CN117768149A - Communication authentication method and device - Google Patents
Communication authentication method and device Download PDFInfo
- Publication number
- CN117768149A CN117768149A CN202311525416.0A CN202311525416A CN117768149A CN 117768149 A CN117768149 A CN 117768149A CN 202311525416 A CN202311525416 A CN 202311525416A CN 117768149 A CN117768149 A CN 117768149A
- Authority
- CN
- China
- Prior art keywords
- authentication
- random number
- target
- determining
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 150
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 80
- 239000013307 optical fiber Substances 0.000 claims abstract description 18
- 230000006798 recombination Effects 0.000 claims description 38
- 238000005215 recombination Methods 0.000 claims description 38
- 230000006870 function Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 9
- 238000005336 cracking Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000008521 reorganization Effects 0.000 description 2
- RZVHIXYEVGDQDX-UHFFFAOYSA-N 9,10-anthraquinone Chemical compound C1=CC=C2C(=O)C3=CC=CC=C3C(=O)C2=C1 RZVHIXYEVGDQDX-UHFFFAOYSA-N 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a communication authentication method and a device, which relate to the technical field of communication, and the method comprises the following steps: acquiring a first random number and at least one second random number corresponding to a target communication module; determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number; determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit; and receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result. The invention can improve the safety of the FC-AE-1553 optical fiber communication protocol application.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and apparatus for communication authentication.
Background
The FC-AE-1553 optical fiber communication protocol is a novel high-speed optical fiber avionics system bus standard, and can be better applied to transmission and signal control between various aviation devices such as a flight control system and a navigation system in an airplane by using the bus link with high bandwidth, high reliability, strong real-time and low delay and the characteristic of effectively reducing the weight of the bus system.
However, before the FC-AE-1553 optical fiber communication protocol is applied, authentication needs to be performed on the FC-AE-1553 optical fiber communication protocol, otherwise, an illegal user is easy to attack and illegally access the FC-AE-1553 optical fiber communication protocol, and great loss is caused. Therefore, how to authenticate the FC-AE-1553 fiber optic communication protocol to improve application security is a current challenge.
Disclosure of Invention
The invention provides a communication authentication method and a device, which are used for solving the defect that in the prior art, an illegal user is easy to attack and illegally accesses an FC-AE-1553 optical fiber communication protocol, so that larger loss is caused, and improving the application safety of the FC-AE-1553 optical fiber communication protocol.
The invention provides a communication authentication method, which is applied to a Field Programmable Gate Array (FPGA) chip, and comprises the following steps:
acquiring a first random number and at least one second random number corresponding to a target communication module;
determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit;
And receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
According to the communication authentication method provided by the invention, the determining the target authentication sequence number based on the first random number comprises the following steps:
performing remainder taking on the first random number, and determining target remainder taking times;
and determining the target authentication sequence number based on the target remainder times.
According to the communication authentication method provided by the invention, a first authentication result is determined based on the first random number, and the method comprises the following steps:
taking the remainder of the first random number, determining the remainder corresponding to the first random number, and determining the remainder as an authentication seed;
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
and inputting the authentication seeds into the target authentication algorithm to determine a first authentication result.
According to the communication authentication method provided by the invention, the sending the data to be authenticated to the micro control unit comprises the following steps:
simultaneously sending the target authentication sequence number and the recombination random number to the micro control unit;
Or alternatively, the first and second heat exchangers may be,
and determining the sending sequence of the target authentication sequence number and the recombination random number, and sequentially sending the target authentication sequence number and the recombination random number to the micro control unit based on the sending sequence.
According to the communication authentication method provided by the invention, the determining the authentication result corresponding to the target communication module based on the first authentication result and the second authentication result comprises the following steps:
and under the condition that the second authentication result is equal to the first authentication result, determining that the authentication result corresponding to the target communication module passes authentication, and generating an enabling effective signal corresponding to the target communication module, wherein the target communication module is an FC-AE-1553 optical fiber communication protocol.
According to the communication authentication method provided by the invention, the method for acquiring the first random number and at least one second random number corresponding to the target communication module comprises the following steps:
determining a first random number seed based on a first power-on duration of a target communication module timer; determining at least one second random number seed based on at least one second power-on duration of the target communication module timer; the first power-on duration is not equal to each second power-on duration;
Determining the first random number based on a random function and the first random number seed;
each of the second random numbers is determined based on the random function and each of the second random number seeds.
The invention also provides a communication authentication method which is applied to the micro control unit, and the method comprises the following steps:
receiving data to be authenticated sent by a Field Programmable Gate Array (FPGA) chip, wherein the data to be authenticated is determined based on a recombination random number and a target authentication sequence number;
determining a first random number in the target authentication sequence number and the recombined random number based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining a second authentication result based on the target authentication sequence number and the first random number;
and sending the second authentication result to the FPGA chip.
According to the communication authentication method provided by the invention, the determining a second authentication result based on the target authentication sequence number and the first random number comprises the following steps:
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
taking the remainder of the first random number, and determining the obtained remainder as a new authentication seed;
And inputting the new authentication seeds into the target authentication algorithm to determine the second authentication result.
The invention also provides a communication authentication device which is applied to the field programmable gate array FPGA chip, and the device comprises:
the acquisition module is used for acquiring the first random number and at least one second random number corresponding to the target communication module;
the first authentication module is used for determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
the first determining module is used for determining data to be authenticated based on the target authentication sequence number, the first random number and the recombined random number after the recombination of the at least one second random number, and sending the data to be authenticated to the micro control unit;
the first receiving module is used for receiving a second authentication result sent by the micro control unit and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
The invention also provides a communication authentication device which is applied to the micro control unit, and the device comprises:
The second receiving module is used for receiving data to be authenticated sent by the field programmable gate array FPGA chip, and the data to be authenticated is determined based on the recombination random number and the target authentication sequence number;
the second determining module is used for determining the target authentication sequence number and a first random number in the recombined random numbers based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
the second authentication module is used for determining a second authentication result based on the target authentication sequence number and the first random number;
and the sending module is used for sending the second authentication result to the FPGA chip.
The communication authentication method and the device provided by the invention are characterized in that after a first random number and at least one second random number corresponding to a target communication module are acquired, a target authentication sequence number of a corresponding target authentication algorithm is determined according to the first random number, a first authentication result is determined according to the target authentication algorithm and the first random number, after the first random number and the at least one second random number are recombined, data to be authenticated is determined together with the target authentication sequence number, the data to be authenticated is sent to a micro control unit, the authentication result of the target communication module is determined according to the comparison between the first authentication result and the second authentication result determined by the micro control unit, the target authentication algorithm is flexibly determined according to the target authentication sequence number, and the recombination of the first random number and the at least one second random number is carried out, so that the cracking difficulty of the data to be authenticated is improved, and the application safety of the target communication module is further improved.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a communication authentication method according to an embodiment of the present invention;
FIG. 2 is a second flow chart of a communication authentication method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of connection between an FPGA chip and a micro control unit according to an embodiment of the present invention;
FIG. 4 is a third flow chart of a communication authentication method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a communication authentication device according to an embodiment of the present invention;
fig. 6 is a second schematic structural diagram of a communication authentication device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Aiming at the problem that an illegal user is easy to attack and illegally accesses the FC-AE-1553 optical fiber communication protocol to cause larger loss in the prior art, the embodiment of the invention provides a communication authentication method which is applied to a Field Programmable Gate Array (FPGA) chip, and fig. 1 is one of flow diagrams of the communication authentication method provided by the embodiment of the invention, as shown in fig. 1, the method comprises the following steps:
step 110, a first random number and at least one second random number corresponding to the target communication module are obtained.
In the design environment of the FPGA, the target communication module is an IP (Intellectual Property ) core of the target communication protocol, and encapsulates the target communication protocol into an IP form. The IP core is a pre-built and validated hardware functional module, and may include a processor core, a memory controller, a communication interface, a Digital Signal Processor (DSP), an accelerator, a peripheral controller, and the like. The IP core can be used in an FPGA design environment, so that development time and workload are reduced, and a designer can integrate the IP core into an FPGA project conveniently, so that hardware acceleration and optimization are fully utilized. The target communication protocol is an FC-AE-1553 optical fiber communication protocol, the FC-AE-1553 optical fiber communication protocol is a subset of the FC-AE protocol, the FC-AE-1553 optical fiber communication protocol not only has the characteristic of the FC-AE protocol, but also can be seamlessly compatible with MIL-STD-1553 bus system equipment, smooth upgrading of an MIL-STD-1553 bus system is realized, and the FC-AE-1553 optical fiber communication protocol has the advantages of high reliability, high stability, high bandwidth, strong electromagnetic interference resistance, simplicity and rapidness in engineering application and the like. The FC-AE-1553 optical fiber communication protocol is mainly applied to communication interconnection, data transmission, instruction control and the like among various electronic devices in the fields of aviation, aerospace and the like.
Further, fig. 2 is a second flowchart of a communication authentication method according to an embodiment of the present invention, as shown in fig. 2, the obtaining a first random number and at least one second random number corresponding to a target communication module includes:
determining a first random number seed based on a first power-on duration of a target communication module timer; determining at least one second random number seed based on at least one second power-on duration of the target communication module timer; the first power-on duration is not equal to each second power-on duration;
determining the first random number based on a random function and the first random number seed;
each of the second random numbers is determined based on the random function and each of the second random number seeds.
Specifically, when determining a first random number corresponding to a target communication module, first reading a first power-on duration stored in a register by a timer of the target communication module, determining a first random number seed according to the first power-on duration, and obtaining a first random number corresponding to the first random number seed by a random function based on a starting point determined by the first random number seed. After the first random number is determined, and a first authentication result is determined according to the first random number, a second power-on duration stored in a register by the timer of the target communication module is read again, and after the first power-on duration is read for the first time, the second power-on duration is not equal to the first power-on duration due to the fact that the duration consumed by the first random number is determined and the duration consumed by the first authentication result is determined according to the first random number, and the second power-on duration is longer than the first power-on duration. And after the second power-on duration is determined, determining a second random number seed according to the second power-on duration, and obtaining a second random number corresponding to the second random number seed by a random function based on the starting point determined by the second random number seed. Further, at least one second random number may be determined according to the above operations.
Further, two functions are provided in the C/c++ standard library < cstdlib > for generating random numbers, namely a srand function and a rand () function, wherein the srand function is used for setting seed values corresponding to the random numbers, the seed values are starting points for generating the random numbers, and different seed values generate different random number sequences. The rand () function is the random function, and generates a random number according to the seed value set by the srnd (seed) function. For example, after the first power-on duration a is read, the first random number seed may be determined as a first random number seed by using a srnd (a) function, where the first random number seed is set as a starting point of first random number generation, and then the first random number is generated according to the first random number seed by using a rand () function.
It should be noted that, the precision of this goal communication module timer reaches the nanosecond level, namely, the precision of this first time length of powering up and each second time length of powering up all reaches the nanosecond level, and this goal communication module timer of nanosecond level can keep stability and precision for a long time, and sensitivity is higher, can satisfy extremely fast response speed's application demand, and this goal communication module timer of nanosecond level easily controls.
Step 120, determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number.
Specifically, after the first random number is determined, a target authentication sequence number is further determined, a target authentication algorithm corresponding to the first random number can be further determined according to the target authentication sequence number, the first random number can be encrypted according to the target authentication algorithm, a first authentication result is obtained, and data security is improved.
Further, as shown in fig. 2, the determining the target authentication sequence number based on the first random number includes:
performing remainder taking on the first random number, and determining target remainder taking times;
and determining the target authentication sequence number based on the target remainder times.
Further, as shown in fig. 2, determining a first authentication result based on the first random number includes:
taking the remainder of the first random number, determining the remainder corresponding to the first random number, and determining the remainder as an authentication seed;
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
and inputting the authentication seeds into the target authentication algorithm to determine a first authentication result.
Specifically, after determining the first random number, the first random number may be subjected to remainder operation, on one hand, the current target remainder times are determined, the target remainder times are used as target authentication sequence numbers, according to the target authentication sequence numbers, traversal can be performed in a preset algorithm library according to the target authentication sequence numbers, the preset algorithm library includes a plurality of authentication algorithms, each authentication algorithm is configured with a corresponding number, and the target authentication algorithm with the same number as the target authentication sequence numbers is obtained. On the other hand, after taking the remainder, the remainder corresponding to the first random number can be determined, the remainder is used as an authentication seed, and the authentication seed is input into a target authentication algorithm for authentication calculation, so that a first authentication result is obtained.
It should be noted that, in the multiple remainder taking operations, the target remainder taking times corresponding to each remainder taking operation have a cycle, and the upper limit value of the target remainder taking times may be determined according to the number of authentication algorithms in the preset algorithm library, and the lower limit value of the target remainder taking times may be 1. Specifically, after the first random number is subjected to remainder taking, the current remainder taking times are obtained, and the upper limit value of the remainder taking times can be an infinite positive integer. After determining the remainder count, the remainder count may be further compared with the upper limit value, and if the remainder count is greater than the upper limit value, the lower limit value is determined as the target remainder count, and if the remainder count is less than or equal to the upper limit value, the remainder count is determined as the target remainder count. Taking the example that the lower limit value of the target remainder taking number is 1 and the upper limit value is 5 as the example, if the current remainder taking number is 5, the target remainder taking number is determined to be 5 because the remainder taking number is equal to the upper limit value, and if the current remainder taking number is 6, the target remainder taking number is determined to be 1 because the remainder taking number is greater than the upper limit value.
Optionally, the authentication Algorithm in the preset Algorithm library may include a CRC (CyclicRedundancy Check ) Algorithm, an AES (Advanced EncryptionStandard, advanced encryption standard) Algorithm, an RSA (asymmetric encryption) Algorithm, an MD5 Message-Digest Algorithm (MD 5 Message-Digest Algorithm), and the like, which is not limited in this embodiment of the present invention.
And 130, determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit.
Specifically, after determining the target authentication sequence number, the first random number and at least one second random number, firstly recombining the first random number and the at least one second random number to obtain a recombined random number, then determining data to be authenticated according to the target authentication sequence number and the recombined random number, and sending the data to be authenticated to a micro control unit (Microcontroller Unit, MCU), thereby improving the cracking difficulty of an illegal user on the data to be authenticated and further ensuring the security of the data in the data transmission process.
Alternatively, when the first random number and the at least one second random number are recombined, the recombination method may be splicing, bit operation, four-rule operation, or the like, which is not limited in the embodiment of the present invention. It should be noted that, the recombination method is a reversible method, that is, after the first random number and at least one second random number are recombined to obtain the recombined random number, under the condition that the recombination method is obtained in advance, the first random number and the at least one second random number can be obtained by reduction according to the recombined random number.
Optionally, before or when sending the data to be authenticated, the method may further send indication information corresponding to the reorganization method to the micro control unit, so that after the micro control unit receives the data to be authenticated, the data to be authenticated may be restored according to the reorganization method in the indication information, to obtain the first random number and the at least one second random number.
Further, as shown in fig. 2, the sending the data to be authenticated to the micro control unit includes:
simultaneously sending the target authentication sequence number and the recombination random number to the micro control unit;
or alternatively, the first and second heat exchangers may be,
and determining the sending sequence of the target authentication sequence number and the recombination random number, and sequentially sending the target authentication sequence number and the recombination random number to the micro control unit based on the sending sequence.
Specifically, after the data to be authenticated is determined, the data to be authenticated needs to be sent to the micro control unit, and when the data to be authenticated is sent, on one hand, the target authentication sequence number and the recombination random number can be packaged into the same data message, and the data message is transmitted through a communication protocol. On the other hand, the target authentication sequence number and the recombination random number can be respectively packaged into two different data messages, and then the sending sequence of the two data messages is determined, namely, whether the data message corresponding to the recombination random number is sent preferentially or the data message corresponding to the target authentication sequence number is sent preferentially is determined. The data security can be further improved by discretely transmitting the target authentication sequence number and the recombination random number.
It should be noted that, if the target authentication sequence number and the recombination random number are packaged into two different data messages to be sent, before sending, sequence indication information needs to be sent to the micro control unit, so that the micro control unit can determine whether the received data message corresponds to the target authentication sequence number or the recombination random number according to the sequence indication information. Or, the identifier corresponding to each of the target authentication sequence number and the recombination random number is pre-agreed with the micro control unit, at this time, the target authentication sequence number and the recombination random number can be directly sent to the micro control unit in sequence according to the sending sequence without sending sequence indication information first, and the micro control unit can identify the data message according to the identifier to represent the target authentication sequence number or the recombination random number.
Optionally, the communication protocol may include: CAN (Controller Area Network ) bus protocol, IIC (Inter-Integrated Circuit, bi-directional binary synchronous serial) bus protocol, serial port communication protocol, or the like, to which embodiments of the present invention are not limited.
Optionally, fig. 3 is a schematic connection diagram of an FPGA chip and a micro control unit provided in an embodiment of the present invention, and as shown in fig. 3, the FPGA chip includes: microblaze soft core, FC-AE-1553IP, IIC IP core, CAN IP core and UART (Universal AsynchronousReceiver/Transmitter, asynchronous transceiver) IP core, etc. The embedded software runs in a Microblaze soft core, the Microblaze soft core reads a first random number seed and at least one second random number seed in an FC-AE-1553IP timer through an AXI (Advanced eXtensibleInterface ) bus, after the data to be authenticated is determined according to the first random number seed and the at least one second random number seed, the data to be authenticated is sent to one of an IIC IP core, a CAN IP core and a Uart IP core through the AXI bus, and then sent to a micro control unit through the target IP core.
Furthermore, the micro control unit includes: the micro control unit and the FPGA chip are in communication connection through the communication interfaces such as the IIC interface, the CAN interface, the Uart interface and the like, namely, the IIC IP core of the FPGA chip is connected with the IIC interface of the micro control unit, the CAN IP core of the FPGA chip is connected with the CAN interface of the micro control unit, and the Uart IP core of the FPGA chip is connected with the Uart interface of the micro control unit. The micro control unit is also embedded with single chip microcomputer software. And after receiving the data to be authenticated, carrying out data processing on the data to be authenticated through the singlechip unit to obtain a second authentication result.
And 140, receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
Further, as shown in fig. 2, the determining, based on the first authentication result and the second authentication result, the authentication result corresponding to the target communication module includes:
and under the condition that the second authentication result is equal to the first authentication result, determining that the authentication result corresponding to the target communication module passes authentication, and generating an enabling effective signal corresponding to the target communication module, wherein the target communication module is an FC-AE-1553 optical fiber communication protocol.
Specifically, after receiving the second authentication result determined by the micro control unit, comparing the first authentication result with the second authentication result, if the first authentication result is equal to the second authentication result, indicating that the authentication of the target communication module is passed, and then generating an enabling effective signal, namely, using the target communication module for function development.
In addition, if the first authentication result is not equal to the second authentication result, the first random number and at least one second random number are determined again, the first authentication result and the second authentication result are determined, and authentication is performed again. If the failure times reach a preset threshold value, the authentication failure is indicated.
According to the communication authentication method provided by the embodiment of the invention, after the first random number and at least one second random number corresponding to the target communication module are acquired, the target authentication sequence number of the corresponding target authentication algorithm is determined according to the first random number, the first authentication result is determined according to the target authentication algorithm and the first random number, after the first random number and the at least one second random number are recombined, the data to be authenticated is determined together with the target authentication sequence number, the data to be authenticated is sent to the micro control unit, the authentication result of the target communication module is determined according to the comparison between the first authentication result and the second authentication result determined by the micro control unit, the target authentication algorithm is flexibly determined according to the target authentication sequence number, and the recombination of the first random number and the at least one second random number is carried out, so that the cracking difficulty of the data to be authenticated is improved, and the application safety of the target communication module is further improved.
The invention also provides a communication authentication method applied to the micro control unit, fig. 4 is a third flow chart of the communication authentication method provided by the embodiment of the invention, as shown in fig. 4, the method includes:
step 410, receiving data to be authenticated sent by a field programmable gate array FPGA chip, where the data to be authenticated is determined based on the recombined random number and the target authentication sequence number.
Step 420, determining the target authentication sequence number and a first random number in the recombined random numbers based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number.
Step 430, determining a second authentication result based on the target authentication sequence number and the first random number.
Step 440, sending the second authentication result to the FPGA chip.
Specifically, after the micro control unit receives the data to be authenticated sent by the FPGA chip, the micro control unit may further identify the target authentication sequence number and the recombined random number in the data to be authenticated, then, by reducing the recombined random number, a first random number and at least one second random number are obtained, by the target authentication sequence number and the first random number obtained by reduction, a second authentication result may be further determined, and the second authentication result is sent to the FPGA chip.
Further, the determining a second authentication result based on the target authentication sequence number and the first random number includes:
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
taking the remainder of the first random number, and determining the obtained remainder as a new authentication seed;
and inputting the new authentication seeds into the target authentication algorithm to determine the second authentication result.
Specifically, after the first random number is restored, the numbers of the authentication algorithms can be traversed in a preset algorithm library, the authentication algorithm with the number equal to the target authentication sequence number is determined to be the target authentication algorithm, meanwhile, the remainder is obtained by taking the first random number, the remainder is determined to be a new authentication seed, and the new authentication seed is calculated through the target authentication algorithm to obtain a second authentication result.
According to the communication authentication method provided by the embodiment of the invention, after the data to be authenticated is received, the first random number is obtained through restoration of the recombined random number, the target authentication algorithm is improved through the target authentication sequence number, then the new authentication seed obtained after the first random number is subjected to residue removal is calculated through the target authentication algorithm, the second authentication result is obtained, the cracking difficulty of the first random number is improved through the recombined random number, the flexibility of determination of the target authentication algorithm is improved through the target authentication sequence number, the cracking difficulty of the data to be authenticated is improved, and the authentication security of the target communication module is further improved.
The embodiment of the invention also provides a communication authentication device, which is applied to a field programmable gate array FPGA chip, and fig. 5 is one of the schematic structural diagrams of the communication authentication device provided by the embodiment of the invention, as shown in fig. 5, the communication authentication device 500 includes: an acquisition module 510, a first authentication module 520, a first determination module 530, and a first receiving module 540, wherein:
the obtaining module 510 is configured to obtain a first random number and at least one second random number corresponding to the target communication module.
The first authentication module 520 determines a target authentication sequence number and a first authentication result based on the first random number, where the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number.
A first determining module 530, configured to determine data to be authenticated based on the target authentication sequence number and the recombined random number of the first random number and the at least one second random number, and send the data to be authenticated to a micro control unit.
The first receiving module 540 is configured to receive the second authentication result sent by the micro control unit, and determine an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
According to the communication authentication device provided by the embodiment of the invention, after the first random number and at least one second random number corresponding to the target communication module are acquired, the target authentication sequence number of the corresponding target authentication algorithm is determined according to the first random number, the first authentication result is determined according to the target authentication algorithm and the first random number, then the first random number and the at least one second random number are recombined, the data to be authenticated is determined together with the target authentication sequence number, the data to be authenticated is sent to the micro control unit, the authentication result of the target communication module is determined according to the comparison between the first authentication result and the second authentication result determined by the micro control unit, the target authentication algorithm is flexibly determined according to the target authentication sequence number, and the recombination of the first random number and the at least one second random number is carried out, so that the cracking difficulty of the data to be authenticated is improved, and the application safety of the target communication module is further improved.
Optionally, the obtaining module 510 is specifically configured to:
determining a first random number seed based on a first power-on duration of a target communication module timer; determining at least one second random number seed based on at least one second power-on duration of the target communication module timer; the first power-on duration is not equal to each second power-on duration;
Determining the first random number based on a random function and the first random number seed;
each of the second random numbers is determined based on the random function and each of the second random number seeds.
Optionally, the first authentication module 520 is specifically configured to:
performing remainder taking on the first random number, and determining target remainder taking times;
and determining the target authentication sequence number based on the target remainder times.
Optionally, the first authentication module 520 is specifically configured to:
taking the remainder of the first random number, determining the remainder corresponding to the first random number, and determining the remainder as an authentication seed;
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
and inputting the authentication seeds into the target authentication algorithm to determine a first authentication result.
Optionally, the first determining module 530 is specifically configured to:
simultaneously sending the target authentication sequence number and the recombination random number to the micro control unit;
or alternatively, the first and second heat exchangers may be,
and determining the sending sequence of the target authentication sequence number and the recombination random number, and sequentially sending the target authentication sequence number and the recombination random number to the micro control unit based on the sending sequence.
Optionally, the first receiving module 540 is specifically configured to:
and under the condition that the second authentication result is equal to the first authentication result, determining that the authentication result corresponding to the target communication module passes authentication, and generating an enabling effective signal corresponding to the target communication module, wherein the target communication module is an FC-AE-1553 optical fiber communication protocol.
The embodiment of the invention also provides a communication authentication device, which is applied to the micro control unit, fig. 6 is a second schematic structural diagram of the communication authentication device provided by the embodiment of the invention, as shown in fig. 6, the communication authentication device 600 includes: a second receiving module 610, a second determining module 620, a second authenticating module 630, and a transmitting module 640, wherein:
the second receiving module 610 is configured to receive data to be authenticated sent by the field programmable gate array FPGA chip, where the data to be authenticated is determined based on the recombinant random number and the target authentication sequence number.
A second determining module 620, configured to determine, based on the data to be authenticated, a first random number of the target authentication sequence number and the recombined random number, where the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number.
A second authentication module 630, configured to determine a second authentication result based on the target authentication sequence number and the first random number.
And the sending module 640 is configured to send the second authentication result to the FPGA chip.
According to the communication authentication device provided by the embodiment of the invention, after the data to be authenticated is received, the first random number is restored through the recombination random number, the target authentication algorithm is improved through the target authentication sequence number, the second authentication result is obtained through the calculation of the first random number through the target authentication algorithm, the cracking difficulty of the first random number is improved through the recombination random number, the flexibility of the determination of the target authentication algorithm is improved through the target authentication sequence number, the cracking difficulty of the data to be authenticated is improved, and the authentication safety of the target communication module is further improved.
Optionally, the second authentication module 630 is specifically configured to:
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
taking the remainder of the first random number, and determining the obtained remainder as a new authentication seed;
and inputting the new authentication seeds into the target authentication algorithm to determine the second authentication result.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, as shown in fig. 7, the electronic device may include: processor 710, communication interface (Communications Interface) 720, memory 730, and communication bus 740, wherein processor 710, communication interface 720, memory 730 communicate with each other via communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform a communication authentication method comprising:
Acquiring a first random number and at least one second random number corresponding to a target communication module;
determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit;
and receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
Or,
receiving data to be authenticated sent by a Field Programmable Gate Array (FPGA) chip, wherein the data to be authenticated is determined based on a recombination random number and a target authentication sequence number;
determining a first random number in the target authentication sequence number and the recombined random number based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining a second authentication result based on the target authentication sequence number and the first random number;
And sending the second authentication result to the FPGA chip.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only memory (ROM), a random access memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of performing the communication authentication method provided by the methods described above, the method comprising:
Acquiring a first random number and at least one second random number corresponding to a target communication module;
determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit;
and receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
Or,
receiving data to be authenticated sent by a Field Programmable Gate Array (FPGA) chip, wherein the data to be authenticated is determined based on a recombination random number and a target authentication sequence number;
determining a first random number in the target authentication sequence number and the recombined random number based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining a second authentication result based on the target authentication sequence number and the first random number;
And sending the second authentication result to the FPGA chip.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform a communication authentication method provided by the above methods, the method comprising:
acquiring a first random number and at least one second random number corresponding to a target communication module;
determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit;
and receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
Or,
receiving data to be authenticated sent by a Field Programmable Gate Array (FPGA) chip, wherein the data to be authenticated is determined based on a recombination random number and a target authentication sequence number;
Determining a first random number in the target authentication sequence number and the recombined random number based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining a second authentication result based on the target authentication sequence number and the first random number;
and sending the second authentication result to the FPGA chip.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A communication authentication method, applied to a field programmable gate array FPGA chip, comprising:
acquiring a first random number and at least one second random number corresponding to a target communication module;
determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
determining data to be authenticated based on the target authentication sequence number and the recombined random number after the first random number and the at least one second random number are recombined, and sending the data to be authenticated to a micro control unit;
and receiving a second authentication result sent by the micro control unit, and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
2. The method of communication authentication according to claim 1, wherein the determining a target authentication sequence number based on the first random number comprises:
performing remainder taking on the first random number, and determining target remainder taking times;
and determining the target authentication sequence number based on the target remainder times.
3. The communication authentication method according to claim 2, wherein determining a first authentication result based on the first random number comprises:
Taking the remainder of the first random number, determining the remainder corresponding to the first random number, and determining the remainder as an authentication seed;
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
and inputting the authentication seeds into the target authentication algorithm to determine a first authentication result.
4. A method of authenticating communications according to any one of claims 1 to 3, wherein said sending said data to be authenticated to a micro control unit comprises:
simultaneously sending the target authentication sequence number and the recombination random number to the micro control unit;
or alternatively, the first and second heat exchangers may be,
and determining the sending sequence of the target authentication sequence number and the recombination random number, and sequentially sending the target authentication sequence number and the recombination random number to the micro control unit based on the sending sequence.
5. A method of authenticating a communication according to any one of claims 1 to 3, wherein determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result comprises:
and under the condition that the second authentication result is equal to the first authentication result, determining that the authentication result corresponding to the target communication module passes authentication, and generating an enabling effective signal corresponding to the target communication module, wherein the target communication module is an FC-AE-1553 optical fiber communication protocol.
6. A method of authenticating communications according to any one of claims 1 to 3, wherein the obtaining the first random number and the at least one second random number corresponding to the target communication module includes:
determining a first random number seed based on a first power-on duration of a target communication module timer; determining at least one second random number seed based on at least one second power-on duration of the target communication module timer; the first power-on duration is not equal to each second power-on duration;
determining the first random number based on a random function and the first random number seed;
each of the second random numbers is determined based on the random function and each of the second random number seeds.
7. A method of communication authentication, applied to a micro control unit, the method comprising:
receiving data to be authenticated sent by a Field Programmable Gate Array (FPGA) chip, wherein the data to be authenticated is determined based on a recombination random number and a target authentication sequence number;
determining a first random number in the target authentication sequence number and the recombined random number based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
Determining a second authentication result based on the target authentication sequence number and the first random number;
and sending the second authentication result to the FPGA chip.
8. The method of communication authentication according to claim 7, wherein the determining a second authentication result based on the target authentication sequence number and the first random number comprises:
determining a target authentication algorithm corresponding to the target authentication sequence number from a preset algorithm library;
taking the remainder of the first random number, and determining the obtained remainder as a new authentication seed;
and inputting the new authentication seeds into the target authentication algorithm to determine the second authentication result.
9. A communication authentication device, for application to a field programmable gate array FPGA chip, the device comprising:
the acquisition module is used for acquiring the first random number and at least one second random number corresponding to the target communication module;
the first authentication module is used for determining a target authentication sequence number and a first authentication result based on the first random number, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
the first determining module is used for determining data to be authenticated based on the target authentication sequence number, the first random number and the recombined random number after the recombination of the at least one second random number, and sending the data to be authenticated to the micro control unit;
The first receiving module is used for receiving a second authentication result sent by the micro control unit and determining an authentication result corresponding to the target communication module based on the first authentication result and the second authentication result.
10. A communication authentication device, characterized by being applied to a micro control unit, said device comprising:
the second receiving module is used for receiving data to be authenticated sent by the field programmable gate array FPGA chip, and the data to be authenticated is determined based on the recombination random number and the target authentication sequence number;
the second determining module is used for determining the target authentication sequence number and a first random number in the recombined random numbers based on the data to be authenticated, wherein the target authentication sequence number is a sequence number of a target authentication algorithm corresponding to the first random number;
the second authentication module is used for determining a second authentication result based on the target authentication sequence number and the first random number;
and the sending module is used for sending the second authentication result to the FPGA chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311525416.0A CN117768149A (en) | 2023-11-15 | 2023-11-15 | Communication authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311525416.0A CN117768149A (en) | 2023-11-15 | 2023-11-15 | Communication authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117768149A true CN117768149A (en) | 2024-03-26 |
Family
ID=90315189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311525416.0A Pending CN117768149A (en) | 2023-11-15 | 2023-11-15 | Communication authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117768149A (en) |
-
2023
- 2023-11-15 CN CN202311525416.0A patent/CN117768149A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9705678B1 (en) | Fast CAN message authentication for vehicular systems | |
| US8214914B2 (en) | Securing wakeup network events | |
| CN106529308B (en) | data encryption method and device and mobile terminal | |
| US20160285850A1 (en) | Security Authentication Method and Bidirectional Forwarding Detection BFD Device | |
| CN101964789B (en) | Method and system for safely accessing protected resources | |
| CN109088902B (en) | Register method and device, authentication method and device | |
| CN111355684B (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
| CN111783078A (en) | Android platform security chip control system | |
| CN104317764A (en) | Real-time control method for asynchronous messages of 1553B bus | |
| CN113986470B (en) | Batch remote proving method for virtual machines without perception of users | |
| CN106570402A (en) | Encryption module and process trusted measurement method | |
| CN117640256A (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
| CN117768149A (en) | Communication authentication method and device | |
| US10719454B2 (en) | Synchronizing requests to access computing resources | |
| CN114650138A (en) | I2C communication method, system, equipment and medium | |
| CN115509917A (en) | Method, system, equipment and storage medium for verifying encryption and decryption algorithm | |
| CN112580077B (en) | Information processing method, device, equipment and storage medium | |
| CN114362997A (en) | Data transmission method and device for intelligent equipment of transformer substation, intelligent equipment and medium | |
| CN112637160A (en) | Login verification method, device, equipment and storage medium | |
| CN220855656U (en) | Data safety transmission device | |
| CN115348177B (en) | Industrial control system network topology security reconstruction method, device and storage medium | |
| CN111212042B (en) | Data transmission method, device and system | |
| CN114745216B (en) | Dynamic access method and device | |
| CN112187462B (en) | Data processing method and device, electronic equipment and computer readable medium | |
| CN107948243B (en) | Internet of things communication method, terminal and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |