CN113949625A - Message transmission verification algorithm based on GPS and timestamp verification - Google Patents
Message transmission verification algorithm based on GPS and timestamp verification Download PDFInfo
- Publication number
- CN113949625A CN113949625A CN202111469053.4A CN202111469053A CN113949625A CN 113949625 A CN113949625 A CN 113949625A CN 202111469053 A CN202111469053 A CN 202111469053A CN 113949625 A CN113949625 A CN 113949625A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- verification
- timestamp
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Abstract
The invention provides a message transmission verification algorithm based on GPS and timestamp verification, and belongs to the technical field of water resource monitoring. The system comprises a key generation module, a monitoring terminal and a receiving server, wherein the monitoring terminal comprises: data acquisition module, data processing module, data encryption module and data transmission module, receiving server end includes: the device comprises a data receiving module and a data verifying module. The mode that a plurality of managers manage the secret keys respectively is adopted, so that the information caused by secret key leakage is prevented from being unsafe, the consistency of message data positioning and the integrity of data are ensured through GPS positioning and a timestamp encryption algorithm, the self-checking process without manual intervention is completed, malicious attack of a third party can be effectively prevented, the safety of the data is ensured, and the working efficiency is improved.
Description
Technical Field
The invention belongs to the technical field of water resource monitoring, and relates to a message transmission verification algorithm based on GPS and timestamp verification.
Background
In order to pursue economic benefits, a part of small and medium hydropower stations in China can completely close a sluice for water storage when the hydropower stations do not reach a generating water level, so that water plants and aquatic ecosystem and downstream drinking and irrigation are seriously damaged due to long-time cutoff of closure leading to downstream of the hydropower stations, especially in a dry season.
In order to ensure sustainable development of water resources and water ecology, the national department of water conservancy and all levels of water conservancy departments go out of the stations in succession and implement a file for intensively monitoring the discharged ecological flow, minimum discharged flow verification is carried out on all the water power stations according to 10% of average flow of not less than 10 years, and the condition that the discharged flow of a river is not lower than the verified flow is required to be ensured all the time so as to avoid damage to downstream aquatic animals and plants and aquatic ecological systems caused by cut-off and ensure the requirements of downstream drinking water and irrigation.
Specifically, under the influence of the actual conditions of the technical level and supervision, the following requirements are imposed on the hydropower station in the documents that the national water conservancy department and all levels of water conservancy departments successively export and implement the centralized monitoring of the discharged ecological flow at present: (1) and each monitoring point collects water level and flow data once every 15 minutes, and collects 1 real-time picture every hour to be uploaded to monitoring platforms of water conservancy departments of various provinces for supervision of the water conservancy and profit departments and to be supervised by the national water conservancy department. Meanwhile, when the network is disconnected or the data access platform is debugged and upgraded, data and photos which cannot be uploaded in time and individual sites cannot solve the problem of network communication really, the data and the photos need to be stored in the ecological flow monitoring system locally, the storage time is required to be not less than 3 years, and the required storage space is about 5GB after calculation. (2) The data communication protocol is mostly adopted in provinces of national standard protocol SZY206-2016 water resource monitoring data transmission protocol or hydrologic communication protocol specification, and individual provinces also adopt custom communication protocol.
Because the protocol of the SZY206-2016 water resource monitoring data transmission protocol or the protocol of the hydrologic communication protocol specification is open, the protocol is an inquiry response interaction mode, no connection authentication and equipment geographic position information exist, an attacker can easily forge formats in a legal way in any geographic position, and a data access platform cannot distinguish true and false 'legal' messages, so that data received by the data access platform loses the monitoring significance due to the fact that the data lose authenticity.
The format of the water resource monitoring data message conforms to the national water conservancy monitoring data communication message standard, the provided CS check bits have no practical function, and the national water conservancy monitoring data communication message standard does not carry time and place verification, so that a third party can be maliciously attacked, invalid messages are sent, the server burden is increased, and the third party can forge the data message even and has the original intention of water conservancy monitoring.
Disclosure of Invention
The invention aims to provide a message transmission verification algorithm based on GPS and timestamp verification aiming at the problems in the prior art, and the technical problem to be solved by the invention is how to ensure the safety and the authenticity of water resource monitoring data.
The purpose of the invention can be realized by the following technical scheme: a message transmission verification algorithm based on GPS and timestamp verification is characterized by comprising a key generation module, a monitoring terminal and a receiving server, wherein the monitoring terminal comprises a data acquisition module, a data processing module, a data encryption module and a data sending module, and the receiving server comprises a data receiving module and a data verification module;
the key generation module: a plurality of administrators input respective key _ master together, obtain the ID of the monitoring station at the same time, and transmit the obtained result key _ monitor to different monitoring terminals after carrying out encryption function operation;
in the key generation module, an Encrypt function is a self-defined encryption function, and keys of a plurality of administrators can jointly generate the same monitoring terminal key _ monitor through the Encrypt function;
the data encryption module carries out MD5 encryption calculation according to the monitoring station ID, the collected data, the monitoring station longitude, the monitoring station latitude, the timestamp, the random number RAND and the key _ monitor;
the data processing module transmits the check code, the acquired data, the monitoring station ID and the timestamp returned by the data encryption module to the data sending module;
the data sending module packages the obtained data into a data message, sends the data message to a receiving server, the format of the data message conforms to the national water conservancy monitoring data communication message standard, and replaces the original CS check code with the check code returned by the data encryption module;
the data verification module generates a monitoring station key _ monitor according to the requirement by using an Encrypt function, calculates according to an encryption algorithm, extracts a check code, compares the check code with the check code in the message, and judges whether the current message is valid.
Further, the data encryption module returns a check code with a value of one byte, the upper four bits of the check code are the value of the random number RAND, and the lower four bits are the value of the upper four bits of the RAND byte in the MD5 value.
Further, in the key generation module, the key provided by the administrator may be any character with any length.
Further, the data collected by the data collection module includes: at present water level, flow and picture, the data acquisition module transmits the data of gathering for data processing module.
Further, the data processing module transmits the data of the data acquisition module, the ID of the monitoring station and the timestamp to the data encryption module.
In order to solve the problems in the prior art, and meanwhile, the communication message standard of the national water conservancy monitoring data is not influenced, a receiving and sending system of the water resource monitoring data is provided, malicious attack of a third party can be effectively prevented, the positioning consistency of the message data and the integrity of the data are ensured, meanwhile, a plurality of managers are adopted to respectively manage secret keys, the information insecurity caused by secret key leakage is prevented, the self-checking process without manual intervention is completed, the safety of the data is ensured, and the working efficiency is improved.
Drawings
Fig. 1 is a general schematic diagram of a message transmission verification algorithm based on GPS and timestamp verification.
Fig. 2 is a detailed schematic diagram of the monitoring terminal.
Fig. 3 is a detailed diagram of the receiving server.
Fig. 4 is a detailed diagram of the key generation process.
Fig. 5 is a detailed diagram of the data encryption process.
Fig. 6 is a detailed diagram of the format of the water level and flow datagram.
Detailed Description
The following are specific embodiments of the present invention and are further described with reference to the drawings, but the present invention is not limited to these embodiments.
As shown in fig. 1, the monitoring terminal and the receiving server both need the monitoring station key _ monitor generated by the key generation module, the monitoring terminal sends the acquired data to the receiving server by using a TCP/IP protocol, and the message format conforms to the national water conservancy monitoring data communication message standard.
As shown in fig. 4, a plurality of administrators need to operate the key generation module together according to the key _ master distributed by the water conservancy hall, the key _ master may be any character with any length, the key _ masters may be two or more keys, any one key _ master is absent, and the program cannot be operated.
As shown in fig. 4, the keys generated in the key generation module are distributed to a plurality of monitoring terminals.
As shown in fig. 4, the Encrypt function used in the key generation module requires the incoming parameters to include: the monitoring station ID and the plurality of key _ masters, the Encrypt function can be any encryption function, and the returned value is the encrypted key _ monitor which is transmitted to the monitoring terminal corresponding to the monitoring station ID.
The monitoring terminal executes the flow, as shown in figure 5, the data processing module is transmitted to the data acquisition module with the data of gathering, the data processing module transmits the monitoring station ID, the data of gathering, the time stamp of current monitoring station for the data encryption module, the data encryption module returns the encryption result and returns for the data processing module, the data processing module transmits the monitoring station ID, the data of gathering, the time stamp, the encryption result for the data transmitting module.
In the data acquisition module, data acquisition includes: water level, flow and picture data.
The data encryption module has a GPS positioning function and can acquire the longitude and the latitude of the current monitoring station, and the data encryption module can generate a random number RAND by itself, and the value range is [0, 15 ].
In the data encryption module, detailed encryption method is as shown in fig. 5, data is encrypted by using MD5, and parameters required to be transmitted by MD5 include: the system comprises a monitoring station ID, collected data, a monitoring station longitude, a monitoring station latitude, a random number RAND, a timestamp and a monitoring station key _ monitor, wherein a data encryption module returns a check code with a value of one byte, the upper four bits of the check code are the value of the random number RAND, and the lower four bits of the check code are the values of the upper four bits of the RAND byte in the MD5 value.
In the data sending module, the incoming data is organized into a data message format, the data message format is as shown in fig. 6, the message format complies with the national water conservancy monitoring data communication message standard, and the original CS check code is replaced by the check code returned by the data encryption module.
As shown in fig. 3, the data receiving module transmits all received data messages to the data verification module.
And the data verification module defaults to the longitude and latitude of the known current monitoring station.
In the data verification module, after MD5 encryption is carried out according to the transmitted monitoring station ID, the collected data, the random number RAND and the timestamp by combining the known monitoring station longitude, the monitoring station latitude and the key _ monitor, the check code with the value of one byte is returned, the upper four bits of the check code are the value of the random number RAND, the lower four bits of the check code are the value of the upper four bits of the RAND byte in the MD5 value, and the returned value is compared with the message check code so as to identify the validity and the authenticity of the message.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Claims (5)
1. A message transmission verification algorithm based on GPS and timestamp verification is characterized by comprising a key generation module, a monitoring terminal and a receiving server, wherein the monitoring terminal comprises a data acquisition module, a data processing module, a data encryption module and a data sending module, and the receiving server comprises a data receiving module and a data verification module;
the key generation module: a plurality of administrators input respective key _ master together, obtain the ID of the monitoring station at the same time, and transmit the obtained result key _ monitor to different monitoring terminals after carrying out encryption function operation;
in the key generation module, an Encrypt function is a self-defined encryption function, and keys of a plurality of administrators can jointly generate the same monitoring terminal key _ monitor through the Encrypt function;
the data encryption module carries out MD5 encryption calculation according to the monitoring station ID, the collected data, the monitoring station longitude, the monitoring station latitude, the timestamp, the random number RAND and the key _ monitor;
the data processing module transmits the check code, the acquired data, the monitoring station ID and the timestamp returned by the data encryption module to the data sending module;
the data sending module packages the obtained data into a data message, sends the data message to a receiving server, the format of the data message conforms to the national water conservancy monitoring data communication message standard, and replaces the original CS check code with the check code returned by the data encryption module;
the data verification module generates a monitoring station key _ monitor according to the requirement by using an Encrypt function, calculates according to an encryption algorithm, extracts a check code, compares the check code with the check code in the message, and judges whether the current message is valid.
2. The message transmission authentication algorithm based on GPS and timestamp authentication as claimed in claim 1, wherein the data encryption module returns a check code with a value of one byte, the upper four bits of the check code are the values of random numbers RAND, and the lower four bits are the values of the upper four bits of the RAND byte in the MD5 values.
3. The message transmission verification algorithm based on GPS and timestamp verification as claimed in claim 1, wherein the key provided by the administrator in the key generation module can be any character with any length.
4. The message transmission verification algorithm based on GPS and timestamp verification as claimed in claim 1, wherein the data collected by the data collection module comprises: at present water level, flow and picture, the data acquisition module transmits the data of gathering for data processing module.
5. The message transmission verification algorithm based on GPS and timestamp verification as claimed in claim 1, wherein the data processing module transmits the data of the data acquisition module, the ID of the monitoring station and the timestamp to the data encryption module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111469053.4A CN113949625A (en) | 2021-12-03 | 2021-12-03 | Message transmission verification algorithm based on GPS and timestamp verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111469053.4A CN113949625A (en) | 2021-12-03 | 2021-12-03 | Message transmission verification algorithm based on GPS and timestamp verification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113949625A true CN113949625A (en) | 2022-01-18 |
Family
ID=79338846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111469053.4A Pending CN113949625A (en) | 2021-12-03 | 2021-12-03 | Message transmission verification algorithm based on GPS and timestamp verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113949625A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009132046A2 (en) * | 2008-04-21 | 2009-10-29 | Ncipher Corporation Ltd. | Method and system for security requiring authorization by multiple users |
| CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
| CN103401689A (en) * | 2013-08-22 | 2013-11-20 | 赵忠华 | Positional information based dynamic token and encryption method thereof |
| US20170063531A1 (en) * | 2014-11-18 | 2017-03-02 | Cloudflare, Inc. | Multiply-Encrypting Data Requiring Multiple Keys for Decryption |
| US20190205555A1 (en) * | 2017-12-29 | 2019-07-04 | Niall Joseph Duffy | Method and System for Protecting Secure Computer Systems from Insider Threats |
| WO2021035295A1 (en) * | 2019-08-23 | 2021-03-04 | Commonwealth Scientific And Industrial Research Organisation | "secure environment for cryptographic key generation" |
-
2021
- 2021-12-03 CN CN202111469053.4A patent/CN113949625A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009132046A2 (en) * | 2008-04-21 | 2009-10-29 | Ncipher Corporation Ltd. | Method and system for security requiring authorization by multiple users |
| CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
| CN103401689A (en) * | 2013-08-22 | 2013-11-20 | 赵忠华 | Positional information based dynamic token and encryption method thereof |
| US20170063531A1 (en) * | 2014-11-18 | 2017-03-02 | Cloudflare, Inc. | Multiply-Encrypting Data Requiring Multiple Keys for Decryption |
| US20190116039A1 (en) * | 2014-11-18 | 2019-04-18 | Cloudflare, Inc. | Multiply-Encrypting Data Requiring Multiple Keys for Decryption |
| US20190205555A1 (en) * | 2017-12-29 | 2019-07-04 | Niall Joseph Duffy | Method and System for Protecting Secure Computer Systems from Insider Threats |
| WO2021035295A1 (en) * | 2019-08-23 | 2021-03-04 | Commonwealth Scientific And Industrial Research Organisation | "secure environment for cryptographic key generation" |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230017740A1 (en) | Electric Border Gateway Device and Method for Chaining and Storage of Sensing Data Based on the Same | |
| Gan et al. | Internet of things security analysis | |
| CN104219056B (en) | Privacy protection type real-time electric charge collecting method for intelligent power grid | |
| CN101753312A (en) | Security certification method and security certification device for power grid equipment and negative control terminal | |
| CN110932854B (en) | Block chain key distribution system and method for Internet of things | |
| CN105610837B (en) | For identity authentication method and system between SCADA system main website and slave station | |
| CN106953855B (en) | Method for intrusion detection of GOOSE message of IEC61850 digital substation | |
| CN110830251B (en) | Method for safely transmitting electricity consumption information in ubiquitous power Internet of things environment | |
| CN102594563A (en) | Source authentication method for secure multicast | |
| CN104639311A (en) | Combining method and system for protecting power utilization privacy and integrity in smart power grid | |
| CN112910861A (en) | Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things | |
| CN103501293B (en) | The authentication method that trusted end-user is accessed in a kind of intelligent grid | |
| CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
| CN106960166A (en) | A kind of smart jack management system and its method based on distributed general ledger technology | |
| CN114167905A (en) | Power station ecological flow monitoring system | |
| WO2024027070A1 (en) | Terminal device authentication method and system based on identification public key, and computer-readable storage medium | |
| CN113259345A (en) | Intelligent power distribution network data secure transmission method, system and storage medium | |
| CN112069520A (en) | Electric power tower monitoring data encryption method and device based on alliance block chain and Beidou | |
| CN112311553B (en) | Equipment authentication method based on challenge response | |
| CN112039654A (en) | Electric meter data security acquisition method for resisting man-in-the-middle attack | |
| CN113949625A (en) | Message transmission verification algorithm based on GPS and timestamp verification | |
| CN216490531U (en) | Ecological flow monitoring data anti-counterfeiting dongle with GPS positioning function | |
| CN113570321B (en) | Hydrogen energy data management system | |
| CN113315778B (en) | Double-encryption information security transmission method applied to hidden danger positioning | |
| CN115347675A (en) | Smart power grid data secure access method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |