The privacy control method remotely controlled for Internet of Things and system
Technical field
The present invention relates to the technology that wireless encryption between a kind of internet of things equipment controls, specifically a kind of based on quantum with
Machine number, in combination with telesecurity control system and the method for one-time pad AES.
Background technology
Remote control technology important component part in control field, is generally divided into wired remote control and wireless remote
Control.The wireless mode used between internet of things equipment sends and controls have bigger being ravesdropping compared to traditional wired mode
The danger even distorted, but the most mainly by using the plain-text instructions without encryption in a lot of control system.Past
100 years in cryptography quickly grow, contemporary cryptology is broadly divided into two classes: a class is symmetric cryptosystem, another kind of right and wrong
Symmetric cryptosystem.Conventional asymmetric cryptographic algorithm has RSA, Merkler Hellman, ELGamal, Rabin etc..Commonly use
Symmetric cryptosystem has DES, AES, RC5 etc..One-time pad belongs to symmetry cipher, is the one preferably side of encryption
Case, theoretically, uses the system of one-time pad algorithm for encryption to decode.One-time pad AES is mainly used in
Sensitive low bandwidth channel, is used for secrecy top secret file by the military and government very early.One-time pad algorithm requirement
Key is true random number, and the most usually utilizes computer to produce pseudo random number according to special algorithm, and pseudo random number is through foot
Can produce sequence after the enough long time to repeat, this point limits one-time pad and widely answers at the aspect such as civilian and commercial
With.Nowadays along with the development of modern quantum techniques, we can utilize quantum-mechanical uncertainty principle true to obtain quantum
Random number, the quantum real random number generator of the most day by day commercialization makes one-time pad algorithm have bigger application prospect.
Summary of the invention
The present invention is directed to existing quantum accidental enciphering technology and cannot be applied to Internet of Things, and the synchronicity of action and instruction
It is difficult to meet the defects such as requirement, proposes a kind of privacy control method remotely controlled for Internet of Things and system, in hardware
Storage and management key, by utilizing quantum true random number, true random number cipher key source i.e. reliably, calculate in conjunction with one-time pad encryption
Method, it is possible to achieve telesecurity based on said system exploitation controls, and realizes absolutely between Internet of Things remote wireless communication device
The secrecy of safety is controlled.
The present invention is achieved by the following technical solutions:
The present invention relates to a kind of privacy control method remotely controlled for Internet of Things, exist with quantum random number key sequence
Different storage positions in encryption end memorizer are as bright key, to bright key after every time to plain-text instructions one-time pad cryptographic operation
Carry out synchronized update, and as a part for ciphertext instruction;When decrypting end is decrypted, first read in decrypting end memorizer
Bright key in corresponding ciphertext instruction obtains the storage position of key, then reads key and ciphertext instruction is carried out one-time pad solution
Close.
Described ciphertext instruction includes but not limited to: command source mark, command length, function flag bit, data bit, school
Test value, cipher key address, offset address.
Described ciphertext instruction has the service condition information of key, preferably stores the use of key at tail portion
Situation information, this information combines the most meaningful with key storing unit, and reality does not comprise real key, does not affects
The safety that system is overall.
Described one-time pad refers to: (is used by quantum tandom number generator but is not limited to Quantis USB with 4Mps
Speed) the random bit flow data that generates, the most encrypted use of every key data therein once, the cipher key number after encryption
According to not re-encrypting after position and needing timing to update, to ensure the safety of key sequence.
Described synchronized update refers to use quantum random number generator regenerating key, is preferably respectively written into transmission
And in the cipher key storage block of decrypting end.
Described memorizer is arranged at encryption end and decrypting end and all preserves identical key, is respectively used to encryption
And deciphering.
Described encryption, decryption oprerations are complete by the byte stream mode xor operation that will press one-time pad position in plain text with ciphertext
Become.
Described synchronized update refers to: as bright key, the key storage address used by encryption end encrypted instruction is deposited in finger
First counterpart keys is read out according to bright key content after making ending, decrypting end receive instruction, right after obtaining correct key
Instruction is decrypted.Send every time, receive and need to update cipher key address, i.e. refer to record each used key part and
The length of instruction to be encrypted, automatically generates the key after renewal and reads position, encrypted depositing of required key the most next time
Put address, read key according to this address, and carry out instruction is encrypted operation.
The present invention relates to a kind of system realizing said method, including: key production module, key management module, encryption
Sending module and receiving and deciphering module, wherein: key production module is connected with key management module and transmits key information, close
Key management module is connected with encryption sending module and carries out one-time pad cryptographic operation, key management module and receiving and deciphering module phase
Repeatedly kicking into row one-time pad decryption oprerations, ciphertext sending module is connected with ciphertext receiver module and transmits ciphertext instruction.
Described key management module includes: embedded control unit and key storing unit, wherein: embedded Control list
Unit is connected with key storing unit and transmits key information.
Described encryption sending module includes: one-time pad ciphering unit, synchronizing address administrative unit and wireless transmit
Unit, wherein: one-time pad ciphering unit is connected with synchronizing address administrative unit and transmits key information, and one-time pad encryption is single
Unit's unit is connected with wireless transmitting unit and sends ciphertext instruction.
Described receiving and deciphering module includes: one-time pad decryption unit, synchronizing address administrative unit and wireless receiving
Unit, wherein: one-time pad decryption unit is connected with synchronizing address administrative unit and transmits key information, and one-time pad deciphering is single
Unit's unit is connected with radio receiving unit and the instruction of receiving and deciphering ciphertext.
The present invention relates to the remote security control method of said system, comprise the following steps:
Step 1: before both sides carry out secret communication, first supplements encryption sending module and receiving and deciphering module
(or update) key, will the synchronizing address of binary system random bit stream write communicating pair that produces of quantum random number generators
In administrative unit.
The cycle that performs of this step is according to the memory capacity size of key storing unit and the reality of instruction transmission times
Situation is adjusted, and within one month, can update a secondary key the most for a long time.
Step 2: when wireless transmitting unit needs firing order to radio receiving unit, by embedded control unit control
First read from key storing unit and the key data of equal length in plain text according to key first address, then added by one-time pad
Itself and the plain-text instructions being ready for sending are carried out xor operation, i.e. one-time pad encryption by close unit.Last wireless transmitting unit will
Ciphertext instruction sends, and updates cipher key address simultaneously, gets rid of this and operates the key part used.
Step 3: when receiving and deciphering module receives the encrypted instruction that encryption sending module transmission comes, one-time pad is deciphered
First unit reads instruction end byte and obtains decruption key storage address, reads from synchronizing address administrative unit according to this address
Take corresponding decruption key, after obtaining key, ciphertext instruction and key are carried out the deciphering of XOR deciphering, i.e. one-time pad, obtains
Plain-text instructions, may finally perform the operation that instruction is corresponding.
Technique effect
Compared with prior art, the present invention, by being separated with communication equipment by true Random Number Generator, devises key and deposits
Storage, administrative unit and communication protocol, it is achieved control end and the encryption of long-range actuating station, the synchronization of deciphering;Secondly, in order to ensure close
Being perfectly safe of key, the present invention devises key storage and updating block in the way of hardware, it is to avoid key exposure;Finally,
The present invention uses one-time pad AES ensure that, and ciphertext instruction theoretic can not be decoded completely.Therefore, this remotely controls
Scheme is perfectly safe.
Accompanying drawing explanation
Fig. 1 is internet of things equipment encryption control system structure chart in embodiment 1;
Fig. 2 is remote control transmitting terminal order structure figure in embodiment 1 (as a example by unmanned aerial vehicle (UAV) control instructs);
Fig. 3 is receiving terminal order structure figure in embodiment 1 (as a example by unmanned aerial vehicle (UAV) control instructs);
Fig. 4 is the plaintext and ciphertext data waveform intercepted and captured.
Detailed description of the invention
Embodiment 1
As it is shown in figure 1, the present embodiment relates to a kind of security control system being applied to UAS, including: quantum with
Machine generation module, key management module, unmanned plane instruction perform receiving terminal and unmanned plane instruction transmitting terminal, wherein: quantum with
Machine number generation module is connected with key management module and transmits key information, and key management module instructs transmitting terminal phase with unmanned plane
Connecting and carry out one-time pad encryption, key management module is connected with unmanned plane command reception end and carries out one-time pad deciphering, nothing
Man-machine command transmitting terminal and unmanned plane instruction perform receiving terminal wireless connections and transmit ciphertext instruction.
The present embodiment relates to the method for controlling security of said system, comprises the following steps:
Supplementing and renewal of step 1. key: detection unmanned plane instruction performs receiving terminal and instructs the close of transmitting terminal with unmanned plane
Whether key memory module remains with enough random number key information, when there is no enough keys or needing the most more new key
Time, generate random number key data by quantum random generating module, be saved in External memory equipment such as SD card, pass through key
The key supplementary circuitry of management module, is successively written to a key file send and the Flash outside storage core of receiving terminal
In sheet, ensure that the random number in encryption, decrypting end chip is identical with this.When existing enough close in Flash external memory chip
Key, then skip step 1 and directly carry out step 2;
The encryption of step 2. information and transmission: after unmanned plane instruction sending ending equipment starts, what then the last time preserved works as
From the beginning of front cipher key address (if using first, then from initial address 0x000000), from the Flash memory chip of key management module
M key is fixed in middle reading, is saved in buffer area, is divided into N group so that the key length often organized is more than or equal to the length of plain-text instructions
Degree.Taking the 1st group key byte and command byte, step-by-step carries out XOR and obtains ciphertext.Starting position and the group of key are added
To the tail portion of ciphertext instruction, order structure such as Fig. 2, a [27] a [29] in Fig. 2 is key starting position, a [30] a
[31] it is group.Ciphertext instruction after encryption is sent by the wireless transmitting unit finally by unmanned plane instruction transmitting terminal.
Meanwhile, if the one-time pad ciphering unit of unmanned plane instruction transmitting terminal starts creates error code when reading key, causing cannot be just
Really encryption or deciphering, one-time pad ciphering unit will re-start stressed key and re-encrypted, transmission automatically.
The reception of step 3. information and deciphering: when the radio receiving unit of unmanned plane instruction execution receiving terminal receives remote control
During instruction, first read the key storage address at instruction end, take out corresponding secret key byte according to address, decipher at one-time pad
Carry out XOR obtain in plain text, finally identifying the implication of plain-text instructions with plain-text instructions byte step-by-step under unit controls, perform phase
Answering of task, sends and receives answer signal, instruction results such as Fig. 3.Meanwhile, if unmanned plane instruction performs receiving terminal reading key
Create error code, cause cannot correctly encrypting or deciphering, one-time pad decryption unit by automatically re-start stressed key and
Again decipher.
Described random number key data, when each encrypted instruction, consume identical length according to the length of required encrypted instruction
The key of degree.Specific implementation is: the command length every time encrypted added up, and this information determines used key next time
Original position, thus realize the most used key will be no longer used next time.
Described key length M value needs moderate, unsuitable excessive, spending the time oversize in order to avoid reading key, causing nothing
Instruction is sent by method in time;Unsuitable too small, excessively to exempt to read continually Flash memory chip, shorten Flash and store core
The sheet life-span.
Described key service condition information includes a shaping array, is stored in opening of Flash chip address space
Head part, is used for recording user and uses key length, i.e. current key position in the past, and this information only comprises the use feelings of key
Condition, and do not comprise any concrete key information, individualism the most in all senses, does not affect the safety of system.
Described system key service condition information when first operation is: 0x000000, every time before encryption, first from synchronization
Address administration unit reads key service condition information, and maps that to a change for the position of control key reading
Amount X, when consuming M key, after i.e. having encrypted the instruction of a length of M, performs X=X+M, i.e. updates X value as new key
Service condition information content, and it is newly stored into key management module.
Compared with prior art, the present embodiment uses the true random number produced by quantum random number generator, and
Having generating random number speed faster, each key only uses once, it is achieved that real one-time pad unmanned plane is remotely pacified
Full control.Encryption, decipherment algorithm that this method uses are all step-by-step operations, and it is fast that processor performs speed, it is possible to achieve refers in real time
Order transmission, controls the most in real time.Therefore, telesecurity control system based on the present invention can conveniently realize the safety guarantor of unmanned plane
Close control.
In order to verify the reliability of encrypted instruction, intercept and capture remote controller respectively with the circuit with NRF24L01 wireless module and send out
It is mapped to aerial plaintext, ciphertext electromagnetic wave director data, stores data in SD card, carry out at data with Matlab software
Reason.Finally can obtain waveform as shown in Figure 4.As can be seen here, the plaintext before encryption has obvious periodicity, and the ciphertext after encryption is miscellaneous
Disorderly without chapter.
Above-mentioned be embodied as can by those skilled in the art on the premise of without departing substantially from the principle of the invention and objective with difference
Mode it is carried out local directed complete set, protection scope of the present invention is as the criterion with claims and is not embodied as institute by above-mentioned
Limit, each implementation in the range of it is all by the constraint of the present invention.