CN112235801A - Authentication method for block chain-based reliability evaluation in wireless broadcast system - Google Patents

Abstract

The invention discloses an authentication method for reliability evaluation based on a block chain in a wireless broadcast system, which specifically comprises the following steps: the aircraft acquires self-credibility attribute information by using a sensor, and uploads a self-identity card number and the credibility attribute information to a radar in a wireless transmission mode; the radar calculates the reliability grade according to the reliability attribute information of the aircraft, verifies whether the reliability grade passes or not, and transmits the reliability grade to other radars; the identity card number, the credibility attribute information and the credibility grade of the aircraft passing the verification are uploaded to a block chain for storage; the radar and the verified aircraft calculate a session key for subsequent communication to authenticate the communication. The certificate and the token are used as parameters in the authentication process for transmission, so that the calculation and communication overhead in the multiple authentication processes of the aircraft and the radar is reduced, and the method is more suitable for running in equipment with limited resources; the block chain design improves the confidentiality and the expandability of information.

Description

Authentication method for block chain-based reliability evaluation in wireless broadcast system

Technical Field

The invention relates to the field of wireless communication, in particular to an authentication method based on block chain credibility evaluation in a wireless broadcast system.

Background

In the existing communication scheme, the aircraft needs to be re-authenticated from the signal coverage area of one radar to the signal coverage area of another radar, and the aircraft and the radar need to bear more calculation and communication overhead, are not suitable for equipment with limited calculation and storage and are not suitable for actual requirements. In the authentication and key agreement stage of the aircraft and the radar, a shared session key is established by the radar and the aircraft in the communication range of the radar, if malicious users exist in the communication range, the malicious users can initiate key attack by acquiring data sent by the radar to the aircraft or to the next radar to destroy the authentication and key agreement process of the aircraft and the radar, so that the privacy of the aircraft is leaked or the shared session key cannot be established. Meanwhile, the existing key negotiation scheme provides authentication service or avoids man-in-the-middle attack by using a public key infrastructure, so that the requirement on calculation and communication capacity is high, modular exponentiation with high calculation overhead needs to be executed, and the method is not suitable for being applied to a resource-limited wireless broadcast environment.

Disclosure of Invention

The purpose of the invention is as follows: in order to solve the above problems, the present invention provides an authentication method based on block chain reliability evaluation in a wireless broadcast system.

The technical scheme is as follows: in order to realize the purpose of the invention, the technical scheme adopted by the invention is as follows: an authentication method based on block chain credibility evaluation in a wireless broadcast system specifically comprises the following steps:

s1: the aircraft utilizes a sensor to collect self-credibility attribute information;

the credibility attribute information can reflect attribute information values of the integrity state and the behavior mode of the aircraft, and comprises the flight speed of the aircraft, the times of malicious behaviors, the credibility level verification passing times and the communication authentication passing times;

the credibility level can reflect whether the aircraft has malicious behaviors or not, and helps the radar to identify whether the aircraft has conditions for entering the system or not.

S2: when the aircraft enters the range covered by the radar, the identity card number and the credibility attribute information of the aircraft are uploaded to the radar in a wireless transmission mode;

s3: the radar calculates the corresponding credibility grade according to the credibility attribute information of the aircraft and verifies the credibility grade, and the specific operation steps are as follows:

s3.1: after the radar receives the credibility attribute information of the aircraft at the time t, firstly, the instantaneous credibility level of the aircraft at the time t is calculated, and the calculation formula is as follows:

wherein the content of the first and second substances,

representing the instant credibility grade of credibility attribute information containing m attributes at the time t; beta is a_nA weight representing the nth confidence attribute information; alpha is alpha_nRepresenting an nth confidence attribute information value; m represents the number of credibility attribute information values;

s3.2: after the instant credibility grade of the t moment is obtained through calculation, the credibility grade of the aircraft at the t moment is calculated according to the credibility grade of the aircraft obtained through calculation at the previous moment, and the calculation formula is as follows:

wherein the content of the first and second substances,

representing the confidence level of the aircraft at time t; Δ t represents t and t^-The interval time of (c); lambda and eta represent the reliability change condition coefficient;

representing the level of confidence of the aircraft at the previous moment;

