CN107396351A - A kind of encipher-decipher method for strengthening zigbee network safety - Google Patents

A kind of encipher-decipher method for strengthening zigbee network safety Download PDF

Info

Publication number
CN107396351A
CN107396351A CN201710735367.1A CN201710735367A CN107396351A CN 107396351 A CN107396351 A CN 107396351A CN 201710735367 A CN201710735367 A CN 201710735367A CN 107396351 A CN107396351 A CN 107396351A
Authority
CN
China
Prior art keywords
data
zigbee
layers
layer
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710735367.1A
Other languages
Chinese (zh)
Inventor
陈修强
周刚
杨家鹏
宋世成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201710735367.1A priority Critical patent/CN107396351A/en
Publication of CN107396351A publication Critical patent/CN107396351A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to Zigbee-technology security fields, and it discloses a kind of encipher-decipher method for strengthening zigbee network safety, solves the problems, such as that conventional encryption methods encrypt and existed the risk being cracked according to fixed key.This method can be summarized as:In the AF floor of data sending terminal some or all of and sequence of data frames number for sending data will be needed to carry out arithmetic operation, carry out one layer of encryption, bis- layers of encryptions of AES are carried out to the data of one layer of encryption again in Secure Service layer;AES decryption is carried out to receiving data first in data receiver, then two layers of decryption oprerations are carried out in AF layers, so as to obtain clear data.The security of zigbee network is enhanced using two layers of encryption and decryption technology.

Description

A kind of encipher-decipher method for strengthening zigbee network safety
Technical field
The present invention relates to Zigbee-technology security fields, and in particular to a kind of encryption and decryption side for strengthening zigbee network safety Method.
Background technology
Zigbee be it is a kind of closely, low rate, low-power consumption, the radio network technique of low cost, it is excellent just because of these Point, the application of the wireless sensor network based on zigbee standards are more and more extensive.But because zigbee wireless devices are storing Limitation in terms of ability, computing capability and power supply power-on time, not only cause original many secure sides in the wired context Case and safe practice are not directly applicable in zigbee network environment, and to zigbee network security service process and algorithm Propose high requirement.At present, the data encryption pattern commonly used in zigbee network is 128bit aes algorithm.AES is used and changed Die block cipher Rijndael algorithms, there is outstanding performance and anti-attack ability, have in zigbee network environment preferably Encryption/decryption operation efficiency.
With the high speed development of Internet of Things, zigbee network system embodies existing such as data and eavesdrops, distorts, forges Security threat.Research finds that attacker steals the data format and content of zigbee network node transmission first, and then attack is logical Letter node or distribution the malicious node legitimate node that disguises oneself as change, abandon or destroyed packet into network, finally cause whole Individual zigbee network paralysis.Typical internal network attack includes Sinkhole attacks, Sybil is attacked, Wormholes is attacked, Flooding attacks, response deception etc..So proposing higher safety requirements to zigbee network system, particularly prevent In terms of data theft.
Conventional encryption technique uses single AES encryption, and AES is disclosed, and is all reversible per single stepping , being decrypted can recover in plain text in a reverse order.When key is fixed, identical data encrypted data is still identical.Its Encryption and decryption flow is referring to accompanying drawing 1, and formation ciphertext is transmitted after data sending terminal carries out AES encryption to data, then in number Ciphertext is decrypted using AES decipherment algorithms according to receiving terminal, reduction obtains clear data.
For ease of understanding, lexical or textual analysis is carried out to the technical term being likely to occur in the present invention below:
Telegon (coordinator):Each zigbee network only allows have a zigbee telegon, and telegon is first A channel and network identity (PAN ID) are selected, then starts this network.Because telegon is the beginning of whole network, it It is the guardian of whole network while with design safety center and other actions can be performed, keeps the logical of network other equipment Letter.Telegon is communicated usually using serial mode and gateway.
Router (router):Router is a kind of equipment for supporting association, can realize the message forwarding of other nodes Function, while there is data acquisition function.Zigbee tree network and Mesh network can have multiple zigbee routers to set Standby, zigbee Star Network does not support zigbee router device.
Zigbee terminals (End Device):Zigbee terminal nodes are the specific equipment for performing data acquisition transmission, no With data forwarding function.
Zigbee network:ZigBee technology has powerful networking capability, can form star-like, tree-shaped and mesh network, can To be needed according to actual items to select suitable network structure.
Zigbee AF (Application Framework) layer data sends and receives:The data that AF layers are sent are by peace Internet is transferred to after the encryption of full service layer and MAC layer is launched and transmitted;Destination node is received after data by MAC Layer uploads to Internet and is delivered to AF layers after Secure Service layer is decrypted again, and AF layers receive data post package and sent out into packet Give application layer process and use.
The content of the invention
The technical problems to be solved by the invention are:It is proposed a kind of encipher-decipher method for strengthening zigbee network safety, solution Certainly conventional encryption methods are encrypted according to fixed key and the problem of risk being cracked be present.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of encipher-decipher method for strengthening zigbee network safety, comprises the following steps:
A. in the zigbee application framework AF layers of data sending terminal, the data sent to needs and sequence of data frames number Arithmetic operation is carried out, obtains the AF layer encryption datas of one layer of encryption;
B.AF layer encryption datas are transferred to Secure Service layer and carry out bis- layers of encryptions of AES;
C. the data after bis- layers of encryptions of AES are transferred to the Internet of data sending terminal and MAC layer carries out data hair Send;
D. after data receiver receives data, judge whether destination address is own node, if not own node is then Forwarded, if so, processing is then decrypted;
E. data are transferred to Internet, then be transferred to by data receiver when processing is decrypted to data by MAC layer Secure Service layer carries out AES decryption;
F. the data transfer after AES decryption is carried out to AF layers in Secure Service layer, in AF layers to data and sequence of data frames Number carry out corresponding with the arithmetic operation in step a inverse operation operation, acquisition clear data.
As further optimization, the data receiver is zigbee telegons or zigbee routers.
As further optimization, the data sending terminal is zigbee end sensors.
Optimize as further, in step a, the described pair of data for needing to send carry out computing behaviour with sequence of data frames number Make, specifically include:
Arithmetic operation is carried out to the total data that needs are sent and sequence of data frames number;
Or arithmetic operation is carried out to the partial data that needs are sent and sequence of data frames number.
As further optimization, the arithmetic operation is:XOR either adds, subtracted, multiplication and division or complementation.
Optimize as further, in step f, packet is packaged into for application layer calling to the clear data of acquisition.
The beneficial effects of the invention are as follows:
Double layer encryption is carried out to the data of transmission, i.e., the one layer encryption related to data sequence number is carried out once in AF layers, Bis- layers of AES is carried out in Secure Service layer to encrypt, because sequence of data frames number is consecutive variations after double layer encryption, so even if phase The data obtained with data after encryption also differ, and further enhancing the security of zigbee network.Because sequence number It is to have had in current data frame, without extra addition, so double layer encryption does not increase being wirelessly transferred for zigbee equipment Load.
Brief description of the drawings
Fig. 1 is the encipher-decipher method flow chart of zigbee network in conventional art;
Fig. 2 is the encipher-decipher method flow chart for strengthening zigbee network safety in the embodiment of the present invention.
Embodiment
The present invention is directed to propose a kind of encryption method for strengthening zigbee network safety, solves conventional encryption methods according to solid Determine key encryption and the problem of risk being cracked be present.
In specific implementation, the encryption and decryption scheme in the present invention is divided into three parts:The collection of zigbee terminal sensor datas, Zigbee data is encrypted and sent, zigbee data receives and decryption.
First, zigbee terminal sensor datas gather:
Zigbee end sensors include zigbee intelligent domestics sensor, zigbee intelligent medical treatments sensor, zigbee Intelligent plant sensor etc..Including but not limited to door and window Magnetic Sensor, Smoke Sensor, gas security, Temperature Humidity Sensor, Immersion sensor, infrared sensor, intelligent switch sensor, intelligent curtain sensor, intelligent door lock sensor, zigbee wisdom Medical treatment and zigbee intelligent plant sensors etc..Zigbee end sensors upload telegon or upload after collecting data Destination node is forwarded to router.
2nd, zigbee data encryption and transmission:
AF (Application Framework) layer provides the function of sending and receiving data.It includes two kinds of data and taken Service type:Key-value pair service type KVP (Key Value Pair) and Message Service type MSG.KVP services are mainly used in transmitting Some relatively simple variable forms.Because the message in zigbee many application fields is complex, KVP is not particularly suited for Form, therefore Zigbee protocol specification defines MSG service types.MSG services are not required to data format and content, are adapted to The data transfer of any form, it can be used for transmitting the big message of data volume.Zigbee-technology generally uses MSG message numbers at present Carry out data transmission according to service type.
The data that Zigbee terminals need to send carry out the processing such as XOR in AF floor and current MSG service sequences number and carry out one Layer encryption, the data after encryption are assigned to APS (application support sublayer) layer primitive, are then passed to Secure Service layer and carry out AES Two layers of encryption, the data transfer after encryption carry out data transmission to Internet and MAC layer.
3rd, zigbee data is received and decrypted:
Telegon or destination address receive the data of terminal transmission for the router of node itself, are uploaded to by MAC layer Internet, Internet upload to Secure Service layer again, AES decryption are carried out to the data of encryption in Secure Service layer, after AES decryption Data upload to AF layers, the data item and the sequence number of MSG packets by the encryption of AF layers in AF layer datas receiver function Carry out the operations such as XOR and realize that Layer 2 data is decrypted.Data after two layers of decryption are in plain text, to be packaged into packet and supply application layer Directly invoke.
Below in conjunction with the accompanying drawings and embodiment the solution of the present invention is further described:
As shown in figure 1, the encryption method of the enhancing zigbee network safety in the present embodiment comprises the following steps:
1. in the zigbee application framework AF layers of data sending terminal, the data that needs are sent and sequence of data frames number Arithmetic operation is carried out, obtains the AF layer encryption datas of one layer of encryption;
In this step, AF layer of data encryption can be that the data all sent are encrypted, can also be only to part The data of transmission are encrypted.Cipher mode, which includes, sends data and the encryption of sequence number xor operation, but is not limited to such a encryption Mode, can also be used and sequence number add, subtracted, the other manner such as multiplication and division, remainder is encrypted.
If zigbee network is Star Network, AF layers can completely or partially be encrypted to sending data;If zigbee Network is the tree network containing router or mesh networks, then AF layers do not add to the destination address data item for sending data It is close.
2.AF layer encryption datas are transferred to Secure Service layer and carry out bis- layers of encryptions of AES;
3. the data after bis- layers of encryptions of AES are transferred to the Internet of data sending terminal and MAC layer carries out data hair Send;
In this step, the destination address that data are sent is zigbee telegons or some purpose zigbee routers.
After 4. data receiver receives data, judge whether destination address is own node, if not own node is then Forwarded, if so, processing is then decrypted;
5. data receiver is transferred to Internet when processing is decrypted to data, by data by MAC layer, then is transferred to Secure Service layer carries out AES decryption, i.e., one layer decryption;
6. carrying out the data transfer after AES decryption to AF layers in Secure Service layer carries out two layers of decryption, in AF layers to data The inverse operation corresponding with the arithmetic operation in step 1 is carried out with sequence of data frames number to operate, and obtains clear data.
In this step, the data item that AF layers carry out two layers of data item decrypted with AF layers are encrypted is identical, i.e., AF layers receive letter Two layers of decryption only are carried out to data item of the AF layers by encryption in number, the data item for not passing through the encryption of AF layers are not decrypted Processing.Data after two layers of decryption are plaintext, are packaged into packet and are directly invoked for application layer.

Claims (6)

1. a kind of encipher-decipher method for strengthening zigbee network safety, it is characterised in that comprise the following steps:
A. in the zigbee application framework AF layers of data sending terminal, the data that needs are sent and sequence of data frames number are carried out Arithmetic operation, obtain the AF layer encryption datas of one layer of encryption;
B.AF layer encryption datas are transferred to Secure Service layer and carry out bis- layers of encryptions of AES;
C. the data after bis- layers of encryptions of AES are transferred to the Internet of data sending terminal and MAC layer carries out data transmission;
D. after data receiver receives data, judge whether destination address is own node, if not own node is then carried out Forwarding, if so, processing is then decrypted;
E. data are transferred to Internet, then be transferred to safety by data receiver when processing is decrypted to data by MAC layer Service layer carries out AES decryption;
F. the data transfer after AES decryption is carried out to AF layers in Secure Service layer, data and sequence of data frames number are entered in AF floor The row inverse operation operation corresponding with the arithmetic operation in step a, obtains clear data.
A kind of 2. encipher-decipher method for strengthening zigbee network safety as claimed in claim 1, it is characterised in that the data Receiving terminal is zigbee telegons or zigbee routers.
A kind of 3. encipher-decipher method for strengthening zigbee network safety as claimed in claim 1, it is characterised in that the data Transmitting terminal is zigbee end sensors.
A kind of 4. encipher-decipher method for strengthening zigbee network safety as claimed in claim 1, it is characterised in that in step a, The described pair of data for needing to send carry out arithmetic operation with sequence of data frames number, specifically include:
Arithmetic operation is carried out to the total data that needs are sent and sequence of data frames number;
Or arithmetic operation is carried out to the partial data that needs are sent and sequence of data frames number.
A kind of 5. encipher-decipher method for strengthening zigbee network safety as claimed in claim 4, it is characterised in that the computing Operate and be:XOR either adds, subtracted, multiplication and division or complementation.
6. a kind of encipher-decipher method of enhancing zigbee network safety as described in claim 1-5 any one, its feature exist In in step f, packet being packaged into the clear data of acquisition and is called for application layer.
CN201710735367.1A 2017-08-24 2017-08-24 A kind of encipher-decipher method for strengthening zigbee network safety Pending CN107396351A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710735367.1A CN107396351A (en) 2017-08-24 2017-08-24 A kind of encipher-decipher method for strengthening zigbee network safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710735367.1A CN107396351A (en) 2017-08-24 2017-08-24 A kind of encipher-decipher method for strengthening zigbee network safety

Publications (1)

Publication Number Publication Date
CN107396351A true CN107396351A (en) 2017-11-24

Family

ID=60346794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710735367.1A Pending CN107396351A (en) 2017-08-24 2017-08-24 A kind of encipher-decipher method for strengthening zigbee network safety

Country Status (1)

Country Link
CN (1) CN107396351A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113015158A (en) * 2019-12-20 2021-06-22 西门子(中国)有限公司 Method and apparatus for enhancing security of wireless network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954362A (en) * 2015-04-27 2015-09-30 深圳市美贝壳科技有限公司 Serial number encryption-decryption method and device
CN106533656A (en) * 2016-11-18 2017-03-22 东莞理工学院 Key multilayer mixed encryption/decryption method based on WSN

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954362A (en) * 2015-04-27 2015-09-30 深圳市美贝壳科技有限公司 Serial number encryption-decryption method and device
CN106533656A (en) * 2016-11-18 2017-03-22 东莞理工学院 Key multilayer mixed encryption/decryption method based on WSN

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
仇国庆等: "基于AES算法的ZigBee网络加密方法研究", 《信息安全》 *
施鹏: "ZigBee传感网的一种新型安全方案", 《计算机系统应用》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113015158A (en) * 2019-12-20 2021-06-22 西门子(中国)有限公司 Method and apparatus for enhancing security of wireless network
CN113015158B (en) * 2019-12-20 2023-08-04 西门子(中国)有限公司 Method and apparatus for enhancing wireless network security

Similar Documents

Publication Publication Date Title
Khashan et al. An automated lightweight encryption scheme for secure and energy-efficient communication in wireless sensor networks
Hasan et al. Lightweight cryptographic algorithms for guessing attack protection in complex internet of things applications
CN101820619B (en) Efficient and energy-saving link safety method in wireless sensor network
Urooj et al. Cryptographic data security for reliable wireless sensor network
CN103580863B (en) Communication safety control method, device and Internet of things node
KR20120106830A (en) Method and system for secret communication between nodes
Kumar et al. A complete, efficient and lightweight cryptography solution for resource contrainst mobile ad-hoc networks
Mantoro et al. Securing the authentication and message integrity for Smart Home using smart phone
CN106850191A (en) The encryption and decryption method and device of distributed memory system communication protocol
Patel et al. A survey: Lightweight cryptography in WSN
Tajeddine et al. Authentication schemes for wireless sensor networks
Amaran et al. Lightweight security for MQTT-SN
Yu et al. A secure communication protocol between sensor nodes and sink node in underwater acoustic sensor networks
Agosta et al. Cyber-security analysis and evaluation for smart home management solutions
CN107396351A (en) A kind of encipher-decipher method for strengthening zigbee network safety
Banu et al. Secure communication in wireless sensor networks using AES algorithm with delay efficient sleep scheduling
Khan et al. The cost of security: Performance of zigbee key exchange mechanism in an 802.15. 4 beacon enabled cluster
Pattanaik et al. A Survey on the security of IoT communications
Misic et al. Performance implications of periodic key exchanges and packet integrity overhead in an 802.15. 4 beacon enabled cluster
Manojkumar et al. Prevent Data in Embedded Based Customized Wireless Message Transmitting System Using AES Algorithm with Artificial Bee Colony Optimisation Techniques
Dener et al. TeenySec: a new data link layer security protocol for WSNs
Khakurel et al. Security vulnerabilities in IEEE 802.11 and adaptive encryption technique for better performance
Wei et al. Differential fault attacks on lightweight cipher LBlock
Noura et al. Key dependent cipher scheme for sensor networks
Seshabhattar et al. Hummingbird key establishment protocol for low-power ZigBee

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171124

RJ01 Rejection of invention patent application after publication