integrity of (2). Heterogeneous sensor network node HSjReceive HSiTransmitted ciphertext ECom1Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom1Get Com1=DAES(ECom1,SK1) Respectively take out Com1AR and Hash in (1)1Invoking the fog calculation node FSjIn securitySHA-512 digest function SHA512() within the middleware computes the digest of the AR to a digest value
Figure GDA0002423964660000051
The newly generated abstract value
Figure GDA0002423964660000052
Heel Com1Has the Hash taken out1Comparing, if the two are the same, indicating ECom1Is not modified in the network communication process, go to step A22; if different, represent ECom1Is maliciously modified in the network communication process, the step A16 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom1
Step A22, heterogeneous sensor network node HSjRemoval of DHK from ARa
Step A23, heterogeneous sensor network node HSjGenerating heterogeneous sensor network nodes HSjOf a Diffie-Hellman key exchange tuple DHKb=gb
Step A24, heterogeneous sensor network node HSjBased on DHKaAnd DHKbGenerating a shared Key SK4= gab
Step A25, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypted Randiobtain the ciphertext β ═ EAES (Rand)i,SK4)。
Step A26, heterogeneous sensor network node HSjCalling a fog calculation node FSjthe SHA-512 digest function SHA512() in the security middleware calculates the digest of the ciphertext beta to obtain the digest value Hash2=SHA512(β);
Step A27, heterogeneous sensor network node HSjcombining ciphertext β and digest value Hash2Obtaining combined information Com2=β||Hash2
Step A28, heterogeneous sensor network node HSjCalling a fog calculation node FSjAddition of AES symmetric key algorithm in secure middlewareThe cryptographic function EAES () is based on the shared secret key SK3Encryption combination information Com2Get the ciphertext ECom2=EAES(Com2,SK3);
Step A29, heterogeneous sensor network node HSjWill cipher text ECom2Send to the fog calculation node FSj
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 3:
step A31, fog calculation node FSjValidating ECom2Data integrity of (2). Fog calculation node FSjReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom2Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK3Decrypting ciphertext ECom2Get Com2=DAES(ECom2,SK3) Respectively take out Com2beta and Hash in (1)2calling SHA-512 digest function SHA512() in self node security middleware to calculate β digest to obtain digest value
Figure GDA0002423964660000061
The newly generated abstract value
Figure GDA0002423964660000062
Heel Com2Has the Hash taken out2Comparing, if the two are the same, indicating ECom2Is not modified in the network communication process, go to step A32; if different, represent ECom2Is maliciously modified in the network communication process, the step A29 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom2
Step A32, fog calculation node FSjSignature function Sig () for calling RSA digital signature algorithm in self node security middleware based on self private key FSKjgenerating a group signature γ ═ Sig (β, FSK) of βj)。
Step A33, fog calculation node FSjCalling SHA-512 digest function SHA512() in self node security middleware to calculate group signatureGamma abstract obtains abstract value Hash3=SHA512(γ)。
Step A34, fog calculation node FSjCombined group signature gamma and digest value Hash3Obtaining combined information Com3=γ||Hash3
Step A35, fog calculation node FSjInvoking an encryption function EAES () of an AES symmetric key algorithm within a self node security middleware based on a shared key SK3Encryption combination information Com3Get the ciphertext ECom3=EAES(Com3,SK3);
Step A36, fog calculation node FSjWill cipher text ECom3Sending to heterogeneous sensor network node HSj
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 4:
step A41, heterogeneous sensor network node HSjValidating ECom3Data integrity of (2). Heterogeneous sensor network node HSjReceived fog calculation node FSjTransmitted ciphertext ECom3Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK3Decrypting ciphertext ECom3Get Com3=DAES(ECom3,SK3) Respectively take out Com3Gamma and Hash in (1)3Invoking the fog calculation node FSjThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest value
Figure GDA0002423964660000071
The newly generated abstract value
Figure GDA0002423964660000072
Heel Com3Has the Hash taken out3Comparing, if the two are the same, indicating ECom3Is not modified in the network communication process, go to step A42; if different, represent ECom3Is maliciously modified in the network communication process, the step A36 is carried out to request the fog computing node FSjResending ciphertext ECom3
Step A42, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypting gamma to obtain cipher text delta-EAES (gamma, SK)4);
Step A43, heterogeneous sensor network node HSjCombined Diffie-Hellman key exchange tuple DHKbObtaining combined information Com by using the ciphertext delta4=DHKb||δ;
Step A44, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512() in security middleware calculates combined information Com4The digest of the received data is obtained as a digest value Hash4=SHA512(Com4);
Step A45, heterogeneous sensor network node HSjCombined Com4And digest value Hash4Obtaining combined information Com5=Com4||Hash4
Step A46, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK1Encryption combination information Com5Get the ciphertext ECom5=EAES(Com5,HS1);
Step A47, heterogeneous sensor network node HSjWill cipher text ECom5Sending to heterogeneous sensor network node HSi
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 5:
step A51, heterogeneous sensor network node HSiValidating ECom5Data integrity of (2). Heterogeneous sensor network node HSiReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom5Then, calling a fog computing node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom5Get Com5=DAES(ECom5,SK1) Respectively, respectivelyFetch Com5Com in4And Hash4Invoking the fog calculation node FSiSHA-512 digest function SHA512() computation Com in security middleware4The abstract of the data is obtained as an abstract value
Figure GDA0002423964660000081
The newly generated abstract value
Figure GDA0002423964660000082
Heel Com5Has the Hash taken out4Comparing, if the two are the same, indicating ECom5Is not modified in the network communication process, go to step A52; if different, represent ECom5Is maliciously modified in the network communication process, the step A47 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom5
Step A52, heterogeneous sensor network node HSiFetch Com4DHK in (1)bAnd delta, based on self-generated DHKaAnd the removed DHKbGenerating a shared Key SK4=gab
Step A53, heterogeneous sensor network node HSiCalling a fog calculation node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK4Decrypting delta yields gamma-DAES (delta, SK)4);
Step A54, heterogeneous sensor network node HSiCalling a fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the calculated gamma to get the digest value Hash5=SHA512(γ)。
Step A55, heterogeneous sensor network node HSiCombined gamma and digest value Hash5Obtaining combined information Com6=γ||Hash5
Step A56, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK2Encryption combination information Com6Get the ciphertext ECom6=EAES(Com6,SK2);
Step A57, heterogeneous sensor network node HSiWill cipher text ECom6Send to the fog calculation node FSi
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 6:
step A61, fog calculation node FSiValidating ECom6Data integrity of (2). Fog calculation node FSiReceiving heterogeneous sensor network node HSiTransmitted ciphertext ECom6Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK2Decrypted ciphertext Ecom6Get Com6=DAES(ECom6,SK2) Respectively take out Com6Gamma and Hash in (1)5Invoking the fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest value
Figure GDA0002423964660000091
The newly generated abstract value
Figure GDA0002423964660000092
Heel Com6Has the Hash taken out5Comparing, if the two are the same, indicating ECom6Is not modified in the network communication process, go to step A62; if different, represent ECom6Is maliciously modified in the network communication process, the step A57 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom6
Step A62, fog calculation node FSiA check function Ver () of an RSA digital signature algorithm in the self node security middleware is called, and a node FS is calculated based on fogjPublic key FPK ofjThe "group signature" γ is checked. If the verification is passed, returning a value ok to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiPassing anonymous identity authentication; if the verification fails, returning a value no to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiThe anonymous identity authentication is not passed.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
the system provided by the invention solves the problem of key management of heterogeneous sensing nodes through a global key management system.
By using the method provided by the invention, the heterogeneous sensing network nodes can realize the anonymous identity authentication of the heterogeneous sensing network nodes without providing identity information, thereby ensuring the node identity authenticity during the communication of the heterogeneous sensing network.
According to the optimized technical scheme, the security function in the fog node security middleware is called, and the calculation of complex functions such as an encryption and decryption function of an AES symmetric key algorithm, an SHA-512 digest function and the like is transferred to the fog calculation node, so that the problem of calculation cost generated by the operation of the security algorithm by the heterogeneous sensing network node is solved.
Drawings
Fig. 1 is a schematic structural diagram of a heterogeneous sensor network node anonymous identity authentication system based on a fog computing architecture provided by the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The invention provides a heterogeneous sensor network node anonymous identity authentication system based on a fog computing architecture, which comprises a heterogeneous sensor network, a fog computing node and a global key management system; the heterogeneous sensing network comprises a plurality of heterogeneous sensing network nodes, and the heterogeneous sensing network nodes are respectively connected with corresponding fog calculation nodes;
the heterogeneous sensor network node calls the fog computing node connected with the heterogeneous sensor network node and provided with the fog computing node security middleware to execute a security function, wherein the security function comprises encryption operation, decryption operation, abstract operation, digital signature operation and digital signature verification operation. The heterogeneous sensing network is composed of a series of heterogeneous sensing nodes, and certain application functions such as an intelligent power grid and intelligent transportation are achieved. The fog computing node is used as an edge node of the heterogeneous sensor network, has strong computing and storage resources, and can support a complex security algorithm.
The global key management system distributes a shared key to all devices which communicate with each other.
The invention provides a heterogeneous sensor network node anonymous identity authentication method based on a fog computing architecture, which comprises the following steps:
when heterogeneous sensing network node HSiTo heterogeneous sensor network nodes HSjWhen an anonymous authentication request is initiated:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information of (1); the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A2, heterogeneous sensor network node HSjReceiving and decrypting the authentication request information, and extracting the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj
The node HS based on the heterogeneous sensor networkiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4The method specifically comprises the following steps: SK4=gab
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbEncrypted and sent to heterogeneous sensor network nodes HSi
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbExchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting the group signature gamma and sending the group signature gamma to the fog computing node FSi
Step A6, the fog calculation node FSiReceiving and decrypting to obtain the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 based on the fog computing node FSjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
In steps a1 to a5, the encrypting transmission specifically includes:
combining the content to be sent with the abstract, preferably calling a fog computing node to obtain the abstract, encrypting based on a shared secret key of a sending node and a receiving node, and preferably calling the fog computing node to perform encryption operation;
in steps a2 to a6, the receiving and decrypting specifically includes:
and decrypting the received content based on the shared secret key of the sending node and the receiving node, preferably calling the fog computing node to perform decryption operation, and preferably calling the fog computing node to run a digest algorithm to obtain the digest through digest integrity verification.
The following are examples:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information; the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A11, heterogeneous sensor network node HSiGenerating heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A12, heterogeneous sensor network node HSiCombined DHKaAnd RandiGet authentication request information AR ═ DHKa||Randi
Step A13, heterogeneous sensor network node HSiCalling a fog calculation node FSiSHA-512 digest function SHA512() in the security middleware calculates the digest of the authentication request AR to obtain the digest value Hash1= SHA512(AR);
Step A14, heterogeneous sensor network node HSiCombined authentication request AR and digest value Hash1Obtaining combined information Com1=AR||Hash1
Step A15, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Encryption combination information Com1Get the ciphertext ECom1=EAES(Com1,SK1);
Step A16, heterogeneous sensor network node HSiWill cipher text ECom1Sending to heterogeneous sensor network node HSj
Step A2, heterogeneous sensor network node HSjReceiving and decrypting the authentication request information, and extracting the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj
The node HS based on the heterogeneous sensor networkiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4The method specifically comprises the following steps: SK4=gab
Step A21, heterogeneous sensor network node HSjValidating ECom1Data integrity of (2). Heterogeneous sensor network node HSjReceive HSiTransmitted ciphertext ECom1Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom1Get Com1=DAES(ECom1,SK1) Respectively take out Com1AR and Hash in (1)1Invoking the fog calculation node FSjSHA-512 digest function SHA512() in the secure middleware to compute the digest of the AR to get the digest value
Figure GDA0002423964660000131
The newly generated abstract value
Figure GDA0002423964660000132
Heel Com1Has the Hash taken out1Comparing, if the two are the same, indicating ECom1Is not modified in the network communication process, go to step A22; if different, represent ECom1Is maliciously modified in the network communication process, the step A16 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom1
Step A22, heterogeneous sensor network node HSjRemoval of DHK from ARa
Step A23, heterogeneous sensor network node HSjGenerating heterogeneous sensor network nodes HSjOf a Diffie-Hellman key exchange tuple DHKb=gb
Step A24, heterogeneous sensor network node HSjBased on DHKaAnd DHKbGenerating a shared Key SK4= gab
Step A25, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypted Randiobtain the ciphertext β ═ EAES (Rand)i,SK4)。
Step A26, heterogeneous sensor network node HSjCalling a fog calculation node FSjthe SHA-512 digest function SHA512() in the security middleware calculates the digest of the ciphertext beta to obtain the digest value Hash2=SHA512(β);
Step A27, heterogeneous sensor network node HSjcombining ciphertext β and digest value Hash2Obtaining combined information Com2=β||Hash2
Step A28, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK3Encryption combination information Com2Get the ciphertext ECom2=EAES(Com2,SK3);
Step A29, heterogeneous sensor network node HSjWill cipher text ECom2Send to the fog calculation node FSj
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj
Step A31, fog calculation node FSjValidating ECom2Data integrity of (2). Fog calculation node FSjReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom2Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK3Decrypting ciphertext ECom2Get Com2=DAES(ECom2,SK3) Respectively take out Com2beta and Hash in (1)2calling SHA-512 digest function SHA512() in self node security middleware to calculate β digest to obtain digest value
Figure GDA0002423964660000141
The newly generated abstract value
Figure GDA0002423964660000142
Heel Com2Has the Hash taken out2Comparing, if the two are the same, indicating ECom2Is not modified in the network communication process, go to step A32; if different, represent ECom2Is maliciously modified in the network communication process, the step A29 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom2
Step A32, fog calculation node FSjSignature function Sig () for calling RSA digital signature algorithm in self node security middleware based on self private key FSKjgenerating a group signature γ ═ Sig (β, FSK) of βj)。
Step A33, fog calculation node FSjCalling SHA-512 digest in self node safety middlewareCalculating the digest of the group signature gamma by the function SHA512() to obtain the digest value Hash3=SHA512(γ)。
Step A34, fog calculation node FSjCombined group signature gamma and digest value Hash3Obtaining combined information Com3=γ||Hash3
Step A35, fog calculation node FSjInvoking an encryption function EAES () of an AES symmetric key algorithm within a self node security middleware based on a shared key SK3Encryption combination information Com3Get the ciphertext ECom3=EAES(Com3,SK3);
Step A36, fog calculation node FSjWill cipher text ECom3Sending to heterogeneous sensor network node HSj
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbEncrypted and sent to heterogeneous sensor network nodes HSi
Step A41, heterogeneous sensor network node HSjValidating ECom3Data integrity of (2). Heterogeneous sensor network node HSjReceived fog calculation node FSjTransmitted ciphertext ECom3Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK3Decrypting ciphertext ECom3Get Com3=DAES(ECom3,SK3) Respectively take out Com3Gamma and Hash in (1)3Invoking the fog calculation node FSjThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest value
Figure GDA0002423964660000151
The newly generated abstract value
Figure GDA0002423964660000152
Heel Com3Has the Hash taken out3Comparing, if the two are the same, indicating ECom3Is not modified in the network communication process, go to step A42; if different, represent ECom3Is maliciously modified in the network communication process, the step A36 is carried out to request the fog computing node FSjResending ciphertext ECom3
Step A42, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypting gamma to obtain cipher text delta-EAES (gamma, SK)4);
Step A43, heterogeneous sensor network node HSjCombined Diffie-Hellman key exchange tuple DHKbObtaining combined information Com by using the ciphertext delta4=DHKb||δ;
Step A44, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512() in security middleware calculates combined information Com4The digest of the received data is obtained as a digest value Hash4=SHA512(Com4);
Step A45, heterogeneous sensor network node HSjCombined Com4And digest value Hash4Obtaining combined information Com5=Com4||Hash4
Step A46, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK1Encryption combination information Com5Get the ciphertext ECom5=EAES(Com5,HS1);
Step A47, heterogeneous sensor network node HSjWill cipher text ECom5Sending to heterogeneous sensor network node HSi
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbExchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensing network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting and sending the group signature gamma to the fog computing node HSi
Step A51, heterogeneous sensor network node HSiValidating ECom5Data integrity of (2). Heterogeneous sensor network node HSiReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom5Then, calling a fog computing node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom5Get Com5=DAES(ECom5,SK1) Respectively take out Com5Com in4And Hash4Invoking the fog calculation node FSiSHA-512 digest function SHA512() computation Com in security middleware4The abstract of the data is obtained as an abstract value
Figure GDA0002423964660000161
The newly generated abstract value
Figure GDA0002423964660000162
Heel Com5Has the Hash taken out4Comparing, if the two are the same, indicating ECom5Is not modified in the network communication process, go to step A52; if different, represent ECom5Is maliciously modified in the network communication process, the step A47 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom5
Step A52, heterogeneous sensor network node HSiFetch Com4DHK in (1)bAnd delta, based on self-generated DHKaAnd the removed DHKbGenerating a shared Key SK4=gab
Step A53, heterogeneous sensor network node HSiCalling a fog calculation node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK4Decrypting delta yields gamma-DAES (delta, SK)4);
Step A54, heterogeneous sensor network node HSiInvoking a fog computing node FAiThe SHA-512 digest function SHA512() in the security middleware digests the calculated gamma to get the digest value Hash5=SHA512(γ)。
Step A55, heterogeneous sensor network node HSiCombined gamma and digest value Hash5Obtaining combined information Com6=γ||Hash5
Step A56, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK2Encryption combination information Com6Get the ciphertext ECom6=EAES(Com6,SK2);
Step A57, heterogeneous sensor network node HSiWill cipher text ECom6Send to the fog calculation node FSi
Step A6, the fog calculation node FSiReceiving and decrypting to obtain the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 based on the fog computing node FSjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
Step A61, fog calculation node FSiValidating ECom6Data integrity of (2). Fog calculation node FSiReceiving heterogeneous sensor network node HSiTransmitted ciphertext ECom6Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK2Decrypting ciphertext ECom6Get Com6=DAES(ECom6,SK2) Respectively take out Com6Gamma and Hash in (1)5Invoking the fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest value
Figure GDA0002423964660000171
Will newly generateSummary value of
Figure GDA0002423964660000172
Heel Com6Has the Hash taken out5Comparing, if the two are the same, indicating ECom6Is not modified in the network communication process, go to step A62; if different, represent ECom6Is maliciously modified in the network communication process, the step A57 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom6
Step A62, fog calculation node FSiA check function Ver () of an RSA digital signature algorithm in the self node security middleware is called, and a node FS is calculated based on fogjPublic key FPK ofjThe "group signature" γ is checked. If the verification is passed, returning a value ok to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiPassing anonymous identity authentication; if the verification fails, returning a value no to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiThe anonymous identity authentication is not passed.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (11)

1. A heterogeneous sensing network node anonymous identity authentication method based on a fog computing architecture is characterized by comprising the following steps:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information of (1); the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A2, heterogeneous sensor network node HSjReceiving and decrypting to obtain the authentication requestInformation extraction of said heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbCombined information Com of4Encrypted and sent to heterogeneous sensor network nodes HSi
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbCombined information Com of4Exchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting the group signature gamma and sending the group signature gamma to the fog computing node FSi
Step A6, the fog calculation node FSiReceive and decryptObtaining the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 to calculate the node FS based on fogjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
2. The mist computing architecture based anonymous identity authentication method for heterogeneous sensor network nodes according to claim 1, wherein in the steps a1 to a5, the encryption transmission specifically comprises:
combining the content to be transmitted with its digest based on the shared secret key SK of the transmitting node and the receiving node1Or SK4Encryption is performed.
3. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 2, wherein the combination of the content to be sent and the digest thereof is specifically:
calling a fog calculation node to obtain a summary;
the encrypting specifically comprises:
and calling the fog computing node to perform encryption operation.
4. The mist computing architecture based anonymous identity authentication method for heterogeneous sensor network nodes according to claim 1, wherein in steps a2 to a6, the receiving and decrypting specifically comprises:
based on the shared secret key SK of the sending node and the receiving node, the received content1Or SK4Decryption is performed and the digest integrity is verified.
5. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 4, wherein the decrypting specifically comprises:
calling a fog computing node to carry out decryption operation;
the abstract is obtained according to the following method:
and calling the fog computing node to operate a summary algorithm to obtain a summary.
6. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 1, wherein the step a1 specifically comprises:
step A11, heterogeneous sensor network node HSiGenerating heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi
Step A12, heterogeneous sensor network node HSiCombined DHKaAnd RandiGet authentication request information AR ═ DHKa||Randi
Step A13, heterogeneous sensor network node HSiCalling a fog calculation node FSiSHA-512 digest function SHA512() in the security middleware calculates the digest of the authentication request AR to obtain the digest value Hash1=SHA512(AR);
Step A14, heterogeneous sensor network node HSiCombined authentication request AR and digest value Hash1Obtaining combined information Com1=AR||Hash1
Step A15, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Encryption combination information Com1Get the ciphertext ECom1=EAES(Com1,SK1);
Step A16, heterogeneous sensor network node HSiWill cipher text ECom1Sending to heterogeneous sensor network node HSj
7. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 6, wherein the step A2 specifically comprises:
step A21, heterogeneous sensor network node HSjValidating ECom1Data integrity of(ii) a Heterogeneous sensor network node HSjReceive HSiTransmitted ciphertext ECom1Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom1Get Com1=DAES(ECom1SK1), respectively fetch Com1AR and Hash in (1)1Invoking the fog calculation node FSjSHA-512 digest function SHA512() in the secure middleware to compute the digest of the AR to get the digest value
Figure FDA0002423964650000031
The newly generated abstract value
Figure FDA0002423964650000032
Heel Com1Has the Hash taken out1Comparing, if the two are the same, indicating ECom1Is not modified in the network communication process, go to step A22; if different, represent ECom1Is maliciously modified in the network communication process, the step A16 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom1
Step A22, heterogeneous sensor network node HSjRemoval of DHK from ARa
Step A23, heterogeneous sensor network node HSjGenerating heterogeneous sensor network nodes HSjOf a Diffie-Hellman key exchange tuple DHKb=gb
Step A24, heterogeneous sensor network node HSjBased on DHKaAnd DHKbGenerating a shared Key SK4=gab
Step A25, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypted Randiobtain the ciphertext β ═ EAES (Rand)i,SK4);
Step A26, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512()calculating the abstract of the ciphertext β to obtain the abstract value Hash2=SHA512(β);
Step A27, heterogeneous sensor network node HSjcombining ciphertext β and digest value Hash2Obtaining combined information Com2=β||Hash2
Step A28, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK3Encryption combination information Com2Get the ciphertext ECom2=EAES(Com2,SK3);
Step A29, heterogeneous sensor network node HSjWill cipher text ECom2Send to the fog calculation node FSj
8. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 7, wherein the step a3 specifically comprises:
step A31, fog calculation node FSjValidating ECom2Data integrity of (d); fog calculation node FSjReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom2Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK3Decrypting ciphertext ECom2Get Com2=DAES(ECom2,SK3) Respectively take out Com2beta and Hash in (1)2calling SHA-512 digest function SHA512() in self node security middleware to calculate β digest to obtain digest value
Figure FDA0002423964650000041
The newly generated abstract value
Figure FDA0002423964650000042
Heel Com2Has the Hash taken out2Comparing, if the two are the same, indicating ECom2Is not modified in the network communication process, go to step A32; if different, represent ECom2During network communication is carried outAnd (4) malicious modification, turning to the step A29, and requiring the heterogeneous sensor network node HSjResending ciphertext ECom2
Step A32, fog calculation node FSjSignature function Sig () for calling RSA digital signature algorithm in self node security middleware based on self private key FSKjgenerating a group signature γ ═ Sig (β, FSK) of βj);
Step A33, fog calculation node FSjCalling SHA-512 digest function SHA512() in self node security middleware to calculate digest of group signature gamma to obtain digest value Hash3=SHA512(γ);
Step A34, fog calculation node FSjCombined group signature gamma and digest value Hash3Obtaining combined information Com3=γ||Hash3
Step A35, fog calculation node FSjInvoking an encryption function EAES () of an AES symmetric key algorithm within a self node security middleware based on a shared key SK3Encryption combination information Com3Get the ciphertext ECom3=EAES(Com3,SK3);
Step A36, fog calculation node FSjWill cipher text ECom3Sending to heterogeneous sensor network node HSj
9. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 8, wherein the step a4 specifically comprises:
step A41, heterogeneous sensor network node HSjValidating ECom3Data integrity of (d); heterogeneous sensor network node HSjReceived fog calculation node FSjTransmitted ciphertext ECom3Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK3Decrypting ciphertext ECom3Get Com3=DAES(ECom3,SK3) Respectively take out Com3Gamma and Hash in (1)3Invoking the fog calculation node FSjThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest value
Figure FDA0002423964650000051
The newly generated abstract value
Figure FDA0002423964650000052
Heel Com3Has the Hash taken out3Comparing, if the two are the same, indicating ECom3Is not modified in the network communication process, go to step A42; if different, represent ECom3Is maliciously modified in the network communication process, the step A36 is carried out to request the fog computing node FSjResending ciphertext ECom3
Step A42, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypting gamma to obtain cipher text delta-EAES (gamma, SK)4);
Step A43, heterogeneous sensor network node HSjCombined Diffie-Hellman key exchange tuple DHKbObtaining combined information Com by using the ciphertext delta4=DHKb||δ;
Step A44, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512() in security middleware calculates combined information Com4The digest of the received data is obtained as a digest value Hash4=SHA512(Com4);
Step A45, heterogeneous sensor network node HSjCombined Com4And digest value Hash4Obtaining combined information Com5=Com4||Hash4
Step A46, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK1Encryption combination information Com5Get the ciphertext ECom5=EAES(Com5,SK1);
Step A47, heterogeneous sensor network node HSjWill cipher text ECom5Sending to heterogeneous sensor network node HSi
10. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 9, wherein the step a5 specifically comprises:
step A51, heterogeneous sensor network node HSiValidating ECom5Data integrity of (d); heterogeneous sensor network node HSiReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom5Then, calling a fog computing node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom5Get Com5=DAES(ECom5,SK1) Respectively take out Com5Com in4And Hash4Invoking the fog calculation node FSiSHA-512 digest function SHA512() computation Com in security middleware4The abstract of the data is obtained as an abstract value
Figure FDA0002423964650000061
The newly generated abstract value
Figure FDA0002423964650000062
Heel Com5Has the Hash taken out4Comparing, if the two are the same, indicating ECom5Is not modified in the network communication process, go to step A52; if different, represent ECom5Is maliciously modified in the network communication process, the step A47 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom5
Step A52, heterogeneous sensor network node HSiFetch Com4DHK in (1)bAnd delta, based on self-generated DHKaAnd the removed DHKbGenerating a shared Key SK4=gab
Step A53, heterogeneous sensor network node HSiCalling a fog calculation node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK4Decrypting delta yields gamma-DAES (delta, SK)4);
Step A54, isoMass sensing network node HSiCalling a fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the calculated gamma to get the digest value Hash5=SHA512(γ);
Step A55, heterogeneous sensor network node HSiCombined gamma and digest value Hash5Obtaining combined information Com6=γ||Hash5
Step A56, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK2Encryption combination information Com6Get the ciphertext ECom6=EAES(Com6,SK2);
Step A57, heterogeneous sensor network node HSiWill cipher text ECom6Send to the fog calculation node FSi
11. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 10, wherein the step a6 specifically comprises:
step A61, fog calculation node FSiValidating ECom6Data integrity of (d); fog calculation node FSiReceiving heterogeneous sensor network node HSiTransmitted ciphertext ECom6Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK2Decrypting ciphertext ECom6Get Com6=DAES(ECom6,SK2) Respectively take out Com6Gamma and Hash in (1)5Invoking the fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest value
Figure FDA0002423964650000071
The newly generated abstract value
Figure FDA0002423964650000072
Heel Com6Has the Hash taken out5Comparing, if the two are the same, indicating ECom6Is not modified in the network communication process, go to step A62; if different, represent ECom6Is maliciously modified in the network communication process, the step A57 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom6
Step A62, fog calculation node FSiA check function Ver () of an RSA digital signature algorithm in the self node security middleware is called, and a node FS is calculated based on fogjPublic key FPK ofjChecking the group signature gamma; if the verification is passed, returning a value ok to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiPassing anonymous identity authentication; if the verification fails, returning a value no to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiThe anonymous identity authentication is not passed.
CN201910680311.XA 2019-07-26 2019-07-26 Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes Active CN110430063B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910680311.XA CN110430063B (en) 2019-07-26 2019-07-26 Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910680311.XA CN110430063B (en) 2019-07-26 2019-07-26 Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes

Publications (2)

Publication Number Publication Date
CN110430063A CN110430063A (en) 2019-11-08
CN110430063B true CN110430063B (en) 2020-05-19

Family

ID=68412496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910680311.XA Active CN110430063B (en) 2019-07-26 2019-07-26 Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes

Country Status (1)

Country Link
CN (1) CN110430063B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478388A (en) * 2009-01-16 2009-07-08 西安电子科技大学 Multi-stage security supporting mobile IPSec access authentication method
CN103037367A (en) * 2012-12-27 2013-04-10 天津大学 Cipher hash computing based authentication method in wireless sensor network
CN106453405A (en) * 2016-11-24 2017-02-22 济南浪潮高新科技投资发展有限公司 Security authentication method for fog node in cloud environment
CN106851746A (en) * 2016-12-26 2017-06-13 上海交通大学 The method for realizing software definition QoS configurations in radio sensing network is calculated based on mist
CN107770263A (en) * 2017-10-16 2018-03-06 电子科技大学 A kind of internet-of-things terminal safety access method and system based on edge calculations
CN108196519A (en) * 2018-01-11 2018-06-22 苏州市易恒智行信息科技有限公司 A kind of workshop industrial intelligent system towards discrete manufacturing business
CN108600240A (en) * 2018-05-02 2018-09-28 济南浪潮高新科技投资发展有限公司 A kind of communication system and its communication means
US10122604B2 (en) * 2014-02-28 2018-11-06 Cisco Technology, Inc. Emergency network services by an access network computing node

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170048308A1 (en) * 2015-08-13 2017-02-16 Saad Bin Qaisar System and Apparatus for Network Conscious Edge to Cloud Sensing, Analytics, Actuation and Virtualization
US9875660B2 (en) * 2016-03-28 2018-01-23 Cisco Technology, Inc. Multi-modal UAV certification
CN106850652B (en) * 2017-02-21 2020-05-26 重庆邮电大学 Arbitration searchable encryption method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478388A (en) * 2009-01-16 2009-07-08 西安电子科技大学 Multi-stage security supporting mobile IPSec access authentication method
CN103037367A (en) * 2012-12-27 2013-04-10 天津大学 Cipher hash computing based authentication method in wireless sensor network
US10122604B2 (en) * 2014-02-28 2018-11-06 Cisco Technology, Inc. Emergency network services by an access network computing node
CN106453405A (en) * 2016-11-24 2017-02-22 济南浪潮高新科技投资发展有限公司 Security authentication method for fog node in cloud environment
CN106851746A (en) * 2016-12-26 2017-06-13 上海交通大学 The method for realizing software definition QoS configurations in radio sensing network is calculated based on mist
CN107770263A (en) * 2017-10-16 2018-03-06 电子科技大学 A kind of internet-of-things terminal safety access method and system based on edge calculations
CN108196519A (en) * 2018-01-11 2018-06-22 苏州市易恒智行信息科技有限公司 A kind of workshop industrial intelligent system towards discrete manufacturing business
CN108600240A (en) * 2018-05-02 2018-09-28 济南浪潮高新科技投资发展有限公司 A kind of communication system and its communication means

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"A Privacy-Preserving Fog Computing Framework for Vehicular Crowdsensing Networks";Jiannan Wei;《IEEE Access》;20180731;全文 *
"传感云安全研究进展";王田;《通信学报》;20181230;第6节内容 *

Also Published As

Publication number Publication date
CN110430063A (en) 2019-11-08

Similar Documents

Publication Publication Date Title
US11743726B2 (en) Access method and system of internet of things equipment based on 5G, and storage medium
Ren et al. Mutual verifiable provable data auditing in public cloud storage
US11880831B2 (en) Encryption system, encryption key wallet and method
EP3114602B1 (en) Method and apparatus for verifying processed data
CN103118027B (en) The method of TLS passage is set up based on the close algorithm of state
EP4318286A1 (en) Secure multi-party computation
US9432360B1 (en) Security-aware split-server passcode verification for one-time authentication tokens
WO2022037596A1 (en) Combined signature and signature verification method and system, and storage medium
CN109377229B (en) Transaction consensus method, node and block chain system
CN102546607A (en) Providing security services on the cloud
US10050789B2 (en) Kerberos preauthentication with J-PAKE
CN109872155A (en) Data processing method and device
WO2020042798A1 (en) Cryptographic operation and working key creation method and cryptographic service platform and device
CN109284618B (en) Data source data verification method and system
CN106161472A (en) A kind of method of data encryption, Apparatus and system
CN102724211A (en) Key agreement method
EP3955149B1 (en) Method and apparatus for securing real-time data transfer from a device
CN105515757A (en) Security information interaction equipment based on trusted execution environment
CN112446050B (en) Business data processing method and device applied to block chain system
CN110430063B (en) Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes
CN101834852B (en) Realization method of credible OpenSSH for protecting platform information
CN114172923B (en) Data transmission method, communication system and communication device
US11606279B2 (en) Secure heartbeat monitoring
CN114065170A (en) Method and device for acquiring platform identity certificate and server
JP2019057827A (en) Distributed authentication system and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant