CN111698096A - NDN-based intelligent home network system and equipment automatic safe login method - Google Patents

NDN-based intelligent home network system and equipment automatic safe login method Download PDF

Info

Publication number
CN111698096A
CN111698096A CN202010560148.6A CN202010560148A CN111698096A CN 111698096 A CN111698096 A CN 111698096A CN 202010560148 A CN202010560148 A CN 202010560148A CN 111698096 A CN111698096 A CN 111698096A
Authority
CN
China
Prior art keywords
controller
ndn
equipment
root
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010560148.6A
Other languages
Chinese (zh)
Other versions
CN111698096B (en
Inventor
张大方
刘文哲
李彦彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN202010560148.6A priority Critical patent/CN111698096B/en
Publication of CN111698096A publication Critical patent/CN111698096A/en
Application granted granted Critical
Publication of CN111698096B publication Critical patent/CN111698096B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B15/00Systems controlled by a computer
    • G05B15/02Systems controlled by a computer electric
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/80Homes; Buildings
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/26Pc applications
    • G05B2219/2642Domotique, domestic, home control, automation, smart house
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Architecture (AREA)
  • Civil Engineering (AREA)
  • Structural Engineering (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an NDN-based intelligent home network system and an equipment automatic safe login method, wherein the NDN-based intelligent home network system comprises a plurality of controllers which are communicated with each other, wherein one controller is a root controller; the root controller is the highest priority controller. According to the invention, the attack of a malicious attacker on the system can be effectively prevented, and the safety of the intelligent home system based on the NDN is improved; the device can complete the login process through the control of a plurality of controllers, realize local login and better ensure the reliability and the safety of the system.

Description

NDN-based intelligent home network system and equipment automatic safe login method
Technical Field
The invention relates to the field of communication of Internet of things, in particular to an automatic safe login method for intelligent household equipment based on an NDN (named data network).
Background
With the development and deployment of 5G, everything interconnection becomes a new normal state, and therefore, the smart home system is further popularized. The intelligent home is composed of electric appliances, a lighting system, an air conditioner, a television, a computer, a network camera and other devices which can be communicated with each other, a householder can remotely access and control the devices of the house all over the world, and various intelligent devices in the house are connected to a network through the Internet of things technology so as to conveniently realize various intelligent functions. The smart home is an important embodiment that the traditional house steps into the internet of things era under the influence of the internet. The existing intelligent device manufacturers adopt independent protocols, and the protocols are only suitable for the intelligent devices. Therefore, devices from different manufacturers execute different communication protocols, and automatic networking of the devices cannot be realized in the 5G era.
Most services in smart home systems rely on cloud servers. Once the cloud server is disconnected from the system or fails, the system cannot provide services for users. In addition, after the data needs to be sent to the cloud from the local, the data is returned to the local after being processed by the cloud, and potential risks exist in the local and cloud transmission processes of the data. On a cloud server, data may be compromised. Therefore, the cloud service-based intelligent home system has many hidden dangers, in order to solve the potential problem of data on the cloud server, companies such as samsung and apple introduce local hub to transfer part of services to the local for carrying out, but the mode still depends on a third-party server, and certain potential safety hazards also exist.
NDN(http://named-data.net/Named data networks) provided a good solution for existing internet of things applications. NDN is a new network architecture, which replaces the IP layer in the existing TCP/IP architecture, and forwards data packets in a named way. The data packets in the NDN are divided into two categories, interest packetsAnd a data packet. When a user needs certain data, an interest packet request is sent first, and if the router has the data containing the request content in the forwarding process, a data packet is returned to the user. Meanwhile, compared with the way of using a pipeline in the existing network architecture for encryption, such as the way of adding an SSL protocol to the original http layer to realize the encryption of data, NDN can directly ensure the safety of the data, and a data owner must sign the data to ensure the authenticity and reliability of the data. The NDN provides a localized Trust management model, for example, in an NDN-based smart home, each smart home system has its own name and a corresponding local root certificate (TA), and a new device must join two certificates, TA and TA signed certificate. The TA signed certificate indicates the device's own identity and obtaining the TA allows the device to verify the identity of other devices. Therefore, how to securely obtain these two certificates when a new device logs on to the network becomes a new problem.
Existing solutions based on information-centric networking (ICN) require a third party server (authentication and authentication Machine AM) to Authenticate the new device, storing the symmetric key needed to Authenticate the identity in the AAM. When the new device is added, the identity of the new device is verified through the pre-shared secret key, and therefore the successful login of the device is achieved. The scheme uses a naming mode to transmit data packets, but the keys are still stored in a third-party server, and once the keys are leaked, the whole system is affected.
Existing NDN-based solutions implement localized device log-in protocols by introducing a controller. The controller refers to an intelligent device of a host in the intelligent home system, and when a new device accesses the network, the controller verifies the identity of the device by scanning device information and then sends a certificate required by the device. Localized device login and verification can be well achieved by means of the NDN, and possibility is provided for localized communication. In this scheme, if the controller is attacked or the controller is unavailable (the controller is not in the system), the login of the new device must wait, and thus the reliability of the system is to be improved. Meanwhile, one controller controls the login process of the whole system device, and the capability of resisting attack is weak.
In summary, the prior art has the following drawbacks:
(1) reliability: the controller in the existing protocol is a single intelligent device, and when the controller leaves the NDN network system, if a new device is added, the controller must wait for the controller to return to the network, so that the system cannot operate well.
(2) Safety: in the existing protocol, if a plurality of attackers exist, a device may receive a false TA (root certificate).
Disclosure of Invention
The invention aims to solve the technical problem that aiming at the defects of the prior art, an intelligent home network system and an equipment automation safety login method based on NDN are provided, and the safety of the intelligent home system is improved.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: an intelligent home network system based on NDN comprises a plurality of controllers which are communicated with each other, wherein one controller is a root controller; the root controller is the highest priority controller.
The invention uses a plurality of controllers, can improve the reliability of the system, and can ensure the normal operation of the equipment by the mutual communication among the controllers.
The controller with the highest priority is the controller with the highest performance, such as the largest memory, the strongest CPU computing capability and the like in all the controllers. The root controller has the strongest computing power, so the time spent on encrypting, decrypting and generating the certificate is shorter, and the login time is reduced. Meanwhile, the controller with strong computing power can reduce the possibility of being attacked and can ensure the normal operation of the system.
And when the root controller leaves the NDN-based intelligent home network system, selecting the controller with the highest priority from the other controllers as the root controller. The method ensures that the new equipment in the system can be verified and logged in real time when being added, and ensures the normal operation of the system.
The invention also provides an automatic safe login method for the Internet of things equipment, which comprises the following steps:
1) obtaining to-be-added NDN-basedIdentification number, capacity, symmetric key Ks and public key Ka of equipment of intelligent home network system+(ii) a Wherein the NDN-based smart home network system comprises a plurality of controllers in communication with each other;
2) any controller in the intelligent home network system based on NDN receives the joining request data sent by the equipment and then passes through the public key Ka+Verifying the signature, and acquiring an identification number, capacity and a public key of the equipment after successful verification; judging whether the equipment logs in the NDN network system or not through the identification number of the equipment, if not, sending a self root certificate TA and a public key to the equipment through a symmetric key Ks signature by a root controller, and sending respective root certificates to the equipment by other controllers in the NDN network system;
3) the equipment selects a correct root certificate through the time for receiving the data packets and the number of the data packets, and sends a certificate request;
4) after the controller receives the certificate request, the public key Ka is used+Verifying the signature, simultaneously verifying whether the hash value received by the root controller is consistent with the hash values received by other controllers, and if not, terminating login; if so, generating a new public key Kd for the device+And private key Kd-
The login method can realize the local login of the equipment in the intelligent home system, and the safety of the system can be well improved by using the multi-controller verification equipment.
In step 1), the identification number, the capacity, the symmetric key Ks and the public key Ka of the equipment are obtained by scanning the two-dimensional code on the equipment+. The two keys are acquired, so that mutual authentication between the equipment and the controller is facilitated, and the equipment and the controller which are falsely authenticated are prevented from being authenticated. The equipment identification number is unique in the whole network, and the controller can avoid the equipment from logging in the system repeatedly after obtaining the information.
In step 2), the identification number, capacity and public key of the equipment are determined by the private key Ka of the equipment-And sending the signature to the controller. The data packet can be prevented from being tampered in the transmission process through the private key signature of the device.
In step 3), the specific implementation process that the device selects the correct root certificate according to the time for receiving the data packets and the number of the data packets includes: recording the total receiving time of the device for receiving K data packets, simultaneously verifying the validity of the data packets by using a symmetric key Ks, and comparing whether the content of the received root certificate is correct or not according to the content of the received K data packets after the verification is successful; when the contents of all received root certificates are completely the same, the received root certificates are considered to be correct; when the contents of all received root certificates are not completely the same, firstly, sorting the root certificates from small to large according to the receiving time, and determining the root certificate with the shortest receiving time as a correct root certificate; where K represents the maximum number of packets that can be received by the device. The data packet with the shortest receiving time is selected as the correct data packet because the physical distance between the truly trusted controller and the device is closer to the physical distance between the malicious attacker and the device in a high probability, so that the content of the data packet received first is correct. When the receiving time is the same, the probability of receiving the correct root certificate is increased according to the controller whose content is the most appeared (i.e. the minority obeys the majority principle).
In step 3), the device sends the certificate request/NDN/cert/H (parameters) in a manner of NDN naming prefix; wherein the parameters include hash values of TA, N1, N2; the parameters use Ka-Signing; ka-Is a public key Ka+The corresponding private key. The private key signature is used for ensuring that the data packet is not tampered by a malicious attacker in the transmission process and ensuring the correctness of the data content.
And in the step 4), when the judgment result is that the private keys are consistent, a temporary secret key is also generated, and a new private key generated for the equipment is encrypted by the temporary secret key and then is sent to the equipment through the root controller. The temporary key is used for ensuring the privacy of the device in the transmission process, and once the private key is disclosed and the device is attacked, the whole network system is also influenced.
And generating the temporary secret key according to the public key of the equipment and the public key of the root controller by utilizing a secret key negotiation algorithm based on an elliptic curve. The algorithm can ensure that a third party except the equipment and the root controller cannot obtain any information of the temporary secret key, and the safety of the temporary secret key is ensured.
Compared with the prior art, the invention has the beneficial effects that: according to the invention, the attack of a malicious attacker on the system can be effectively prevented, and the safety of the intelligent home system based on the named data network is improved; the multiple controllers are used for controlling the login of the equipment, so that the safety and privacy in the data transmission process can be ensured; the device can complete the login process through the control of a plurality of controllers, realize local login and better ensure the reliability and safety of the system.
Drawings
FIG. 1 is a diagram of a scenario for NDN-based multi-controller device login;
FIG. 2 is a schematic diagram of a method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a controller and a device according to an embodiment of the present invention.
Detailed Description
A specific scenario of an embodiment of the present invention is shown in fig. 1.
The devices with high computing power in the NDN-based intelligent home network system form a controller group, and the controller generally comprises an intelligent mobile phone, a tablet computer, a notebook computer and the like. All controllers carry out priority ranking according to the memory size of the controllers and the CPU computing capacity (according to the attributes of the CPUs). The root controller is the highest ranked controller in the overall ranking in the system.
When the root controller leaves the network, the controller with the highest priority becomes the root controller, and the controller in the network is sorted once when the root controller leaves the network, and the root controller with the highest priority is selected.
The "strong calculation capability" means: the key pair can be generated by itself; a man-machine interaction interface is arranged; the storage capacity is strong. The controller can be a mobile phone, a tablet computer, a notebook computer and the like.
When a new device joins the network, the specific joining process is shown in fig. 2, and the detailed steps are as follows:
1) the controller (any controller in the NDN network) scans the two-dimensional code or bar code on the equipment to obtain the identification number (ID), capacity (capabilities), symmetric key Ks and public key Ka of the equipment+And share this information to the controller cluster. Wherein the device identification number is unique throughout the network, which facilitates the controller to determine whether the device has joined the network, Ks is used for the signature of the controller, Ka+For the controller to verify the signature of the device, simultaneously with Ka+Corresponding private key Ka-Stored in the device.
2) The device broadcasts the join request in NDN format with a named prefix of/NDN/sign-on/h (parameters). The transmitted content includes ID (including device identification number), capabilities (device capabilities, reflecting the storage capabilities of the device) and N1 (public key of the device, facilitating the generation of temporary key Kt using the ECDH algorithm). To prevent data being tampered with during transmission, these parameters are determined by the private key Ka of the device-And sending the signature to the controller.
3) After the controller group receives the requested data, the public key Ka is firstly passed+And (5) verifying the signature, and acquiring the ID, capabilities and N1 after successful verification. When it is determined by the ID that the device has not previously logged into the system, a login timer is started. Meanwhile, the root controller sends TA (root certificate) through Ks signature, N2 (public key of the root controller, used for ECDH algorithm) to the device, and other controllers in the system send TA to the device.
4) The device keeps the time and content of receiving K packets, where K represents the maximum number of packets that the device can receive. The device selects the correct TA by the time the packet was received and the number of identical packets received. Firstly, recording the receiving time of receiving K data packets, simultaneously using Ks to verify the validity of the data packets, and comparing whether the value of the received root certificate (namely the content of the root certificate) is correct or not according to the content of the received K data packets after the verification is successful. When the values of all received root certificates are identical, the device considers that the received root certificates are correct. When the contents of all received root certificates are not identical, all the received root certificates are firstly compared from small to large according to the receiving timeAnd sequencing the received root certificates, wherein the root certificate with the shortest receiving time is the correct root certificate, and if the receiving time is the same and the contents of the root certificates are different, determining the root certificate with the largest occurrence frequency as the correct root certificate. At the same time, the device has poor computing and storage capabilities and needs to broadcast a certificate request to obtain a certificate signed by the root certificate. The device still broadcasts a new certificate request/NDN/cert/h (parameters) in a manner that the NDN names the prefix. Where the parameters include the hash value of TA, N1, N2, the parameters still using Ka-The signature guarantees the reliability of the data.
5) The controller group first uses Ka after receiving the request+And verifying the signature, simultaneously verifying whether the received hash value is consistent with the hash values received by other controllers or not by the root controller, and if not, terminating the login. Otherwise, Kt is generated according to N1, N2 by using an ECDH algorithm (Elliptic Curves Diffie-Hellman, Elliptic curve-based key agreement algorithm) for subsequent use. Generating a new public key Kd for a device+Kd, private key-. Wherein the public key Kd+Contained in the certificate generated by the TA, the private key is encrypted by Kt and sent by the root controller to the device.
When the protocol goes to step 2), the device will determine the value of TA by K packets and the reception time. The reason for considering the reception time is that the normal controller is closer in physical distance to the device itself in the malicious controller, and the time for receiving the normal controller packet is shorter than that of the malicious controller. Comparing the contents of the K packets is more effective in preventing malicious attacks. Generally, the number of false TAs received by the controller is a small number, and the correctness of the TAs can be ensured by comparing the contents of the K data packets by using a principle that the small number complies with the large number. In the worst case, if all the K data packets received by the controller are TAs sent by a malicious attacker, the existence of the malicious attacker is avoided by broadcasting the TA hash in the third step.
According to the scenario of fig. 1, the specific steps implemented by the embodiment of the present invention are as follows:
the controller is an android mobile phone with high computing power, the internal memory of the controller is 6GB, and the residual storage space is more than 20 GB. The device is an android mobile phone with weak computing power, the memory is 2GB, and the storage space is full.
Step 1, a controller calculates the priority through a memory and CPU parameters;
step 2, the equipment sends a Bluetooth broadcast packet, and the equipment joins a request in the Bluetooth broadcast packet;
step 3, the controller establishes connection with the equipment by scanning the broadcast request of the Bluetooth and performs data interaction through the Bluetooth service;
step 4, the controller sends the TA to the equipment after verifying the signature successfully;
step 5, the device receives data according to the maximum number K of data packets that the device can receive, the number of controllers in the system is set to be N, if K < > N, the device stops receiving data when receiving K data packets, and if K > N, the number of received data packets is N, so that the device sets a certain time when receiving, and the device immediately stops receiving data after the time is up;
step 6, broadcasting the hash value of the TA after the comparison is successful, and sending the hash value to the controller group;
and 7, the root controller checks the hash value of the TA, confirms that the login certificate is sent without error, and the equipment receives the certificate sending FINISH mark data packet to indicate that the equipment successfully logs in the network.
Fig. 3 is a schematic diagram of the implementation of the inventive solution, explaining the process of implementing multi-device login using the NDN network architecture. First, the device and controller are connected via bluetooth, and then all operations are based on NDN's encryption operations. Such as the signature algorithm ECDSA, the symmetric encryption algorithm AES. The use of a 128bit key ensures the security of the system during the experiment. In order to simplify the login process, the multi-controller device login protocol can be well realized by utilizing android communication.

Claims (10)

1. An intelligent home network system based on NDN is characterized by comprising a plurality of controllers which are communicated with each other, wherein one controller is a root controller; the root controller is the highest priority controller.
2. The NDN-based intelligent home network system according to claim 1, wherein the controller with the highest priority is the controller with the largest memory and the strongest CPU computing capability among all the controllers.
3. The NDN-based smart home network system of claim 1 or 2, wherein when a root controller leaves the smart home network system, a controller with the highest priority among the other controllers is selected as the root controller.
4. An automatic safe login method of intelligent household equipment based on NDN is characterized by comprising the following steps:
1) acquiring the identification number, the capacity, the symmetric key Ks and the public key Ka of the equipment to be added into the NDN-based intelligent home network system+(ii) a Wherein the NDN-based smart home network system comprises a plurality of controllers in communication with each other;
2) any controller in the intelligent home network system based on NDN receives the joining request data sent by the equipment and then passes through the public key Ka+Verifying the signature, and acquiring an identification number, capacity and a public key of the equipment after successful verification; judging whether the equipment logs in the intelligent home network system based on the NDN or not through the identification number of the equipment, if not, sending a self root certificate TA and a public key to the equipment through a symmetric key Ks signature by a root controller, and sending respective root certificates to the equipment by the other controllers in the intelligent home network system based on the NDN;
3) the equipment selects a correct root certificate through the time for receiving the data packets and the number of the data packets, and sends a certificate request;
4) after the controller receives the certificate request, the public key Ka is used+Verifying the signature, simultaneously verifying whether the hash value received by the root controller is consistent with the hash values received by other controllers, and if not, terminating login; if so, generating a new public key Kd for the device+And private key Kd-
5. The NDN-based smart home appliance of claim 4The automatic safe login method is characterized in that in the step 1), the identification number, the capacity, the symmetric key Ks and the public key Ka of the equipment are obtained by scanning the two-dimensional code on the equipment+
6. The NDN-based automatic safe login method for the smart home equipment, according to claim 4, wherein in the step 2), the identification number, the capacity and the public key of the equipment are determined by a private key Ka of the equipment-And sending the signature to the controller.
7. The automatic safe login method for the intelligent household equipment based on the NDN according to claim 4, wherein in the step 3), the specific implementation process that the equipment selects the correct root certificate according to the time for receiving the data packets and the number of the data packets comprises the following steps: recording the total receiving time of the device for receiving K data packets, simultaneously verifying the validity of the data packets by using a symmetric key Ks, and comparing whether the content of the received root certificate is correct or not according to the content of the received K data packets after the verification is successful; when the contents of all received root certificates are completely the same, the received root certificates are considered to be correct; when the contents of all received root certificates are not completely the same, sequencing all the received root certificates from small to large according to the receiving time, and determining that the root certificate with the shortest receiving time is the correct root certificate; where K represents the maximum number of packets that the device can receive containing the root certificate.
8. The NDN-based smart home device automatic secure login method according to claim 4, wherein in step 3), the device sends the certificate request/NDN/cert/H (parameters) by using an NDN naming prefix; wherein the parameters include hash values of TA, N1, N2; the parameters use Ka-Signing; ka-Is a public key Ka+The corresponding private key.
9. The automatic safe login method based on the NDN for the intelligent household equipment is characterized in that in the step 4), when the judgment result is that the two devices are consistent, a temporary secret key is generated, a new private key generated for the equipment is encrypted by the temporary secret key, and then the encrypted private key is sent to the equipment through the root controller.
10. The NDN-based smart home device automated secure login method of claim 9, wherein the temporary key is generated according to a device public key N1 and a root controller public key N2 using an elliptic curve-based key agreement algorithm.
CN202010560148.6A 2020-06-18 2020-06-18 Automatic safe login method for intelligent household equipment based on NDN Active CN111698096B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010560148.6A CN111698096B (en) 2020-06-18 2020-06-18 Automatic safe login method for intelligent household equipment based on NDN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010560148.6A CN111698096B (en) 2020-06-18 2020-06-18 Automatic safe login method for intelligent household equipment based on NDN

Publications (2)

Publication Number Publication Date
CN111698096A true CN111698096A (en) 2020-09-22
CN111698096B CN111698096B (en) 2021-08-27

Family

ID=72481679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010560148.6A Active CN111698096B (en) 2020-06-18 2020-06-18 Automatic safe login method for intelligent household equipment based on NDN

Country Status (1)

Country Link
CN (1) CN111698096B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714000A (en) * 2020-12-29 2021-04-27 湖南大学 NDN digital signature coding structure, and signature verification method and system for Internet of things equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065500A (en) * 2013-03-21 2014-09-24 苏州方位通讯科技有限公司 Register server hot backup method realized by SIP terminal
CN104158642A (en) * 2014-08-08 2014-11-19 上海斐讯数据通信技术有限公司 Method and system for providing backup for software defined network controller
CN110113264A (en) * 2019-05-14 2019-08-09 常熟理工学院 A kind of caching and route implementation method for naming data network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065500A (en) * 2013-03-21 2014-09-24 苏州方位通讯科技有限公司 Register server hot backup method realized by SIP terminal
CN104158642A (en) * 2014-08-08 2014-11-19 上海斐讯数据通信技术有限公司 Method and system for providing backup for software defined network controller
CN110113264A (en) * 2019-05-14 2019-08-09 常熟理工学院 A kind of caching and route implementation method for naming data network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YANBIAO LI等: "A Secure Sign-On Protocol for Smart Homes over Named Data Networking", 《IEEE COMMUNICATIONS MAGAZINE》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714000A (en) * 2020-12-29 2021-04-27 湖南大学 NDN digital signature coding structure, and signature verification method and system for Internet of things equipment

Also Published As

Publication number Publication date
CN111698096B (en) 2021-08-27

Similar Documents

Publication Publication Date Title
US10812969B2 (en) System and method for configuring a wireless device for wireless network access
CN110324287B (en) Access authentication method, device and server
WO2019153701A1 (en) Method and apparatus for obtaining device identification
US11736304B2 (en) Secure authentication of remote equipment
EP3700124B1 (en) Security authentication method, configuration method, and related device
US20200259667A1 (en) Distributed management system for remote devices and methods thereof
Jeong et al. Integrated OTP-based user authentication scheme using smart cards in home networks
CN107396350B (en) SDN-5G network architecture-based security protection method between SDN components
KR20090067155A (en) Upnp authentication and authorization
CN109905877B (en) Message verification method of communication network system, communication method and communication network system
CN114125832B (en) Network connection method, terminal, network equipment to be distributed and storage medium
CN110690966B (en) Method, system, equipment and storage medium for connecting terminal and service server
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
CN112769568B (en) Security authentication communication system and method in fog computing environment and Internet of things equipment
CN111698096B (en) Automatic safe login method for intelligent household equipment based on NDN
WO2022041151A1 (en) Device verification method, device, and cloud
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
US10972912B1 (en) Dynamic establishment of trust between locally connected devices
WO2013004104A1 (en) Single sign-on method and system
CN112333214B (en) Safe user authentication method and system for Internet of things equipment management
CN112468983B (en) Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof
CN115567195A (en) Secure communication method, client, server, terminal and network side equipment
WO2022170583A1 (en) Permission configuration method and apparatus in internet of things, device, and storage medium
Zhang et al. Certificateless Authentication Scheme Based on Blockchain in Smart Home Network
Zhao et al. The Cooperative Authentication Mechanism and Performance Evaluation for Unmanned Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant