CN110430063B - Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes - Google Patents
Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes Download PDFInfo
- Publication number
- CN110430063B CN110430063B CN201910680311.XA CN201910680311A CN110430063B CN 110430063 B CN110430063 B CN 110430063B CN 201910680311 A CN201910680311 A CN 201910680311A CN 110430063 B CN110430063 B CN 110430063B
- Authority
- CN
- China
- Prior art keywords
- sensor network
- node
- heterogeneous sensor
- network node
- ecom
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a heterogeneous sensor network node anonymous identity authentication system and method based on a fog computing architecture. The system comprises a heterogeneous sensor network, a fog computing node and a global key management system; the heterogeneous sensing network comprises a plurality of heterogeneous sensing network nodes, and the heterogeneous sensing network nodes are respectively connected with corresponding fog calculation nodes; the heterogeneous sensor network node calls a fog computing node connected with the heterogeneous sensor network node and provided with a fog computing node security middleware to execute a security function; the global key management system distributes a shared key to all devices which communicate with each other. The system provided by the invention solves the problem of key management of heterogeneous sensing nodes through a global key management system. By using the method provided by the invention, the heterogeneous sensing network nodes can realize the anonymous identity authentication of the heterogeneous sensing network nodes without providing identity information, thereby ensuring the node identity authenticity during the communication of the heterogeneous sensing network.
Description
Technical Field
The invention belongs to the technical field of Internet of things security, and particularly relates to a heterogeneous sensing network node anonymous identity authentication system and method based on a fog computing architecture.
Background
The heterogeneous sensing network is used as the basis of the internet of things and has great influence on the life of people. At present, heterogeneous sensing networks are widely deployed in smart homes, smart cities, smart power grids, car networking and other fields. In order to standardize management of resources such as equipment and information in the heterogeneous sensor network, different standard frameworks of the internet of things are proposed by many internet of things alliances, but the frameworks only consider basic communication security such as authentication key exchange and access control in heterogeneous sensor network communication. In the face of the current situation that heterogeneous sensor networks need to support different types of sensor nodes, the comprehensive safety protection of the heterogeneous sensor networks needs to be enhanced urgently.
The identity authentication technology is used for realizing identity confirmation of the node in the heterogeneous sensing network and determining the access authority possessed by the node based on the identity confirmation. The anonymous identity authentication technology mainly solves the problem that node information is excessively exposed in the identity authentication process, emphasizes that the identity of the heterogeneous sensing network node is anonymous, ensures the authenticity of the anonymous identity of the heterogeneous sensing network node and cannot be counterfeited.
Currently, different organizations disclose methods regarding identity authentication of sensor network nodes. Patent application document CN104994085A discloses a sensing network identity authentication method and system, which can authenticate the identity of a node, but the encryption and decryption operations used in the whole identity authentication process are completed by the sensing node, resulting in a large computational load on the sensing node. Patent application document CN103079199A discloses a bidirectional identity authentication method and system for a sensor network, which also has the problem of large calculation load of sensor nodes. Patent application document CN103179562A discloses a node identity authentication method based on zero knowledge proof in a sensor network, and the node identity authentication is established on the basis of a broadcast key, which has the problem of difficult key management. Patent application document CN102612035A discloses an energy-efficient identity authentication method in a multi-level clustering sensing network, wherein encryption and decryption operations are completed by sensing nodes, and the problem of large computational load of the sensing nodes exists. Patent application document CN103731819A discloses an authentication method for sensor network nodes, in the process of node identity authentication, each sensor node needs to store information such as a certificate, a secret key, a base station random number, a node random number, and a response message, and when a large number of sensor nodes need to perform identity authentication with each other, there is a problem that key management is difficult.
In conclusion, the existing identity authentication technology is generally problematic when applied to a heterogeneous sensor network. On one hand, each different heterogeneous sensor network node needs to retain a different key during identity authentication, so that key management becomes a challenging problem. On the other hand, most heterogeneous sensor network nodes have limited computing resources, and how to solve the computing cost when an advanced encryption and decryption algorithm is applied becomes another challenging problem.
Disclosure of Invention
Aiming at the defects or the improvement requirements in the prior art, the invention provides a heterogeneous sensor network node anonymous identity authentication system and method based on a fog computing architecture, and aims to perform the heterogeneous sensor network node anonymous identity authentication through a fog computing node, provide higher computing power and shorten response time by the fog computing node, thereby solving the technical problem that the heterogeneous sensor network node needs to perform identity authentication when in communication, and the heterogeneous sensor network node needs to distribute higher computing power performance requirements and transmission requirements for realizing operations such as data abstract computation, data encryption and decryption, digital signature verification and the like, so that the work of the heterogeneous sensor network node is influenced.
In order to achieve the above object, according to an aspect of the present invention, there is provided a heterogeneous sensor network node anonymous identity authentication system based on a fog computing architecture, including a heterogeneous sensor network, a fog computing node, and a global key management system; the heterogeneous sensing network comprises a plurality of heterogeneous sensing network nodes, and the heterogeneous sensing network nodes are respectively connected with corresponding fog calculation nodes; the heterogeneous sensor network node calls a fog computing node connected with the heterogeneous sensor network node and provided with a fog computing node security middleware to execute a security function; the global key management system distributes a shared key to all devices which communicate with each other.
According to another aspect of the invention, a heterogeneous sensor network node anonymous identity authentication method based on a fog computing architecture is provided, which comprises the following steps:
when heterogeneous sensing network node HSiTo heterogeneous sensor network nodes HSjWhen an anonymous authentication request is initiated:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information of (1); the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A2, heterogeneous sensor network node HSjReceiving and decrypting the authentication request information, and extracting the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj;
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj;
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbEncrypted and sent to heterogeneous sensor network nodes HSi;
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbExchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting the group signature gamma and sending the group signature gamma to the fog computing node FSi;
Step A6, the fog calculation node FSiReceiving and decrypting to obtain the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 based on the fog computing node FSjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
Preferably, in the method for authenticating the anonymous identity of the heterogeneous sensor network node based on the fog computing architecture, in steps a1 to a5, the encrypting and sending specifically includes:
and combining the content to be sent with the abstract, preferably calling the fog computing node to obtain the abstract, encrypting based on the shared secret key of the sending node and the receiving node, and preferably calling the fog computing node to perform encryption operation.
Preferably, in the method for authenticating an anonymous identity of a heterogeneous sensor network node based on a fog computing architecture, in steps a2 to a6, the receiving and decrypting specifically includes:
and decrypting the received content based on the shared secret key of the sending node and the receiving node, preferably calling the fog computing node to perform decryption operation, and preferably calling the fog computing node to run a digest algorithm to obtain the digest through digest integrity verification.
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 1:
step A11, heterogeneous sensor network node HSiGenerating heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A12, heterogeneous sensor network node HSiCombined DHKaAnd RandiGet authentication request information AR ═ DHKa||Randi;
Step A13, heterogeneous sensor network node HSiCalling a fog calculation node FSiSHA-512 digest function SHA512() in the security middleware calculates the digest of the authentication request AR to obtain the digest value Hash1= SHA512(AR);
Step A14, heterogeneous sensor network node HSiCombined authentication request AR and digest value Hash1Obtaining combined information Com1=AR||Hash1;
Step A15, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Encryption combination information Com1Get the ciphertext ECom1=EAES(Com1,SK1);
Step A16, heterogeneous sensor network node HSiWill cipher text ECom1Sending to heterogeneous sensor network node HSj。
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 2:
step A21, heterogeneous sensor network node HSjValidating ECom1Data integrity of (2). Heterogeneous sensor network node HSjReceive HSiTransmitted ciphertext ECom1Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom1Get Com1=DAES(ECom1,SK1) Respectively take out Com1AR and Hash in (1)1Invoking the fog calculation node FSjIn securitySHA-512 digest function SHA512() within the middleware computes the digest of the AR to a digest valueThe newly generated abstract valueHeel Com1Has the Hash taken out1Comparing, if the two are the same, indicating ECom1Is not modified in the network communication process, go to step A22; if different, represent ECom1Is maliciously modified in the network communication process, the step A16 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom1。
Step A22, heterogeneous sensor network node HSjRemoval of DHK from ARa;
Step A23, heterogeneous sensor network node HSjGenerating heterogeneous sensor network nodes HSjOf a Diffie-Hellman key exchange tuple DHKb=gb;
Step A24, heterogeneous sensor network node HSjBased on DHKaAnd DHKbGenerating a shared Key SK4= gab;
Step A25, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypted Randiobtain the ciphertext β ═ EAES (Rand)i,SK4)。
Step A26, heterogeneous sensor network node HSjCalling a fog calculation node FSjthe SHA-512 digest function SHA512() in the security middleware calculates the digest of the ciphertext beta to obtain the digest value Hash2=SHA512(β);
Step A27, heterogeneous sensor network node HSjcombining ciphertext β and digest value Hash2Obtaining combined information Com2=β||Hash2;
Step A28, heterogeneous sensor network node HSjCalling a fog calculation node FSjAddition of AES symmetric key algorithm in secure middlewareThe cryptographic function EAES () is based on the shared secret key SK3Encryption combination information Com2Get the ciphertext ECom2=EAES(Com2,SK3);
Step A29, heterogeneous sensor network node HSjWill cipher text ECom2Send to the fog calculation node FSj。
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 3:
step A31, fog calculation node FSjValidating ECom2Data integrity of (2). Fog calculation node FSjReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom2Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK3Decrypting ciphertext ECom2Get Com2=DAES(ECom2,SK3) Respectively take out Com2beta and Hash in (1)2calling SHA-512 digest function SHA512() in self node security middleware to calculate β digest to obtain digest valueThe newly generated abstract valueHeel Com2Has the Hash taken out2Comparing, if the two are the same, indicating ECom2Is not modified in the network communication process, go to step A32; if different, represent ECom2Is maliciously modified in the network communication process, the step A29 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom2。
Step A32, fog calculation node FSjSignature function Sig () for calling RSA digital signature algorithm in self node security middleware based on self private key FSKjgenerating a group signature γ ═ Sig (β, FSK) of βj)。
Step A33, fog calculation node FSjCalling SHA-512 digest function SHA512() in self node security middleware to calculate group signatureGamma abstract obtains abstract value Hash3=SHA512(γ)。
Step A34, fog calculation node FSjCombined group signature gamma and digest value Hash3Obtaining combined information Com3=γ||Hash3;
Step A35, fog calculation node FSjInvoking an encryption function EAES () of an AES symmetric key algorithm within a self node security middleware based on a shared key SK3Encryption combination information Com3Get the ciphertext ECom3=EAES(Com3,SK3);
Step A36, fog calculation node FSjWill cipher text ECom3Sending to heterogeneous sensor network node HSj。
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 4:
step A41, heterogeneous sensor network node HSjValidating ECom3Data integrity of (2). Heterogeneous sensor network node HSjReceived fog calculation node FSjTransmitted ciphertext ECom3Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK3Decrypting ciphertext ECom3Get Com3=DAES(ECom3,SK3) Respectively take out Com3Gamma and Hash in (1)3Invoking the fog calculation node FSjThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest valueThe newly generated abstract valueHeel Com3Has the Hash taken out3Comparing, if the two are the same, indicating ECom3Is not modified in the network communication process, go to step A42; if different, represent ECom3Is maliciously modified in the network communication process, the step A36 is carried out to request the fog computing node FSjResending ciphertext ECom3。
Step A42, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypting gamma to obtain cipher text delta-EAES (gamma, SK)4);
Step A43, heterogeneous sensor network node HSjCombined Diffie-Hellman key exchange tuple DHKbObtaining combined information Com by using the ciphertext delta4=DHKb||δ;
Step A44, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512() in security middleware calculates combined information Com4The digest of the received data is obtained as a digest value Hash4=SHA512(Com4);
Step A45, heterogeneous sensor network node HSjCombined Com4And digest value Hash4Obtaining combined information Com5=Com4||Hash4;
Step A46, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK1Encryption combination information Com5Get the ciphertext ECom5=EAES(Com5,HS1);
Step A47, heterogeneous sensor network node HSjWill cipher text ECom5Sending to heterogeneous sensor network node HSi。
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 5:
step A51, heterogeneous sensor network node HSiValidating ECom5Data integrity of (2). Heterogeneous sensor network node HSiReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom5Then, calling a fog computing node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom5Get Com5=DAES(ECom5,SK1) Respectively, respectivelyFetch Com5Com in4And Hash4Invoking the fog calculation node FSiSHA-512 digest function SHA512() computation Com in security middleware4The abstract of the data is obtained as an abstract valueThe newly generated abstract valueHeel Com5Has the Hash taken out4Comparing, if the two are the same, indicating ECom5Is not modified in the network communication process, go to step A52; if different, represent ECom5Is maliciously modified in the network communication process, the step A47 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom5。
Step A52, heterogeneous sensor network node HSiFetch Com4DHK in (1)bAnd delta, based on self-generated DHKaAnd the removed DHKbGenerating a shared Key SK4=gab;
Step A53, heterogeneous sensor network node HSiCalling a fog calculation node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK4Decrypting delta yields gamma-DAES (delta, SK)4);
Step A54, heterogeneous sensor network node HSiCalling a fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the calculated gamma to get the digest value Hash5=SHA512(γ)。
Step A55, heterogeneous sensor network node HSiCombined gamma and digest value Hash5Obtaining combined information Com6=γ||Hash5;
Step A56, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK2Encryption combination information Com6Get the ciphertext ECom6=EAES(Com6,SK2);
Step A57, heterogeneous sensor network node HSiWill cipher text ECom6Send to the fog calculation node FSi;
Preferably, the anonymous identity authentication method for the heterogeneous sensor network node based on the fog computing architecture includes the following steps a 6:
step A61, fog calculation node FSiValidating ECom6Data integrity of (2). Fog calculation node FSiReceiving heterogeneous sensor network node HSiTransmitted ciphertext ECom6Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK2Decrypted ciphertext Ecom6Get Com6=DAES(ECom6,SK2) Respectively take out Com6Gamma and Hash in (1)5Invoking the fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest valueThe newly generated abstract valueHeel Com6Has the Hash taken out5Comparing, if the two are the same, indicating ECom6Is not modified in the network communication process, go to step A62; if different, represent ECom6Is maliciously modified in the network communication process, the step A57 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom6。
Step A62, fog calculation node FSiA check function Ver () of an RSA digital signature algorithm in the self node security middleware is called, and a node FS is calculated based on fogjPublic key FPK ofjThe "group signature" γ is checked. If the verification is passed, returning a value ok to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiPassing anonymous identity authentication; if the verification fails, returning a value no to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiThe anonymous identity authentication is not passed.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
the system provided by the invention solves the problem of key management of heterogeneous sensing nodes through a global key management system.
By using the method provided by the invention, the heterogeneous sensing network nodes can realize the anonymous identity authentication of the heterogeneous sensing network nodes without providing identity information, thereby ensuring the node identity authenticity during the communication of the heterogeneous sensing network.
According to the optimized technical scheme, the security function in the fog node security middleware is called, and the calculation of complex functions such as an encryption and decryption function of an AES symmetric key algorithm, an SHA-512 digest function and the like is transferred to the fog calculation node, so that the problem of calculation cost generated by the operation of the security algorithm by the heterogeneous sensing network node is solved.
Drawings
Fig. 1 is a schematic structural diagram of a heterogeneous sensor network node anonymous identity authentication system based on a fog computing architecture provided by the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The invention provides a heterogeneous sensor network node anonymous identity authentication system based on a fog computing architecture, which comprises a heterogeneous sensor network, a fog computing node and a global key management system; the heterogeneous sensing network comprises a plurality of heterogeneous sensing network nodes, and the heterogeneous sensing network nodes are respectively connected with corresponding fog calculation nodes;
the heterogeneous sensor network node calls the fog computing node connected with the heterogeneous sensor network node and provided with the fog computing node security middleware to execute a security function, wherein the security function comprises encryption operation, decryption operation, abstract operation, digital signature operation and digital signature verification operation. The heterogeneous sensing network is composed of a series of heterogeneous sensing nodes, and certain application functions such as an intelligent power grid and intelligent transportation are achieved. The fog computing node is used as an edge node of the heterogeneous sensor network, has strong computing and storage resources, and can support a complex security algorithm.
The global key management system distributes a shared key to all devices which communicate with each other.
The invention provides a heterogeneous sensor network node anonymous identity authentication method based on a fog computing architecture, which comprises the following steps:
when heterogeneous sensing network node HSiTo heterogeneous sensor network nodes HSjWhen an anonymous authentication request is initiated:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information of (1); the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A2, heterogeneous sensor network node HSjReceiving and decrypting the authentication request information, and extracting the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj;
The node HS based on the heterogeneous sensor networkiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4The method specifically comprises the following steps: SK4=gab。
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj;
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbEncrypted and sent to heterogeneous sensor network nodes HSi;
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbExchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting the group signature gamma and sending the group signature gamma to the fog computing node FSi;
Step A6, the fog calculation node FSiReceiving and decrypting to obtain the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 based on the fog computing node FSjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
In steps a1 to a5, the encrypting transmission specifically includes:
combining the content to be sent with the abstract, preferably calling a fog computing node to obtain the abstract, encrypting based on a shared secret key of a sending node and a receiving node, and preferably calling the fog computing node to perform encryption operation;
in steps a2 to a6, the receiving and decrypting specifically includes:
and decrypting the received content based on the shared secret key of the sending node and the receiving node, preferably calling the fog computing node to perform decryption operation, and preferably calling the fog computing node to run a digest algorithm to obtain the digest through digest integrity verification.
The following are examples:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information; the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A11, heterogeneous sensor network node HSiGenerating heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A12, heterogeneous sensor network node HSiCombined DHKaAnd RandiGet authentication request information AR ═ DHKa||Randi;
Step A13, heterogeneous sensor network node HSiCalling a fog calculation node FSiSHA-512 digest function SHA512() in the security middleware calculates the digest of the authentication request AR to obtain the digest value Hash1= SHA512(AR);
Step A14, heterogeneous sensor network node HSiCombined authentication request AR and digest value Hash1Obtaining combined information Com1=AR||Hash1;
Step A15, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Encryption combination information Com1Get the ciphertext ECom1=EAES(Com1,SK1);
Step A16, heterogeneous sensor network node HSiWill cipher text ECom1Sending to heterogeneous sensor network node HSj。
Step A2, heterogeneous sensor network node HSjReceiving and decrypting the authentication request information, and extracting the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj;
The node HS based on the heterogeneous sensor networkiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4The method specifically comprises the following steps: SK4=gab。
Step A21, heterogeneous sensor network node HSjValidating ECom1Data integrity of (2). Heterogeneous sensor network node HSjReceive HSiTransmitted ciphertext ECom1Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom1Get Com1=DAES(ECom1,SK1) Respectively take out Com1AR and Hash in (1)1Invoking the fog calculation node FSjSHA-512 digest function SHA512() in the secure middleware to compute the digest of the AR to get the digest valueThe newly generated abstract valueHeel Com1Has the Hash taken out1Comparing, if the two are the same, indicating ECom1Is not modified in the network communication process, go to step A22; if different, represent ECom1Is maliciously modified in the network communication process, the step A16 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom1。
Step A22, heterogeneous sensor network node HSjRemoval of DHK from ARa;
Step A23, heterogeneous sensor network node HSjGenerating heterogeneous sensor network nodes HSjOf a Diffie-Hellman key exchange tuple DHKb=gb;
Step A24, heterogeneous sensor network node HSjBased on DHKaAnd DHKbGenerating a shared Key SK4= gab;
Step A25, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypted Randiobtain the ciphertext β ═ EAES (Rand)i,SK4)。
Step A26, heterogeneous sensor network node HSjCalling a fog calculation node FSjthe SHA-512 digest function SHA512() in the security middleware calculates the digest of the ciphertext beta to obtain the digest value Hash2=SHA512(β);
Step A27, heterogeneous sensor network node HSjcombining ciphertext β and digest value Hash2Obtaining combined information Com2=β||Hash2;
Step A28, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK3Encryption combination information Com2Get the ciphertext ECom2=EAES(Com2,SK3);
Step A29, heterogeneous sensor network node HSjWill cipher text ECom2Send to the fog calculation node FSj。
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj;
Step A31, fog calculation node FSjValidating ECom2Data integrity of (2). Fog calculation node FSjReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom2Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK3Decrypting ciphertext ECom2Get Com2=DAES(ECom2,SK3) Respectively take out Com2beta and Hash in (1)2calling SHA-512 digest function SHA512() in self node security middleware to calculate β digest to obtain digest valueThe newly generated abstract valueHeel Com2Has the Hash taken out2Comparing, if the two are the same, indicating ECom2Is not modified in the network communication process, go to step A32; if different, represent ECom2Is maliciously modified in the network communication process, the step A29 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom2。
Step A32, fog calculation node FSjSignature function Sig () for calling RSA digital signature algorithm in self node security middleware based on self private key FSKjgenerating a group signature γ ═ Sig (β, FSK) of βj)。
Step A33, fog calculation node FSjCalling SHA-512 digest in self node safety middlewareCalculating the digest of the group signature gamma by the function SHA512() to obtain the digest value Hash3=SHA512(γ)。
Step A34, fog calculation node FSjCombined group signature gamma and digest value Hash3Obtaining combined information Com3=γ||Hash3;
Step A35, fog calculation node FSjInvoking an encryption function EAES () of an AES symmetric key algorithm within a self node security middleware based on a shared key SK3Encryption combination information Com3Get the ciphertext ECom3=EAES(Com3,SK3);
Step A36, fog calculation node FSjWill cipher text ECom3Sending to heterogeneous sensor network node HSj。
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbEncrypted and sent to heterogeneous sensor network nodes HSi;
Step A41, heterogeneous sensor network node HSjValidating ECom3Data integrity of (2). Heterogeneous sensor network node HSjReceived fog calculation node FSjTransmitted ciphertext ECom3Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK3Decrypting ciphertext ECom3Get Com3=DAES(ECom3,SK3) Respectively take out Com3Gamma and Hash in (1)3Invoking the fog calculation node FSjThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest valueThe newly generated abstract valueHeel Com3Has the Hash taken out3Comparing, if the two are the same, indicating ECom3Is not modified in the network communication process, go to step A42; if different, represent ECom3Is maliciously modified in the network communication process, the step A36 is carried out to request the fog computing node FSjResending ciphertext ECom3。
Step A42, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypting gamma to obtain cipher text delta-EAES (gamma, SK)4);
Step A43, heterogeneous sensor network node HSjCombined Diffie-Hellman key exchange tuple DHKbObtaining combined information Com by using the ciphertext delta4=DHKb||δ;
Step A44, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512() in security middleware calculates combined information Com4The digest of the received data is obtained as a digest value Hash4=SHA512(Com4);
Step A45, heterogeneous sensor network node HSjCombined Com4And digest value Hash4Obtaining combined information Com5=Com4||Hash4;
Step A46, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK1Encryption combination information Com5Get the ciphertext ECom5=EAES(Com5,HS1);
Step A47, heterogeneous sensor network node HSjWill cipher text ECom5Sending to heterogeneous sensor network node HSi;
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbExchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensing network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting and sending the group signature gamma to the fog computing node HSi;
Step A51, heterogeneous sensor network node HSiValidating ECom5Data integrity of (2). Heterogeneous sensor network node HSiReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom5Then, calling a fog computing node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom5Get Com5=DAES(ECom5,SK1) Respectively take out Com5Com in4And Hash4Invoking the fog calculation node FSiSHA-512 digest function SHA512() computation Com in security middleware4The abstract of the data is obtained as an abstract valueThe newly generated abstract valueHeel Com5Has the Hash taken out4Comparing, if the two are the same, indicating ECom5Is not modified in the network communication process, go to step A52; if different, represent ECom5Is maliciously modified in the network communication process, the step A47 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom5。
Step A52, heterogeneous sensor network node HSiFetch Com4DHK in (1)bAnd delta, based on self-generated DHKaAnd the removed DHKbGenerating a shared Key SK4=gab;
Step A53, heterogeneous sensor network node HSiCalling a fog calculation node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK4Decrypting delta yields gamma-DAES (delta, SK)4);
Step A54, heterogeneous sensor network node HSiInvoking a fog computing node FAiThe SHA-512 digest function SHA512() in the security middleware digests the calculated gamma to get the digest value Hash5=SHA512(γ)。
Step A55, heterogeneous sensor network node HSiCombined gamma and digest value Hash5Obtaining combined information Com6=γ||Hash5;
Step A56, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK2Encryption combination information Com6Get the ciphertext ECom6=EAES(Com6,SK2);
Step A57, heterogeneous sensor network node HSiWill cipher text ECom6Send to the fog calculation node FSi;
Step A6, the fog calculation node FSiReceiving and decrypting to obtain the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 based on the fog computing node FSjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
Step A61, fog calculation node FSiValidating ECom6Data integrity of (2). Fog calculation node FSiReceiving heterogeneous sensor network node HSiTransmitted ciphertext ECom6Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK2Decrypting ciphertext ECom6Get Com6=DAES(ECom6,SK2) Respectively take out Com6Gamma and Hash in (1)5Invoking the fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest valueWill newly generateSummary value ofHeel Com6Has the Hash taken out5Comparing, if the two are the same, indicating ECom6Is not modified in the network communication process, go to step A62; if different, represent ECom6Is maliciously modified in the network communication process, the step A57 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom6。
Step A62, fog calculation node FSiA check function Ver () of an RSA digital signature algorithm in the self node security middleware is called, and a node FS is calculated based on fogjPublic key FPK ofjThe "group signature" γ is checked. If the verification is passed, returning a value ok to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiPassing anonymous identity authentication; if the verification fails, returning a value no to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiThe anonymous identity authentication is not passed.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (11)
1. A heterogeneous sensing network node anonymous identity authentication method based on a fog computing architecture is characterized by comprising the following steps:
step A1, heterogeneous sensor network node HSiTo heterogeneous sensor network nodes HSjEncrypted transmission based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Authentication request information of (1); the authentication request information comprises heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A2, heterogeneous sensor network node HSjReceiving and decrypting to obtain the authentication requestInformation extraction of said heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd random number RandiBased on the heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbGenerating a shared Key SK4Based on the shared secret key SK4For random number Randiencrypting to obtain encrypted random number information β ═ EAES (Rand)i,SK4) Encrypted and sent to the fog computing node FSj;
Step A3, the fog calculation node FSjreceiving and decrypting to obtain the encrypted random number information β, and generating the encrypted random number information β by adopting a digital signature algorithm based on a fog computing node FSjgroup signature γ ═ Sig (β, FSK) for the private keyj) Encrypted and sent to heterogeneous sensor network nodes HSj;
Step A4, the heterogeneous sensing network node HSjReceiving and decrypting to obtain the group signature gamma, based on the shared secret key SK4Encrypting the group signature gamma to obtain a group signature ciphertext delta-EAES (gamma, SK)4) And the group signature ciphertext delta and the heterogeneous sensor network node HS are containedjOf a Diffie-Hellman key exchange tuple DHKbCombined information Com of4Encrypted and sent to heterogeneous sensor network nodes HSi;
Step A5, heterogeneous sensor network node HSiReceiving and decrypting to obtain the ciphertext delta containing the group signature and the heterogeneous sensor network node HSjOf a Diffie-Hellman key exchange tuple DHKbCombined information Com of4Exchanging a tuple DHK over a Diffie-Hellman keybAnd heterogeneous sensor network node HSiOf a Diffie-Hellman key exchange tuple DHKaGenerating the shared Key SK4Based on the shared secret key SK4Decrypting the group signature ciphertext delta to obtain a group signature gamma, encrypting the group signature gamma and sending the group signature gamma to the fog computing node FSi;
Step A6, the fog calculation node FSiReceive and decryptObtaining the group signature gamma, and adopting a digital signature algorithm corresponding to the step A3 to calculate the node FS based on fogjPublic key FPK ofjCheck group signature γ: if the verification passes, the heterogeneous sensing network node HS is passediAn anonymous identity authentication request; otherwise, if the verification fails, rejecting the heterogeneous sensor network node HSiTo an anonymous identity authentication request.
2. The mist computing architecture based anonymous identity authentication method for heterogeneous sensor network nodes according to claim 1, wherein in the steps a1 to a5, the encryption transmission specifically comprises:
combining the content to be transmitted with its digest based on the shared secret key SK of the transmitting node and the receiving node1Or SK4Encryption is performed.
3. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 2, wherein the combination of the content to be sent and the digest thereof is specifically:
calling a fog calculation node to obtain a summary;
the encrypting specifically comprises:
and calling the fog computing node to perform encryption operation.
4. The mist computing architecture based anonymous identity authentication method for heterogeneous sensor network nodes according to claim 1, wherein in steps a2 to a6, the receiving and decrypting specifically comprises:
based on the shared secret key SK of the sending node and the receiving node, the received content1Or SK4Decryption is performed and the digest integrity is verified.
5. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 4, wherein the decrypting specifically comprises:
calling a fog computing node to carry out decryption operation;
the abstract is obtained according to the following method:
and calling the fog computing node to operate a summary algorithm to obtain a summary.
6. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 1, wherein the step a1 specifically comprises:
step A11, heterogeneous sensor network node HSiGenerating heterogeneous sensor network nodes HSiOf a Diffie-Hellman key exchange tuple DHKa=gaAnd a random number Randi;
Step A12, heterogeneous sensor network node HSiCombined DHKaAnd RandiGet authentication request information AR ═ DHKa||Randi;
Step A13, heterogeneous sensor network node HSiCalling a fog calculation node FSiSHA-512 digest function SHA512() in the security middleware calculates the digest of the authentication request AR to obtain the digest value Hash1=SHA512(AR);
Step A14, heterogeneous sensor network node HSiCombined authentication request AR and digest value Hash1Obtaining combined information Com1=AR||Hash1;
Step A15, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on heterogeneous sensor network node HSiAnd HSjSK sharing secret key between1Encryption combination information Com1Get the ciphertext ECom1=EAES(Com1,SK1);
Step A16, heterogeneous sensor network node HSiWill cipher text ECom1Sending to heterogeneous sensor network node HSj。
7. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 6, wherein the step A2 specifically comprises:
step A21, heterogeneous sensor network node HSjValidating ECom1Data integrity of(ii) a Heterogeneous sensor network node HSjReceive HSiTransmitted ciphertext ECom1Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom1Get Com1=DAES(ECom1SK1), respectively fetch Com1AR and Hash in (1)1Invoking the fog calculation node FSjSHA-512 digest function SHA512() in the secure middleware to compute the digest of the AR to get the digest valueThe newly generated abstract valueHeel Com1Has the Hash taken out1Comparing, if the two are the same, indicating ECom1Is not modified in the network communication process, go to step A22; if different, represent ECom1Is maliciously modified in the network communication process, the step A16 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom1;
Step A22, heterogeneous sensor network node HSjRemoval of DHK from ARa;
Step A23, heterogeneous sensor network node HSjGenerating heterogeneous sensor network nodes HSjOf a Diffie-Hellman key exchange tuple DHKb=gb;
Step A24, heterogeneous sensor network node HSjBased on DHKaAnd DHKbGenerating a shared Key SK4=gab;
Step A25, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypted Randiobtain the ciphertext β ═ EAES (Rand)i,SK4);
Step A26, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512()calculating the abstract of the ciphertext β to obtain the abstract value Hash2=SHA512(β);
Step A27, heterogeneous sensor network node HSjcombining ciphertext β and digest value Hash2Obtaining combined information Com2=β||Hash2;
Step A28, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK3Encryption combination information Com2Get the ciphertext ECom2=EAES(Com2,SK3);
Step A29, heterogeneous sensor network node HSjWill cipher text ECom2Send to the fog calculation node FSj。
8. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 7, wherein the step a3 specifically comprises:
step A31, fog calculation node FSjValidating ECom2Data integrity of (d); fog calculation node FSjReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom2Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK3Decrypting ciphertext ECom2Get Com2=DAES(ECom2,SK3) Respectively take out Com2beta and Hash in (1)2calling SHA-512 digest function SHA512() in self node security middleware to calculate β digest to obtain digest valueThe newly generated abstract valueHeel Com2Has the Hash taken out2Comparing, if the two are the same, indicating ECom2Is not modified in the network communication process, go to step A32; if different, represent ECom2During network communication is carried outAnd (4) malicious modification, turning to the step A29, and requiring the heterogeneous sensor network node HSjResending ciphertext ECom2;
Step A32, fog calculation node FSjSignature function Sig () for calling RSA digital signature algorithm in self node security middleware based on self private key FSKjgenerating a group signature γ ═ Sig (β, FSK) of βj);
Step A33, fog calculation node FSjCalling SHA-512 digest function SHA512() in self node security middleware to calculate digest of group signature gamma to obtain digest value Hash3=SHA512(γ);
Step A34, fog calculation node FSjCombined group signature gamma and digest value Hash3Obtaining combined information Com3=γ||Hash3;
Step A35, fog calculation node FSjInvoking an encryption function EAES () of an AES symmetric key algorithm within a self node security middleware based on a shared key SK3Encryption combination information Com3Get the ciphertext ECom3=EAES(Com3,SK3);
Step A36, fog calculation node FSjWill cipher text ECom3Sending to heterogeneous sensor network node HSj。
9. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 8, wherein the step a4 specifically comprises:
step A41, heterogeneous sensor network node HSjValidating ECom3Data integrity of (d); heterogeneous sensor network node HSjReceived fog calculation node FSjTransmitted ciphertext ECom3Then, calling a fog computing node FSjDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK3Decrypting ciphertext ECom3Get Com3=DAES(ECom3,SK3) Respectively take out Com3Gamma and Hash in (1)3Invoking the fog calculation node FSjThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest valueThe newly generated abstract valueHeel Com3Has the Hash taken out3Comparing, if the two are the same, indicating ECom3Is not modified in the network communication process, go to step A42; if different, represent ECom3Is maliciously modified in the network communication process, the step A36 is carried out to request the fog computing node FSjResending ciphertext ECom3;
Step A42, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK4Encrypting gamma to obtain cipher text delta-EAES (gamma, SK)4);
Step A43, heterogeneous sensor network node HSjCombined Diffie-Hellman key exchange tuple DHKbObtaining combined information Com by using the ciphertext delta4=DHKb||δ;
Step A44, heterogeneous sensor network node HSjCalling a fog calculation node FSjSHA-512 digest function SHA512() in security middleware calculates combined information Com4The digest of the received data is obtained as a digest value Hash4=SHA512(Com4);
Step A45, heterogeneous sensor network node HSjCombined Com4And digest value Hash4Obtaining combined information Com5=Com4||Hash4;
Step A46, heterogeneous sensor network node HSjCalling a fog calculation node FSjEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK1Encryption combination information Com5Get the ciphertext ECom5=EAES(Com5,SK1);
Step A47, heterogeneous sensor network node HSjWill cipher text ECom5Sending to heterogeneous sensor network node HSi。
10. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 9, wherein the step a5 specifically comprises:
step A51, heterogeneous sensor network node HSiValidating ECom5Data integrity of (d); heterogeneous sensor network node HSiReceiving heterogeneous sensor network node HSjTransmitted ciphertext ECom5Then, calling a fog computing node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK1Decrypting ciphertext ECom5Get Com5=DAES(ECom5,SK1) Respectively take out Com5Com in4And Hash4Invoking the fog calculation node FSiSHA-512 digest function SHA512() computation Com in security middleware4The abstract of the data is obtained as an abstract valueThe newly generated abstract valueHeel Com5Has the Hash taken out4Comparing, if the two are the same, indicating ECom5Is not modified in the network communication process, go to step A52; if different, represent ECom5Is maliciously modified in the network communication process, the step A47 is carried out, and a heterogeneous sensing network node HS is requiredjResending ciphertext ECom5;
Step A52, heterogeneous sensor network node HSiFetch Com4DHK in (1)bAnd delta, based on self-generated DHKaAnd the removed DHKbGenerating a shared Key SK4=gab;
Step A53, heterogeneous sensor network node HSiCalling a fog calculation node FSiDecryption function DAES () of AES symmetric key algorithm in secure middleware based on shared key SK4Decrypting delta yields gamma-DAES (delta, SK)4);
Step A54, isoMass sensing network node HSiCalling a fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the calculated gamma to get the digest value Hash5=SHA512(γ);
Step A55, heterogeneous sensor network node HSiCombined gamma and digest value Hash5Obtaining combined information Com6=γ||Hash5;
Step A56, heterogeneous sensor network node HSiCalling a fog calculation node FSiEncryption function EAES () of AES symmetric key algorithm in security middleware based on shared key SK2Encryption combination information Com6Get the ciphertext ECom6=EAES(Com6,SK2);
Step A57, heterogeneous sensor network node HSiWill cipher text ECom6Send to the fog calculation node FSi。
11. The mist computing architecture-based anonymous identity authentication method for the heterogeneous sensor network nodes, according to claim 10, wherein the step a6 specifically comprises:
step A61, fog calculation node FSiValidating ECom6Data integrity of (d); fog calculation node FSiReceiving heterogeneous sensor network node HSiTransmitted ciphertext ECom6Then, a decryption function DAES () of an AES symmetric key algorithm in the security middleware of the self node is called based on the shared key SK2Decrypting ciphertext ECom6Get Com6=DAES(ECom6,SK2) Respectively take out Com6Gamma and Hash in (1)5Invoking the fog calculation node FSiThe SHA-512 digest function SHA512() in the security middleware digests the computed gamma to get the digest valueThe newly generated abstract valueHeel Com6Has the Hash taken out5Comparing, if the two are the same, indicating ECom6Is not modified in the network communication process, go to step A62; if different, represent ECom6Is maliciously modified in the network communication process, the step A57 is carried out, and a heterogeneous sensing network node HS is requirediResending ciphertext ECom6;
Step A62, fog calculation node FSiA check function Ver () of an RSA digital signature algorithm in the self node security middleware is called, and a node FS is calculated based on fogjPublic key FPK ofjChecking the group signature gamma; if the verification is passed, returning a value ok to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiPassing anonymous identity authentication; if the verification fails, returning a value no to the heterogeneous sensing network node HSiTo indicate heterogeneous sensor network nodes HSiThe anonymous identity authentication is not passed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910680311.XA CN110430063B (en) | 2019-07-26 | 2019-07-26 | Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910680311.XA CN110430063B (en) | 2019-07-26 | 2019-07-26 | Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110430063A CN110430063A (en) | 2019-11-08 |
CN110430063B true CN110430063B (en) | 2020-05-19 |
Family
ID=68412496
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910680311.XA Active CN110430063B (en) | 2019-07-26 | 2019-07-26 | Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110430063B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478388A (en) * | 2009-01-16 | 2009-07-08 | 西安电子科技大学 | Multi-stage security supporting mobile IPSec access authentication method |
CN103037367A (en) * | 2012-12-27 | 2013-04-10 | 天津大学 | Cipher hash computing based authentication method in wireless sensor network |
CN106453405A (en) * | 2016-11-24 | 2017-02-22 | 济南浪潮高新科技投资发展有限公司 | Security authentication method for fog node in cloud environment |
CN106851746A (en) * | 2016-12-26 | 2017-06-13 | 上海交通大学 | The method for realizing software definition QoS configurations in radio sensing network is calculated based on mist |
CN107770263A (en) * | 2017-10-16 | 2018-03-06 | 电子科技大学 | A kind of internet-of-things terminal safety access method and system based on edge calculations |
CN108196519A (en) * | 2018-01-11 | 2018-06-22 | 苏州市易恒智行信息科技有限公司 | A kind of workshop industrial intelligent system towards discrete manufacturing business |
CN108600240A (en) * | 2018-05-02 | 2018-09-28 | 济南浪潮高新科技投资发展有限公司 | A kind of communication system and its communication means |
US10122604B2 (en) * | 2014-02-28 | 2018-11-06 | Cisco Technology, Inc. | Emergency network services by an access network computing node |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048308A1 (en) * | 2015-08-13 | 2017-02-16 | Saad Bin Qaisar | System and Apparatus for Network Conscious Edge to Cloud Sensing, Analytics, Actuation and Virtualization |
US9875660B2 (en) * | 2016-03-28 | 2018-01-23 | Cisco Technology, Inc. | Multi-modal UAV certification |
CN106850652B (en) * | 2017-02-21 | 2020-05-26 | 重庆邮电大学 | Arbitration searchable encryption method |
-
2019
- 2019-07-26 CN CN201910680311.XA patent/CN110430063B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101478388A (en) * | 2009-01-16 | 2009-07-08 | 西安电子科技大学 | Multi-stage security supporting mobile IPSec access authentication method |
CN103037367A (en) * | 2012-12-27 | 2013-04-10 | 天津大学 | Cipher hash computing based authentication method in wireless sensor network |
US10122604B2 (en) * | 2014-02-28 | 2018-11-06 | Cisco Technology, Inc. | Emergency network services by an access network computing node |
CN106453405A (en) * | 2016-11-24 | 2017-02-22 | 济南浪潮高新科技投资发展有限公司 | Security authentication method for fog node in cloud environment |
CN106851746A (en) * | 2016-12-26 | 2017-06-13 | 上海交通大学 | The method for realizing software definition QoS configurations in radio sensing network is calculated based on mist |
CN107770263A (en) * | 2017-10-16 | 2018-03-06 | 电子科技大学 | A kind of internet-of-things terminal safety access method and system based on edge calculations |
CN108196519A (en) * | 2018-01-11 | 2018-06-22 | 苏州市易恒智行信息科技有限公司 | A kind of workshop industrial intelligent system towards discrete manufacturing business |
CN108600240A (en) * | 2018-05-02 | 2018-09-28 | 济南浪潮高新科技投资发展有限公司 | A kind of communication system and its communication means |
Non-Patent Citations (2)
Title |
---|
"A Privacy-Preserving Fog Computing Framework for Vehicular Crowdsensing Networks";Jiannan Wei;《IEEE Access》;20180731;全文 * |
"传感云安全研究进展";王田;《通信学报》;20181230;第6节内容 * |
Also Published As
Publication number | Publication date |
---|---|
CN110430063A (en) | 2019-11-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11743726B2 (en) | Access method and system of internet of things equipment based on 5G, and storage medium | |
Ren et al. | Mutual verifiable provable data auditing in public cloud storage | |
US11880831B2 (en) | Encryption system, encryption key wallet and method | |
EP3114602B1 (en) | Method and apparatus for verifying processed data | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
EP4318286A1 (en) | Secure multi-party computation | |
US9432360B1 (en) | Security-aware split-server passcode verification for one-time authentication tokens | |
WO2022037596A1 (en) | Combined signature and signature verification method and system, and storage medium | |
CN109377229B (en) | Transaction consensus method, node and block chain system | |
CN102546607A (en) | Providing security services on the cloud | |
US10050789B2 (en) | Kerberos preauthentication with J-PAKE | |
CN109872155A (en) | Data processing method and device | |
WO2020042798A1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
CN109284618B (en) | Data source data verification method and system | |
CN106161472A (en) | A kind of method of data encryption, Apparatus and system | |
CN102724211A (en) | Key agreement method | |
EP3955149B1 (en) | Method and apparatus for securing real-time data transfer from a device | |
CN105515757A (en) | Security information interaction equipment based on trusted execution environment | |
CN112446050B (en) | Business data processing method and device applied to block chain system | |
CN110430063B (en) | Mist computing architecture-based anonymous identity authentication method for heterogeneous sensor network nodes | |
CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information | |
CN114172923B (en) | Data transmission method, communication system and communication device | |
US11606279B2 (en) | Secure heartbeat monitoring | |
CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
JP2019057827A (en) | Distributed authentication system and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |