CN107995186B - Communication encryption method based on timestamp - Google Patents
Communication encryption method based on timestamp Download PDFInfo
- Publication number
- CN107995186B CN107995186B CN201711224619.0A CN201711224619A CN107995186B CN 107995186 B CN107995186 B CN 107995186B CN 201711224619 A CN201711224619 A CN 201711224619A CN 107995186 B CN107995186 B CN 107995186B
- Authority
- CN
- China
- Prior art keywords
- instruction
- timestamp
- frame
- packets
- command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention belongs to the technical field of wireless communication, and particularly relates to a communication encryption method based on a timestamp, which is applied to a wireless communication environment with limited encryption and decryption computing resources but strong requirements on communication safety. The method includes the steps that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then encryption is conducted through a conventional symmetric encryption algorithm, the unattended equipment end conducts decryption after receiving the instruction, then the timestamp is compared with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or equal to the latest instruction, the instruction is ignored. Therefore, the lawless person is prevented from hijacking the unattended equipment by a method of copying the instruction and sending the instruction again.
Description
Technical Field
The invention belongs to the technical field of wireless communication, and particularly relates to a communication encryption method based on a timestamp, which is applied to a wireless communication environment with limited encryption and decryption computing resources but strong requirements on communication safety.
Background
With the rapid development of the internet of things technology, a large amount of unattended equipment is widely applied to production and life. Compared with the traditional internet communication, the unattended devices and the cloud end have a serious safety problem when communicating: and the lawbreaker pretends to be a cloud end and sends an instruction to the unattended equipment to hijack the unattended equipment.
For such problems, even if the cloud encrypts the instruction sent to the unattended device, a lawbreaker can still control the unattended device by copying the encrypted instruction completely and then sending the encrypted instruction again.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: on the premise of minimizing the overhead of additional computing resources, a communication encryption method based on a timestamp is realized, and an unattended device is prevented from being hijacked by a method that a lawless person retransmits through a copy instruction.
(II) technical scheme
In order to solve the technical problems, the invention provides a communication encryption method based on a timestamp, the method is characterized in that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then the instruction is encrypted by a conventional symmetric encryption algorithm, the unattended equipment end decrypts after receiving the instruction, then compares the timestamp with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or equal to the latest timestamp, the instruction is ignored.
The method comprises the following steps:
step 1: when the cloud system sends a control instruction frame Y1 to the equipment terminal, inserting a timestamp T1 into the control instruction frame Y1 to generate a new control instruction frame Z1;
step 2: the cloud system splits the control instruction frame Z1 into n instruction packets B1 and B2 & Bn after the timestamp is inserted, and inserts corresponding sequence numbers 1, 2 & n and the total number n of the instruction packets into each instruction packet to generate new instruction packets C1 and C2 & Cn;
and step 3: the cloud system encrypts the new command packets C1, C2 Cn generated in the step 2 respectively to form encrypted command packets D1 and D2 Dn, then reorders the command packets into E1 and E2 En according to a random sequence, and finally sends the command packets to the equipment end;
and 4, step 4: after receiving the command packets sent by the cloud, the device side decrypts the received command packets E1, E2. En to generate decrypted command packets F1, F2. Fn, F1, F2. Fn, which have the same contents as those of C1 and C2. Cn in step 3 but have different sequences;
and 5: the equipment side reorders the F1 and F2 & Fn generated in the step 4 according to the sequence number and the total number of the command packets contained in the equipment side, and restores the order to C1 and C2 & Cn in the step 3;
step 6: the equipment side restores the removal serial numbers of C1, C2 Cn and the total number of the command packets obtained in the step 5 into the command packets B1, B2 Bn in the step 2;
and 7: the equipment end splices the command packets B1 and B2 & Bn obtained in the step 6 into a control command frame Z1 in the step 2;
and 8: if the control command frame Z1 is the first command frame received, execute step 9, otherwise execute step 10;
and step 9: the device side considers that the control instruction frame Z1 in the step 8 is valid, takes out the timestamp T1 in the control instruction frame Z1, stores the timestamp T3526 in an instruction frame storage unit T0 of the device side, enables T0 to be T1, and executes a control instruction frame Y1 corresponding to the control instruction frame Z1;
step 10: the equipment side takes out the time stamp T1 in the control command frame Z1 in the step 8 and compares the time stamp T1 with the time stamp in the equipment side command frame storage unit T0; selecting to enter step 9 or step 11 according to the comparison result;
step 11: the device side considers that the control instruction frame Z1 in step 8 is invalid, and ignores the control instruction frame.
Wherein the timestamp T1 is the current actual time.
Wherein the timestamp T1 is a number associated with the current actual time.
Wherein, the encryption process in step 2 is performed by using a conventional symmetric encryption algorithm, and comprises: DES algorithm, RC5 algorithm, IDEA algorithm.
Wherein, the decryption process in the step 4 corresponds to the encryption process in the step 2.
In step 10, if T1> T0, that is, the generation time of the newly received control command frame Z1 is later than the generation time of the last received control command frame Z0, step 9 is executed.
In step 10, if T1< T0, that is, the generation time of the newly received control command frame Z1 is earlier than the generation time of the last received control command frame Z0, step 11 is executed.
In step 10, if T1 is T0, that is, the generation time of the newly received control command frame Z1 is the same as the generation time of the last received control command frame Z0, step 11 is executed.
The method is used for preventing lawbreakers from hijacking the unattended equipment by a method of copying an instruction and sending the instruction again.
(III) advantageous effects
Compared with the prior art, the method and the device can solve the problem that lawless persons hijack the unattended equipment by completely copying the encryption instruction and then sending the encryption instruction again. When a lawbreaker obtains an instruction by copying in an eavesdropping mode, because each instruction frame is split into instruction packets and randomly sequenced after being encrypted, the lawbreaker cannot analyze the instruction content in detail, and can only copy the instruction frames in a repeated sending mode and send the instruction frames to the unattended equipment again. The unattended equipment decrypts the instruction frame after receiving the copied instruction frame sent by the lawless person, reorders and analyzes the content and the timestamp in the instruction frame, and the timestamp is earlier than or equal to the latest timestamp stored in the unattended equipment, so that the unattended equipment considers that the instruction is expired, ignores the instruction, and the lawless person cannot control the unattended equipment by resending the instruction.
Drawings
Fig. 1 is a schematic diagram of the technical scheme of the invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
In order to solve the problems in the prior art, the invention provides a communication encryption method based on a timestamp, the method is characterized in that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then the instruction is encrypted by a conventional symmetric encryption algorithm, the unattended equipment end decrypts after receiving the instruction, then the timestamp is compared with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or equal to the latest timestamp, the instruction is ignored.
As shown in fig. 1, the method comprises the steps of:
step 1: when the cloud system sends a control instruction frame Y1 to the equipment terminal, inserting a timestamp T1 into the control instruction frame Y1 to generate a new control instruction frame Z1;
step 2: the cloud system splits the control instruction frame Z1 into n instruction packets B1 and B2 & Bn after the timestamp is inserted, and inserts corresponding sequence numbers 1, 2 & n and the total number n of the instruction packets into each instruction packet to generate new instruction packets C1 and C2 & Cn;
and step 3: the cloud system encrypts the new command packets C1, C2 Cn generated in the step 2 respectively to form encrypted command packets D1 and D2 Dn, then reorders the command packets into E1 and E2 En according to a random sequence, and finally sends the command packets to the equipment end;
and 4, step 4: after receiving the command packets sent by the cloud, the device side decrypts the received command packets E1, E2. En to generate decrypted command packets F1, F2. Fn, F1, F2. Fn, which have the same contents as those of C1 and C2. Cn in step 3 but have different sequences;
and 5: the equipment side reorders the F1 and F2 & Fn generated in the step 4 according to the sequence number and the total number of the command packets contained in the equipment side, and restores the order to C1 and C2 & Cn in the step 3;
step 6: the equipment side restores the removal serial numbers of C1, C2 Cn and the total number of the command packets obtained in the step 5 into the command packets B1, B2 Bn in the step 2;
and 7: the equipment end splices the command packets B1 and B2 & Bn obtained in the step 6 into a control command frame Z1 in the step 2;
and 8: if the control command frame Z1 is the first command frame received, execute step 9, otherwise execute step 10;
and step 9: the device side considers that the control instruction frame Z1 in the step 8 is valid, takes out the timestamp T1 in the control instruction frame Z1, stores the timestamp T3526 in an instruction frame storage unit T0 of the device side, enables T0 to be T1, and executes a control instruction frame Y1 corresponding to the control instruction frame Z1;
step 10: the equipment side takes out the time stamp T1 in the control command frame Z1 in the step 8 and compares the time stamp T1 with the time stamp in the equipment side command frame storage unit T0; selecting to enter step 9 or step 11 according to the comparison result;
step 11: the device side considers that the control instruction frame Z1 in step 8 is invalid, and ignores the control instruction frame.
The processes from step 1 to step 3 are shown as the flow in the block diagram of the cloud system in fig. 1, and the processes from step 4 to step 11 are shown as the flow in the block diagram of the device end in fig. 1.
Wherein the timestamp T1 is the current actual time.
Wherein the timestamp T1 is a number associated with the current actual time.
Wherein, the encryption process in step 2 is performed by using a conventional symmetric encryption algorithm, and comprises: DES algorithm, RC5 algorithm, IDEA algorithm.
Wherein, the decryption process in the step 4 corresponds to the encryption process in the step 2.
In step 10, if T1> T0, that is, the generation time of the newly received control command frame Z1 is later than the generation time of the last received control command frame Z0, step 9 is executed.
In step 10, if T1< T0, that is, the generation time of the newly received control command frame Z1 is earlier than the generation time of the last received control command frame Z0, step 11 is executed.
In step 10, if T1 is T0, that is, the generation time of the newly received control command frame Z1 is the same as the generation time of the last received control command frame Z0, step 11 is executed.
The method is used for preventing lawbreakers from hijacking the unattended equipment by a method of copying an instruction and sending the instruction again.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (5)
1. A communication encryption method based on a timestamp is characterized in that a current timestamp is added into an instruction sent to an unattended equipment end by a cloud end, then encryption is carried out by using a conventional symmetric encryption algorithm, the unattended equipment end carries out decryption after receiving the instruction, then the timestamp is compared with a timestamp of the latest received instruction, and if the timestamp of the newly received instruction is earlier than or the same as the latest instruction, the instruction is ignored;
the method comprises the following steps:
step 1: when the cloud system sends a control instruction frame Y1 to the device side, inserting a timestamp T1 into the control instruction frame Y1 to generate a new control instruction frame Z1;
step 2: the cloud system splits the control instruction frame Z1 into n instruction packets B1 and B2 & Bn after the timestamp is inserted, and inserts corresponding sequence numbers 1, 2 & n and the total number n of the instruction packets into each instruction packet to generate new instruction packets C1 and C2 & Cn;
and step 3: the cloud system encrypts the new command packets C1, C2 Cn generated in the step 2 respectively to form encrypted command packets D1 and D2 Dn, then reorders the command packets into E1 and E2 En according to a random sequence, and finally sends the command packets to the equipment end;
and 4, step 4: after receiving the command packets sent by the cloud, the device side decrypts the received command packets E1, E2. En to generate decrypted command packets F1, F2. Fn, F1, F2. Fn, which have the same contents as those of C1 and C2. Cn in step 3 but have different sequences;
and 5: the equipment side reorders the F1 and F2 & Fn generated in the step 4 according to the sequence number and the total number of the command packets contained in the equipment side, and restores the order to C1 and C2 & Cn in the step 3;
step 6: the equipment side restores the removal serial numbers of C1, C2 Cn and the total number of the command packets obtained in the step 5 into the command packets B1, B2 Bn in the step 2;
and 7: the equipment end splices the command packets B1 and B2 & Bn obtained in the step 6 into a control command frame Z1 in the step 2;
and 8: if the control command frame Z1 is the first command frame received, execute step 9, otherwise execute step 10;
and step 9: the device side considers that the control instruction frame Z1 in the step 8 is valid, takes out the timestamp T1 in the control instruction frame Z1, stores the timestamp T3526 in an instruction frame storage unit T0 of the device side, enables T0 to be T1, and executes a control instruction frame Y1 corresponding to the control instruction frame Z1;
step 10: the equipment side takes out the time stamp T1 in the control command frame Z1 in the step 8 and compares the time stamp T1 with the time stamp in the equipment side command frame storage unit T0; selecting to enter step 9 or step 11 according to the comparison result;
step 11: the device side considers that the control instruction frame Z1 in the step 8 is invalid, and ignores the control instruction frame;
in the step 10, if T1> T0, that is, the generation time of the newly received control command frame Z1 is later than the generation time of the last received control command frame Z0, execute step 9;
in the step 10, if T1< T0, that is, the generation time of the newly received control command frame Z1 is earlier than the generation time of the last received control command frame Z0, step 11 is executed;
in the step 10, if T1 is T0, that is, the generation time of the newly received control command frame Z1 is the same as the generation time of the last received control command frame Z0, step 11 is executed;
the method is used for preventing lawless persons from hijacking the unattended equipment by a method of copying the instruction and sending the instruction again.
2. The timestamp based communication encryption method of claim 1, wherein said timestamp T1 is a current actual time.
3. The timestamp based communication encryption method of claim 1, wherein said timestamp T1 is a number associated with a current actual time.
4. The timestamp based communication encryption method of claim 1, wherein the encryption process in step 3 is performed by using a conventional symmetric encryption algorithm, comprising: DES algorithm, RC5 algorithm, IDEA algorithm.
5. The timestamp based communication encryption method of claim 1, wherein the decryption process in step 4 corresponds to the encryption process in step 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711224619.0A CN107995186B (en) | 2017-11-29 | 2017-11-29 | Communication encryption method based on timestamp |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711224619.0A CN107995186B (en) | 2017-11-29 | 2017-11-29 | Communication encryption method based on timestamp |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107995186A CN107995186A (en) | 2018-05-04 |
CN107995186B true CN107995186B (en) | 2021-06-08 |
Family
ID=62034259
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711224619.0A Active CN107995186B (en) | 2017-11-29 | 2017-11-29 | Communication encryption method based on timestamp |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107995186B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101162923A (en) * | 2007-11-06 | 2008-04-16 | 中兴通讯股份有限公司 | Transmission method and reception apparatus of ultra-long bluetooth short message |
CN105827408A (en) * | 2015-12-03 | 2016-08-03 | 中国航天系统工程有限公司 | Timestamp technique-based industrial network security transmission method |
US9455885B2 (en) * | 2011-10-13 | 2016-09-27 | General Electric Company | Systems, methods, and apparatus for modifying sensor time stamp data |
-
2017
- 2017-11-29 CN CN201711224619.0A patent/CN107995186B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101162923A (en) * | 2007-11-06 | 2008-04-16 | 中兴通讯股份有限公司 | Transmission method and reception apparatus of ultra-long bluetooth short message |
US9455885B2 (en) * | 2011-10-13 | 2016-09-27 | General Electric Company | Systems, methods, and apparatus for modifying sensor time stamp data |
CN105827408A (en) * | 2015-12-03 | 2016-08-03 | 中国航天系统工程有限公司 | Timestamp technique-based industrial network security transmission method |
Also Published As
Publication number | Publication date |
---|---|
CN107995186A (en) | 2018-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5205075B2 (en) | Encryption processing method, encryption processing device, decryption processing method, and decryption processing device | |
CN109361520B (en) | Internet of things equipment dynamic encryption method based on login serial number | |
CN108134777B (en) | Communication encryption system based on timestamp | |
WO2012087692A4 (en) | System and method for secure communications in a communication system | |
CN110740038B (en) | Blockchain and communication method, gateway, communication system and storage medium thereof | |
EP4044502A1 (en) | Secure communication method and apparatus | |
CN113066209A (en) | Method and device for safe off-line use of digital key and storage medium | |
CN109194701B (en) | Data processing method and device | |
WO2023160420A1 (en) | Group message encryption method and apparatus, device and storage medium | |
WO2024022096A1 (en) | Message encryption method and decryption method, apparatus, and storage medium | |
CN110719160A (en) | Database encryption method based on quantum random number and national encryption algorithm | |
CN113347143A (en) | Identity authentication method, device, equipment and storage medium | |
CN103685181A (en) | Key negotiation method based on SRTP | |
CN113632419A (en) | Device and method for generating and authenticating at least one data packet to be transmitted in a BUs system (BU), in particular of a motor vehicle | |
CN113434474A (en) | Flow auditing method, equipment and storage medium based on federal learning | |
CN106982115B (en) | Synchronization method and system of block cipher mode | |
CN107995186B (en) | Communication encryption method based on timestamp | |
CN108924161A (en) | A kind of encrypted transaction data communication means and system | |
CN115694815B (en) | Communication encryption method and device for power distribution terminal | |
CN114386049A (en) | Encryption method, decryption method, device and equipment | |
CN105471831B (en) | The method and apparatus that a kind of pair of Realtime Transport Protocol data packet is encrypted | |
CN113708928B (en) | Edge cloud communication method and related device | |
CN105591928A (en) | Security control method used for cloud platform network | |
CN104468607B (en) | multi-server authentication method | |
CN114285557A (en) | Communication encryption method, system and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |