CN107995186B - Communication encryption method based on timestamp - Google Patents

Communication encryption method based on timestamp Download PDF

Info

Publication number
CN107995186B
CN107995186B CN201711224619.0A CN201711224619A CN107995186B CN 107995186 B CN107995186 B CN 107995186B CN 201711224619 A CN201711224619 A CN 201711224619A CN 107995186 B CN107995186 B CN 107995186B
Authority
CN
China
Prior art keywords
instruction
timestamp
frame
packets
command
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711224619.0A
Other languages
Chinese (zh)
Other versions
CN107995186A (en
Inventor
李卓
王颖
朱琳
韩旭东
张国宇
刁立峰
宋悦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jinghang Computing Communication Research Institute
Original Assignee
Beijing Jinghang Computing Communication Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jinghang Computing Communication Research Institute filed Critical Beijing Jinghang Computing Communication Research Institute
Priority to CN201711224619.0A priority Critical patent/CN107995186B/en
Publication of CN107995186A publication Critical patent/CN107995186A/en
Application granted granted Critical
Publication of CN107995186B publication Critical patent/CN107995186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention belongs to the technical field of wireless communication, and particularly relates to a communication encryption method based on a timestamp, which is applied to a wireless communication environment with limited encryption and decryption computing resources but strong requirements on communication safety. The method includes the steps that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then encryption is conducted through a conventional symmetric encryption algorithm, the unattended equipment end conducts decryption after receiving the instruction, then the timestamp is compared with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or equal to the latest instruction, the instruction is ignored. Therefore, the lawless person is prevented from hijacking the unattended equipment by a method of copying the instruction and sending the instruction again.

Description

Communication encryption method based on timestamp
Technical Field
The invention belongs to the technical field of wireless communication, and particularly relates to a communication encryption method based on a timestamp, which is applied to a wireless communication environment with limited encryption and decryption computing resources but strong requirements on communication safety.
Background
With the rapid development of the internet of things technology, a large amount of unattended equipment is widely applied to production and life. Compared with the traditional internet communication, the unattended devices and the cloud end have a serious safety problem when communicating: and the lawbreaker pretends to be a cloud end and sends an instruction to the unattended equipment to hijack the unattended equipment.
For such problems, even if the cloud encrypts the instruction sent to the unattended device, a lawbreaker can still control the unattended device by copying the encrypted instruction completely and then sending the encrypted instruction again.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: on the premise of minimizing the overhead of additional computing resources, a communication encryption method based on a timestamp is realized, and an unattended device is prevented from being hijacked by a method that a lawless person retransmits through a copy instruction.
(II) technical scheme
In order to solve the technical problems, the invention provides a communication encryption method based on a timestamp, the method is characterized in that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then the instruction is encrypted by a conventional symmetric encryption algorithm, the unattended equipment end decrypts after receiving the instruction, then compares the timestamp with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or equal to the latest timestamp, the instruction is ignored.
The method comprises the following steps:
step 1: when the cloud system sends a control instruction frame Y1 to the equipment terminal, inserting a timestamp T1 into the control instruction frame Y1 to generate a new control instruction frame Z1;
step 2: the cloud system splits the control instruction frame Z1 into n instruction packets B1 and B2 & Bn after the timestamp is inserted, and inserts corresponding sequence numbers 1, 2 & n and the total number n of the instruction packets into each instruction packet to generate new instruction packets C1 and C2 & Cn;
and step 3: the cloud system encrypts the new command packets C1, C2 Cn generated in the step 2 respectively to form encrypted command packets D1 and D2 Dn, then reorders the command packets into E1 and E2 En according to a random sequence, and finally sends the command packets to the equipment end;
and 4, step 4: after receiving the command packets sent by the cloud, the device side decrypts the received command packets E1, E2. En to generate decrypted command packets F1, F2. Fn, F1, F2. Fn, which have the same contents as those of C1 and C2. Cn in step 3 but have different sequences;
and 5: the equipment side reorders the F1 and F2 & Fn generated in the step 4 according to the sequence number and the total number of the command packets contained in the equipment side, and restores the order to C1 and C2 & Cn in the step 3;
step 6: the equipment side restores the removal serial numbers of C1, C2 Cn and the total number of the command packets obtained in the step 5 into the command packets B1, B2 Bn in the step 2;
and 7: the equipment end splices the command packets B1 and B2 & Bn obtained in the step 6 into a control command frame Z1 in the step 2;
and 8: if the control command frame Z1 is the first command frame received, execute step 9, otherwise execute step 10;
and step 9: the device side considers that the control instruction frame Z1 in the step 8 is valid, takes out the timestamp T1 in the control instruction frame Z1, stores the timestamp T3526 in an instruction frame storage unit T0 of the device side, enables T0 to be T1, and executes a control instruction frame Y1 corresponding to the control instruction frame Z1;
step 10: the equipment side takes out the time stamp T1 in the control command frame Z1 in the step 8 and compares the time stamp T1 with the time stamp in the equipment side command frame storage unit T0; selecting to enter step 9 or step 11 according to the comparison result;
step 11: the device side considers that the control instruction frame Z1 in step 8 is invalid, and ignores the control instruction frame.
Wherein the timestamp T1 is the current actual time.
Wherein the timestamp T1 is a number associated with the current actual time.
Wherein, the encryption process in step 2 is performed by using a conventional symmetric encryption algorithm, and comprises: DES algorithm, RC5 algorithm, IDEA algorithm.
Wherein, the decryption process in the step 4 corresponds to the encryption process in the step 2.
In step 10, if T1> T0, that is, the generation time of the newly received control command frame Z1 is later than the generation time of the last received control command frame Z0, step 9 is executed.
In step 10, if T1< T0, that is, the generation time of the newly received control command frame Z1 is earlier than the generation time of the last received control command frame Z0, step 11 is executed.
In step 10, if T1 is T0, that is, the generation time of the newly received control command frame Z1 is the same as the generation time of the last received control command frame Z0, step 11 is executed.
The method is used for preventing lawbreakers from hijacking the unattended equipment by a method of copying an instruction and sending the instruction again.
(III) advantageous effects
Compared with the prior art, the method and the device can solve the problem that lawless persons hijack the unattended equipment by completely copying the encryption instruction and then sending the encryption instruction again. When a lawbreaker obtains an instruction by copying in an eavesdropping mode, because each instruction frame is split into instruction packets and randomly sequenced after being encrypted, the lawbreaker cannot analyze the instruction content in detail, and can only copy the instruction frames in a repeated sending mode and send the instruction frames to the unattended equipment again. The unattended equipment decrypts the instruction frame after receiving the copied instruction frame sent by the lawless person, reorders and analyzes the content and the timestamp in the instruction frame, and the timestamp is earlier than or equal to the latest timestamp stored in the unattended equipment, so that the unattended equipment considers that the instruction is expired, ignores the instruction, and the lawless person cannot control the unattended equipment by resending the instruction.
Drawings
Fig. 1 is a schematic diagram of the technical scheme of the invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
In order to solve the problems in the prior art, the invention provides a communication encryption method based on a timestamp, the method is characterized in that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then the instruction is encrypted by a conventional symmetric encryption algorithm, the unattended equipment end decrypts after receiving the instruction, then the timestamp is compared with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or equal to the latest timestamp, the instruction is ignored.
As shown in fig. 1, the method comprises the steps of:
step 1: when the cloud system sends a control instruction frame Y1 to the equipment terminal, inserting a timestamp T1 into the control instruction frame Y1 to generate a new control instruction frame Z1;
step 2: the cloud system splits the control instruction frame Z1 into n instruction packets B1 and B2 & Bn after the timestamp is inserted, and inserts corresponding sequence numbers 1, 2 & n and the total number n of the instruction packets into each instruction packet to generate new instruction packets C1 and C2 & Cn;
and step 3: the cloud system encrypts the new command packets C1, C2 Cn generated in the step 2 respectively to form encrypted command packets D1 and D2 Dn, then reorders the command packets into E1 and E2 En according to a random sequence, and finally sends the command packets to the equipment end;
and 4, step 4: after receiving the command packets sent by the cloud, the device side decrypts the received command packets E1, E2. En to generate decrypted command packets F1, F2. Fn, F1, F2. Fn, which have the same contents as those of C1 and C2. Cn in step 3 but have different sequences;
and 5: the equipment side reorders the F1 and F2 & Fn generated in the step 4 according to the sequence number and the total number of the command packets contained in the equipment side, and restores the order to C1 and C2 & Cn in the step 3;
step 6: the equipment side restores the removal serial numbers of C1, C2 Cn and the total number of the command packets obtained in the step 5 into the command packets B1, B2 Bn in the step 2;
and 7: the equipment end splices the command packets B1 and B2 & Bn obtained in the step 6 into a control command frame Z1 in the step 2;
and 8: if the control command frame Z1 is the first command frame received, execute step 9, otherwise execute step 10;
and step 9: the device side considers that the control instruction frame Z1 in the step 8 is valid, takes out the timestamp T1 in the control instruction frame Z1, stores the timestamp T3526 in an instruction frame storage unit T0 of the device side, enables T0 to be T1, and executes a control instruction frame Y1 corresponding to the control instruction frame Z1;
step 10: the equipment side takes out the time stamp T1 in the control command frame Z1 in the step 8 and compares the time stamp T1 with the time stamp in the equipment side command frame storage unit T0; selecting to enter step 9 or step 11 according to the comparison result;
step 11: the device side considers that the control instruction frame Z1 in step 8 is invalid, and ignores the control instruction frame.
The processes from step 1 to step 3 are shown as the flow in the block diagram of the cloud system in fig. 1, and the processes from step 4 to step 11 are shown as the flow in the block diagram of the device end in fig. 1.
Wherein the timestamp T1 is the current actual time.
Wherein the timestamp T1 is a number associated with the current actual time.
Wherein, the encryption process in step 2 is performed by using a conventional symmetric encryption algorithm, and comprises: DES algorithm, RC5 algorithm, IDEA algorithm.
Wherein, the decryption process in the step 4 corresponds to the encryption process in the step 2.
In step 10, if T1> T0, that is, the generation time of the newly received control command frame Z1 is later than the generation time of the last received control command frame Z0, step 9 is executed.
In step 10, if T1< T0, that is, the generation time of the newly received control command frame Z1 is earlier than the generation time of the last received control command frame Z0, step 11 is executed.
In step 10, if T1 is T0, that is, the generation time of the newly received control command frame Z1 is the same as the generation time of the last received control command frame Z0, step 11 is executed.
The method is used for preventing lawbreakers from hijacking the unattended equipment by a method of copying an instruction and sending the instruction again.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (5)

1. A communication encryption method based on a timestamp is characterized in that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then encryption is carried out by using a conventional symmetric encryption algorithm, the unattended equipment end carries out decryption after receiving the instruction, then the timestamp is compared with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or the same as the latest instruction, the instruction is ignored;
the method comprises the following steps:
step 1: when the cloud system sends a control instruction frame Y1 to the device side, inserting a timestamp T1 into the control instruction frame Y1 to generate a new control instruction frame Z1;
step 2: the cloud system splits the control instruction frame Z1 into n instruction packets B1 and B2 & Bn after the timestamp is inserted, and inserts corresponding sequence numbers 1, 2 & n and the total number n of the instruction packets into each instruction packet to generate new instruction packets C1 and C2 & Cn;
and step 3: the cloud system encrypts the new command packets C1, C2 Cn generated in the step 2 respectively to form encrypted command packets D1 and D2 Dn, then reorders the command packets into E1 and E2 En according to a random sequence, and finally sends the command packets to the equipment end;
and 4, step 4: after receiving the command packets sent by the cloud, the device side decrypts the received command packets E1, E2. En to generate decrypted command packets F1, F2. Fn, F1, F2. Fn, which have the same contents as those of C1 and C2. Cn in step 3 but have different sequences;
and 5: the equipment side reorders the F1 and F2 & Fn generated in the step 4 according to the sequence number and the total number of the command packets contained in the equipment side, and restores the order to C1 and C2 & Cn in the step 3;
step 6: the equipment side restores the removal serial numbers of C1, C2 Cn and the total number of the command packets obtained in the step 5 into the command packets B1, B2 Bn in the step 2;
and 7: the equipment end splices the command packets B1 and B2 & Bn obtained in the step 6 into a control command frame Z1 in the step 2;
and 8: if the control command frame Z1 is the first command frame received, execute step 9, otherwise execute step 10;
and step 9: the device side considers that the control instruction frame Z1 in the step 8 is valid, takes out the timestamp T1 in the control instruction frame Z1, stores the timestamp T3526 in an instruction frame storage unit T0 of the device side, enables T0 to be T1, and executes a control instruction frame Y1 corresponding to the control instruction frame Z1;
step 10: the equipment side takes out the time stamp T1 in the control command frame Z1 in the step 8 and compares the time stamp T1 with the time stamp in the equipment side command frame storage unit T0; selecting to enter step 9 or step 11 according to the comparison result;
step 11: the device side considers that the control instruction frame Z1 in the step 8 is invalid, and ignores the control instruction frame;
in the step 10, if T1> T0, that is, the generation time of the newly received control command frame Z1 is later than the generation time of the last received control command frame Z0, execute step 9;
in the step 10, if T1< T0, that is, the generation time of the newly received control command frame Z1 is earlier than the generation time of the last received control command frame Z0, step 11 is executed;
in the step 10, if T1 is T0, that is, the generation time of the newly received control command frame Z1 is the same as the generation time of the last received control command frame Z0, step 11 is executed;
the method is used for preventing lawless persons from hijacking the unattended equipment by a method of copying the instruction and sending the instruction again.
2. The timestamp based communication encryption method of claim 1, wherein said timestamp T1 is a current actual time.
3. The timestamp based communication encryption method of claim 1, wherein said timestamp T1 is a number associated with a current actual time.
4. The timestamp based communication encryption method of claim 1, wherein the encryption process in step 3 is performed by using a conventional symmetric encryption algorithm, comprising: DES algorithm, RC5 algorithm, IDEA algorithm.
5. The timestamp based communication encryption method of claim 1, wherein the decryption process in step 4 corresponds to the encryption process in step 3.
CN201711224619.0A 2017-11-29 2017-11-29 Communication encryption method based on timestamp Active CN107995186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711224619.0A CN107995186B (en) 2017-11-29 2017-11-29 Communication encryption method based on timestamp

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711224619.0A CN107995186B (en) 2017-11-29 2017-11-29 Communication encryption method based on timestamp

Publications (2)

Publication Number Publication Date
CN107995186A CN107995186A (en) 2018-05-04
CN107995186B true CN107995186B (en) 2021-06-08

Family

ID=62034259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711224619.0A Active CN107995186B (en) 2017-11-29 2017-11-29 Communication encryption method based on timestamp

Country Status (1)

Country Link
CN (1) CN107995186B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101162923A (en) * 2007-11-06 2008-04-16 中兴通讯股份有限公司 Transmission method and reception apparatus of ultra-long bluetooth short message
CN105827408A (en) * 2015-12-03 2016-08-03 中国航天系统工程有限公司 Timestamp technique-based industrial network security transmission method
US9455885B2 (en) * 2011-10-13 2016-09-27 General Electric Company Systems, methods, and apparatus for modifying sensor time stamp data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101162923A (en) * 2007-11-06 2008-04-16 中兴通讯股份有限公司 Transmission method and reception apparatus of ultra-long bluetooth short message
US9455885B2 (en) * 2011-10-13 2016-09-27 General Electric Company Systems, methods, and apparatus for modifying sensor time stamp data
CN105827408A (en) * 2015-12-03 2016-08-03 中国航天系统工程有限公司 Timestamp technique-based industrial network security transmission method

Also Published As

Publication number Publication date
CN107995186A (en) 2018-05-04

Similar Documents

Publication Publication Date Title
JP5205075B2 (en) Encryption processing method, encryption processing device, decryption processing method, and decryption processing device
CN109361520B (en) Internet of things equipment dynamic encryption method based on login serial number
CN108134777B (en) Communication encryption system based on timestamp
WO2012087692A4 (en) System and method for secure communications in a communication system
CN110740038B (en) Blockchain and communication method, gateway, communication system and storage medium thereof
EP4044502A1 (en) Secure communication method and apparatus
CN113066209A (en) Method and device for safe off-line use of digital key and storage medium
CN109194701B (en) Data processing method and device
WO2023160420A1 (en) Group message encryption method and apparatus, device and storage medium
WO2024022096A1 (en) Message encryption method and decryption method, apparatus, and storage medium
CN110719160A (en) Database encryption method based on quantum random number and national encryption algorithm
CN113347143A (en) Identity authentication method, device, equipment and storage medium
CN103685181A (en) Key negotiation method based on SRTP
CN113632419A (en) Device and method for generating and authenticating at least one data packet to be transmitted in a BUs system (BU), in particular of a motor vehicle
CN113434474A (en) Flow auditing method, equipment and storage medium based on federal learning
CN106982115B (en) Synchronization method and system of block cipher mode
CN107995186B (en) Communication encryption method based on timestamp
CN108924161A (en) A kind of encrypted transaction data communication means and system
CN115694815B (en) Communication encryption method and device for power distribution terminal
CN114386049A (en) Encryption method, decryption method, device and equipment
CN105471831B (en) The method and apparatus that a kind of pair of Realtime Transport Protocol data packet is encrypted
CN113708928B (en) Edge cloud communication method and related device
CN105591928A (en) Security control method used for cloud platform network
CN104468607B (en) multi-server authentication method
CN114285557A (en) Communication encryption method, system and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant