CN108173641B - Zigbee safety communication method based on RSA - Google Patents

Abstract

The invention discloses a Zigbee safety communication method based on RSA, which utilizes an RSA algorithm to encrypt Zigbee communication keys, realizes that the communication keys between each terminal of Zigbee and a coordinator are different, and realizes the safety communication between each terminal and the coordinator through AES 128. And each terminal performs identity authentication on the coordinator through the public key issued by the coordinator to determine the validity of the coordinator. The communication keys of each terminal and the coordinator are in a safe encryption state, and other nodes cannot be easily captured and cracked. The communication keys between each terminal and the coordinator are different from each other. The invention loads the RSA asymmetric encryption method into the Zigbee equipment, effectively improves the reliability and the safety of wireless transmission by encrypting the transmission key, and more effectively solves the problem of Zigbee memory overflow possibly caused by overlong messages.

Description

Zigbee safety communication method based on RSA

Technical Field

The invention relates to the technical field of communication, in particular to a Zigbee safety communication method based on RSA.

Background

The Zigbee based on the IEEE 802.15.4 wireless technology is a low-cost, low-power consumption and short-distance two-way communication network technology, and can be applied to numerous wireless communication occasions. With the increase of Zigbee-based application instances, the security of information transmission thereof is also beginning to be concerned. Although the ZStack protocol stack used by Zigbee has its own encryption and decryption algorithm based on AES128, it is a symmetric encryption technology, and its confidentiality is inferior to that of asymmetric encryption technology. Since the entire network shares a key, once the key is compromised, the network is insecure.

The RSA algorithm is an example of asymmetric encryption technology, and the most significant feature is that the required keys are a pair, one for encryption and one for decryption, and the encryption key is different from the decryption key. The RSA algorithm is highly secure but also highly complex. Therefore, the RSA algorithm is not suitable for embedded terminals and other terminals with weak computing power.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides a Zigbee safety communication method based on RSA.

The technical scheme adopted by the invention is as follows:

a Zigbee secure communication method based on RSA, the Zigbee network includes trust center, central node and terminal node, the trust center provides certificate and public and private key to each central node, the central node is used to broadcast the public key to the terminal node and use the private key to encrypt the certificate, each terminal node verifies the legitimacy of the central node based on the public key; the Zigbee safety communication method comprises the following steps:

s1, the central node requests the certificate and the public and private keys from the trust center;

s2, the trust center returns the certificate and the public and private keys to the central node;

s3, the central node acquires and verifies the certificate, and when the certificate is successfully authenticated, the central node broadcasts the public key to all the terminal nodes;

s4, each terminal node applies for network access to the central node, the central node encrypts the certificate by using the private key and sends the certificate encrypted by the private key to the terminal node;

s5, the terminal node decrypts the encrypted certificate of the private key and verifies the validity of the decrypted certificate; when the decrypted certificate is verified to be legal, an AES password is randomly generated;

s6, the terminal node randomly generates two large prime numbers by using the function of the OSAL layer of Zigbee, and generates the public and private keys of RSA according to the two large prime numbers;

s7, the terminal node encrypts the AES password by using the public key generated by the RSA asymmetric cryptographic technique;

s8, the terminal node transmits the AES password and RSA private key encrypted by RSA to the central node;

and S9, after the central node decrypts and authenticates the AES password encrypted by the RSA private key and passes the decryption authentication, the central node and the corresponding terminal node perform subsequent communication by using the AES password encrypted by the RSA private key.

Further, the specific steps of step S6 are as follows:

s6-1, generating two random numbers by using a random number generation function osal _ rand of an osal layer in a Zstack protocol stack;

s6-2, judging whether the two random numbers are all prime numbers, if so, generating two prime numbers p and q, and executing the step S6-3; otherwise, executing step S6-1;

s6-3, directly multiplying prime numbers p and q to obtain a public key n, i.e. n ═ p × (q), under the condition of ensuring that p and q are not equal;

s6-4, according to Euler' S function, the integer number which is not more than n and is prime to n is (p-1) × (q-1), and (p-1) × (q-1) is defined as fai _ n;

s6-5, randomly generating an integer e which is prime to fai _ n and not more than fai _ n according to fai _ n, and taking e as another public key;

s6-6, generating a private key d by the formula d × e ═ 1(mod fai _ n) based on fai _ n and e;

s6-7, destroying p and q, and using (n, e) as a public key and d as a private key.

Further, the two random numbers generated in step S6-1 not only satisfy the requirement that the random numbers are not too small to be cracked, but also satisfy the requirement that the Zigbee memory is not too large to overflow.

Further, the specific steps of encrypting the AES cipher in step S7 are as follows:

s7-1, the AES cipher as Zigbee transmission key is converted into digital according to the appointed mode to form digital plaintext group;

s7-2, the digital plaintext group is encrypted one-to-one, and the encryption formula is as follows: c is m^e(mod n), where c is ciphertext and m is plaintext.

Further, in step S9, according to the formula m ═ c^d(mod n) decrypts the ciphertext of the AES cipher to recover the original message.

Further, the central node is a coordinator.

Further, the terminal nodes include common terminals and routers.

Furthermore, the central node is provided with the following modules:

the certificate and public and private key receiving module: a public key and a certificate for receiving trust center broadcast;

a central certificate verification module: the certificate verification device is used for verifying the certificate sent by the trust center;

the public key distribution module: for broadcasting the public key to the end node;

a certificate encryption module: for encrypting the certificate with the private key;

RSA private key receiving module: receiving a private key sent by a terminal node;

AES key decryption module after RSA encryption: calling a corresponding private key from an RSA private key receiving module, and decrypting the AES private key by using the private key;

the terminal node is provided with the following modules:

a public key receiving module: public key and certificate for receiving central node broadcast;

a terminal certificate verification module: the certificate verification system is used for verifying the certificate sent by the central node;

an AES password generation module: the method is used for randomly generating an AES password after the decrypted certificate is verified to be legal;

RSA public and private key generation module: generating a header file of a public key and a header file of a private key and a corresponding c file in an application layer by utilizing an RSA principle and a function contained in a Zstack protocol stack;

RSA encryption AES key module: the AES key is encrypted using a public key generated by the RSA technique.

By adopting the technical scheme, the Zigbee communication key is encrypted by utilizing the RSA algorithm, the communication keys between each terminal of the Zigbee and the coordinator are different, and the safe communication between each terminal and the coordinator is realized through the AES 128. And each terminal performs identity authentication on the coordinator through the public key issued by the coordinator to determine the validity of the coordinator. The communication keys of each terminal and the coordinator are in a safe encryption state, and other nodes cannot be easily captured and cracked. The communication keys between each terminal and the coordinator are different from each other. The invention loads the RSA asymmetric encryption method into the Zigbee equipment, effectively improves the reliability and the safety of wireless transmission by encrypting the transmission key, and more effectively solves the problem of Zigbee memory overflow possibly caused by overlong messages. The method can be widely applied to Zigbee transmission equipment needing high confidentiality, enhances the reliability and safety of Zigbee transmission, and prevents transmission messages from being cracked randomly.

Drawings

The invention is described in further detail below with reference to the accompanying drawings and the detailed description;

fig. 1 is a schematic diagram of a Zigbee network according to a Zigbee security communication method based on RSA of the present invention;

fig. 2 is a schematic flowchart of a Zigbee secure communication method based on RSA according to the present invention;

fig. 3 is a schematic structural diagram of a center node and a terminal node of a RSA-based Zigbee secure communication method according to the present invention.

Detailed Description

As shown in one of fig. 1 to 3, the present invention discloses a Zigbee secure communication method based on RSA, as shown in fig. 1, a Zigbee network includes a trust center, a center node, and terminal nodes, the trust center provides a certificate and a public and private key to each center node, the center node is configured to broadcast the public key to the terminal nodes and encrypt the certificate using the private key, and each terminal node verifies the validity of the center node based on the public key; as shown in fig. 2, the Zigbee secure communication method includes the following steps:

s1, the central node requests the certificate and the public and private keys from the trust center;

s2, the trust center returns the certificate and the public and private keys to the central node;

s3, the central node acquires and verifies the certificate, and when the certificate is successfully authenticated, the central node broadcasts the public key to all the terminal nodes;

s4, each terminal node applies for network access to the central node, the central node encrypts the certificate by using the private key and sends the certificate encrypted by the private key to the terminal node;

s5, the terminal node decrypts the encrypted certificate of the private key and verifies the validity of the decrypted certificate; when the decrypted certificate is verified to be legal, an AES password is randomly generated;

s6, the terminal node randomly generates two large prime numbers by using the function of the OSAL layer of Zigbee, and generates the public and private keys of RSA according to the two large prime numbers;

s7, the terminal node encrypts the AES password by using the public key generated by the RSA asymmetric cryptographic technique;

s8, the terminal node transmits the AES password and RSA private key encrypted by RSA to the central node;

and S9, after the central node decrypts and authenticates the AES password encrypted by the RSA private key and passes the decryption authentication, the central node and the corresponding terminal node perform subsequent communication by using the AES password encrypted by the RSA private key.

Further, the specific steps of step S6 are as follows:

s6-1, generating two random numbers by using a random number generation function osal _ rand of an osal layer in a Zstack protocol stack;

s6-2, judging whether the two random numbers are all prime numbers, if so, generating two prime numbers p and q, and executing the step S6-3; otherwise, executing step S6-1;

s6-3, directly multiplying prime numbers p and q to obtain a public key n, i.e. n ═ p × (q), under the condition of ensuring that p and q are not equal;

s6-4, according to Euler' S function, the integer number which is not more than n and is prime to n is (p-1) × (q-1), and (p-1) × (q-1) is defined as fai _ n;

s6-5, randomly generating an integer e which is prime to fai _ n and not more than fai _ n according to fai _ n, and taking e as another public key;

s6-6, generating a private key d by the formula d × e ═ 1(mod fai _ n) based on fai _ n and e;

s6-7, destroying p and q, and using (n, e) as a public key and d as a private key.

Further, the two random numbers generated in step S6-1 not only satisfy the requirement that the random numbers are not too small to be cracked, but also satisfy the requirement that the Zigbee memory is not too large to overflow.

Further, the specific steps of encrypting the AES cipher in step S7 are as follows:

s7-1, the AES cipher as Zigbee transmission key is converted into digital according to the appointed mode to form digital plaintext group;

s7-2, the digital plaintext group is encrypted one-to-one, and the encryption formula is as follows: c is m^e(mod n), where c is ciphertext and m is plaintext.

Further, step (ii)In step S9, according to the formula m ═ c^d(mod n) decrypts the ciphertext of the AES cipher to recover the original message.

Further, the central node is a coordinator.

Further, the terminal nodes include common terminals and routers.

Further, as shown in fig. 3, the following modules are provided on the central node:

the certificate and public and private key receiving module: a public key and a certificate for receiving trust center broadcast;

a central certificate verification module: the certificate verification device is used for verifying the certificate sent by the trust center;

the public key distribution module: for broadcasting the public key to the end node;

a certificate encryption module: for encrypting the certificate with the private key;

RSA private key receiving module: receiving a private key sent by a terminal node;

AES key decryption module after RSA encryption: calling a corresponding private key from an RSA private key receiving module, and decrypting the AES private key by using the private key;

the terminal node is provided with the following modules:

a public key receiving module: public key and certificate for receiving central node broadcast;

a terminal certificate verification module: the certificate verification system is used for verifying the certificate sent by the central node;

an AES password generation module: the method is used for randomly generating an AES password after the decrypted certificate is verified to be legal;

RSA public and private key generation module: generating a header file of a public key and a header file of a private key and a corresponding c file in an application layer by utilizing an RSA principle and a function contained in a Zstack protocol stack;

RSA encryption AES key module: the AES key is encrypted using a public key generated by the RSA technique.

By adopting the technical scheme, the Zigbee communication key is encrypted by utilizing the RSA algorithm, the communication keys between each terminal of the Zigbee and the coordinator are different, and the safe communication between each terminal and the coordinator is realized through the AES 128. And each terminal performs identity authentication on the coordinator through the public key issued by the coordinator to determine the validity of the coordinator. The communication keys of each terminal and the coordinator are in a safe encryption state, and other nodes cannot be easily captured and cracked. The communication keys between each terminal and the coordinator are different from each other. The invention loads the RSA asymmetric encryption method into the Zigbee equipment, effectively improves the reliability and the safety of wireless transmission by encrypting the transmission key, and more effectively solves the problem of Zigbee memory overflow possibly caused by overlong messages. The method can be widely applied to Zigbee transmission equipment needing high confidentiality, enhances the reliability and safety of Zigbee transmission, and prevents transmission messages from being cracked randomly.

Claims (7)

1. A Zigbee secure communication method based on RSA, the Zigbee network includes trust center, central node and terminal node, the trust center provides certificate and public and private key to each central node, the central node is used to broadcast the public key to the terminal node and use the private key to encrypt the certificate, each terminal node verifies the legitimacy of the central node based on the public key; the method is characterized in that: the Zigbee safety communication method comprises the following steps:

s1, the central node requests the certificate and the public and private keys from the trust center;

s2, the trust center returns the certificate and the public and private keys to the central node;

s3, the central node acquires and verifies the certificate, and when the certificate is successfully authenticated, the central node broadcasts the public key to all the terminal nodes;

s4, each terminal node applies for network access to the central node, the central node encrypts the certificate by using the private key and sends the certificate encrypted by the private key to the terminal node;

s5, the terminal node decrypts the encrypted certificate of the private key and verifies the validity of the decrypted certificate; when the decrypted certificate is verified to be legal, an AES password is randomly generated;

s6, the terminal node randomly generates two large prime numbers by using the function of the OSAL layer of Zigbee, and generates the public and private keys of RSA according to the two large prime numbers;

s7, the terminal node encrypts the AES password by using the public key generated by the RSA asymmetric cryptographic technique;

s8, the terminal node transmits the AES password and RSA private key encrypted by RSA to the central node;

and S9, after the central node decrypts and authenticates the AES password encrypted by the RSA private key and passes the decryption authentication, the central node and the corresponding terminal node perform subsequent communication by utilizing the AES password.

2. The RSA-based Zigbee secure communication method according to claim 1, characterized in that: the specific steps of step S6 are as follows:

s6-1, generating two random numbers by using a random number generation function osal _ rand of an osal layer in a Zstack protocol stack;

s6-2, judging whether the two random numbers are all prime numbers, if so, generating two prime numbers p and q, and executing the step S6-3; otherwise, executing step S6-1;

s6-3, under the condition that two prime numbers p and q are ensured to be unequal, directly multiplying the prime numbers p and q to obtain a public key n, namely n ═ p × q; s6-4, according to Euler' S function, the integer number which is not more than n and is prime to n is (p-1) × (q-1), and (p-1) × (q-1) is defined as fai _ n;

s6-5, randomly generating an integer e which is prime to fai _ n and not more than fai _ n according to fai _ n, and taking e as another public key;

s6-6, generating a private key d by the formula d × e ═ 1(mod fai _ n) based on fai _ n and e;

s6-7, destroying p and q, and using (n, e) as a public key and d as a private key.

3. A RSA-based Zigbee secure communication method according to claim 2, characterized in that: the specific steps of encrypting the AES cipher in step S7 are as follows:

s7-1, the AES cipher as Zigbee transmission key is converted into digital according to the appointed mode to form digital plaintext group;

s7-2, the digital plaintext group is encrypted one-to-one, and the encryption formula is as follows: c is m^e(modn), where c is ciphertext and m is plaintext.

4. A RSA-based Zigbee secure communication method according to claim 3, characterized in that: in step S9, according to the formula m ═ c^d(modn) decrypts the cipher text of the AES cipher, and reverts to the original message.

5. The RSA-based Zigbee secure communication method according to claim 1, characterized in that: the central node is a coordinator.

6. The RSA-based Zigbee secure communication method according to claim 1, characterized in that: the terminal nodes comprise common terminals and routers.

7. The RSA-based Zigbee secure communication method according to claim 1, characterized in that: the central node is provided with the following modules:

the certificate and public and private key receiving module: a public key and a certificate for receiving trust center broadcast;

a central certificate verification module: the certificate verification device is used for verifying the certificate sent by the trust center;

the public key distribution module: for broadcasting the public key to the end node;

a certificate encryption module: for encrypting the certificate with the private key;

RSA private key receiving module: receiving a private key sent by a terminal node;

AES key decryption module after RSA encryption: calling a corresponding private key from an RSA private key receiving module, and decrypting the AES private key by using the private key;

the terminal node is provided with the following modules:

a public key receiving module: public key and certificate for receiving central node broadcast;

a terminal certificate verification module: the certificate verification system is used for verifying the certificate sent by the central node;

an AES password generation module: the method is used for randomly generating an AES password after the decrypted certificate is verified to be legal;

RSA public and private key generation module: generating a header file of a public key and a header file of a private key and a corresponding c file in an application layer by utilizing an RSA principle and a function contained in a Zstack protocol stack;

RSA encryption AES key module: the AES key is encrypted using a public key generated by the RSA technique.

Images