CN115426138A - LonTalk-SA protocol authentication method - Google Patents
LonTalk-SA protocol authentication method Download PDFInfo
- Publication number
- CN115426138A CN115426138A CN202210970947.XA CN202210970947A CN115426138A CN 115426138 A CN115426138 A CN 115426138A CN 202210970947 A CN202210970947 A CN 202210970947A CN 115426138 A CN115426138 A CN 115426138A
- Authority
- CN
- China
- Prior art keywords
- message
- server
- sent
- key
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 9
- 230000008859 change Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 8
- 230000002457 bidirectional effect Effects 0.000 abstract description 3
- 230000005540 biological transmission Effects 0.000 abstract description 3
- 230000006399 behavior Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000004378 air conditioning Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000010438 heat treatment Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000009423 ventilation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Abstract
A LonTalk-SA protocol authentication method includes the steps that a trusted third-party server is added into a LonTalk-SA authentication protocol, identity authentication of a sending end and a receiving end is completed through the trusted third-party server, and exclusive or operation is conducted on random numbers through the sending end and the receiving end to generate a session key. The LonTalk-SA can effectively resist 3 types of attack behaviors of replay, tampering and deception, bidirectional authentication of the communication nodes is provided, and confidentiality, integrity and authentication of messages in the transmission process are guaranteed, so that the safety of a protocol is improved.
Description
Technical Field
The invention relates to the technical field of building automation communication protocol equipment authentication and data confidentiality security.
Background
The building automation system is a key part in an intelligent building and mainly realizes highly automated and intelligent centralized management on all electromechanical facilities and energy equipment in the intelligent building. The combination of the internet and the traditional bus improves the efficiency of the traditional bus, but also introduces the security problem existing in the internet into the building automation system, for example, an attacker can easily tamper, replay, eavesdrop and the like on data transmitted in the industrial control system.
LonTalk is a protocol optimized for controlling the network. Originally developed by Echelon corporation to connect devices via twisted pair, power line, fiber optic, etc., this protocol is widely used in industrial control, home automation, building systems (e.g., lighting and heating, ventilation, and air conditioning). The protocol is adopted as an open international control network standard protocol by ISO/IEC 14908, and a multifunctional control network protocol stack aiming at scenes such as a smart grid, a smart building and a smart city is specified.
With the development of technology, more and more articles now indicate that the LonTalk authentication protocol in the building automation system has a vulnerability. Documents [ J.Ng, S.L.Keoh, Z.Tang, and H.Ko, SEAPASS: symmetry-key encryption and authentication for building authentication systems, in 2018IEEE 4 World form on the Internet of Things (WF-IoT), 2018,219-224] and documents [ P.Jovanovic and S.Neves, dumb encryption in smart grids: active encryption of the open smart grid id protocol, IACR Cryptology P.2015, 2015,428] indicate that the LonTalk authentication protocol has the following security drawbacks: (1) The identity authentication protocol used only supports the verification of the identity of the sender and cannot check the identity of the receiver. And the sending end can only initiate the challenge-response request, but the receiving end can not, the protocol can only carry out one-way authentication. (2) The key for identity authentication between the devices is only 48 bits, and brute force attack cannot be avoided. (3) Only part of the data segment is used for hash calculation and neither address information nor other header information is protected. (4) Data is transmitted in the clear, and therefore, leakage of confidential data may result. (5) Because the sender always needs to perform identity authentication with the receiver, a communication session cannot be established.
The document [ X.Yan and W.Bo, A Security Extension to LonWorks/LonTalk Protocol, international Journal of Digital Content Technology and its Applications, VOL.7, no.6,2013,790-780] proposes a new LonSec Protocol, which uses SHA-1 and AES encryption methods to encrypt data, so as to ensure the confidentiality and integrity of data, and uses an improved needleham-Schroeder Protocol to provide a key distribution mechanism. However, relevant research proves that the SHA-1 algorithm can be broken violently at present, and the sending terminal device does not perform identity authentication on the third-party server, so that the authenticity of the feedback message cannot be guaranteed. Secondly, a timestamp mechanism is not added in the message transmission process, so that the protocol cannot be guaranteed to be prevented from being attacked by replay.
Disclosure of Invention
The invention aims to provide a LonTalk-SA protocol authentication method.
The invention relates to a LonTalk-SA protocol authentication method, which comprises the following steps:
step (1) when A and B carry out identity authentication, A generates random numbers X and N A A encrypts two random numbers and ID of A and B with master key, and sends ID A Sending the encrypted data packet to a server;
step (2) when the Server receives the message from A, use the master key K AS Carrying out decryption; after decryption, the Server uses K BS Two random numbers sent by A are encrypted and added with a time stamp TS 1 (ii) a Will N A Combined with the encrypted data packet sent to B, using a master key K AS Encrypting and sending to A;
step (3) A, after receiving the information returned by the Server, using the master key K AS Discovery of N after decryption A If no change occurs, determining that no tampering attack occurs; then A sends the Server to the data packet and ID sent by B A And ID B Are combined together and sent to B;
step (4) B uses the master key K after receiving the message BS Decrypting to obtain two random numbers generated by A and a time stamp TS 1 Checking whether the replay attack is suffered or not through the timestamp; at this time, B also generates two random numbers Y and N B (ii) a B will ID A 、ID B 、Y、N B And N A Combined together, using a master key K BS Encrypting and finally applying the ID B Sent to Se together with encrypted data packetsrver;
Step (5) Server receives message from B, using key K BS Decryption is performed. Server key K AS For Y, N B 、N A The combined messages are encrypted and time stamped TS is added 2 (ii) a Finally using K BS N is to be B And the encrypted message sent to A is sent to B after being encrypted;
step (6) after B receives the Server message, use K BS Carry out decryption and check N B Whether it has been tampered with; then B sends the rest data to A;
step (7) after receiving the message from B, the A uses the master key K AS Decrypting to obtain random number Y and time stamp TS 2 Checking whether the timestamp exceeds a preset time range; carrying out XOR operation on Y and X to generate a session key K; a is to N A 、N B Carrying out Hash operation; will N A 、N B The hash values are combined together and encrypted by a session key K and sent to a server B;
step (8) B, performing XOR operation on X and Y to generate a session key K; b decrypts the message using the session key K and recalculates N A 、 N B Comparing the hash value of the message A with the hash value of the message A, and if the hash values are the same, indicating that the authentication of the message B to the message A is successful; and B calculates N B 、N A Is to be performed using the session key K to N B 、N A Encrypting the hash value and sending the encrypted hash value to A;
step (9) A, after receiving the message, decrypts it with the session key K and calculates N B ,N A And comparing the hash value of (A) with the hash value sent by (B), and if the hash values are the same, indicating that the authentication of the (A) to the (B) is successful.
The invention has the advantages that:
(1) Resisting malicious instructions: the attack means that an attacker sends a malicious data packet to a node, so that a malicious instruction destroys a system. However, in the LonTalk-SA authentication protocol, an attacker cannot acquire a master key of a node and a server or a session key between the nodes, so that a data packet sent by the attacker cannot be verified, and the system cannot be damaged;
(2) Anti-eavesdropping attack: an attacker eavesdrops on data transmitted in the network in a passive attack mode, analyzes the data and then initiates an attack on the nodes. Since all messages transmitted in the LonTalk-SA authentication protocol are encrypted by using the secret key, an attacker cannot steal the transmitted data;
(3) Replay attack resistance: an attacker eavesdrops the transmitted data and retransmits the eavesdropped data to a receiving end during the next round of communication among the nodes, so that the purpose of deceiving the receiving end is achieved. A timestamp is added into the LonTalk-SA authentication protocol, and when a receiving end finds that the timestamp in the data packet exceeds a time range, the data packet is directly discarded;
(4) And (3) bidirectional authentication: the LonTalk-SA authentication protocol can authenticate the identities of two communication parties;
(5) Perfect forward security: both communication parties generate a random number to calculate the session key, and each authentication operation generates a new random number to calculate the session key. The leakage of the current session key is ensured not to influence the historical communication message. While guaranteeing the freshness of the session key.
Drawings
Fig. 1 is a message flow diagram of a LonTalk-SA protocol authentication method.
Detailed Description
As shown in fig. 1, in the embodiment of the present invention, there are three participating devices, which are a device a, a device B, and a trusted third party server S; the scheme flow is divided into two parts, namely a session key requesting stage and an identity authentication stage.
The invention relates to a LonTalk-SA protocol authentication method, which comprises the following steps:
step (1) when A and B carry out identity authentication, A generates random numbers X and N A A encrypts two random numbers and ID of A and B with master key, and sends ID A Sending the encrypted data packet to a server;
step (2) when the Server receives the message from A, use the master key K AS Carrying out decryption; after decryption, the Server uses K BS Encrypting two random numbers sent from A and addingTime stamping TS 1 (ii) a Will N A Combined with the encrypted data packet sent to B, using a master key K AS Encrypting and sending to A;
step (3) A receives the information returned by the Server, and uses the master key K AS Discovery of N after decryption A If no change occurs, determining that no tampering attack occurs; then A sends the Server to the data packet and ID sent by B A And ID B Combined together and sent to B;
step (4) B uses the master key K after receiving the message BS Decrypting to obtain two random numbers generated by A and a time stamp TS 1 Checking whether the replay attack is suffered or not through the timestamp; at this time, B also generates two random numbers Y and N B (ii) a B will ID A 、ID B 、Y、N B And N A Combined together, using a master key K BS Encrypting and finally applying the ID B Sending the data packet to the Server together with the encrypted data packet;
step (5) the Server receives the message from B and uses the key K BS Decryption is performed. Server key K AS For Y, N B 、N A The combined messages are encrypted and time stamped TS is added 2 (ii) a Finally using K BS N is to be B And sending the encrypted message sent to A to B after encrypting;
step (6) after B receives the message of Server, use K BS Carry out decryption and check N B Whether it has been tampered with; then B sends the rest data to A;
step (7) after receiving the message from B, the A uses the master key K AS Decrypting to obtain random number Y and time stamp TS 2 Checking whether the timestamp exceeds a preset time range; carrying out XOR operation on Y and X to generate a session key K; a is to N A 、N B Carrying out Hash operation; will N A 、N B Combining the hash values, encrypting by using a session key K and sending to B;
step (8) B, performing XOR operation on X and Y to generate a session key K; b decrypts the message using the session key K and recalculates N A 、 N B Is paired with the hash value of the message sent by AIf the hash values are the same, the authentication of the B to the A is successful; and B calculates N B 、N A Is to be performed using the session key K to N B 、N A Encrypting the hash value and sending the encrypted hash value to A;
step (9) A, after receiving the message, decrypts with the session key K and calculates N B ,N A The hash value of (B) is compared with the hash value sent by B, and if the hash values are the same, the authentication of a to B is successful.
Description of the symbols:
a trusted third-party server is added in the LonTalk-SA authentication protocol, identity authentication of a sending end and a receiving end is completed by the third-party server, and exclusive or operation is performed on random numbers through the sending end and the receiving end to generate a session key. The LonTalk-SA can effectively resist 3 types of attack behaviors of replay, tampering and deception, provides bidirectional authentication of the communication nodes, and simultaneously ensures confidentiality, integrity and authentication of messages in the transmission process, thereby improving the safety of the protocol.
Claims (1)
- The LonTalk-SA protocol authentication method is characterized by comprising the following steps:step (1) when A and B carry out identity authentication, A generates random numbers X and N A A encrypts two random numbers and the ID of A and B by using a master key, and the ID is encrypted A Sending the encrypted data packet to a server;step (2) when the Server receives the message from A, use the master key K AS Carrying out decryption; after decryption, the Server uses K BS Two random numbers sent by A are encrypted and added with a time stamp TS 1 (ii) a N is to be A Master key K for combination with encrypted data packet sent to B AS Encrypting and sending to A;step (3) A receives the information returned by the Server, and uses the master key K AS Discovery of N after decryption A If no change occurs, determining that no tampering attack occurs; then A sends the Server to the data packet and ID sent by B A And ID B Combined together and sent to B;step (4) B, after receiving the message, using the master key K BS Decrypting to obtain two random numbers generated by A and a time stamp TS 1 Checking whether the replay attack is suffered or not through the timestamp; at this time, B also generates two random numbers r and N B (ii) a B will ID A 、ID B 、Y、N B And N A Combined together, using a master key K BS Encrypting and finally applying the ID B Sending the data packet to the Server together with the encrypted data packet;step (5) the Server receives the message from B and uses the key K BS Decryption is performed. Server key K AS For Y, N B 、N A The combined messages are encrypted and time stamped TS is added 2 (ii) a Finally using K BS Will N B And sending the encrypted message sent to A to B after encrypting;step (6) after B receives the message of Server, use K BS Carry out decryption and check N B Whether it has been tampered with; then B sends the rest data to A;step (7) after A receives the message from B, use the master key K AS Decrypting to obtain random number Y and time stamp TS 2 Checking whether the timestamp exceeds a preset time range; carrying out XOR operation on Y and X to generate a session key K; a is to N A 、N B Carrying out Hash operation; will N A 、N B Combining the hash values, encrypting by using a session key K and sending to B;step (8) B, performing XOR operation on X and Y to generate a session key K; b decrypts the message using the session key K and recalculates N A 、N B Comparing the hash value of the message sent by the A with the hash value of the message sent by the A, and if the hash values are the same, indicating that the authentication of the B on the A is successful; and B calculates N B 、N A Is to be performed using the session key K to N B 、N A Encrypting the hash value and sending the encrypted hash value to A;step (9) A, after receiving the message, decrypts it with the session key K and calculates N B ,N A The hash value of (B) is compared with the hash value sent by B, and if the hash values are the same, the authentication of a to B is successful.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210970947.XA CN115426138A (en) | 2022-08-14 | 2022-08-14 | LonTalk-SA protocol authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210970947.XA CN115426138A (en) | 2022-08-14 | 2022-08-14 | LonTalk-SA protocol authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115426138A true CN115426138A (en) | 2022-12-02 |
Family
ID=84197572
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210970947.XA Pending CN115426138A (en) | 2022-08-14 | 2022-08-14 | LonTalk-SA protocol authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115426138A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7542569B1 (en) * | 1997-11-26 | 2009-06-02 | Nokia Siemens Networks Oy | Security of data connections |
CN113572788A (en) * | 2021-08-06 | 2021-10-29 | 兰州理工大学 | BACnet/IP protocol equipment authentication safety method |
-
2022
- 2022-08-14 CN CN202210970947.XA patent/CN115426138A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7542569B1 (en) * | 1997-11-26 | 2009-06-02 | Nokia Siemens Networks Oy | Security of data connections |
CN113572788A (en) * | 2021-08-06 | 2021-10-29 | 兰州理工大学 | BACnet/IP protocol equipment authentication safety method |
Non-Patent Citations (2)
Title |
---|
TAO FENG AND YI WU: "Formal Security Analysis and Improvement Based on LonTalk Authentication Protocol", 《SECURITY AND COMMUNICATION NETWORKS》, 12 July 2022 (2022-07-12), pages 8 * |
李谢华;杨树堂;李建华;诸鸿文;: "基于消息类型检测的认证测试分析方法", 上海交通大学学报, no. 01, 28 January 2007 (2007-01-28) * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cao et al. | Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network | |
US6215878B1 (en) | Group key distribution | |
CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
CN105049401B (en) | A kind of safety communicating method based on intelligent vehicle | |
CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
CN111756529B (en) | Quantum session key distribution method and system | |
CN113630248B (en) | Session key negotiation method | |
CN112637136A (en) | Encrypted communication method and system | |
CN113852460B (en) | Implementation method and system for enhancing working key security based on quantum key | |
CN113612610B (en) | Session key negotiation method | |
Saxena et al. | Efficient signature scheme for delivering authentic control commands in the smart grid | |
CN116614239B (en) | Data transmission method and system in Internet of things | |
Annessi et al. | It's about time: Securing broadcast time synchronization with data origin authentication | |
CN111294212A (en) | Security gateway key negotiation method based on power distribution | |
CN111049649A (en) | Zero-interaction key negotiation security enhancement protocol based on identification password | |
CN113676448B (en) | Offline equipment bidirectional authentication method and system based on symmetric key | |
CN114422135A (en) | Verifiable accidental transmission method based on elliptic curve | |
CN116743372A (en) | Quantum security protocol implementation method and system based on SSL protocol | |
CN114928503B (en) | Method for realizing secure channel and data transmission method | |
CN110995671A (en) | Communication method and system | |
CN116760530A (en) | Lightweight authentication key negotiation method for electric power Internet of things terminal | |
CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
CN115426138A (en) | LonTalk-SA protocol authentication method | |
KR101204648B1 (en) | Method for exchanging key between mobile communication network and wireless communication network | |
CN113660195B (en) | AES-RSA anti-man-in-the-middle attack method based on 104 protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |