CN108419235A - Safety of physical layer privacy device and its method towards access cloud framework - Google Patents
Safety of physical layer privacy device and its method towards access cloud framework Download PDFInfo
- Publication number
- CN108419235A CN108419235A CN201810113780.9A CN201810113780A CN108419235A CN 108419235 A CN108419235 A CN 108419235A CN 201810113780 A CN201810113780 A CN 201810113780A CN 108419235 A CN108419235 A CN 108419235A
- Authority
- CN
- China
- Prior art keywords
- key
- physical layer
- safety
- module
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L25/00—Baseband systems
- H04L25/02—Details ; arrangements for supplying electrical power along data transmission lines
- H04L25/0202—Channel estimation
- H04L25/024—Channel estimation channel estimation algorithms
- H04L25/0256—Channel estimation using minimum mean square error criteria
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Abstract
The invention belongs to wireless communication technology field, more particularly to a kind of towards the safety of physical layer privacy device and its method that access cloud framework, which includes:The safety of physical layer module being serially connected between the Base-Band Processing pond BBU and transceiving data of C RAN wireless access planar network architectures, reception signal buffer area in the safety of physical layer module access C RAN wireless access planar network architectures and transmission signal buffer area, and physical layer key is generated, carry out the safe transmission of receiving and transmitting signal.The present invention and existing communication system degree of coupling are relatively low, and without carrying out larger change to existing communication framework, the safety of whole system can be promoted by only increasing independent safety of physical layer module;Physical layer key generation techniques and safety of physical layer transmission technology are organically combined, it is more flexible compared to existing safety of physical layer scheme reliable, there is important directive significance to the safety of cordless communication network.
Description
Technical field
The invention belongs to wireless communication technology field, more particularly to a kind of safety of physical layer secrecy towards access cloud framework
Devices and methods therefor makes in safety of physical layer technology insertion access cloud framework, further enhances communication security reliability.
Background technology
Next generation mobile communication system is dedicated to diversified, differentiated service huge challenge after reply 2020, meets super
High-speed, ultralow time delay, high-speed mobile, high energy efficiency and ultra high flux with link the multidimensional capacity index such as density, realize person to person
Between information exchange between ultimate attainment communication experiences and people and object.Therefore, the safety problem in mobile communication is by people's
Extensive concern.Fundamentally, the security threat of wireless communication comes from the opening of Electromagnetic Wave Propagation, and conventional security means
Ensure communication security by upper-layer protocol and cryptography means, to the protection of physical layer there are safe short slab, therefore high-performance meter
The rapid development of calculation machine brings immense pressure to conventional security.In addition the appearance of 5G new scenes, new business also pacifies conventional information
Full technology proposes huge challenge, and the communication terminal and node of magnanimity should meet low time delay, high safety reliable communication requirement,
Small, the resource-constrained embarrassment of own vol is faced again, and complicated calculating is directly generally required using traditional cipher mode
Journey consumes a large amount of computing resource.Safety of physical layer technology utilizes radio channel characteristic, builds the communication peace based on user location
Entirety system, makes up the physical layer short slab of wireless security, is the advantageous supplement to conventional security system.Meanwhile safety of physical layer skill
Art utilizes the natural randomness of channel, effectively reduces the pressure of cryptographic algorithm, makes it possible the encryption of lightweight, high safety.
In numerous next generation mobile communication system candidate technologies, wireless cloud access net C-RAN frameworks can be to the property of whole network
Good gain can be generated, and operation cost can be reduced, the most probably extensive use in the following 5G networks.Therefore, by object
Reason layer safe practice combine into access cloud framework in be 5G safety of physical layer reliable implementation.
Invention content
For deficiency in the prior art, the present invention provides a kind of safety of physical layer privacy device towards access cloud framework
And its method, increase safety of physical layer module in existing C-RAN frameworks Base-Band Processing pond BBU, realizes that physical layer key generates
With safe transmission, among making safety of physical layer technology insertion access cloud framework, it is easy to combine and realization, raising cordless communication network
Safety.
According to design scheme provided by the present invention, a kind of safety of physical layer privacy device towards access cloud framework, packet
It is described containing the safety of physical layer module being serially connected between the Base-Band Processing pond BBU and transceiving data of C-RAN wireless access planar network architectures
Safety of physical layer module access C-RAN wireless access planar network architectures in reception signal buffer area and send signal buffer area, and
Physical layer key is generated, the safe transmission of receiving and transmitting signal is carried out.
Above-mentioned, the safety of physical layer module includes:Channel estimation module, key production module, key storage mould
Block, ciphertext generation module and deciphering module, wherein
Channel estimation module, for from the pilot signal for receiving signal buffer area acquisition terminal transmission, estimating present channel
Channel characteristics;
Key production module for generating secret sequence according to the channel characteristics of present channel and signal to be sent, and is led to
It crosses key negotiator to be modified secret sequence, generates key;
Cipher key storage block, for storing the key generated;
Be-encrypted data is utilized key generation secrets by ciphertext generation module when being used for transmission data;
Deciphering module, it is in plain text that data to be decrypted, which are utilized secret key decryption, when for receiving data.
Above-mentioned, the key production module includes:Key sequence generation unit, key agreement unit and secrecy enhancing
Unit, wherein
Key sequence generation unit, for generating secret sequence according to the channel characteristics of present channel and signal to be sent;
Key agreement unit, for correcting both sides' secret sequence not by base station key negotiator and terminal key negotiator
Complete secret sequence amendment in consistent position;
Secrecy enhancement unit generates key for enhancing algorithm by secrecy to revised secret sequence.
Above-mentioned, described key sequence generation unit, including:Terminal signaling estimator and multi-threshold quantizer, wherein
Terminal signaling estimator, for carrying out Base-Band Processing to signal, and according to present channel estimated result and to be sent
Data estimate receiving terminal output;
Multi-threshold quantizer, the output estimation result for being obtained according to terminal signaling estimator are quantified, and are generated private
Close sequence.
Above-mentioned, also include safe transmission parameter generation module, for generating safety according to the current channel characteristics of estimation
Configured transmission, and be transmitted to and send the auxiliary key generation of signal buffer area.
A kind of safety of physical layer time slot scrambling towards access cloud framework, at the base band of C-RAN wireless access planar network architectures
The above-mentioned safety of physical layer privacy device towards access cloud framework is concatenated between reason pond BBU and transceiving data, this method is realized
Process is as follows:
Pilot signal is obtained from reception signal buffer area and estimates the channel characteristics of present channel;
Secret sequence is generated using the channel characteristics of present channel and signal to be sent, and by key agreement device to secret
Sequence is modified, and generates key, wherein the key storage of generation is in cipher key storage block;
Be-encrypted data is passed through into key generation secrets when transmission data;Data to be decrypted are passed through into key when receiving data
Decryption is in plain text.
In above-mentioned method, the channel characteristics of present channel are estimated using MMSE least mean-square error channel estimation methods.
In above-mentioned method, secret sequence is generated using the channel characteristics of present channel and signal to be sent, including:Terminal
Signal estimator carries out Base-Band Processing to signal, and defeated according to present channel estimated result and data to be sent estimation receiving terminal
Go out;The output estimation result that multi-threshold quantizer is obtained according to terminal signaling estimator is quantified, and secret sequence is generated.
In above-mentioned method, secret sequence is modified by key agreement device, including:Pass through base station key negotiator
The inconsistent position of both sides' secret sequence is corrected with terminal key negotiator and completes secret sequence amendment, and to revised secret sequence
Enhance algorithm by secrecy and generates key.
In above-mentioned method, algorithm is enhanced by secrecy and generates key, refers to:For secret sequence by using but it is unlimited
Secrecy enhancing, which is carried out, in Hash Encryption Algorithm generates key.
Beneficial effects of the present invention:
The pilot signal that signal buffer area receives is received in the present invention is sent into channel estimation module completion channel estimation, it is close
Key generator generates secret sequence using estimation gained channel parameter with ciphertext, and the sequence consistent with terminal is obtained after key agreement
Row are sent into secrecy enhancing module and are handled, obtain the key for signal encryption and decryption, wherein safe transmission parameter generates mould
Block generates safe transmission auxiliary signal as optional module, using channel estimation parameters obtained, for improving the peace for generating key
Quan Xing;It is relatively low with existing communication system degree of coupling, without carrying out larger change to existing communication framework, only increase independent object
Reason layer security module can promote the safety of whole system;By physical layer key generation techniques and safety of physical layer transmission technology
It is organically combined, it is more flexible compared to existing safety of physical layer scheme reliable, there is weight to the safety of cordless communication network
The directive significance wanted.
Description of the drawings:
Fig. 1 is the safety of physical layer privacy device schematic diagram towards access cloud framework in embodiment;
Fig. 2 is safety of physical layer module diagram in embodiment;
Fig. 3 is key production module schematic diagram in embodiment;
Fig. 4 is key sequence generation unit schematic diagram in embodiment;
Fig. 5 be embodiment in safety of physical layer module C-RAN base station sides schematic diagram;
Fig. 6 is the safety of physical layer time slot scrambling towards access cloud framework in embodiment;
Fig. 7 is a kind of embodiment for extracting key in embodiment using terminal received signals.
Specific implementation mode:
To make the object, technical solutions and advantages of the present invention clearer, understand, below in conjunction with the accompanying drawings with technical solution pair
The present invention is described in further detail.
The security threat of wireless communication comes from the opening of Electromagnetic Wave Propagation, and is passed in next generation mobile communication system
System security means ensures communication security by upper-layer protocol and cryptography means, to the protection of physical layer there are safe short slab, because
The rapid development of this high-performance computer brings immense pressure to conventional security.Radio Access Network wireless access networks
RAN is made of the series transmission entity between service node interface and associated user's network interface, to transmit telecommunication service
The wireless implementation system of transmission bearing capacity needed for providing, between can providing a user 7x24 hours not by wireless access network
Disconnected, high quality data service.Traditional wireless access network has the characteristics that:First, each base station connects several fixed numbers
The fan antenna of amount, and small region is covered, each base station can only handle this cell receiving and transmitting signal;Second, the capacity of system is
Interference-limited, it has been difficult to increase spectrum efficiency that each base station, which works independently,;Third, base station are typically based on proprietary platform and open
" vertical solution " of hair.And C-RAN is to handle (Centralized Processing) based on centralization, it is collaborative wireless
The green of electricity (Collaborative Radio) and real-time cloud computing framework (Real-time Cloud Infrastructure)
Wireless access network framework (Clean system).The basic thought of C-RAN be will own or partial baseband processing resource carry out
It concentrates, form a base band resource pool and it is managed collectively and is dynamically distributed, to reduce base station machine room quantity, reduce
Energy consumption realizes resource-sharing and dynamic dispatching using Collaborative, virtualization technology, improves spectrum efficiency, to reach low cost,
The operation of high bandwidth and flexibility ratio.For next generation mobile communication system, wireless cloud access net C-RAN frameworks can be to entire net
The performance of network generates good gain, and can reduce operation cost, the most probably extensive use in the following 5G networks.For
This, the embodiment of the present invention one is shown in Figure 1, provides a kind of safety of physical layer privacy device towards access cloud framework, including
The safety of physical layer module being serially connected between the Base-Band Processing pond BBU and transceiving data of C-RAN wireless access planar network architectures, it is described
The reception signal buffer area and send signal buffer area that safety of physical layer module accesses in C-RAN wireless access planar network architectures, and it is raw
At physical layer key, the safe transmission of receiving and transmitting signal is carried out.
Secret communication is to prevent confidential information to be intercepted between communication object, by the performance shape of agreement method change information
Formula, with the communication mode of its hidden true content.Three encryption, reception, decryption processes are generally divided into, sender will need to send
Content ciphertext is converted by encryption rule, that is, key;After receiving ciphertext, recipient uses and the matched solution of encryption key
Close key pair ciphertext is decrypted, and obtains transferring content.Safety of physical layer is first of natural cover for defense of communication security, Neng Gouwei
Secret signalling provides irreplaceable guarantee.For this purpose, it is based on embodiment one, in an alternative embodiment of the invention, referring to
Shown in Fig. 2, safety of physical layer module includes:It is channel estimation module 001, key production module 002, cipher key storage block 003, close
Literary generation module 004 and deciphering module 005, wherein
Channel estimation module 001, for from the pilot signal for receiving signal buffer area acquisition terminal transmission, estimating current letter
The channel characteristics in road;
Key production module 002 for generating secret sequence according to the channel characteristics of present channel, and passes through key agreement
Device is modified secret sequence, generates key;
Cipher key storage block 003, for storing the key generated;
Be-encrypted data is utilized key generation secrets by ciphertext generation module 004 when being used for transmission data;
Deciphering module 005, it is in plain text that data to be decrypted, which are utilized secret key decryption, when for receiving data.
The natural opening of wireless channel so that the safe transmission of information is even more important.The intrinsic reciprocity of wireless channel,
Uniqueness, time variation are so that it can which the random sources shared as communicating pair extracts key.Key enhancing is cipher key-extraction
Important step.Based on above-described embodiment, for the estimation of channel characteristics for present channel as a result, shown in Figure 3, of the invention is another
In one embodiment, key production module 002 includes:Key sequence generation unit 201, key agreement unit 202 and secrecy increase
Strong unit 203, wherein
Key sequence generation unit 201, for generating secret sequence according to the channel characteristics of present channel;
Key agreement unit 202, for correcting both sides' secret sequence by base station key negotiator and terminal key negotiator
It arranges inconsistent position and completes secret sequence amendment;
Secrecy enhancement unit 203 generates key for enhancing algorithm by secrecy to revised secret sequence.Secrecy increases
Hash Encryption Algorithm or other such as Encryption Algorithm based on extractor may be used in strong algorithms, to carry out key enhancing.
The intrinsic time variation of wireless channel, channel parameter are time-varying, the key come out based on channel characteristics parameter extraction
There are randomnesss for sequence, for this purpose, an alternative embodiment of the invention, shown in Figure 4, key sequence generation unit 201, packet
Contain:Terminal signaling estimator 2101 and multi-threshold quantizer 2102, wherein
Terminal signaling estimator 2101 for carrying out Base-Band Processing to signal, and according to present channel estimated result and waits for
Transmission data estimates receiving terminal output;
Multi-threshold quantizer 2102, the output estimation result for being obtained according to terminal signaling estimator are quantified, raw
At secret sequence.
According to actual needs, shown in Figure 5, physical security privacy device of the invention also includes that safe transmission parameter is given birth to
At module, signal buffer area auxiliary is sent for generating safe transmission parameter according to the current channel characteristics of estimation, and being transmitted to
Key generates.PLSU is concatenated between transceiving data and BBU, while PLSU accesses receive signal buffer area and send signal buffer
Area.Modules A:Channel estimation module is utilized from the pilot signal for obtaining terminal in signal buffer area and sending is received, and estimates current letter
Road, and channel estimation results are sent into module B and module G.Module B:The channel characteristics that key generator is estimated using modules A
And the encrypted data that module F is generated generates secret sequence, and result is sent into module C.Module C:Key agreement device is according to key
The secret sequence that generator generates generates negotiation sequence, is communicated with the key agreement device of terminal, completes key agreement, result is sent
Enter module D.Module D:The key agreement that secrecy enhancing module is generated using secrecy enhancing algorithm processing module C is as a result, generate close
Key is sent into module E.Module E:The key that pool of keys storage generates, encryption and decryption for sending and receiving data.Module F:
When transmission data, be-encrypted data and key are sent into module F, generate ciphertext.Ciphertext is sent into BBU and completes subsequent processing, together
When be sent into module B and complete next secondary key and generate.Module G:Safe transmission auxiliary is generated according to the channel estimation results of modules A
Signal, which is sent into, sends signal buffer area.Module H:When receiving data, data to be decrypted and key feeding module H decryption generations are bright
Text.In module B, predict to send signal according to the Base-Band Processing mode of the module F encrypted datas generated and BBU;In conjunction with pre-
The channel estimation results generation secret sequence for sending signal and modules A of survey;If BBU uses disclosed Baseband processing algorithm, mould
Block B directly can be realized voluntarily, if BBU does not use public algorithm, need BBU that relevant parameter is transferred to module B, to predict
Send signal.
Embodiment based on above-mentioned apparatus, the present invention also provides a kind of safety of physical layer secrecy sides towards access cloud framework
Method concatenates above-mentioned towards access cloud framework between the Base-Band Processing pond BBU and transceiving data of C-RAN wireless access planar network architectures
Safety of physical layer privacy device, it is shown in Figure 6, this method realize process it is as follows:
A01 obtains pilot signal from reception signal buffer area and estimates the channel characteristics of present channel;
A02 generates secret sequence using the channel characteristics of present channel, and is carried out to secret sequence by key agreement device
It corrects, generates key, wherein the key storage of generation is in cipher key storage block;
Be-encrypted data is passed through into key generation secrets when a03 transmission datas;Data to be decrypted are passed through when receiving data
Secret key decryption is in plain text.
In above-mentioned method, the channel characteristics of present channel are estimated using MMSE least mean-square error channel estimation methods,
The influence for taking mean value to carry out evolution again by the quadratic sum to error to reduce noise to estimation of channel characteristics.According to communication system
Other channel estimation methods can also be used to realize in demand.
In above-mentioned method, secret sequence is generated using the channel characteristics of present channel, including:Terminal signaling estimator pair
Signal carries out Base-Band Processing, and according to present channel estimated result and data to be sent estimation receiving terminal output;Multi-threshold quantifies
The output estimation result that device is obtained according to terminal signaling estimator is quantified, and secret sequence is generated.
In above-mentioned method, secret sequence is modified by key agreement device, including:Pass through base station key negotiator
The inconsistent position of both sides' secret sequence is corrected with terminal key negotiator and completes secret sequence amendment, and to revised secret sequence
Enhance algorithm by secrecy and generates key.
In above-mentioned method, algorithm is enhanced by secrecy and generates key, refers to:Add by using Hash for secret sequence
Close algorithm carries out hashed, carries out secrecy enhancing and generates key, according to system needs, other secrecy enhancings can also be used and calculate
Method, such as the secrecy based on extractor enhance to complete key enhancing.
It is shown in Figure 7, in the present invention, a kind of embodiment of key, particular content are extracted using terminal received signals
It is as follows:
Step S101, channel estimation module estimate current channel according to the pilot signal obtained from reception signal buffer area
MMSE algorithms can be used in state, channel estimation method, and other channel estimation methods can also be used.Channel estimation results are sent into key
Generator and safe transmission parameter generators.
Step S102, key generator include terminal signaling estimator and multi-threshold quantizer, wherein:
Step S102a, terminal signaling estimator complete Base-Band Processing function identical with BBU, and according to channel estimation knot
The AD outputs of fruit and encryption data to be sent estimation receiving terminal, send estimated result into multi-threshold quantizer;
Step S102b quantifies terminal signaling estimated result using multi-threshold quantizer, generates secret sequence, send
Enter key agreement device to be further processed.
Step S103, base station key negotiator exchange negotiation information with terminal key negotiator, correct both sides and generate key
In inconsistent position.By taking the key agreement device based on forward error correction coding as an example, differed on the basis of the secret sequence of base station
When position being caused to correct, the check bit of current secret sequence is calculated by base station key negotiator, and check bit is sent to terminal, terminal
Key agreement device corrects the inconsistent position between itself secret sequence and base station secret sequence using check bit.With terminal secret sequence
On the basis of when, step is same as above, and calculates check bit by terminal, inconsistent position is corrected in base station.It can also be used in the key agreement step
Its cipher key agreement algorithm, such as Winnow algorithms or Cascade algorithms.
Step S104 corrects the feeding secrecy enhancing of the secret sequence behind inconsistent position module and is handled, generates key, should
Hash secrecy enhancing algorithms may be used in step, and other secrecy enhancing algorithms can also be used, the secrecy enhancing such as based on extractor.
Step S105 will have been generated in key deposit pool of keys, taken when needing.
Step S106 encrypts data to be sent using the key in pool of keys, and common cryptography encryption may be used and calculate
Key in pool of keys can also be carried out simple mould 2 with data and added by method, such as AES-256.It generates ciphertext and is sent into BBU, together
When be sent into key generator and carry out next secondary key generation.
Step S107, safe transmission module are used for auxiliary key generating process, and generating safety according to channel estimation results passes
Defeated parameter ensures transmission data safety.The module can be used for generating man made noise's parameter, can also directly generate antenna weighting
Parameter.
Scheme is generated relative to traditional key, the present invention has at least the following advantages:(1) implementation leads to existing
Believe that framework degree of coupling is relatively low, convenient for combining;(2) implementation is generated comprising physical layer safe transmission and key simultaneously, can
One of which technology or two kinds of technologies is selected to be used in combination according to actual needs, it is more flexible.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that
The specific implementation mode of the present invention is only limitted to this, for those of ordinary skill in the art to which the present invention belongs, is not taking off
Under the premise of from present inventive concept, several simple deduction or replace can also be made, all shall be regarded as belonging to the present invention by institute
Claims of submission determine scope of patent protection.The foregoing description of the disclosed embodiments makes this field professional technique
Personnel can realize or use the application.Various modifications to these embodiments will be for those skilled in the art
It will be apparent that the general principles defined herein can be in the case where not departing from spirit herein or range, at it
It is realized in its embodiment.Therefore, the application is not intended to be limited to the embodiments shown herein, and is to fit to and this paper
The consistent widest range of disclosed principle and features of novelty.
Claims (10)
1. a kind of safety of physical layer privacy device towards access cloud framework, which is characterized in that wirelessly connect comprising C-RAN is serially connected in
Enter the safety of physical layer module between the Base-Band Processing pond BBU of planar network architecture and transceiving data, the safety of physical layer module connects
Enter the reception signal buffer area in C-RAN wireless access planar network architectures and send signal buffer area, and generate physical layer key, carries out
The safe transmission of receiving and transmitting signal.
2. the safety of physical layer privacy device according to claim 1 towards access cloud framework, which is characterized in that described
Safety of physical layer module includes:Channel estimation module, key production module, cipher key storage block, ciphertext generation module and decryption
Module, wherein
Channel estimation module, for from the pilot signal for receiving signal buffer area acquisition terminal transmission, estimating the letter of present channel
Road feature;
Key production module, for generating secret sequence according to the channel characteristics of present channel and signal to be sent, and by close
Key negotiator is modified secret sequence, generates key;
Cipher key storage block, for storing the key generated;
Be-encrypted data is utilized key generation secrets by ciphertext generation module when being used for transmission data;
Deciphering module, it is in plain text that data to be decrypted, which are utilized secret key decryption, when for receiving data.
3. the safety of physical layer privacy device according to claim 2 towards access cloud framework, which is characterized in that described
Key production module includes:Key sequence generation unit, key agreement unit and secrecy enhancement unit, wherein
Key sequence generation unit, for generating secret sequence according to the channel characteristics of present channel and signal to be sent;
Key agreement unit, it is inconsistent for correcting both sides' secret sequence by base station key negotiator and terminal key negotiator
Complete secret sequence amendment in position;
Secrecy enhancement unit generates key for enhancing algorithm by secrecy to revised secret sequence.
4. the safety of physical layer privacy device according to claim 3 towards access cloud framework, which is characterized in that described
Key sequence generation unit, including:Terminal signaling estimator and multi-threshold quantizer, wherein
Terminal signaling estimator, for carrying out Base-Band Processing to signal, and according to present channel estimated result and data to be sent
Estimate receiving terminal output;
Multi-threshold quantizer, the output estimation result for being obtained according to terminal signaling estimator are quantified, and secret sequence is generated
Row.
5. the safety of physical layer privacy device according to claim 1 towards access cloud framework, which is characterized in that also include
Safe transmission parameter generation module for generating safe transmission parameter according to the current channel characteristics of estimation, and is transmitted to transmission
Signal buffer area auxiliary key generates.
6. a kind of safety of physical layer time slot scrambling towards access cloud framework, which is characterized in that in C-RAN wireless access planar network architectures
Base-Band Processing pond BBU and transceiving data between concatenate Claims 1 to 5 any one of them towards access cloud framework physics
Layer secret device, this method realize that process is as follows:
Pilot signal is obtained from reception signal buffer area and estimates the channel characteristics of present channel;
Secret sequence is generated using the channel characteristics of present channel and signal to be sent, and by key agreement device to secret sequence
It is modified, generates key, wherein the key storage of generation is in cipher key storage block;
Be-encrypted data is passed through into key generation secrets when transmission data;Data to be decrypted are passed through into secret key decryption when receiving data
For in plain text.
7. the safety of physical layer time slot scrambling according to claim 6 towards access cloud framework, which is characterized in that use
MMSE least mean-square error channel estimation methods estimate the channel characteristics of present channel.
8. the safety of physical layer time slot scrambling according to claim 6 towards access cloud framework, which is characterized in that using working as
The channel characteristics of preceding channel and signal to be sent generate secret sequence, including:Terminal signaling estimator carries out at base band signal
Reason, and according to present channel estimated result and data to be sent estimation receiving terminal output;Multi-threshold quantizer is according to terminal signaling
The output estimation result that estimator obtains is quantified, and secret sequence is generated.
9. the safety of physical layer time slot scrambling according to claim 6 towards access cloud framework, which is characterized in that by close
Key negotiator is modified secret sequence, including:It is private that both sides are corrected by base station key negotiator and terminal key negotiator
Secret sequence amendment is completed in the close inconsistent position of sequence, and enhances algorithm by secrecy to revised secret sequence and generate key.
10. the safety of physical layer time slot scrambling according to claim 9 towards access cloud framework, which is characterized in that pass through
Secrecy enhancing algorithm generates key, refers to:For secret sequence by using Hash Encryption Algorithm carry out secrecy enhancing generate it is close
Key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810113780.9A CN108419235A (en) | 2018-02-05 | 2018-02-05 | Safety of physical layer privacy device and its method towards access cloud framework |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810113780.9A CN108419235A (en) | 2018-02-05 | 2018-02-05 | Safety of physical layer privacy device and its method towards access cloud framework |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108419235A true CN108419235A (en) | 2018-08-17 |
Family
ID=63126942
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810113780.9A Pending CN108419235A (en) | 2018-02-05 | 2018-02-05 | Safety of physical layer privacy device and its method towards access cloud framework |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108419235A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116112919A (en) * | 2023-04-13 | 2023-05-12 | 南京邮电大学 | Network key generation method and system based on random channel and DH negotiation |
WO2023091217A1 (en) * | 2021-11-19 | 2023-05-25 | Qualcomm Incorporated | Physical layer secure communication |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104507085A (en) * | 2015-01-13 | 2015-04-08 | 重庆邮电大学 | Wireless body area network data encryption method |
CN104901795A (en) * | 2015-05-12 | 2015-09-09 | 南京邮电大学 | Physical layer key extraction method based on channel characteristic |
WO2015192264A1 (en) * | 2014-06-16 | 2015-12-23 | Orange | Method for checking the integrity of data transmitted through c-ran |
CN105933894A (en) * | 2016-04-29 | 2016-09-07 | 金梁 | Method for carrying out secret key extraction by utilizing random characteristic of received signal of receiving party |
CN106535255A (en) * | 2016-10-27 | 2017-03-22 | 北京邮电大学 | Method and device for resource scheduling and control based on C-RAN |
CN107196920A (en) * | 2017-04-28 | 2017-09-22 | 中国人民解放军信息工程大学 | A kind of key towards wireless communication system produces distribution method |
-
2018
- 2018-02-05 CN CN201810113780.9A patent/CN108419235A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015192264A1 (en) * | 2014-06-16 | 2015-12-23 | Orange | Method for checking the integrity of data transmitted through c-ran |
CN104507085A (en) * | 2015-01-13 | 2015-04-08 | 重庆邮电大学 | Wireless body area network data encryption method |
CN104901795A (en) * | 2015-05-12 | 2015-09-09 | 南京邮电大学 | Physical layer key extraction method based on channel characteristic |
CN105933894A (en) * | 2016-04-29 | 2016-09-07 | 金梁 | Method for carrying out secret key extraction by utilizing random characteristic of received signal of receiving party |
CN106535255A (en) * | 2016-10-27 | 2017-03-22 | 北京邮电大学 | Method and device for resource scheduling and control based on C-RAN |
CN107196920A (en) * | 2017-04-28 | 2017-09-22 | 中国人民解放军信息工程大学 | A kind of key towards wireless communication system produces distribution method |
Non-Patent Citations (2)
Title |
---|
宋扬: "C-RAN中LTE回传压缩技术的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
杨靖 等: "《分组传送网原理与技术》", 31 December 2015 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023091217A1 (en) * | 2021-11-19 | 2023-05-25 | Qualcomm Incorporated | Physical layer secure communication |
CN116112919A (en) * | 2023-04-13 | 2023-05-12 | 南京邮电大学 | Network key generation method and system based on random channel and DH negotiation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104022841B (en) | It is a kind of based on encrypted transmission and wirelessly take can communication means and system | |
CN102869013B (en) | Based on the safe communication system of radio channel characteristic | |
Liu et al. | Hybrid security mechanisms for wireless body area networks | |
CN101980558B (en) | Method for encryption authentication on Ad hoc network transmission layer protocol | |
CN104883741B (en) | A kind of resource allocation algorithm of cognitive radio networks | |
CN102035845B (en) | Switching equipment for supporting link layer secrecy transmission and data processing method thereof | |
CN105491563B (en) | Method and system for improving security rate of MISO security communication system by utilizing artificial noise | |
Liu et al. | Secure decode-and-forward relay SWIPT systems with power splitting schemes | |
Wang et al. | Cooperative key agreement for wireless networking: Key rates and practical protocol design | |
CN102256249A (en) | Identity authentication method and equipment applied to wireless network | |
Shi et al. | Hybrid cache placement for physical-layer security in cooperative networks | |
CN102833740A (en) | Privacy protection method during data aggregation of wireless sensor network | |
CN106879029A (en) | A kind of information transferring method of the high safety energy efficiency based on collaboration communication | |
CN109150855A (en) | A kind of robustness secure wireless communication transmission method optimizing power resource | |
CN106533656A (en) | Key multilayer mixed encryption/decryption method based on WSN | |
CN104113420A (en) | Identity based aggregate signcryption method | |
CN104620549B (en) | Key stream is aligned with the streaming of unjustified data flow | |
Ara et al. | A zero-sum power allocation game in the parallel Gaussian wiretap channel with an unfriendly jammer | |
CN102801522A (en) | Method for generating asymmetric channel communication key for wireless cooperative communication network | |
CN108419235A (en) | Safety of physical layer privacy device and its method towards access cloud framework | |
CN105847001A (en) | Device, system and method for digital microwave communication based on quantum encryption | |
CN106604270A (en) | Message encryption method by means of wireless physical layer information | |
CN103023646A (en) | Signcryption method capable of gathering signcryption texts | |
CN106507345A (en) | A kind of wireless relay communication method based on game theoretic safety of physical layer | |
CN108540287A (en) | Internet of Things safety management encryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180817 |
|
RJ01 | Rejection of invention patent application after publication |