CN108966232B - Service network-based wireless Internet of things physical layer hybrid authentication method and system - Google Patents

Service network-based wireless Internet of things physical layer hybrid authentication method and system Download PDF

Info

Publication number
CN108966232B
CN108966232B CN201811140561.6A CN201811140561A CN108966232B CN 108966232 B CN108966232 B CN 108966232B CN 201811140561 A CN201811140561 A CN 201811140561A CN 108966232 B CN108966232 B CN 108966232B
Authority
CN
China
Prior art keywords
authentication
signal
internet
things
physical layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811140561.6A
Other languages
Chinese (zh)
Other versions
CN108966232A (en
Inventor
谢宁
张齐齐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN201811140561.6A priority Critical patent/CN108966232B/en
Publication of CN108966232A publication Critical patent/CN108966232A/en
Application granted granted Critical
Publication of CN108966232B publication Critical patent/CN108966232B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The utility model provides a service network-based wireless Internet of things physical layer hybrid authentication method, which is characterized by comprising the following steps: the internet access point sends a communication request to the service network, and the service network generates a seed of an encryption function; the method comprises the steps that a service network respectively sends notification signals carrying seeds of an encryption function to an internet access point and internet of things equipment, the internet access point and the internet of things equipment generate the same authentication code and key based on the notification signals, the internet access point sends training signals carrying the authentication code, and when the internet of things equipment passes the training signals through the authentication of an upper layer authentication method, inherent characteristics of a physical channel are obtained based on the training signals and serve as reference channel characteristics; the Internet access point generates a label signal based on the secret key and the shared Hash encryption function, the label signal is overlapped and embedded into the information signal to generate a carrier signal, the carrier signal is transmitted to the Internet of things equipment, and the Internet of things equipment carries out corresponding authentication based on the carrier signal and the secret key.

Description

Service network-based wireless Internet of things physical layer hybrid authentication method and system
Technical Field
The disclosure relates to the technical field of wireless internet of things, in particular to a service network-based wireless internet of things physical layer hybrid authentication method and system.
Background
Most internet of things devices have a wireless function, and a wireless network can support device connection anytime and anywhere, but due to the broadcasting characteristic of a wireless medium, it is much more difficult to ensure the security of the network in a wireless network environment than in a wired network environment. While traditional upper-layer authentication techniques based on encryption techniques may potentially prevent identity-based attacks in wireless networks, they are inefficient or ineffective in certain wireless internet of things scenarios. Meanwhile, the computing power and storage of the internet of things devices are limited, and the internet of things devices are developed by different manufacturers, so that large-scale internet of things connection is prevented by different digital languages and upper-layer communication programs. Efficiency and compatibility are two major challenges for implementing wireless internet of things security applications.
Existing physical layer authentication methods can be roughly classified into two types: passive physical layer authentication methods and active physical layer authentication methods. In a passive physical layer authentication method (hereinafter referred to as a passive method), a transmitter is authenticated as a unique signature using an inherent characteristic of a communication system. In the active physical layer authentication method (hereinafter referred to as the active method), an artificial tag is embedded in an information signal and then extracted at a receiver.
Passive methods are only applicable to static cases where the channel characteristics can be reliably extracted without being distorted by other factors, such as mobility or interference. Moreover, passive methods are designed for single device to single device authentication, and single device authentication for multiple devices is inconvenient. Active methods corrupt the original information, which can degrade the quality of the received signal. If the received signal-to-noise ratio is high enough, or if the parameter settings of the active method are not appropriate, the authentication tag is easily discovered by an attacker.
In the existing documents, there is no authentication protocol which is effective enough to meet the security requirement of wireless internet of things device communication.
Disclosure of Invention
In order to solve the problems, the wireless internet of things can obtain better performance, the safety of the wireless internet of things Network is improved, and by combining the characteristics of passive and active physical layer authentication methods, namely channel response and authentication tag information between legal transceivers, the disclosure provides a Service Network (SN) -based wireless internet of things physical layer hybrid authentication method and system. Therefore, the network security of the wireless Internet of things application can be ensured.
That is, the present disclosure is made to solve the above conventional problems, and an object of the present disclosure is to provide a service network-based physical layer hybrid authentication method and system for a wireless internet of things.
Therefore, a first aspect of the present disclosure provides a service network-based wireless internet of things physical layer hybrid authentication method (hereinafter, referred to as an authentication method), which is a wireless internet of things physical layer hybrid authentication method including a service network, an Access Point (AP), and an internet of things device, and is characterized by including: in the request transmission stage, an Internet access point sends a communication request of Internet of things equipment to a service network, and the service network generates a seed of an encryption function of the Internet of things equipment; in an initial transmission stage, the service network respectively sends notification signals carrying seeds of the encryption function to the internet access point and the internet of things equipment, the internet access point and the internet of things equipment generate the same authentication codes based on the notification signals, the internet access point sends training signals carrying the authentication codes to the internet of things equipment, and when the internet of things equipment passes the training signals through the authentication of an upper authentication method, the inherent characteristics of a physical channel are obtained based on the training signals and serve as reference channel characteristics; and a message transmission stage, wherein the internet access point and the internet of things equipment generate the same secret key based on the notification signal, the internet access point generates a label signal based on the information signal, the secret key and a shared hash encryption function, the label signal is overlapped and embedded into the information signal to generate a carrier signal, and the carrier signal is transmitted, the internet of things equipment receives the carrier signal and the information signal, obtains a target channel characteristic based on the information signal, compares the target channel characteristic with the reference channel characteristic, simultaneously checks whether the label signal exists in the carrier signal, and performs mixed physical layer authentication on the carrier signal.
In the disclosure, a service network sends a notification signal to an internet access point and an internet of things device, the internet access point and the internet of things device generate the same authentication code and the same key based on the notification signal, and generate a tag signal based on an information signal, the key and a shared hash encryption function. The internet access point superposes and embeds the label signal into an information signal to generate a carrier signal, and sends a training signal carrying the authentication code and the carrier signal to the internet of things equipment. The Internet of things equipment receives the training signal to obtain the inherent characteristic of a physical channel as a reference channel characteristic, obtains a target channel characteristic based on the information signal, compares the target channel characteristic with the reference channel characteristic, simultaneously identifies whether a label signal exists in the carrier signal, and performs mixed physical layer authentication on the carrier signal. Therefore, the application efficiency and storage problems of the wireless Internet of things equipment can be improved, and the compatibility problem of the Internet of things equipment is solved.
In the authentication method according to the first aspect of the present disclosure, the upper layer authentication method includes: the Internet of things equipment obtains a target authentication code based on the training signal, the authentication code generated by the Internet of things equipment is a reference authentication code, the target authentication code is compared with the reference authentication code, and when the target authentication code is the same as the reference authentication code, the upper layer authentication passes through the training signal.
In the authentication method according to the first aspect of the present disclosure, the reference channel characteristic is a reference channel response, the target channel characteristic is a target channel response, the reference channel response is compared with the target channel response, and when a distance between the reference channel response and the target channel response is smaller than a predetermined threshold, the first authentication is passed.
In the authentication method according to the first aspect of the present disclosure, the physical layer authentication method includes: the Internet of things equipment obtains a target information signal based on the carrier signal and obtains a first label signal based on the target information signal, the secret key and the shared Hash encryption function; the Internet of things equipment obtains a residual signal based on the carrier signal and obtains a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the second authentication when the result is greater than a certain specified threshold value. Physical layer authentication is feasible in heterogeneous coexistence environments, and thus, the compatibility problem of the internet of things equipment can be solved.
In the authentication method related to the first aspect of the present disclosure, the hybrid authentication method of the physical layer of the wireless internet of things specifically is that when the first authentication and the second authentication pass simultaneously, the carrier signal passes through the final authentication, so as to implement the hybrid authentication. Therefore, the communication safety of the Internet of things equipment is guaranteed.
In the authentication method according to the first aspect of the present disclosure, the seed of the encryption function is a seed of a pseudo-random number generator of the internet of things device. Thereby, randomness of the seed of the cryptographic function can be ensured.
A second aspect of the present disclosure provides a service network-based wireless internet of things physical layer hybrid authentication system, which includes a service network, a transmitting device, and a user device, and is based on group connection between internet of things devices, and includes: transmitting means for transmitting a communication request of a user device to a service network; a service network, configured to receive communication requests of a plurality of user devices in the same group, generate a seed of an encryption function of the user device, and send notification signals carrying the seed of the encryption function to the transmitting device and the user device, respectively, where the transmitting device generates a first authentication code based on the notification signals; a user device for generating a second authentication code identical to the first authentication code based on the notification signal. The transmitting device transmits a training signal carrying the first authentication code to the user device, when the user device passes the training signal authentication by an upper layer authentication method, the inherent characteristic of a physical channel is obtained based on the training signal and serves as a reference channel characteristic, the user device and the transmitting device generate the same secret key based on the notification signal, the transmitting device generates a tag signal based on an information signal, the secret key and a shared hash encryption function, the tag signal is overlapped and embedded into the information signal to generate a carrier signal, the carrier signal is transmitted, the user device receives the carrier signal, the target channel characteristic is obtained based on the carrier signal, the target channel characteristic is compared with the reference channel characteristic, and physical layer authentication is carried out on the carrier signal.
In the present disclosure, a service network transmits a notification signal to a transmitting apparatus and a user apparatus, which generate the same authentication code and key based on the notification signal and generate a tag signal based on an information signal, the key, and a shared hash encryption function. And the transmitting device superposes and embeds the label signal into an information signal to generate a carrier signal, and transmits the training signal carrying the authentication code and the carrier signal to the user device. The user device receives the training signal to obtain the inherent characteristic of a physical channel as a reference channel characteristic, obtains a target channel characteristic based on the information signal, compares the target channel characteristic with the reference channel characteristic, simultaneously identifies whether a label signal exists in the carrier signal, and performs mixed physical layer authentication on the carrier signal. Thus, wireless user device application efficiency and storage issues can be improved, as well as user device compatibility issues.
In an authentication system according to a second aspect of the present disclosure, the upper layer authentication method includes: and the user device obtains a target authentication code based on the training signal, the authentication code generated by the user device is a reference authentication code, the target authentication code and the reference authentication code are compared, and when the target authentication code is the same as the reference authentication code, the training signal is authenticated.
In the authentication system according to the second aspect of the present disclosure, the reference channel characteristic is a reference channel response, the target channel characteristic is a target channel response, the reference channel response is compared with the target channel response, and the first authentication is performed when a distance between the reference channel response and the target channel response is smaller than a predetermined threshold value.
In an authentication system according to a second aspect of the present disclosure, the physical layer authentication method includes: the user device obtaining a target information signal based on the carrier signal and obtaining a first tag signal based on the target information signal, the secret key and the shared hash encryption function; the user device obtaining a residual signal based on the carrier signal and obtaining a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the second authentication when the result is greater than a certain specified threshold value. Physical layer authentication is possible in a heterogeneous coexistence environment, and thus, the compatibility problem of the user equipment can be solved.
In the authentication system related to the second aspect of the present disclosure, the hybrid authentication method of the physical layer of the wireless internet of things specifically is that when the first authentication and the second authentication pass through at the same time, the carrier signal passes through the final authentication, so as to implement the hybrid authentication. Therefore, the communication safety of the Internet of things equipment is guaranteed.
In the authentication system according to the second aspect of the present disclosure, the seed of the encryption function is a seed of a pseudo random number generator of the user device. Thereby, randomness of the seed of the cryptographic function can be ensured.
The hybrid physical layer authentication technology provided by the disclosure combines the characteristics of an active method and a passive method, successfully avoids the defects of the active method and the passive method, and improves the system performance. The new method not only fills the defects of the existing physical layer authentication method in the field of wireless Internet of things, but also develops a new direction for the research of the wireless Internet of things physical layer authentication in the future.
Drawings
Fig. 1 is a schematic diagram illustrating a service network-based wireless internet of things physical layer hybrid authentication method model according to an example of the present disclosure.
Fig. 2 is a flow chart illustrating a service network-based wireless internet of things physical layer hybrid authentication method according to an example of the present disclosure.
Fig. 3 is a schematic diagram illustrating classification performance evaluation of a service network-based wireless internet of things physical layer authentication method according to an example of the present disclosure when the signal-to-noise ratio is 10 dB.
Fig. 4 is a schematic diagram illustrating classification performance evaluation of a service network-based wireless internet of things physical layer authentication method according to an example of the present disclosure when the signal-to-noise ratio is 20 dB.
Fig. 5 is a schematic diagram illustrating the identification performance evaluation of the service network-based wireless internet of things physical layer authentication method according to the example of the disclosure when the fading correlation coefficient is 0.95.
Fig. 6 is a schematic diagram illustrating an evaluation of the identification performance of a service network-based wireless internet of things physical layer authentication method according to an example of the present disclosure when the fading correlation coefficient is 0.9.
Fig. 7 is a schematic structural diagram illustrating a service network-based wireless internet of things physical layer hybrid authentication method according to an example of the present disclosure.
Fig. 8 is a schematic structural diagram illustrating a service network-based wireless internet of things physical layer hybrid authentication device according to an example of the present disclosure.
Detailed Description
Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In the following description, the same components are denoted by the same reference numerals, and redundant description thereof is omitted. The drawings are schematic and the ratio of the dimensions of the components and the shapes of the components may be different from the actual ones.
It should be noted that the terms "first," "second," "third," and "fourth," etc. in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram illustrating a service network-based wireless internet of things physical layer hybrid authentication method model according to an example of the present disclosure. In some examples, there may be one Service Network (SN) as shown in fig. 1. There may be one internet Access Point (AP). The internet of things device can comprise at least one. The internet of things device may be located within the wireless coverage of the SN and the AP. Examples of the present disclosure are not limited thereto, and there may be a plurality of internet Access Points (APs). Internet access points may also be referred to as "legitimate transmitters".
In some examples, in the authentication method model shown in fig. 1, the Service Network (SN) may be responsible for user identity, keys, and group connection management. The SN may also generate and manage keys for the internet devices and may help the internet of things devices establish group connection sessions.
In some examples, the internet of things device may maintain a secure connection with the SN through existing infrastructure. The Internet of things equipment can establish unsafe connection with the AP through a wireless medium connected with the center. The internet of things equipment can also communicate with other internet of things equipment in the same group through unsafe connection in the group connection.
In some examples, the Internet of things Device may include, but is not limited to, a smart phone, a laptop Computer, a Personal Computer (PC), a Personal Digital Assistant (PDA), a Mobile Internet Device (MID), a wearable Device (e.g., a smart watch, a smart bracelet, smart glasses), and various other electronic devices. The operating system of the user equipment or the test equipment may include, but is not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Black Berry operating system, a Windows Phone8 operating system, and the like. The internet of things devices may also be referred to as "legitimate receivers".
In addition, in some examples, an attacker may also be included in the authentication method model shown in fig. 1. An attacker may be used to disrupt communication transmissions between the service network, the internet of things device, and the internet access point. The attacker can be an illegal internet of things device or an illegal internet access point.
In some examples, as shown in fig. 1, dashed line a may represent a Request Transmission (RT). The dotted line B may represent Initial Transmission (IT). The solid line C may represent Message Transmission (MT).
Based on the wireless internet of things physical layer hybrid authentication method model, the disclosure relates to a wireless internet of things physical layer hybrid authentication method (hereinafter referred to as hybrid authentication method) based on a service network.
Fig. 2 is a flow chart illustrating a service network-based wireless internet of things physical layer hybrid authentication method according to an example of the present disclosure.
Based on the model shown in fig. 1, as shown in fig. 2, the service network-based wireless internet of things physical layer hybrid authentication method may include an internet Access Point (AP) sending a communication request of an internet of things device to a Service Network (SN), and the SN generating a seed of an encryption function of the internet of things device (step S100). Step S100 may be a request transmission phase of the authentication method.
In step S100, the seed of the encryption function may be a seed of a pseudo random number generator of the internet of things device. Thereby, randomness of the seed of the cryptographic function can be ensured.
In other examples, the cryptographic function may also contain a validity period of the initial transmission phase. The initial transmission phase is described subsequently. The initial transmission phase is completed within the validity period.
In some examples, as shown in fig. 2, the service network-based wireless internet of things physical layer hybrid authentication method may further include the service network transmitting a notification signal carrying a seed of an encryption function to an internet Access Point (AP) and an internet of things device, respectively (step S200).
In step S200, the service network may send a notification signal carrying the seed of the encryption function to the internet access point and the internet of things device through the secure channel. Wherein the secure channel may be a wired channel or a secure wireless channel.
In some examples, as shown in fig. 2, the service network-based wireless internet of things physical layer hybrid authentication method may further include that an internet access point and an internet of things device generate the same authentication code based on the notification signal, the internet Access Point (AP) transmits a training signal carrying the authentication code to the internet of things device, and when the internet of things device authenticates that the training signal passes through the upper layer authentication method, an inherent feature of a physical channel is obtained as a reference channel feature based on the training signal (step S300). Steps S200 and S300 may be an initial transmission phase of the hybrid authentication method.
Specifically, the internet access point and the internet of things device in step S300 may receive the notification signal and generate the same authentication code based on the notification signal. The AP can send a training signal carrying an authentication code to the Internet of things equipment. The internet of things equipment can authenticate the training signal through an upper-layer authentication method. The upper-layer authentication method comprises the steps that the Internet of things equipment can obtain a target authentication code based on a training signal, and the authentication code generated by the Internet of things equipment is a reference authentication code; and comparing the target authentication code with the reference authentication code, and when the target authentication code is the same as the reference authentication code, the upper layer authentication passes the training signal. When the IOT equipment passes the training signal through the upper layer authentication method, the inherent characteristics of the physical channel are obtained as the reference channel characteristics based on the training signal.
In some examples, the inherent characteristics of the physical channel in step S300 may also be referred to as "inherent characteristics of the communication link". The intrinsic characteristics may include, for example, RF signal characteristics and channel characteristics. The inherent characteristics of the communication link can be used in the authentication method as a unique signature to authenticate the transmitter. The reliability and the identifiability of the characteristics can be verified by the existing comprehensive theoretical model and laboratory experimental evaluation.
In other examples, the RF signal characteristics are difficult to use as physical layer authentication in internet of things networks because the acquisition characteristics require sampling of the RF signals in order of GHz, which is beyond the capabilities of most internet of things devices. Therefore, authentication can be performed more efficiently using the channel characteristics as an authentication function.
In some examples, the channel characteristic may be a channel response. Thus, the reference channel characteristic may be a reference channel response. In particular, the reference channel response hi(k) Can be sent from the AP to the Internet of things device D in the initial transmission stageiIs a zero-mean complex gaussian Random Variable (RV) of
Figure BDA0001815705690000091
Can be expressed as
Figure BDA0001815705690000092
αdThe number of the channels is more than or equal to 2, d can be the distance between the internet access point and the internet of things equipment, and lambda can be the wavelength of an information signal sent by the internet access point.
In some examples, as shown in fig. 2, the serving network-based wireless internet of things physical layer hybrid authentication method may further include that an internet Access Point (AP) and an internet of things device may generate the same key k based on the notification signaliInternet Access Point (AP) based information messagingThe number, the key, and the shared hash encryption function generate a tag signal, superimpose and embed the tag signal into an information signal to generate a carrier signal, and transmit the carrier signal (step S400).
In step S400, the internet access point may generate a tag signal based on the information signal, the key, and the shared hash encryption function. The tag signal may be denoted ti=g(si,ki). The length can be L, where g (-) is a hash function, siIs the original message. In the tag signal, it is possible to,
Figure BDA0001815705690000093
and
Figure BDA0001815705690000094
factors are assigned for the power of the message and tag, respectively. The information signal may be a signal containing information to be communicated by the AP. The AP can superpose and embed the label signal into the information signal to generate a carrier signal and transmit the carrier signal to the equipment of the Internet of things. I.e. the carrier signal may be an information signal in which the tag signal is embedded. The internet access point can transmit the carrier signal, and the internet of things equipment can receive the carrier signal and perform physical layer authentication. The carrier signal received by the internet of things device may be an information signal affected by a wireless channel. The carrier signal may be denoted yA,i(k+1)。
In some examples, as shown in fig. 2, the service network-based wireless internet of things physical layer hybrid authentication method may further include the internet of things device receiving the carrier signal and the information signal, obtaining a target channel characteristic based on the information signal, comparing the target channel characteristic with a reference channel characteristic, and simultaneously checking whether the carrier signal has a tag signal, and performing hybrid physical layer authentication on the carrier signal. (step S500) steps S400 and S500 may be a message transmission phase of the hybrid authentication method.
In step S500, the AP may transmit an information signal, and the internet of things device may receive the information signal and obtain a target channel characteristic based on the information signal.
In some examples, the target channel characteristic may be a target channel response. And comparing the reference channel response with the target channel response, and passing the authentication when the distance between the reference channel response and the target channel response is less than a specified threshold value. Therefore, the network connection safety of the Internet access point and the Internet of things equipment can be effectively ensured.
In some examples, the physical layer hybrid authentication may include a channel feature authentication (first authentication) and a tag authentication (second authentication).
In some examples, specifically channel characteristic authentication may include: the information signal transmitted by the AP may be yP,i(k + 1). Accordingly, a target channel response h is obtained based on the information signali(k + 1). Target channel response hi(k +1) and reference channel response hi(k) The kinetic model between can be modeled as h by a first order Gauss-Markov processi(k+1)=ahi(k) + ω (k), where ω (k) is the driving noise. a is in [0,1 ]]Is a fading correlation coefficient and can be determined by the channel doppler spread and the transmission bandwidth. The a value is small in fast fading and large in slow fading.
In some examples, the internet of things device (i.e., the legitimate receiver) in step S500 may implement authentication based on the information signal. In particular, a legitimate receiver may use the received information signal to estimate the channel response and compare it to a previous record of a legitimate channel. The basic principle of channel signature authentication is that the channel responses are spatially correlated over different geographical locations. The channel response between the legitimate transmitter and receiver is different from the channel response between the attacker and the receiver, and the channel responses are highly correlated in adjacent time phases for the same pair of transmitter and receiver, thereby effectively ensuring the network connection security of the legitimate transmitter and the legitimate receiver. In some examples, the transmitter may be an internet access point and the legitimate receiver may be an internet of things device.
In some examples, legitimate receiver DiCan estimate the signal y from the informationP,iTarget channel response h of (k +1)i(k +1) and compares it with the reference channel response hi(k) The comparison is made for authenticating the transmitter. For example,if the reference channel responds to hi(k) With a target channel response hiThe distance between (k +1) and the norm two is less than the threshold, then the AP is authenticable. I.e., the AP is legitimate. For the data from the attacker DjTarget channel response h of the received signalj(k +1), reference channel response hi(k) With a target channel response hj(k +1) is independent, the distance is usually larger than the threshold, and the authentication cannot be passed, i.e. the AP is illegal.
In some examples, tag authentication may include: the Internet of things equipment can obtain a target information signal based on the carrier signal and obtain a first label signal based on the target information signal, the secret key and the shared Hash encryption function; the Internet of things equipment obtains a residual signal based on the carrier signal and obtains a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the authentication when the result is greater than a certain specified threshold value. Therefore, the network connection safety of the legal transmitter and the legal receiver can be effectively ensured. Physical layer authentication is feasible in heterogeneous coexistence environments, and thus the compatibility problem of the internet of things devices can be solved.
In some examples, tag authentication in particular may include: the equipment of the Internet of things can receive a carrier signal yA,iRecovering target information signal in (k +1)
Figure BDA0001815705690000111
And further generates a key with a shared key kiFirst tag signal of
Figure BDA0001815705690000112
The internet of things device may then be based on the carrier signal yA,i(k +1) construction of the residual Signal riFrom the residual signal riIn extracting the second tag signal tiI.e. based on the residual signal riObtaining a second tag signal ti. Comparing the first label signal
Figure BDA0001815705690000113
And a second tag signal tiThe transmitter is authenticated. Due to lack of key kiThe attacker cannotGenerating a first tag signal
Figure BDA0001815705690000114
Authentication cannot be passed.
In some examples, as shown in fig. 3, 4, 5, and 6, the qualification accuracy of any physical layer authentication method may be evaluated based on classification performance and identification performance. Legally receiving and computing the distance of the matching score and making a classification or identification decision. Both performance indicators can be theoretically calculated by assuming a test model, and in the present disclosure, the channel estimation error can be neglected.
Fig. 3 is a schematic diagram illustrating classification performance evaluation of a service network-based wireless internet of things physical layer authentication method according to an example of the present disclosure when the signal-to-noise ratio is 10 dB. Fig. 4 is a schematic diagram illustrating classification performance evaluation of a service network-based wireless internet of things physical layer authentication method according to an example of the present disclosure when the signal-to-noise ratio is 20 dB. For the classification of K internet of things devices, K intra-hypothesis testing techniques may be applied to apply to K legitimate receivers. Suppose that
Figure BDA0001815705690000115
Is from a legitimate internet of things device DiObtaining a signal of wherein
Figure BDA0001815705690000116
A measure of the probability is represented and,
Figure BDA0001815705690000117
may represent the likelihood that a signal received from an internet of things device j is classified as coming from an internet of things device i, may be based on a test feature vector fiAnd a reference feature vector fR,iThe characteristic distance between them deduces this probability. Test feature vector fiMatches all reference feature vectors and is assigned the identity of the minimum distance score. For the passive authentication method, the feature vector f is testediIncluding a target channel response
Figure BDA0001815705690000118
And reference feature vector fR,iIncluding a reference channel response hi(k) In that respect For the active authentication method, the feature vector f is testediIncluding a first tag signal
Figure BDA0001815705690000119
And reference feature vector fR,iIncluding a second tag signal ti. For the hybrid authentication method, the feature vector f is testediIncluding a target channel response
Figure BDA00018157056900001110
And a first tag signal
Figure BDA00018157056900001111
Reference feature vector fR,iIncluding a reference channel response hi(k) And a second tag signal ti
Consider the use of two internet of things devices to evaluate classification performance in terms of feature distance. In some examples, as shown in fig. 3, 4, where d2=10m,α=2,fc=2GHz,
Figure BDA00018157056900001112
L-16, signal-to-noise ratio SNR1Is shown as
Figure BDA0001815705690000121
For comparison, the feature distances of the passive and active methods are normalized, and the feature distances of the hybrid method combine the feature distances of the passive and active methods. It can be seen that with the distance d between the internet access point and the internet of things device2Increasing, the classification performance of the three methods gradually decreases to a stable value. As shown in FIG. 3, the performance of the active method is lower than that of the passive method, as shown in FIG. 5, with SNR as a function of signal-to-noise ratio1With increasing values, the performance of the active method is better than the performance of the passive method. In both cases, the performance of the hybrid approach has been much higher than the active and passive approaches. Thus, it can be concluded that: since channel estimation errors are ignored, howeverThe influence of noise on the residual signal is taken into account, so the active method has an influence on the signal-to-noise ratio SNR1Is more sensitive, while the mixing method is relatively less affected and the performance is best.
Fig. 5 is a schematic diagram illustrating the identification performance evaluation of the service network-based wireless internet of things physical layer authentication method according to the example of the disclosure when the fading correlation coefficient is 0.95. Fig. 6 is a schematic diagram illustrating an evaluation of the identification performance of a service network-based wireless internet of things physical layer authentication method according to an example of the present disclosure when the fading correlation coefficient is 0.9.
In some examples, as shown in fig. 5 and 6, wherein
Figure BDA0001815705690000122
Is an assumption of the received signal from a legitimate receiver,
Figure BDA0001815705690000123
indicating that the received signal is from an unknown transmitter. All K legitimate internet of things devices that store reference feature vectors in a database of SNs can be considered a class. When in use
Figure BDA0001815705690000124
When true, the assumption obtained
Figure BDA0001815705690000125
May be referred to as a "false alarm. The false alarm probability may be represented by PFAAnd (4) showing. When P is presentFA≤εPFAThe optimal threshold is determined by maximizing the detection Probability (PD) PDIs determined where epsilonPFAIs the allowable upper limit for PFA. If the minimum feature distance score is greater than the threshold, the test feature is identified as being from an illegal transmitter
Figure BDA0001815705690000126
Otherwise, is judged to be from a legal transmitter
Figure BDA0001815705690000127
In some examples, as shown in fig. 5 and 6, which illustrate the identification performance of three methods, the signal-to-noise ratio of the reference channel is 10db, i.e., SNR1=10dB,εPFA0.01, the parameters are the same as in fig. 3 and 4, except that a is 0.95 in fig. 5 and a is 0.9 in fig. 6. As shown in FIG. 5, when d1When the signal-to-noise ratio is small, i.e. the distance between the legitimate transmitter and receiver is short, the active method is superior to the passive method because it has coding gain when the signal-to-noise ratio is large, and the hybrid method tends to be the same as the active method. But with the distance d between the internet access point and the internet of things device1Increasingly, the performance of the active method decreases and becomes worse than the performance of the passive method. For larger d1Value due to constant value being responded by reference channel hi(k) The performance of the passive method is reduced to a constant value, similar to the results in fig. 3 and 4. At this time, the performance of the hybrid approach tends to be the same as the passive approach. Furthermore, as can be seen from fig. 6, as a decreases, the channel dynamics increase and the reference channel response h is showni(k) The performance of the passive method is reduced, the performance of the active method is not affected, and the hybrid method is not affected after being affected a little in the early stage.
The disclosure also relates to a service network-based wireless internet of things physical layer hybrid authentication system, which comprises a service network, a transmitting device and a user device. The transmitting device and the internet access point can be the same concept, and the user device and the internet of things device can be the same concept.
In some examples, the user device may maintain a secure connection with the services network through the existing infrastructure. It is assumed that the service network is honest and strictly protocol-compliant. The user device may establish an unsecured connection with the transmitting device over the wireless medium of the central connection. The user device may also communicate with other user devices in the same group through an unsecured connection in the group connection.
Fig. 7 is a schematic structural diagram illustrating a service network-based wireless internet of things physical layer hybrid authentication system according to an example of the present disclosure. In some examples, as shown in fig. 7, the structure of the service network-based wireless internet of things physical layer hybrid authentication system according to examples of the present disclosure may include a service network 10 (e.g., a server), a transmitting device 20 (e.g., a wireless router), and a user device 30 (e.g., a mobile phone).
In some examples, the serving network 10 may be used to be responsible for user identity, keys, and group connection management, and the serving network 10 may generate and manage keys for the user devices 30 and help the user devices 30 establish a group connection session, each user device 30 may maintain a secure connection with the serving network 10 through existing infrastructure.
In some examples, the service network 10 may receive a communication request of the user device 30 sent by the transmitting device 20, and if the user device 30 belongs to an identification database of the service network 10, the service network 10 may generate a seed of an encryption function of the user device 30 and may send a notification signal carrying the seed of the encryption function to the transmitting device 20 and the user device 30 through a secure channel.
In some examples, transmitting device 20 may have powerful computing and memory capabilities and may send a communication request of user device 30 to serving network 10.
In some examples, the transmitting device 20 may generate an authentication code based on the notification signal carrying the seed of the encryption function sent by the service network 10, send a training signal carrying the authentication code to the user device 30, and compare with the authentication code generated by the user device 30 in the hybrid method to check the validity of the training signal. The authentication code comparison may be seen in step S300.
In some examples, the transmitting apparatus 20 may be used to provide a training signal. Wherein, the inherent characteristic of the physical channel of the training signal can be used as the reference channel characteristic. The transmitting means 20 may also be used to provide information signals. The inherent characteristic of the physical channel of the information signal is taken as the target channel characteristic.
In some examples, transmitting device 20 may send a communication request of user device 30 to serving network 10. The transmitting device 20 may generate a key based on the notification signal carrying the seed of the encryption function transmitted by the service network 10, generate a tag signal based on the information signal, the key, and the shared hash encryption function, superimpose the tag signal into the information signal to generate a carrier signal, and transmit the carrier signal to the user device 30.
In some examples, user device 30 may obtain an intrinsic characteristic of the physical channel as a reference channel characteristic based on the training signal. The user device 30 may also obtain a target channel characteristic based on the information signal. The user device 30 can perform channel characteristic authentication (first authentication) of the transmitting device 20 and the user device 30 by comparing the reference channel characteristic and the target channel characteristic. The comparison method of the reference channel characteristic and the target channel characteristic may refer to step S500.
In some examples, the user device 30 may also obtain a target information signal based on the carrier signal and obtain a first tag signal based on the target information signal, the key, and the shared hash encryption function; the user device 30 may obtain a residual signal based on the carrier signal and obtain a second label signal based on the residual signal; the user apparatus 30 may perform correlation matching between the two tag signals, and pass the tag authentication (second authentication) when the result is greater than a predetermined threshold. The comparison method of the tag authentication can be seen in step S500.
Fig. 8 is a schematic structural diagram illustrating a service network-based wireless internet of things physical layer hybrid authentication device according to an example of the present disclosure. In some examples, as shown in fig. 8, authentication device 40 includes a processor 401 and a memory 402. The processor 401 and the memory 402 are connected to a communication bus, respectively. The memory 402 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory). Those skilled in the art will appreciate that the configuration of the authentication device 40 shown in fig. 8 is not intended to limit the present disclosure, and may be a bus configuration, a star configuration, a combination of more or fewer components than those shown in fig. 8, or a different arrangement of components.
The processor 401 is a control center of the authentication device 40, and may be a Central Processing Unit (CPU), and the processor 401 is connected to various portions of the entire authentication device 40 by using various interfaces and lines, and is configured to run or execute software programs and/or modules stored in the memory 402, and call program codes stored in the memory 402, so as to perform all or part of the operations in the service network-based wireless internet of things physical layer hybrid authentication method.
In the present disclosure, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the units is merely a logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the disclosure.
In addition, each functional unit in the embodiments of the present disclosure may be integrated into one processing unit, each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a memory and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
This embodiment discloses a computer readable storage medium, and those skilled in the art will understand that all or part of the steps in the above-mentioned various physical layer hybrid authentication methods can be implemented by a program (instructions) to instruct related hardware, where the program (instructions) can be stored in a computer readable memory (storage medium), and the memory can include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
While the present disclosure has been described in detail in connection with the drawings and examples, it should be understood that the above description is not intended to limit the disclosure in any way. Those skilled in the art can make modifications and variations to the present disclosure as needed without departing from the true spirit and scope of the disclosure, which fall within the scope of the disclosure.

Claims (6)

1. A service network-based wireless Internet of things physical layer hybrid authentication method is characterized in that,
the method comprises the following steps:
in the request transmission stage, an Internet access point sends a communication request of Internet of things equipment to a service network, and the service network generates a seed of an encryption function of the Internet of things equipment;
in an initial transmission stage, the service network respectively sends notification signals carrying seeds of the encryption function to the internet access point and the internet of things equipment, the internet access point and the internet of things equipment generate the same authentication codes based on the notification signals, the internet access point sends training signals carrying the authentication codes to the internet of things equipment, and when the internet of things equipment passes the training signals through the authentication of an upper authentication method, the inherent characteristics of a physical channel are obtained based on the training signals and serve as reference channel characteristics;
a message transmission phase, in which the internet access point and the internet of things device generate the same secret key based on the notification signal, the internet access point generates a tag signal based on an information signal, the secret key and a shared hash encryption function, the tag signal is superimposed and embedded into the information signal to generate a carrier signal, and the carrier signal is transmitted, the internet of things device receives the carrier signal and the information signal, obtains a target channel characteristic based on the information signal, compares the target channel characteristic with the reference channel characteristic, simultaneously checks whether the tag signal exists in the carrier signal, and performs physical layer authentication on the carrier signal, wherein the reference channel characteristic is a reference channel response, the target channel characteristic is a target channel response, and the reference channel response is compared with the target channel response, when the distance between the reference channel response and the target channel response is smaller than a specified threshold value, the physical layer authentication method passes the first authentication and comprises the following steps: the Internet of things equipment obtains a target information signal based on the carrier signal and obtains a first label signal based on the target information signal, the secret key and the shared Hash encryption function; the Internet of things equipment obtains a residual signal based on the carrier signal and obtains a second label signal based on the residual signal; performing correlation matching on the two tag signals, and passing second authentication when the result is greater than a certain specified threshold value; and the mixed authentication comprises the first authentication and the second authentication, and when the first authentication and the second authentication pass simultaneously, the carrier signal passes the final authentication to realize the mixed authentication.
2. The wireless internet of things physical layer hybrid authentication method of claim 1, wherein:
the upper layer authentication method comprises the following steps:
the Internet of things equipment obtains a target authentication code based on the training signal, the authentication code generated by the Internet of things equipment is a reference authentication code, the target authentication code is compared with the reference authentication code, and when the target authentication code is the same as the reference authentication code, the upper layer authentication passes through the training signal.
3. The wireless internet of things physical layer hybrid authentication method of claim 1, wherein:
the seed of the encryption function is the seed of a pseudo random number generator of the Internet of things equipment.
4. A wireless Internet of things physical layer hybrid authentication system based on a service network is a wireless Internet of things physical layer hybrid authentication system comprising a service network, a transmitting device and a user device,
the method comprises the following steps:
the transmitting means for sending a communication request of a user device to a serving network,
the service network is used for generating a seed of an encryption function of the user device and respectively sending a notification signal carrying the seed of the encryption function to the transmitting device and the user device, and the transmitting device generates a first authentication code based on the notification signal; and
the user device for generating a second authentication code identical to the first authentication code based on the notification signal,
wherein the transmitting device transmits a training signal carrying the first authentication code to the user device, when the user device authenticates the training signal by an upper layer authentication method, an inherent characteristic of a physical channel is obtained as a reference channel characteristic based on the training signal, the user device and the transmitting device generate the same secret key based on the notification signal, the transmitting device generates a tag signal based on an information signal, the secret key and a shared hash encryption function, superimposes and embeds the tag signal on the information signal to generate a carrier signal, and transmits the carrier signal, the user device receives the carrier signal, obtains a target channel characteristic based on the carrier signal, compares the target channel characteristic with the reference channel characteristic, and performs physical layer authentication on the carrier signal, wherein, the reference channel characteristic is a reference channel response, the target channel characteristic is a target channel response, the reference channel response is compared with the target channel response, and when the distance between the reference channel response and the target channel response is smaller than a specified threshold value, the physical layer authentication method passes a first authentication, and comprises the following steps: the user device obtaining a target information signal based on the carrier signal and obtaining a first tag signal based on the target information signal, the secret key and the shared hash encryption function; the user device obtaining a residual signal based on the carrier signal and obtaining a second label signal based on the residual signal; performing correlation matching on the two tag signals, and passing second authentication when the result is greater than a certain specified threshold value; and the mixed authentication comprises the first authentication and the second authentication, and when the first authentication and the second authentication pass simultaneously, the carrier signal passes the final authentication to realize the mixed authentication.
5. The wireless internet of things physical layer hybrid authentication system of claim 4, wherein:
the upper layer authentication method comprises the following steps:
and the user device obtains a target authentication code based on the training signal, the authentication code generated by the user device is a reference authentication code, the target authentication code and the reference authentication code are compared, and when the target authentication code is the same as the reference authentication code, the training signal is authenticated.
6. The wireless internet of things physical layer hybrid authentication system of claim 4, wherein:
the seed of the encryption function is a seed of a pseudo random number generator of the user device.
CN201811140561.6A 2018-09-28 2018-09-28 Service network-based wireless Internet of things physical layer hybrid authentication method and system Active CN108966232B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811140561.6A CN108966232B (en) 2018-09-28 2018-09-28 Service network-based wireless Internet of things physical layer hybrid authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811140561.6A CN108966232B (en) 2018-09-28 2018-09-28 Service network-based wireless Internet of things physical layer hybrid authentication method and system

Publications (2)

Publication Number Publication Date
CN108966232A CN108966232A (en) 2018-12-07
CN108966232B true CN108966232B (en) 2021-04-20

Family

ID=64471195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811140561.6A Active CN108966232B (en) 2018-09-28 2018-09-28 Service network-based wireless Internet of things physical layer hybrid authentication method and system

Country Status (1)

Country Link
CN (1) CN108966232B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109933595B (en) * 2019-02-27 2021-08-13 深圳智链物联科技有限公司 Internet of things equipment information sharing system and device and terminal equipment
CN112564918B (en) * 2020-12-03 2022-08-12 深圳大学 Lightweight active cross-layer authentication method in smart grid
CN113242548B (en) * 2021-07-09 2021-09-17 四川大学 Wireless Internet of things equipment communication key exchange method under 5G network environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102256249A (en) * 2011-04-02 2011-11-23 电子科技大学 Identity authentication method and equipment applied to wireless network
US20170251364A1 (en) * 2015-08-19 2017-08-31 University Of Electronic Science And Technology Of China Cross-layer Authentication Method based on Radio Frequency Fingerprint
WO2017189590A1 (en) * 2016-04-29 2017-11-02 Pcms Holdings, Inc. System and method for physical layer authentication and key agreement

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102256249A (en) * 2011-04-02 2011-11-23 电子科技大学 Identity authentication method and equipment applied to wireless network
US20170251364A1 (en) * 2015-08-19 2017-08-31 University Of Electronic Science And Technology Of China Cross-layer Authentication Method based on Radio Frequency Fingerprint
WO2017189590A1 (en) * 2016-04-29 2017-11-02 Pcms Holdings, Inc. System and method for physical layer authentication and key agreement

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《基于标签信号的物理层安全认证》;宋华伟 张胜军;《电子与信息学报》;20180531;全文 *
《基于物理层密钥的消息加密和认证机制》;李兴志,金梁,钟州,楼洋明;《网络与信息安全学报》;20180831;全文 *

Also Published As

Publication number Publication date
CN108966232A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
CN110678770B (en) Positioning information verification
CN109068284B (en) Physical layer authentication method and system based on group connection among Internet of things devices
CN102204305B (en) Home node-b apparatus and security protocols
Cassola et al. A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication.
KR100922906B1 (en) Bootstrapping authentication using distinguished random challenges
Tang et al. Exploiting wireless received signal strength indicators to detect evil-twin attacks in smart homes
CN113614572A (en) Base station location authentication
CN108966232B (en) Service network-based wireless Internet of things physical layer hybrid authentication method and system
WO2008094452A2 (en) Method and apparatus for securing location information and access control using the location information
KR20120055683A (en) Methods and apparatus for deriving, communicating and/or verifying ownership of expressions
KR101410764B1 (en) Apparatus and method for remotely deleting important information
US20080090612A1 (en) Method of authenticating devices for communication over short range air interfaces
CN114982197B (en) Authentication method, system and storage medium
CN109348477B (en) Wireless internet of things physical layer authentication method based on service network
CN113079508A (en) Data transmission method, device and equipment based on block chain network
Yaseen et al. Marc: A novel framework for detecting mitm attacks in ehealthcare ble systems
CN114039732B (en) Physical layer authentication method, system, equipment and computer readable storage medium
Amoordon et al. A single supervised learning model to detect fake access points, frequency sweeping jamming and deauthentication attacks in IEEE 802.11 networks
US20140057601A1 (en) Method of authenticating a first and a second entity at a third entity
EP1398934B1 (en) Secure access to a subscription module
Crowe et al. Distributed unit security for 5G base-stations using blockchain
Nika et al. Toward practical spectrum permits
WO2020062072A1 (en) Wireless internet of things physical layer hybrid authentication method and system based on service network
KR20140105280A (en) Apparatus for analyzing vulnerableness of wireless lan
KR20220155867A (en) Method and apparatus for performing uwb (ultra wide band) secure ranging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant