CN108419235A - Safety of physical layer privacy device and its method towards access cloud framework - Google Patents

Safety of physical layer privacy device and its method towards access cloud framework Download PDF

Info

Publication number
CN108419235A
CN108419235A CN201810113780.9A CN201810113780A CN108419235A CN 108419235 A CN108419235 A CN 108419235A CN 201810113780 A CN201810113780 A CN 201810113780A CN 108419235 A CN108419235 A CN 108419235A
Authority
CN
China
Prior art keywords
key
physical layer
safety
module
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810113780.9A
Other languages
Chinese (zh)
Inventor
金梁
楼洋明
钟州
易鸣
周游
张胜军
黄宇
宋昊天
胡晓言
白慧卿
王旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN201810113780.9A priority Critical patent/CN108419235A/en
Publication of CN108419235A publication Critical patent/CN108419235A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L25/00Baseband systems
    • H04L25/02Details ; arrangements for supplying electrical power along data transmission lines
    • H04L25/0202Channel estimation
    • H04L25/024Channel estimation channel estimation algorithms
    • H04L25/0256Channel estimation using minimum mean square error criteria
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Abstract

The invention belongs to wireless communication technology field, more particularly to a kind of towards the safety of physical layer privacy device and its method that access cloud framework, which includes:The safety of physical layer module being serially connected between the Base-Band Processing pond BBU and transceiving data of C RAN wireless access planar network architectures, reception signal buffer area in the safety of physical layer module access C RAN wireless access planar network architectures and transmission signal buffer area, and physical layer key is generated, carry out the safe transmission of receiving and transmitting signal.The present invention and existing communication system degree of coupling are relatively low, and without carrying out larger change to existing communication framework, the safety of whole system can be promoted by only increasing independent safety of physical layer module;Physical layer key generation techniques and safety of physical layer transmission technology are organically combined, it is more flexible compared to existing safety of physical layer scheme reliable, there is important directive significance to the safety of cordless communication network.

Description

Safety of physical layer privacy device and its method towards access cloud framework
Technical field
The invention belongs to wireless communication technology field, more particularly to a kind of safety of physical layer secrecy towards access cloud framework Devices and methods therefor makes in safety of physical layer technology insertion access cloud framework, further enhances communication security reliability.
Background technology
Next generation mobile communication system is dedicated to diversified, differentiated service huge challenge after reply 2020, meets super High-speed, ultralow time delay, high-speed mobile, high energy efficiency and ultra high flux with link the multidimensional capacity index such as density, realize person to person Between information exchange between ultimate attainment communication experiences and people and object.Therefore, the safety problem in mobile communication is by people's Extensive concern.Fundamentally, the security threat of wireless communication comes from the opening of Electromagnetic Wave Propagation, and conventional security means Ensure communication security by upper-layer protocol and cryptography means, to the protection of physical layer there are safe short slab, therefore high-performance meter The rapid development of calculation machine brings immense pressure to conventional security.In addition the appearance of 5G new scenes, new business also pacifies conventional information Full technology proposes huge challenge, and the communication terminal and node of magnanimity should meet low time delay, high safety reliable communication requirement, Small, the resource-constrained embarrassment of own vol is faced again, and complicated calculating is directly generally required using traditional cipher mode Journey consumes a large amount of computing resource.Safety of physical layer technology utilizes radio channel characteristic, builds the communication peace based on user location Entirety system, makes up the physical layer short slab of wireless security, is the advantageous supplement to conventional security system.Meanwhile safety of physical layer skill Art utilizes the natural randomness of channel, effectively reduces the pressure of cryptographic algorithm, makes it possible the encryption of lightweight, high safety. In numerous next generation mobile communication system candidate technologies, wireless cloud access net C-RAN frameworks can be to the property of whole network Good gain can be generated, and operation cost can be reduced, the most probably extensive use in the following 5G networks.Therefore, by object Reason layer safe practice combine into access cloud framework in be 5G safety of physical layer reliable implementation.
Invention content
For deficiency in the prior art, the present invention provides a kind of safety of physical layer privacy device towards access cloud framework And its method, increase safety of physical layer module in existing C-RAN frameworks Base-Band Processing pond BBU, realizes that physical layer key generates With safe transmission, among making safety of physical layer technology insertion access cloud framework, it is easy to combine and realization, raising cordless communication network Safety.
According to design scheme provided by the present invention, a kind of safety of physical layer privacy device towards access cloud framework, packet It is described containing the safety of physical layer module being serially connected between the Base-Band Processing pond BBU and transceiving data of C-RAN wireless access planar network architectures Safety of physical layer module access C-RAN wireless access planar network architectures in reception signal buffer area and send signal buffer area, and Physical layer key is generated, the safe transmission of receiving and transmitting signal is carried out.
Above-mentioned, the safety of physical layer module includes:Channel estimation module, key production module, key storage mould Block, ciphertext generation module and deciphering module, wherein
Channel estimation module, for from the pilot signal for receiving signal buffer area acquisition terminal transmission, estimating present channel Channel characteristics;
Key production module for generating secret sequence according to the channel characteristics of present channel and signal to be sent, and is led to It crosses key negotiator to be modified secret sequence, generates key;
Cipher key storage block, for storing the key generated;
Be-encrypted data is utilized key generation secrets by ciphertext generation module when being used for transmission data;
Deciphering module, it is in plain text that data to be decrypted, which are utilized secret key decryption, when for receiving data.
Above-mentioned, the key production module includes:Key sequence generation unit, key agreement unit and secrecy enhancing Unit, wherein
Key sequence generation unit, for generating secret sequence according to the channel characteristics of present channel and signal to be sent;
Key agreement unit, for correcting both sides' secret sequence not by base station key negotiator and terminal key negotiator Complete secret sequence amendment in consistent position;
Secrecy enhancement unit generates key for enhancing algorithm by secrecy to revised secret sequence.
Above-mentioned, described key sequence generation unit, including:Terminal signaling estimator and multi-threshold quantizer, wherein
Terminal signaling estimator, for carrying out Base-Band Processing to signal, and according to present channel estimated result and to be sent Data estimate receiving terminal output;
Multi-threshold quantizer, the output estimation result for being obtained according to terminal signaling estimator are quantified, and are generated private Close sequence.
Above-mentioned, also include safe transmission parameter generation module, for generating safety according to the current channel characteristics of estimation Configured transmission, and be transmitted to and send the auxiliary key generation of signal buffer area.
A kind of safety of physical layer time slot scrambling towards access cloud framework, at the base band of C-RAN wireless access planar network architectures The above-mentioned safety of physical layer privacy device towards access cloud framework is concatenated between reason pond BBU and transceiving data, this method is realized Process is as follows:
Pilot signal is obtained from reception signal buffer area and estimates the channel characteristics of present channel;
Secret sequence is generated using the channel characteristics of present channel and signal to be sent, and by key agreement device to secret Sequence is modified, and generates key, wherein the key storage of generation is in cipher key storage block;
Be-encrypted data is passed through into key generation secrets when transmission data;Data to be decrypted are passed through into key when receiving data Decryption is in plain text.
In above-mentioned method, the channel characteristics of present channel are estimated using MMSE least mean-square error channel estimation methods.
In above-mentioned method, secret sequence is generated using the channel characteristics of present channel and signal to be sent, including:Terminal Signal estimator carries out Base-Band Processing to signal, and defeated according to present channel estimated result and data to be sent estimation receiving terminal Go out;The output estimation result that multi-threshold quantizer is obtained according to terminal signaling estimator is quantified, and secret sequence is generated.
In above-mentioned method, secret sequence is modified by key agreement device, including:Pass through base station key negotiator The inconsistent position of both sides' secret sequence is corrected with terminal key negotiator and completes secret sequence amendment, and to revised secret sequence Enhance algorithm by secrecy and generates key.
In above-mentioned method, algorithm is enhanced by secrecy and generates key, refers to:For secret sequence by using but it is unlimited Secrecy enhancing, which is carried out, in Hash Encryption Algorithm generates key.
Beneficial effects of the present invention:
The pilot signal that signal buffer area receives is received in the present invention is sent into channel estimation module completion channel estimation, it is close Key generator generates secret sequence using estimation gained channel parameter with ciphertext, and the sequence consistent with terminal is obtained after key agreement Row are sent into secrecy enhancing module and are handled, obtain the key for signal encryption and decryption, wherein safe transmission parameter generates mould Block generates safe transmission auxiliary signal as optional module, using channel estimation parameters obtained, for improving the peace for generating key Quan Xing;It is relatively low with existing communication system degree of coupling, without carrying out larger change to existing communication framework, only increase independent object Reason layer security module can promote the safety of whole system;By physical layer key generation techniques and safety of physical layer transmission technology It is organically combined, it is more flexible compared to existing safety of physical layer scheme reliable, there is weight to the safety of cordless communication network The directive significance wanted.
Description of the drawings:
Fig. 1 is the safety of physical layer privacy device schematic diagram towards access cloud framework in embodiment;
Fig. 2 is safety of physical layer module diagram in embodiment;
Fig. 3 is key production module schematic diagram in embodiment;
Fig. 4 is key sequence generation unit schematic diagram in embodiment;
Fig. 5 be embodiment in safety of physical layer module C-RAN base station sides schematic diagram;
Fig. 6 is the safety of physical layer time slot scrambling towards access cloud framework in embodiment;
Fig. 7 is a kind of embodiment for extracting key in embodiment using terminal received signals.
Specific implementation mode:
To make the object, technical solutions and advantages of the present invention clearer, understand, below in conjunction with the accompanying drawings with technical solution pair The present invention is described in further detail.
The security threat of wireless communication comes from the opening of Electromagnetic Wave Propagation, and is passed in next generation mobile communication system System security means ensures communication security by upper-layer protocol and cryptography means, to the protection of physical layer there are safe short slab, because The rapid development of this high-performance computer brings immense pressure to conventional security.Radio Access Network wireless access networks RAN is made of the series transmission entity between service node interface and associated user's network interface, to transmit telecommunication service The wireless implementation system of transmission bearing capacity needed for providing, between can providing a user 7x24 hours not by wireless access network Disconnected, high quality data service.Traditional wireless access network has the characteristics that:First, each base station connects several fixed numbers The fan antenna of amount, and small region is covered, each base station can only handle this cell receiving and transmitting signal;Second, the capacity of system is Interference-limited, it has been difficult to increase spectrum efficiency that each base station, which works independently,;Third, base station are typically based on proprietary platform and open " vertical solution " of hair.And C-RAN is to handle (Centralized Processing) based on centralization, it is collaborative wireless The green of electricity (Collaborative Radio) and real-time cloud computing framework (Real-time Cloud Infrastructure) Wireless access network framework (Clean system).The basic thought of C-RAN be will own or partial baseband processing resource carry out It concentrates, form a base band resource pool and it is managed collectively and is dynamically distributed, to reduce base station machine room quantity, reduce Energy consumption realizes resource-sharing and dynamic dispatching using Collaborative, virtualization technology, improves spectrum efficiency, to reach low cost, The operation of high bandwidth and flexibility ratio.For next generation mobile communication system, wireless cloud access net C-RAN frameworks can be to entire net The performance of network generates good gain, and can reduce operation cost, the most probably extensive use in the following 5G networks.For This, the embodiment of the present invention one is shown in Figure 1, provides a kind of safety of physical layer privacy device towards access cloud framework, including The safety of physical layer module being serially connected between the Base-Band Processing pond BBU and transceiving data of C-RAN wireless access planar network architectures, it is described The reception signal buffer area and send signal buffer area that safety of physical layer module accesses in C-RAN wireless access planar network architectures, and it is raw At physical layer key, the safe transmission of receiving and transmitting signal is carried out.
Secret communication is to prevent confidential information to be intercepted between communication object, by the performance shape of agreement method change information Formula, with the communication mode of its hidden true content.Three encryption, reception, decryption processes are generally divided into, sender will need to send Content ciphertext is converted by encryption rule, that is, key;After receiving ciphertext, recipient uses and the matched solution of encryption key Close key pair ciphertext is decrypted, and obtains transferring content.Safety of physical layer is first of natural cover for defense of communication security, Neng Gouwei Secret signalling provides irreplaceable guarantee.For this purpose, it is based on embodiment one, in an alternative embodiment of the invention, referring to Shown in Fig. 2, safety of physical layer module includes:It is channel estimation module 001, key production module 002, cipher key storage block 003, close Literary generation module 004 and deciphering module 005, wherein
Channel estimation module 001, for from the pilot signal for receiving signal buffer area acquisition terminal transmission, estimating current letter The channel characteristics in road;
Key production module 002 for generating secret sequence according to the channel characteristics of present channel, and passes through key agreement Device is modified secret sequence, generates key;
Cipher key storage block 003, for storing the key generated;
Be-encrypted data is utilized key generation secrets by ciphertext generation module 004 when being used for transmission data;
Deciphering module 005, it is in plain text that data to be decrypted, which are utilized secret key decryption, when for receiving data.
The natural opening of wireless channel so that the safe transmission of information is even more important.The intrinsic reciprocity of wireless channel, Uniqueness, time variation are so that it can which the random sources shared as communicating pair extracts key.Key enhancing is cipher key-extraction Important step.Based on above-described embodiment, for the estimation of channel characteristics for present channel as a result, shown in Figure 3, of the invention is another In one embodiment, key production module 002 includes:Key sequence generation unit 201, key agreement unit 202 and secrecy increase Strong unit 203, wherein
Key sequence generation unit 201, for generating secret sequence according to the channel characteristics of present channel;
Key agreement unit 202, for correcting both sides' secret sequence by base station key negotiator and terminal key negotiator It arranges inconsistent position and completes secret sequence amendment;
Secrecy enhancement unit 203 generates key for enhancing algorithm by secrecy to revised secret sequence.Secrecy increases Hash Encryption Algorithm or other such as Encryption Algorithm based on extractor may be used in strong algorithms, to carry out key enhancing.
The intrinsic time variation of wireless channel, channel parameter are time-varying, the key come out based on channel characteristics parameter extraction There are randomnesss for sequence, for this purpose, an alternative embodiment of the invention, shown in Figure 4, key sequence generation unit 201, packet Contain:Terminal signaling estimator 2101 and multi-threshold quantizer 2102, wherein
Terminal signaling estimator 2101 for carrying out Base-Band Processing to signal, and according to present channel estimated result and waits for Transmission data estimates receiving terminal output;
Multi-threshold quantizer 2102, the output estimation result for being obtained according to terminal signaling estimator are quantified, raw At secret sequence.
According to actual needs, shown in Figure 5, physical security privacy device of the invention also includes that safe transmission parameter is given birth to At module, signal buffer area auxiliary is sent for generating safe transmission parameter according to the current channel characteristics of estimation, and being transmitted to Key generates.PLSU is concatenated between transceiving data and BBU, while PLSU accesses receive signal buffer area and send signal buffer Area.Modules A:Channel estimation module is utilized from the pilot signal for obtaining terminal in signal buffer area and sending is received, and estimates current letter Road, and channel estimation results are sent into module B and module G.Module B:The channel characteristics that key generator is estimated using modules A And the encrypted data that module F is generated generates secret sequence, and result is sent into module C.Module C:Key agreement device is according to key The secret sequence that generator generates generates negotiation sequence, is communicated with the key agreement device of terminal, completes key agreement, result is sent Enter module D.Module D:The key agreement that secrecy enhancing module is generated using secrecy enhancing algorithm processing module C is as a result, generate close Key is sent into module E.Module E:The key that pool of keys storage generates, encryption and decryption for sending and receiving data.Module F: When transmission data, be-encrypted data and key are sent into module F, generate ciphertext.Ciphertext is sent into BBU and completes subsequent processing, together When be sent into module B and complete next secondary key and generate.Module G:Safe transmission auxiliary is generated according to the channel estimation results of modules A Signal, which is sent into, sends signal buffer area.Module H:When receiving data, data to be decrypted and key feeding module H decryption generations are bright Text.In module B, predict to send signal according to the Base-Band Processing mode of the module F encrypted datas generated and BBU;In conjunction with pre- The channel estimation results generation secret sequence for sending signal and modules A of survey;If BBU uses disclosed Baseband processing algorithm, mould Block B directly can be realized voluntarily, if BBU does not use public algorithm, need BBU that relevant parameter is transferred to module B, to predict Send signal.
Embodiment based on above-mentioned apparatus, the present invention also provides a kind of safety of physical layer secrecy sides towards access cloud framework Method concatenates above-mentioned towards access cloud framework between the Base-Band Processing pond BBU and transceiving data of C-RAN wireless access planar network architectures Safety of physical layer privacy device, it is shown in Figure 6, this method realize process it is as follows:
A01 obtains pilot signal from reception signal buffer area and estimates the channel characteristics of present channel;
A02 generates secret sequence using the channel characteristics of present channel, and is carried out to secret sequence by key agreement device It corrects, generates key, wherein the key storage of generation is in cipher key storage block;
Be-encrypted data is passed through into key generation secrets when a03 transmission datas;Data to be decrypted are passed through when receiving data Secret key decryption is in plain text.
In above-mentioned method, the channel characteristics of present channel are estimated using MMSE least mean-square error channel estimation methods, The influence for taking mean value to carry out evolution again by the quadratic sum to error to reduce noise to estimation of channel characteristics.According to communication system Other channel estimation methods can also be used to realize in demand.
In above-mentioned method, secret sequence is generated using the channel characteristics of present channel, including:Terminal signaling estimator pair Signal carries out Base-Band Processing, and according to present channel estimated result and data to be sent estimation receiving terminal output;Multi-threshold quantifies The output estimation result that device is obtained according to terminal signaling estimator is quantified, and secret sequence is generated.
In above-mentioned method, secret sequence is modified by key agreement device, including:Pass through base station key negotiator The inconsistent position of both sides' secret sequence is corrected with terminal key negotiator and completes secret sequence amendment, and to revised secret sequence Enhance algorithm by secrecy and generates key.
In above-mentioned method, algorithm is enhanced by secrecy and generates key, refers to:Add by using Hash for secret sequence Close algorithm carries out hashed, carries out secrecy enhancing and generates key, according to system needs, other secrecy enhancings can also be used and calculate Method, such as the secrecy based on extractor enhance to complete key enhancing.
It is shown in Figure 7, in the present invention, a kind of embodiment of key, particular content are extracted using terminal received signals It is as follows:
Step S101, channel estimation module estimate current channel according to the pilot signal obtained from reception signal buffer area MMSE algorithms can be used in state, channel estimation method, and other channel estimation methods can also be used.Channel estimation results are sent into key Generator and safe transmission parameter generators.
Step S102, key generator include terminal signaling estimator and multi-threshold quantizer, wherein:
Step S102a, terminal signaling estimator complete Base-Band Processing function identical with BBU, and according to channel estimation knot The AD outputs of fruit and encryption data to be sent estimation receiving terminal, send estimated result into multi-threshold quantizer;
Step S102b quantifies terminal signaling estimated result using multi-threshold quantizer, generates secret sequence, send Enter key agreement device to be further processed.
Step S103, base station key negotiator exchange negotiation information with terminal key negotiator, correct both sides and generate key In inconsistent position.By taking the key agreement device based on forward error correction coding as an example, differed on the basis of the secret sequence of base station When position being caused to correct, the check bit of current secret sequence is calculated by base station key negotiator, and check bit is sent to terminal, terminal Key agreement device corrects the inconsistent position between itself secret sequence and base station secret sequence using check bit.With terminal secret sequence On the basis of when, step is same as above, and calculates check bit by terminal, inconsistent position is corrected in base station.It can also be used in the key agreement step Its cipher key agreement algorithm, such as Winnow algorithms or Cascade algorithms.
Step S104 corrects the feeding secrecy enhancing of the secret sequence behind inconsistent position module and is handled, generates key, should Hash secrecy enhancing algorithms may be used in step, and other secrecy enhancing algorithms can also be used, the secrecy enhancing such as based on extractor.
Step S105 will have been generated in key deposit pool of keys, taken when needing.
Step S106 encrypts data to be sent using the key in pool of keys, and common cryptography encryption may be used and calculate Key in pool of keys can also be carried out simple mould 2 with data and added by method, such as AES-256.It generates ciphertext and is sent into BBU, together When be sent into key generator and carry out next secondary key generation.
Step S107, safe transmission module are used for auxiliary key generating process, and generating safety according to channel estimation results passes Defeated parameter ensures transmission data safety.The module can be used for generating man made noise's parameter, can also directly generate antenna weighting Parameter.
Scheme is generated relative to traditional key, the present invention has at least the following advantages:(1) implementation leads to existing Believe that framework degree of coupling is relatively low, convenient for combining;(2) implementation is generated comprising physical layer safe transmission and key simultaneously, can One of which technology or two kinds of technologies is selected to be used in combination according to actual needs, it is more flexible.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that The specific implementation mode of the present invention is only limitted to this, for those of ordinary skill in the art to which the present invention belongs, is not taking off Under the premise of from present inventive concept, several simple deduction or replace can also be made, all shall be regarded as belonging to the present invention by institute Claims of submission determine scope of patent protection.The foregoing description of the disclosed embodiments makes this field professional technique Personnel can realize or use the application.Various modifications to these embodiments will be for those skilled in the art It will be apparent that the general principles defined herein can be in the case where not departing from spirit herein or range, at it It is realized in its embodiment.Therefore, the application is not intended to be limited to the embodiments shown herein, and is to fit to and this paper The consistent widest range of disclosed principle and features of novelty.

Claims (10)

1. a kind of safety of physical layer privacy device towards access cloud framework, which is characterized in that wirelessly connect comprising C-RAN is serially connected in Enter the safety of physical layer module between the Base-Band Processing pond BBU of planar network architecture and transceiving data, the safety of physical layer module connects Enter the reception signal buffer area in C-RAN wireless access planar network architectures and send signal buffer area, and generate physical layer key, carries out The safe transmission of receiving and transmitting signal.
2. the safety of physical layer privacy device according to claim 1 towards access cloud framework, which is characterized in that described Safety of physical layer module includes:Channel estimation module, key production module, cipher key storage block, ciphertext generation module and decryption Module, wherein
Channel estimation module, for from the pilot signal for receiving signal buffer area acquisition terminal transmission, estimating the letter of present channel Road feature;
Key production module, for generating secret sequence according to the channel characteristics of present channel and signal to be sent, and by close Key negotiator is modified secret sequence, generates key;
Cipher key storage block, for storing the key generated;
Be-encrypted data is utilized key generation secrets by ciphertext generation module when being used for transmission data;
Deciphering module, it is in plain text that data to be decrypted, which are utilized secret key decryption, when for receiving data.
3. the safety of physical layer privacy device according to claim 2 towards access cloud framework, which is characterized in that described Key production module includes:Key sequence generation unit, key agreement unit and secrecy enhancement unit, wherein
Key sequence generation unit, for generating secret sequence according to the channel characteristics of present channel and signal to be sent;
Key agreement unit, it is inconsistent for correcting both sides' secret sequence by base station key negotiator and terminal key negotiator Complete secret sequence amendment in position;
Secrecy enhancement unit generates key for enhancing algorithm by secrecy to revised secret sequence.
4. the safety of physical layer privacy device according to claim 3 towards access cloud framework, which is characterized in that described Key sequence generation unit, including:Terminal signaling estimator and multi-threshold quantizer, wherein
Terminal signaling estimator, for carrying out Base-Band Processing to signal, and according to present channel estimated result and data to be sent Estimate receiving terminal output;
Multi-threshold quantizer, the output estimation result for being obtained according to terminal signaling estimator are quantified, and secret sequence is generated Row.
5. the safety of physical layer privacy device according to claim 1 towards access cloud framework, which is characterized in that also include Safe transmission parameter generation module for generating safe transmission parameter according to the current channel characteristics of estimation, and is transmitted to transmission Signal buffer area auxiliary key generates.
6. a kind of safety of physical layer time slot scrambling towards access cloud framework, which is characterized in that in C-RAN wireless access planar network architectures Base-Band Processing pond BBU and transceiving data between concatenate Claims 1 to 5 any one of them towards access cloud framework physics Layer secret device, this method realize that process is as follows:
Pilot signal is obtained from reception signal buffer area and estimates the channel characteristics of present channel;
Secret sequence is generated using the channel characteristics of present channel and signal to be sent, and by key agreement device to secret sequence It is modified, generates key, wherein the key storage of generation is in cipher key storage block;
Be-encrypted data is passed through into key generation secrets when transmission data;Data to be decrypted are passed through into secret key decryption when receiving data For in plain text.
7. the safety of physical layer time slot scrambling according to claim 6 towards access cloud framework, which is characterized in that use MMSE least mean-square error channel estimation methods estimate the channel characteristics of present channel.
8. the safety of physical layer time slot scrambling according to claim 6 towards access cloud framework, which is characterized in that using working as The channel characteristics of preceding channel and signal to be sent generate secret sequence, including:Terminal signaling estimator carries out at base band signal Reason, and according to present channel estimated result and data to be sent estimation receiving terminal output;Multi-threshold quantizer is according to terminal signaling The output estimation result that estimator obtains is quantified, and secret sequence is generated.
9. the safety of physical layer time slot scrambling according to claim 6 towards access cloud framework, which is characterized in that by close Key negotiator is modified secret sequence, including:It is private that both sides are corrected by base station key negotiator and terminal key negotiator Secret sequence amendment is completed in the close inconsistent position of sequence, and enhances algorithm by secrecy to revised secret sequence and generate key.
10. the safety of physical layer time slot scrambling according to claim 9 towards access cloud framework, which is characterized in that pass through Secrecy enhancing algorithm generates key, refers to:For secret sequence by using Hash Encryption Algorithm carry out secrecy enhancing generate it is close Key.
CN201810113780.9A 2018-02-05 2018-02-05 Safety of physical layer privacy device and its method towards access cloud framework Pending CN108419235A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810113780.9A CN108419235A (en) 2018-02-05 2018-02-05 Safety of physical layer privacy device and its method towards access cloud framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810113780.9A CN108419235A (en) 2018-02-05 2018-02-05 Safety of physical layer privacy device and its method towards access cloud framework

Publications (1)

Publication Number Publication Date
CN108419235A true CN108419235A (en) 2018-08-17

Family

ID=63126942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810113780.9A Pending CN108419235A (en) 2018-02-05 2018-02-05 Safety of physical layer privacy device and its method towards access cloud framework

Country Status (1)

Country Link
CN (1) CN108419235A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116112919A (en) * 2023-04-13 2023-05-12 南京邮电大学 Network key generation method and system based on random channel and DH negotiation
WO2023091217A1 (en) * 2021-11-19 2023-05-25 Qualcomm Incorporated Physical layer secure communication

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104507085A (en) * 2015-01-13 2015-04-08 重庆邮电大学 Wireless body area network data encryption method
CN104901795A (en) * 2015-05-12 2015-09-09 南京邮电大学 Physical layer key extraction method based on channel characteristic
WO2015192264A1 (en) * 2014-06-16 2015-12-23 Orange Method for checking the integrity of data transmitted through c-ran
CN105933894A (en) * 2016-04-29 2016-09-07 金梁 Method for carrying out secret key extraction by utilizing random characteristic of received signal of receiving party
CN106535255A (en) * 2016-10-27 2017-03-22 北京邮电大学 Method and device for resource scheduling and control based on C-RAN
CN107196920A (en) * 2017-04-28 2017-09-22 中国人民解放军信息工程大学 A kind of key towards wireless communication system produces distribution method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015192264A1 (en) * 2014-06-16 2015-12-23 Orange Method for checking the integrity of data transmitted through c-ran
CN104507085A (en) * 2015-01-13 2015-04-08 重庆邮电大学 Wireless body area network data encryption method
CN104901795A (en) * 2015-05-12 2015-09-09 南京邮电大学 Physical layer key extraction method based on channel characteristic
CN105933894A (en) * 2016-04-29 2016-09-07 金梁 Method for carrying out secret key extraction by utilizing random characteristic of received signal of receiving party
CN106535255A (en) * 2016-10-27 2017-03-22 北京邮电大学 Method and device for resource scheduling and control based on C-RAN
CN107196920A (en) * 2017-04-28 2017-09-22 中国人民解放军信息工程大学 A kind of key towards wireless communication system produces distribution method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
宋扬: "C-RAN中LTE回传压缩技术的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
杨靖 等: "《分组传送网原理与技术》", 31 December 2015 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023091217A1 (en) * 2021-11-19 2023-05-25 Qualcomm Incorporated Physical layer secure communication
CN116112919A (en) * 2023-04-13 2023-05-12 南京邮电大学 Network key generation method and system based on random channel and DH negotiation

Similar Documents

Publication Publication Date Title
CN104022841B (en) It is a kind of based on encrypted transmission and wirelessly take can communication means and system
CN102869013B (en) Based on the safe communication system of radio channel characteristic
Liu et al. Hybrid security mechanisms for wireless body area networks
CN101980558B (en) Method for encryption authentication on Ad hoc network transmission layer protocol
CN104883741B (en) A kind of resource allocation algorithm of cognitive radio networks
CN102035845B (en) Switching equipment for supporting link layer secrecy transmission and data processing method thereof
CN105491563B (en) Method and system for improving security rate of MISO security communication system by utilizing artificial noise
Liu et al. Secure decode-and-forward relay SWIPT systems with power splitting schemes
Wang et al. Cooperative key agreement for wireless networking: Key rates and practical protocol design
CN102256249A (en) Identity authentication method and equipment applied to wireless network
Shi et al. Hybrid cache placement for physical-layer security in cooperative networks
CN102833740A (en) Privacy protection method during data aggregation of wireless sensor network
CN106879029A (en) A kind of information transferring method of the high safety energy efficiency based on collaboration communication
CN109150855A (en) A kind of robustness secure wireless communication transmission method optimizing power resource
CN106533656A (en) Key multilayer mixed encryption/decryption method based on WSN
CN104113420A (en) Identity based aggregate signcryption method
CN104620549B (en) Key stream is aligned with the streaming of unjustified data flow
Ara et al. A zero-sum power allocation game in the parallel Gaussian wiretap channel with an unfriendly jammer
CN102801522A (en) Method for generating asymmetric channel communication key for wireless cooperative communication network
CN108419235A (en) Safety of physical layer privacy device and its method towards access cloud framework
CN105847001A (en) Device, system and method for digital microwave communication based on quantum encryption
CN106604270A (en) Message encryption method by means of wireless physical layer information
CN103023646A (en) Signcryption method capable of gathering signcryption texts
CN106507345A (en) A kind of wireless relay communication method based on game theoretic safety of physical layer
CN108540287A (en) Internet of Things safety management encryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180817

RJ01 Rejection of invention patent application after publication