CN106411527A - Data authentication method in very-high-frequency data chain transmission - Google Patents

Data authentication method in very-high-frequency data chain transmission Download PDF

Info

Publication number
CN106411527A
CN106411527A CN201610872571.3A CN201610872571A CN106411527A CN 106411527 A CN106411527 A CN 106411527A CN 201610872571 A CN201610872571 A CN 201610872571A CN 106411527 A CN106411527 A CN 106411527A
Authority
CN
China
Prior art keywords
message
data
broadcaster
signature
ads
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610872571.3A
Other languages
Chinese (zh)
Inventor
魏金侠
刘建毅
张茹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201610872571.3A priority Critical patent/CN106411527A/en
Publication of CN106411527A publication Critical patent/CN106411527A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention discloses a data authentication method in very-high-frequency data chain transmission, which can be used for realizing an authentication process of VDL-4 mode data of an ADS-B type protocol in an aviation telecommunication network (ATN). The ADS-B is an operation monitoring technology based on a GPS system and an aircraft in ground/air and air/air data chain communication. A sender is a broadcaster in the data authentication method disclosed by the invention. An air traffic control centre is a key generation centre KGC, which is responsible for generating a private key for the broadcaster. The data authentication method comprises the following steps: the broadcaster equipped with an ADS-B system needs to register in the KGC to obtain the private key itself before broadcasting data to be processed; data processing operation of each part of a VDL-4 message to be processed is carried out by utilization of the private key, so that a result to be sent is generated; the data processing operation comprises data binary conversion and signature calculation; the calculated signature result is broadcasted through the ATN; and a receiver equipped with the ADS-B performs message verification and recovery of the result after receiving the signature result.

Description

A kind of very-high-frequency PECVD transmission data authentication method
Technical field
The present invention relates to data safety authentication techniques field, particularly one kind very-high-frequency PECVD be applied to ATN sends Data security authentication method between end and transmission ends.
Background technology
Automatic dependent surveillance broadcast (ADS-B) is to increased transmission means on automatic dependent surveillance (ADS), mainly Be based on GPS GPS and air-air, ground-air ,-the airborne vehicle operation monitoring technology of ground Data-Link communication.
In existing air communications technology, very-high-frequency PECVD pattern 4 (VDL-4) can provide the data of ADS-B agreement to lead to Letter.Can the information such as the identity of periodic broadcasting aircraft, position, reach each aircraft in the air and understand mutually other side position and whereabouts, disobey Bad ground radar part thing and control purpose.VDL-4 has the characteristics that data transfer rate is big compared with High Frequency Data Link (HF), with Ultra-high-frequency data chain (UHF) is compared has the remote advantage of communication distance.
VDL-4 provides the communication protocol of two kinds of point-to-points:Long transmission and short transmission.Long host-host protocol is using transmission request Remove request data and confirm that (RTS CTS DATA ACK) handshake mechanism guarantees the transmitting of data twice, is suitable for Transmit larger data.Short transmission agreement enters row data communication using handshake mechanism of data validation (DATA ACK).Long Data Transport Protocol is bigger on practical application scene impact meaning, so present invention primarily contemplates long host-host protocol.
In such a scenario, available data secure authentication technology is mainly:Broadcaster can be to described data to be sent Sign after carrying out proper treatment, signature is broadcasted together with described message to be sent.Other of outfit ADS-B system fly Machine or described earth station receive the data signature result from broadcaster, calculate the signature receiving message in result, and verify Whether the signature result of this message is consistent with the signature receiving.
However, this certificate scheme transferring content is described data to be sent signing with it, increased the communication of former channel Burden.Accordingly, it would be desirable to a kind of data content to optimize transmission for new data security authentication method, to avoid increasing communication channel Burden.
Content of the invention
The present invention is based on the problems referred to above it is proposed that a kind of very-high-frequency PECVD transmission data authentication method, by setting Put the function of the signature algorithm restorability to realize described data to be transmitted, the correctness of data transfer in ATN is guaranteed with this And safety, and alleviate the burden of transmission channel.
In this technical scheme, the broadcaster (or recipient) being equipped with ADS-B system includes earth station and aircraft.
The present invention relates to VDL-4 data transmission system include three parts:Information generation section;Information switching part; Report collects part (information authentication).
Airborne equipment obtains itself present position information, GNSS navigation data letter by avionic device input interface Input information of breath, pressure altitude information or pilot etc..By corresponding message groups, die-filling piece carries out group to message to be sent Dress and coding, obtain message format M waiting for transmission.
Need to carry out signature operation to it before information M is broadcasted.Its signature operation includes following several stages:
Initial phase:Air traffic control as key generation centre KGC, using security parameterGenerate described The common parameter collection P of system and described system master keyThe common parameter collection P of system is open, system master key by The secret preservation of KGC.
Private key generation phase:Broadcaster 1 is registered to KGC, by its identity ID1It is sent to KGC;KGC judges described wide Effectively whether the identity of the person of broadcasting, if invalid, abandon, if effectively, continuing;Generate the private key corresponding to described broadcaster 1, and will Described private keyDescribed broadcaster 1 is sent back to by a safe lane.
The signature stage:Before broadcaster 1 signs to described message M to be transmitted, first message transformation to be transmitted is entered for two Bit String form m ∈ { 0,1 } processed*;Secondly define a function f1, operated using message m pending described in this function pair, Guarantee that described message can recover from final signature;Signature T is calculated to described pending message m.
Signature result T is broadcasted with fixed frequency, is easy to other aircrafts or earth station can receive in real time, Solve its accurate flight condition.
Other aircrafts or ground station reception, to after signature result T, calculate instrumental value t using hash function, and with being somebody's turn to do Instrumental value recovers to described message m.After described message m is extracted by other aircrafts or earth station, using checking etc. Whether formula checking signature is correct, if correctly, exports described message m, if incorrect, exports unsuccessfully.
After recovering message m, recipient is converted into message format M to be transmitted.Through decoder decoding and report The process of summarizing module, obtains the initial data sending of airborne equipment.
Brief description
Fig. 1 shows information signature particular flow sheet according to an embodiment of the invention
Fig. 2 shows information authentication flow chart according to an embodiment of the invention
Specific embodiment
Features described above and advantage for making the present invention become apparent, with reference to specific embodiment and accompanying drawing to this Bright data authentication method is described in further detail.
Data authentication method provided in an embodiment of the present invention, is for existing very-high-frequency PECVD transmission data authentication method Channel seizure ratio problems of too, proposes a kind of data authentication method based on signature of optimization.
The embodiment of the present invention is to be described with VDL-4 mode data transmission.
VDL-4 Transmission system is produced part, message exchange component (transmission of VDL-4 message), is reported and collect part by message Constitute.
ADS-B information generation section is by message generating module, message coding module and information signature module composition.
Information generation subsystem receives, by airborne equipment, the sail information that other airborne equipments of GNSS navigation data send, The pressure altitude of collection current aircraft present position, direction, the climb rate, local state and pilot's input information etc..Through Message assembling and signature operation, are generated signature result to be sent, are broadcasted by emitter.
Fig. 1 shows data signature flow chart according to an embodiment of the invention.
As shown in figure 1, being included according to embodiments of the invention data authentication method:When air traffic control centre, KGC receives broadcaster Request when, air traffic control centre will follow the steps below an initialized process, that is, the common parameter of the system generating and Main private key.
Step 101:Key generator KGC plays the part of in air traffic control centre, is responsible for generating systematic parameter in this stage.Setting It is system security parameter, wherein q is a Big prime.Make G1,G2And GTIt is the cyclic group of q for three ranks,
e:G1×G2→GTIt is a bilinear map, g1And g2Represent cyclic group G respectively1And G2Generation unit, gTIt is crowd GTGenerate Unit.Choose four crash-resistant hash functions Wherein r1And r2Meet relational expression r1+r2=| q |.System exports common parameter param=(G1,G2, GT,g1,g2,gT,q,H1,H2,F1,F2,Y).
Randomly choose an integerAs the main private key of system, and this main private key is by secret the holding of KGC.Profit With main private key x computing system public key Y=g2 x.
After air traffic control centre completes initialization, the broadcaster being equipped with ADS-B equipment registers to air traffic control centre.I.e. broadcaster will The identity of oneself is sent to KGC, generates private key corresponding to this broadcaster's identity by KGC according to systematic parameter, wide for calculating The signature of the person's of broadcasting message to be transmitted.
Step 102:Broadcaster A registers to KGC, will identity ID of oneselfAIt is sent to KGC, by KGC according to following steps Generate corresponding to identity IDAPrivate key skA:KGC first verifies that whether the identity of broadcaster A is effective;If invalid, stop;If having Effect, then calculate the private key of broadcaster A according to below equation
KGC passes through safe lane by skASend back to broadcaster A.
Step 103:Broadcaster carries out binary system conversion to each section of VDL-4 message to be transmitted.Part messages meet Binary form then can omit this step.
Signature is followed the steps below to the binary bits form of message.
After broadcaster A receives private key, that is, according to following steps to message waiting for transmissionSigned:At random Select an integerCalculate v=gT r.Defined function f is
Calculate l=H2(v)+f (modq) and V=(1+l r) skA, the signature of note message m is σ=(l, V).
Step 104:Result σ of signing is broadcasted by broadcaster.
Step 105:Recipient is recovered and is verified to the message in signature after receiving signature.
Fig. 2 shows message sink block diagram according to an embodiment of the invention.
As shown in Fig. 2 being included according to embodiments of the invention message sink and certification:Message extraction module, information authentication Module, source codec module.
Step 201:By VDL-4 message receiver, receiver receives the signature information from broadcaster.Receiver receives First message is cached after message.
Step 202:After recipient receives signature result σ=(l, V), calculateAnd calculate letter using U Number
Step 203:Return extraction message m using function f,
Step 204:Verify whether this message is consistent with the signature receiving, that is, whether detection below equation is set up:
Step 205:If consistent, message is decoded, and by initial for the message conversion form sending, makes for recipient With.
The technical method of the present invention is described in detail above in association with accompanying drawing it is considered in correlation technique, very-high-frequency PECVD passes Defeated middle data authentication method is difficult to overcome channel seizure ratio problems of too.By the technical method of the present invention, new by proposing Function signature does not increase the purpose of former channel capacity to reach.Both ensure that the safe transmission of data, the channel capacity again saved.

Claims (8)

1. a kind of very-high-frequency PECVD transmission data authentication method is it is characterised in that methods described includes:
The described broadcaster being equipped with ADS-B system, need to be private by obtaining oneself to KGC registration before pending data is broadcasted Key;
Carry out data processing operation using the pending VDL-4 message each section of this private key pair, generate result to be sent, described Data processing operation includes data Binary Conversion and signature calculation;
By aeronautical telecommunication network, the signature being calculated result is broadcasted;
After the recipient of outfit ADS-B receives described signature result, result this described is carried out with checking and the recovery of message.
2. method according to claim 1 is it is characterised in that methods described includes:
Air traffic control centre is responsible for described broadcaster and generates corresponding private key, and heretofore described broadcaster refers specifically to configure ADS-B The aircraft of system or earth station;
Described broadcaster's identity is relatively stable, and broadcaster can complete offline to air traffic control centre's registration, does not affect described data processing Efficiency.
3. according to claim 1 method it is characterised in that methods described also includes:
Described broadcaster 1 is registered to KGC, and its identity is sent to KGC;
Whether effectively KGC judges the identity of described broadcaster 1, if invalid, abandons, if effectively, proceeding next step;
Generate the private key corresponding to described broadcaster 1, and by described private keyDescribed broadcast is sent back to by a safe lane Person 1.
4. according to claim 3 method it is characterised in that obtain the private key corresponding to its identity in described broadcaster 1 Afterwards, methods described includes:
Carry out data processing operation using pending VDL-4 message each section described in this private key pair, generate described to be sent Result;
Before described broadcaster 1 is to described information signature to be transmitted, binary system conversion is carried out to described pending data, will be described Message transformation to be transmitted is binary bits string form m ∈ { 0,1 }*
Define a function f1, processed it is ensured that described message can be from final using message m pending described in this function pair Recover in signature;
Signature T is calculated to described pending message m.
5. according to claim 1 method it is characterised in that methods described includes:
By aeronautical telecommunication network ATN, described signature result T recovering message is sent with the forms of broadcasting.
6. according to claim 1 method it is characterised in that methods described includes:
It is equipped with other aircrafts of ADS-B system or described earth station receives described signature result T, calculate auxiliary with hash function Value t, and using this instrumental value, described signature T is operated, recover described message m.
7. according to claim 6 method it is characterised in that methods described includes:
It is equipped with other aircrafts of ADS-B system or after described message m extracts by described earth station, tested using checking equation Whether signed certificate name is correct, if correctly, exports described message m, if incorrect, exports unsuccessfully.
8. according to claim 7 method it is characterised in that methods described also includes:
The described message m recovering is converted into original described pending VDL-4 form of message.
CN201610872571.3A 2016-09-30 2016-09-30 Data authentication method in very-high-frequency data chain transmission Pending CN106411527A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610872571.3A CN106411527A (en) 2016-09-30 2016-09-30 Data authentication method in very-high-frequency data chain transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610872571.3A CN106411527A (en) 2016-09-30 2016-09-30 Data authentication method in very-high-frequency data chain transmission

Publications (1)

Publication Number Publication Date
CN106411527A true CN106411527A (en) 2017-02-15

Family

ID=59228674

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610872571.3A Pending CN106411527A (en) 2016-09-30 2016-09-30 Data authentication method in very-high-frequency data chain transmission

Country Status (1)

Country Link
CN (1) CN106411527A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961329A (en) * 2017-03-23 2017-07-18 电子科技大学 A kind of solution for being directed to ADS B agreements confidentiality and integrality
CN107171809A (en) * 2017-06-23 2017-09-15 北京奇虎科技有限公司 The method and device of unmanned plane broadcasting multisignatures, electronic equipment, storage medium
CN112436910A (en) * 2020-11-10 2021-03-02 中国人民解放军海军航空大学航空作战勤务学院 Design method of data link channel occupation detection device for SPMA protocol
CN112713949A (en) * 2020-11-10 2021-04-27 中国人民解放军海军航空大学航空作战勤务学院 TTNT data chain channel load statistical method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064610A (en) * 2007-05-25 2007-10-31 四川长虹电器股份有限公司 Identity authentication process
CN101261772A (en) * 2008-04-17 2008-09-10 民航数据通信有限责任公司 Secure transmission system for broadcast automatic monitoring information
CN101917273A (en) * 2010-08-26 2010-12-15 四川大学 ECC certificate-based ADS-B data authentication method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064610A (en) * 2007-05-25 2007-10-31 四川长虹电器股份有限公司 Identity authentication process
CN101261772A (en) * 2008-04-17 2008-09-10 民航数据通信有限责任公司 Secure transmission system for broadcast automatic monitoring information
CN101917273A (en) * 2010-08-26 2010-12-15 四川大学 ECC certificate-based ADS-B data authentication method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赖欣,潘卫军: "基于单项陷门函数的ADS-B 消息认证方案", 《2010 INTERNATIONAL CONFERENCE ON SERVICES SCIENCE, MANAGEMENT AND ENGINEERING》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961329A (en) * 2017-03-23 2017-07-18 电子科技大学 A kind of solution for being directed to ADS B agreements confidentiality and integrality
CN106961329B (en) * 2017-03-23 2020-02-14 电子科技大学 Method for solving confidentiality and integrity of ADS-B protocol
CN107171809A (en) * 2017-06-23 2017-09-15 北京奇虎科技有限公司 The method and device of unmanned plane broadcasting multisignatures, electronic equipment, storage medium
CN107171809B (en) * 2017-06-23 2020-05-19 北京奇虎科技有限公司 Unmanned aerial vehicle signature broadcasting method and device, electronic equipment and storage medium
CN112436910A (en) * 2020-11-10 2021-03-02 中国人民解放军海军航空大学航空作战勤务学院 Design method of data link channel occupation detection device for SPMA protocol
CN112713949A (en) * 2020-11-10 2021-04-27 中国人民解放军海军航空大学航空作战勤务学院 TTNT data chain channel load statistical method
CN112713949B (en) * 2020-11-10 2022-04-26 中国人民解放军海军航空大学航空作战勤务学院 TTNT data chain channel load statistical method
CN112436910B (en) * 2020-11-10 2023-05-12 中国人民解放军海军航空大学航空作战勤务学院 Method for designing data link channel occupation detection device for SPMA protocol

Similar Documents

Publication Publication Date Title
Yang et al. A practical and compatible cryptographic solution to ADS-B security
Yang et al. A new ADS-B authentication framework based on efficient hierarchical identity-based signature with batch verification
CN105847235B (en) The efficient anonymous batch of authentication method of identity-based under a kind of car networking environment
CN106411527A (en) Data authentication method in very-high-frequency data chain transmission
US8509140B2 (en) System and method for transmitting information using aircraft as transmission relays
Baek et al. How to protect ADS-B: Confidentiality framework and efficient realization based on staged identity-based encryption
CN109257346B (en) Concealed transmission system based on block chain
CN109639431A (en) A kind of text authentication method, equipment, system and medium
CN113079016B (en) Identity-based authentication method facing space-based network
CN106487504B (en) Lightweight network secure two-way aircraft communication addressing and reporting system transmission
CN105792207A (en) Vehicle networking authentication method facing vehicle differentiation
CN109067525A (en) Message authentication method based on half credible administrative center in car networking
Pan et al. ADS-B data authentication based on ECC and X. 509 certificate
Wu et al. An ADS-B message authentication method based on certificateless short signature
US20200322041A1 (en) Method to integrate blockchain and geographic information in distributed communication
Yang et al. LHCSAS: A lightweight and highly-compatible solution for ADS-B security
CN109347829A (en) A kind of intelligent perception network true value discovery method based on secret protection
CN103634788A (en) Certificateless multi-proxy signcryption method with forward secrecy
CN110177002A (en) ADS-B message authentication method based on no certificate short signature
CN106790239A (en) A kind of car networking information transfer of anti-pollution attack and distribution method and system
Mäurer et al. Evaluation of the LDACS cybersecurity implementation
CN114095521B (en) Remote sensing data storage method, device, equipment and storage medium
KR101532024B1 (en) Method and apparatus for message transmission in vehicle comminication
CN112162300A (en) Satellite-based enhancement system and text authentication method based on same
Wang et al. Fountain code enabled ads-b for aviation security and safety enhancement

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170215

WD01 Invention patent application deemed withdrawn after publication