the credibility grade value of the aircraft is not a constant value, but the credibility grade value of the mobile medical intelligent device at the current moment is calculated through the credibility grade value at the previous moment of each iteration;

s3.3: verifying the calculated credibility level of the aircraft by the radar;

if the calculated credibility level of the aircraft is lower than the standard set by the radar, the radar considers that the aircraft is a malicious person and refuses to provide service for the aircraft;

otherwise, the radar adds the identity card number, the credibility attribute information and the credibility grade information of the aircraft into the block chain and simultaneously transmits the identity card number, the credibility attribute information and the credibility grade information to other radars in the system, and the other radars in the system store the identity card number, the credibility attribute information and the credibility grade information of the aircraft in the own block chain.

S4: the aircraft negotiates with the radar to generate a common session key for communication;

the radar and the aircraft can negotiate to generate a session key for communication in two modes, namely initial communication authentication and re-communication authentication;

when an aircraft never communicates with any radar or the initial communication authentication fails, the aircraft communicates with the radar and performs the initial communication authentication;

otherwise, the aircraft directly communicates with the radar to re-authenticate by using the certificate and the token as transmission parameters;

in the communication re-authentication, the certificate and the token are used as parameters in the authentication process for transmission, so that the calculation and communication overhead in the authentication process of the aircraft and the radar is greatly reduced compared with a primary authentication mode, and the communication re-authentication method is more suitable for running in equipment with limited resources. It is of significant advantage when the aircraft passes initial authentication with any radar and then chooses to pass re-authentication instead of initial authentication when communicating with other radars.

The communication initial authentication process of the aircraft and the radar specifically comprises the following steps:

setting M radars with numbers i, i belonging to [1, M ]; n aircrafts are provided, and the number of the aircrafts is j, and j belongs to [1, N ];

s4.1: initializing a system:

the secret key generation center generates a public key PKI and a private key a for the radar i_iThe public key PKI is divided into two parts, namely PKI (i,1) and PKI (i,2), and the public key and the private key are stored in the radar i;

the key generation center generates a public key PK and a private key u for the aircraft j_jThe public key PK is divided into two parts, namely PK (j,1) and PK (j,2), and the public key and the private key are stored in the aircraft j;

parameters of the key generation center during system operation: a bilinear map

Three hash functions H₁，H₂And H₃；

Wherein G and G_TIs a p-order cyclic group satisfying bilinear mapping; two different generators in the cyclic group G are G and h; a is_iAnd u_jPrivate keys of the radar i and the aircraft j are respectively non-zero integers randomly selected in a p-order integer domain; the three hash functions are: h₁:G→{0,1}^*，

S4.2: the aircraft j and the radar i respectively generate keys for themselves:

aircraft j utilizes its own private key u_jAnd the public key PKI of the radar i generates a secret key for itself as follows:

wherein PKI_i,1Is a first part of the public key of radar i;

the radar i utilizes the private key a held by the radar i_iAnd aircraft j's public keyThe PK generates a key for itself as:

and sent to aircraft j; wherein, PK_j,1Is a first part of the aircraft j public key;

radar i from the integer domain

In which a random number r is selected_iCalculation generation

At the same time to R_i,1And R_i,2Storing, and adding R_i,2And current time node T_aSending to the aircraft j;

s4.3: the aircraft j and the radar i generate a common session key according to respective key negotiation, and the method specifically comprises the following steps:

s4.31: aircraft j generates a session key:

after receiving the information sent by the radar i, the aircraft j firstly verifies S4.2 the time node T_aThe effectiveness of (a); if not, terminating the process;

otherwise, the aircraft j is based on the parameter SK S4.2_1rAnd R_i,2Computationally generated key

Wherein ID represents the identity number of the aircraft j;

indicating aircraft at T_aA confidence level of the time; PKI_i,2Is a second part of the public key of radar i;

finally, the aircraft j calculates the session key through bilinear mapping

S4.32: radar i generates a session key:

Radari is based on S4.2 said parameter SK_1rAnd R_i,1Calculating a secret key

Radar i can be based on secret key SK₃Calculating session keys

S4.4: validating a session key generated by an aircraft j

And radar i generated session key

Whether the two are consistent;

if the two are consistent, the aircraft j and the radar i generate a common session key, normal communication can be performed, and the initial authentication is passed;

otherwise, the aircraft j and the radar i cannot communicate, and the initial authentication is not passed.

The radar and aircraft communication re-certification specifically comprises the following steps:

s4.5: and (3) generating a certificate:

radar i from p order integer domain

In the method, an integer v is randomly selected_iThen calculates and generates a certificate OC₁And OC₂，OC₁Is sent to the next radar i +1, OC₂Is sent to the aircraft j;

wherein, OC₁Is calculated by the formula

OC₂Is calculated by the formula

PKI_i+1,2Have public for the next radar i +1A second part of the key;

s4.6: generation of the token:

the radar i +1 receives the certificate OC₁Then, from the p-order integer field

In the random selection of an integer v_i+1Computationally generating token R_i+1,1And R_i+1,2Wherein R is_i+1,1Stored by radar i +1 and not published externally, R_i+1,2As a token to aircraft j;

s4.7: the generation of the aircraft j and radar i +1 session key specifically comprises the following steps:

aircraft j receives token R_i+1,2And certificate OC₂Calculation generation

And

then use

And bilinear mapping to generate a session key, wherein the generation formula is as follows:

radar i +1 calculation generation

And

finally utilize

And bilinear mapping calculation to generate a session key, wherein the generation formula is as follows:

wherein, a_i+1A private key for radar i + 1;

s4.8: validating a session key generated by an aircraft j

And radar i +1 generated session key

Whether the two are consistent;

if the two are consistent, the aircraft j and the radar i +1 generate a common session key, and normal communication can be performed;

otherwise, it means that the aircraft j and the radar i +1 cannot communicate.

Has the advantages that: the invention realizes the real-time recording of the attribute information of the aircraft credibility by utilizing the Mercker hash tree and stores the attribute information by using the block chain, thereby greatly improving the confidentiality and the expandability; the certificate and the token are used as parameters in the authentication process for transmission, so that the calculation and communication overhead in the multiple authentication processes of the aircraft and the radar is reduced, and the method is suitable for running in equipment with limited resources; in the negotiation process of the session key, a third-party trusted authority is not required to participate, and only information exchange between the radar and the aircraft is performed, so that a common session key is negotiated, and the confidentiality and the safety are higher; meanwhile, the protocol has certain fault-tolerant attribute, and normal execution of authentication and key agreement between the aircraft and the radar is guaranteed.

Drawings

FIG. 1 is a diagram of a generation model of trust levels in a wireless broadcast system;

FIG. 2 is a diagram of a re-certification model of an aircraft.

Detailed Description

The technical solution of the present invention is further described below with reference to the accompanying drawings and examples. The invention relates to an authentication method based on block chain credibility evaluation in a wireless broadcast system, which specifically comprises the following steps:

s1: the aircraft utilizes a sensor to collect self-credibility attribute information;

the credibility attribute information comprises the flight speed of the aircraft, the times of malicious behaviors, the credibility level verification passing times and the communication authentication passing times;

s2: when the aircraft enters the range covered by the radar, the identity card number and the credibility attribute information of the aircraft are uploaded to the radar in a wireless transmission mode;

s3: the radar calculates the corresponding credibility grade according to the credibility attribute information of the aircraft and verifies the credibility grade, and the specific operation steps are as follows:

s3.1: after the radar receives the credibility attribute information of the aircraft at the time t, firstly, the instantaneous credibility level of the aircraft at the time t is calculated, and the calculation formula is as follows:

wherein the content of the first and second substances,

representing the instant credibility grade of credibility attribute information containing m attributes at the time t; beta is a_nA weight representing the nth confidence attribute information; alpha is alpha_nRepresenting an nth confidence attribute information value; m represents the number of the credibility attribute information values, and the value is 4 in the example;

s3.2: after the instant credibility grade of the t moment is obtained through calculation, the credibility grade of the aircraft at the t moment is calculated according to the credibility grade of the aircraft obtained through calculation at the previous moment, and the calculation formula is as follows:

wherein the content of the first and second substances,

representing the confidence level of the aircraft at time t; Δ t representst and t^-The interval time of (c); lambda and eta represent the reliability change condition coefficient;

representing the level of confidence of the aircraft at the previous moment;

s3.3: verifying the calculated credibility level of the aircraft by the radar;

if the calculated credibility level of the aircraft is lower than the standard set by the radar, the radar considers that the aircraft is a malicious person and refuses to provide service for the aircraft;

otherwise, the radar adds the identity card number, the credibility attribute information and the credibility grade information of the aircraft into the block chain and simultaneously transmits the identity card number, the credibility attribute information and the credibility grade information to other radars in the system, and the other radars in the system store the identity card number, the credibility attribute information and the credibility grade information of the aircraft in the own block chain.

S4: the aircraft negotiates with the radar to generate a common session key for communication;

the radar and the aircraft can negotiate to generate a session key for communication in two modes, namely initial communication authentication and re-communication authentication;

when an aircraft never communicates with any radar or the initial communication authentication fails, the aircraft communicates with the radar and performs the initial communication authentication;

otherwise, the aircraft directly communicates with the radar to re-authenticate by using the certificate and the token as transmission parameters;

in the re-authentication, the certificate and the token are used as parameters in the authentication process for transmission, so that the calculation and communication overhead in the authentication process of the aircraft and the radar is greatly reduced compared with the initial authentication mode, and the method is more suitable for running in equipment with limited resources. It is of significant advantage when the aircraft passes initial authentication with any radar and then chooses to pass re-authentication instead of initial authentication when communicating with other radars.

The initial certification process of the aircraft and the radar specifically comprises the following steps:

setting M radars with numbers i, i belonging to [1, M ]; n aircrafts are provided, and the number of the aircrafts is j, and j belongs to [1, N ];

s4.1: initializing a system:

the secret key generation center generates a public key PKI and a private key a for the radar i_iThe public key PKI is divided into two parts, namely PKI (i,1) and PKI (i,2), and the public key and the private key are stored in the radar i;

the key generation center generates a public key PK and a private key u for the aircraft j_jThe public key PK is divided into two parts, namely PK (j,1) and PK (j,2), and the public key and the private key are stored in the aircraft j;

parameters of the key generation center during system operation: a bilinear map

Three hash functions H₁，H₂And H₃；

Wherein G and G_TIs a p-order cyclic group satisfying bilinear mapping; two different generators in the cyclic group G are G and h; a is_iAnd u_jPrivate keys of the radar i and the aircraft j are respectively non-zero integers randomly selected in a p-order integer domain; the three hash functions are: h₁:G→{0,1}^*，

S4.2: the aircraft j and the radar i respectively generate keys for themselves:

aircraft j utilizes its own private key u_jAnd the public key PKI of the radar i generates a secret key for itself as follows:

wherein PKI_i,1Is a first part of the public key of radar i;

the radar i utilizes the private key a held by the radar i_iAnd the public key PK of the aircraft j generates a secret key for itself as follows:

and sent to aircraft j; wherein, PK_j,1Is a first part of the aircraft j public key;

radar i from the integer domain

In which a random number r is selected_iCalculation generation

At the same time to R_i,1And R_i,2Storing, and adding R_i,2And current time node T_aSending to the aircraft j;

s4.3: the aircraft j and the radar i generate a common session key according to respective key negotiation, and the method specifically comprises the following steps:

s4.31: aircraft j generates a session key:

after receiving the information sent by the radar i, the aircraft j firstly verifies S4.2 the time node T_aThe effectiveness of (a); if not, terminating the process;

otherwise, the aircraft j is based on the parameter SK S4.2_1rAnd R_i,2Computationally generated key

Wherein ID represents the identity number of the aircraft j;

indicating aircraft at T_aA confidence level of the time; PKI_i,2Is a second part of the public key of radar i;

finally, the aircraft j calculates the session key through bilinear mapping

S4.32: radar i generates a session key:

radar i is based on S4.2 parameter SK_1rAnd R_i,1Calculating a secret key

Radar i can be based on secret key SK₃Calculating session keys

S4.4: validating a session key generated by an aircraft j

And radar i generated session key

Whether the two are consistent;

if the two are consistent, the aircraft j and the radar i generate a common session key, normal communication can be performed, and the initial authentication is passed;

otherwise, the aircraft j and the radar i cannot communicate, and the initial authentication is not passed.

The radar and aircraft communication re-certification specifically comprises the following steps:

s4.5: and (3) generating a certificate:

radar i from p order integer domain

In the method, an integer v is randomly selected_iThen calculates and generates a certificate OC₁And OC₂，OC₁Is sent to the next radar i +1, OC₂Is sent to the aircraft j;

wherein, OC₁Is calculated by the formula

OC₂Is calculated by the formula

PKI_i+1,2Holding a second part of the public key for the next radar i + 1;

s4.6: generation of the token:

the radar i +1 receives the certificate OC₁Then, from the p-order integer field

In the random selection of an integer v_i+1Computationally generating token R_i+1,1And R_i+1,2Wherein R is_i+1,1Stored by radar i +1 and not published externally, R_i+1,2As a token to aircraft j;

s4.7: the generation of the aircraft j and radar i +1 session key specifically comprises the following steps:

aircraft j receives token R_i+1,2And certificate OC₂Calculation generation

And

then use

And bilinear mapping to generate a session key, wherein the generation formula is as follows:

radar i +1 calculation generation

And

finally utilize

And bilinear mapping calculation to generate a session key, wherein the generation formula is as follows:

wherein, a_i+1Is a mineA private key up to i + 1;

s4.8: validating a session key generated by an aircraft j

And radar i +1 generated session key

Whether the two are consistent;

if the two are consistent, the aircraft j and the radar i +1 generate a common session key, and normal communication can be performed;

otherwise, it means that the aircraft j and the radar i +1 cannot communicate.

Claims (6)

1. An authentication method based on block chain reliability evaluation in a wireless broadcast system is characterized by comprising the following steps:

s1: the aircraft utilizes a sensor to collect self-credibility attribute information;

s2: when the aircraft enters the range covered by the radar, the aircraft uploads the identity card number and the credibility attribute information to the radar;

s3: the radar calculates the corresponding credibility grade according to the credibility attribute information of the aircraft and verifies the credibility grade;

s4: and the credibility grade verifies that the aircraft and the radar which pass through the verification are subjected to communication authentication, and whether the authentication can be negotiated to generate a common session key is judged.

2. The method of claim 1, wherein the method comprises: s3, calculating the credibility level of the aircraft by the radar, wherein the specific operation steps are as follows:

after receiving the credibility attribute information of the aircraft at the current moment t, the radar firstly calculates the instantaneous credibility level of the aircraft at the moment t, and the calculation formula is as follows:

wherein the content of the first and second substances,

representing the instant credibility grade of credibility attribute information containing m attributes at the time t; beta is a_nA weight representing the nth confidence attribute information; alpha is alpha_nRepresenting an nth confidence attribute information value; m represents the number of credibility attribute information values;

after the instant credibility grade of the t moment is obtained through calculation, the credibility grade of the aircraft at the t moment is calculated according to the credibility grade of the aircraft obtained through calculation at the previous moment, and the calculation formula is as follows:

wherein the content of the first and second substances,

representing the confidence level of the aircraft at time t; Δ t represents t and t^-The interval time of (c); lambda and eta represent the reliability change condition coefficient;

the level of confidence of the aircraft at the previous moment is indicated.

3. The method of claim 2, wherein the method comprises: s3, verifying the calculated credibility level of the aircraft by the radar, specifically comprising:

if the calculated credibility level of the aircraft is lower than the standard set by the radar, the radar considers that the aircraft is a malicious person and refuses to provide service for the aircraft;

otherwise, the radar adds the identity card number, the credibility attribute information and the credibility grade information of the aircraft into the block chain and simultaneously transmits the identity card number, the credibility attribute information and the credibility grade information to other radars in the system; other radars in the system add the identification number, credibility attribute information and credibility level of the aircraft in their block chain.

4. The method of claim 3, wherein the method comprises: s4 communication authentication between the aircraft and the radar comprises two modes: the communication initial authentication and the communication re-authentication specifically include:

when an aircraft never communicates with any radar or the initial communication authentication fails, the aircraft and the radar perform initial communication authentication;

otherwise, the aircraft directly communicates with the radar to re-authenticate by using the certificate and the token as transfer parameters.

5. The method of claim 4, wherein the method comprises: s4, the communication initial authentication process specifically includes the following steps:

setting M radars with numbers i, i belonging to [1, M ]; n aircrafts are provided, and the number of the aircrafts is j, and j belongs to [1, N ];

s4.1: initializing a system:

the secret key generation center generates a public key PKI and a private key a for the radar i_iThe public key PKI is divided into two parts, namely PKI (i,1) and PKI (i,2), and the public key and the private key are stored in the radar i;

the key generation center generates a public key PK and a private key u for the aircraft j_jThe public key PK is divided into two parts, namely PK (j,1) and PK (j,2), and the public key and the private key are stored in the aircraft j;

parameters of the key generation center during system operation: a bilinear map

Three hash functions H₁，H₂And H₃；

Wherein G and G_TIs to satisfy twoA linear mapped cyclic group of order p; two different generators in the cyclic group G are G and h; a is_iAnd u_jPrivate keys of the radar i and the aircraft j are respectively non-zero integers randomly selected in a p-order integer domain; the three hash functions are: h₁:G→{0,1}^*，H₂,

S4.2: the aircraft j and the radar i respectively generate keys for themselves:

aircraft j utilizes its own private key u_jAnd the public key PKI of the radar i generates a secret key for itself as follows:

wherein PKI_i,1Is a first part of the public key of radar i;

the radar i utilizes the private key a held by the radar i_iAnd the public key PK of the aircraft j generates a secret key for itself as follows:

and sent to aircraft j; wherein, PK_j,1Is a first part of the aircraft j public key;

radar i from the integer domain

In which a random number r is selected_iCalculation generation

At the same time to R_i,1And R_i,2Storing, and adding R_i,2And current time node T_aSending to the aircraft j;

s4.3: the aircraft j and the radar i generate a common session key according to respective key negotiation, and the method specifically comprises the following steps:

s4.31: aircraft j generates a session key:

after receiving the information sent by the radar i, the aircraft j first verifies S42 the time node T_aThe effectiveness of (a); if not, terminating the process;

otherwise, the aircraft j is based on the parameter SK S4.2_1rAnd R_i,2Computationally generated key

Wherein ID represents the identity number of the aircraft j;

indicating aircraft at T_aA confidence level of the time; PKI_i,2Is a second part of the public key of radar i;

finally, the aircraft j calculates the session key through bilinear mapping

S4.32: radar i generates a session key:

radar i is based on S4.2 parameter SK_1rAnd R_i,1Calculating a secret key

Radar i can be based on secret key SK₃Calculating session keys

S4.4: validating a session key generated by an aircraft j

And radar i generated session key

Whether the two are consistent;

if the two are consistent, the aircraft j and the radar i generate a common session key, normal communication can be performed, and the initial authentication is passed;

otherwise, the aircraft j and the radar i cannot communicate, and the initial authentication is not passed.

6. The method of claim 5, wherein the method comprises: s4 the radar and aircraft communication re-certification specifically comprises the following steps:

s4.5: and (3) generating a certificate:

radar i from p order integer domain

In the method, an integer v is randomly selected_iThen calculates and generates a certificate OC₁And OC₂，OC₁Is sent to the next radar i +1, OC₂Is sent to the aircraft j;

wherein, OC₁Is calculated by the formula

OC₂Is calculated by the formula

PKI_i+1,2Holding a second part of the public key for the next radar i + 1;

s4.6: generation of the token:

the radar i +1 receives the certificate OC₁Then, from the p-order integer field

In the random selection of an integer v_i+1Computationally generating token R_i+1,1And R_i+1,2Wherein R is_i+1,1Stored by radar i +1 and not published externally, R_i+1,2As a token to aircraft j;

s4.7: the generation of the aircraft j and radar i +1 session key specifically comprises the following steps:

aircraft j receives token R_i+1,2And certificate OC₂Calculation generation

And

then use

And bilinear mapping to generate a session key, wherein the generation formula is as follows:

radar i +1 calculation generation

And

finally utilize

And bilinear mapping calculation to generate a session key, wherein the generation formula is as follows:

wherein, a_i+1A private key for radar i + 1;

s4.8: validating a session key generated by an aircraft j

And radar i +1 generated session key

Whether the two are consistent;

if the two are consistent, the aircraft j and the radar i +1 generate a common session key, and normal communication can be performed;

otherwise, it means that the aircraft j and the radar i +1 cannot communicate.

Images