CN109068284B - Physical layer authentication method and system based on group connection among Internet of things devices - Google Patents

Physical layer authentication method and system based on group connection among Internet of things devices Download PDF

Info

Publication number
CN109068284B
CN109068284B CN201811142085.1A CN201811142085A CN109068284B CN 109068284 B CN109068284 B CN 109068284B CN 201811142085 A CN201811142085 A CN 201811142085A CN 109068284 B CN109068284 B CN 109068284B
Authority
CN
China
Prior art keywords
internet
signal
things
physical layer
devices
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811142085.1A
Other languages
Chinese (zh)
Other versions
CN109068284A (en
Inventor
谢宁
张齐齐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN201811142085.1A priority Critical patent/CN109068284B/en
Publication of CN109068284A publication Critical patent/CN109068284A/en
Application granted granted Critical
Publication of CN109068284B publication Critical patent/CN109068284B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Abstract

The utility model provides a physical layer authentication method based on group connection among Internet of things devices, which is characterized by comprising the following steps: in the request transmission stage, a service network receives communication requests of a plurality of devices of the same group of Internet of things and generates seeds of corresponding encryption functions; in the initial transmission stage, a service network sends notification signals carrying seeds of the same encryption function to a plurality of Internet of things devices; and in the message transmission stage, the plurality of internet of things devices generate the same secret key based on the notification signal, each internet of things device generates a label signal based on the secret key and the shared Hash encryption function, the label signal is overlapped and embedded into the information signal to generate a carrier signal, the carrier signal is broadcasted to other internet of things devices in the same group, and the other internet of things devices receive the carrier signal to perform physical layer authentication.

Description

Physical layer authentication method and system based on group connection among Internet of things devices
Technical Field
The disclosure relates to the technical field of wireless communication, in particular to a physical layer authentication method and system based on group connection among Internet of things devices.
Background
Most internet of things devices have a wireless function, and a wireless network can support device connection anytime and anywhere, but due to the broadcasting characteristic of a wireless medium, it is much more difficult to ensure the security of the network in a wireless network environment than in a wired network environment. While traditional upper-layer authentication techniques based on encryption techniques may potentially prevent identity-based attacks in wireless networks, they are inefficient or ineffective in certain wireless internet of things scenarios.
Meanwhile, the computing power and storage of the internet of things devices are limited, and the internet of things devices are developed by different manufacturers, so that large-scale internet of things connection is prevented by different digital languages and upper-layer communication programs. Efficiency and compatibility are two major challenges for implementing wireless internet of things security applications.
In the existing literature, the authentication protocol only depends on long-distance connection, the communication time is long, the communication capacity is poor, the development and popularization of the internet of things technology are hindered, and an effective authentication protocol is not enough to meet the requirements of safety, efficiency and compatibility of wireless internet of things equipment communication.
Disclosure of Invention
In order to solve the problems and enable the wireless internet of things to obtain better performance, when the physical layer authentication method is introduced into the wireless internet of things, the disclosure provides a physical layer authentication method and a physical layer authentication system based on group connection among internet of things devices. In the published literature, physical layer authentication methods can be roughly classified into two categories: an active physical layer authentication method (hereinafter, referred to as an active method) and a passive physical layer authentication method. The authentication method and system proposed by the present disclosure can be applied to an active method. Therefore, the network safety of the wireless Internet of things application can be ensured, the efficiency and storage problems of the wireless Internet of things application are effectively improved, and the compatibility problem of the Internet of things equipment is solved.
That is, the present disclosure is made to solve the above conventional problems, and an object of the present disclosure is to provide a physical layer authentication method and system based on group connection between devices in the internet of things.
Therefore, a first aspect of the present disclosure provides a physical layer authentication method (hereinafter, referred to as an authentication method) based on group connection between internet of things devices, which is a wireless internet of things physical layer authentication method including a Service Network (SN) and an internet of things device, and is characterized by including: in the request transmission stage, a service network receives communication requests of a plurality of devices of the internet of things in the same group and generates corresponding seeds of the encryption function; in an initial transmission stage, the service network sends notification signals carrying the same seeds of the encryption function to a plurality of internet of things devices; and in the message transmission stage, the plurality of internet of things devices generate the same secret key based on the notification signal, each internet of things device generates a label signal based on the information signal, the secret key and a shared hash encryption function, the label signal is overlapped and embedded into the information signal to generate a carrier signal, the carrier signal is broadcasted to other internet of things devices in the same group, and the other internet of things devices receive the carrier signal to perform physical layer authentication.
In the disclosure, a service network sends a notification signal to an internet of things device, the internet of things device generates the same secret key based on the notification signal, generates a tag signal based on an information signal, the secret key and a shared hash encryption function, superposes and embeds the tag signal into the information signal to generate a carrier signal, broadcasts the carrier signal to other internet of things devices in the same group, and the other internet of things devices receive the carrier signal to perform physical layer authentication. Therefore, the application efficiency and storage problems of the wireless Internet of things equipment can be improved, and the compatibility problem of the Internet of things equipment is solved.
In a physical layer authentication method according to a first aspect of the present disclosure, the physical layer authentication method includes: the Internet of things equipment obtains a target information signal based on the carrier signal and obtains a first label signal based on the target information signal, the secret key and the shared Hash encryption function; the Internet of things equipment obtains a residual signal based on the carrier signal and obtains a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the authentication when the result is greater than a certain specified threshold value. Physical layer authentication is feasible in heterogeneous coexistence environments, and thus, the compatibility problem of the internet of things equipment can be solved.
In the physical layer authentication method according to the first aspect of the present disclosure, the seed of the encryption function is a seed of a pseudo random number generator of the internet of things device. Thereby, randomness of the seed of the cryptographic function can be ensured.
In the physical layer authentication method according to the first aspect of the present disclosure, the cryptographic function further includes a validity period of the initial transmission phase, and the initial transmission phase is completed within the validity period.
A second aspect of the present disclosure provides a physical layer authentication device based on a group connection between devices of the internet of things, which includes a processor that executes a computer program stored in the memory to implement the physical layer authentication method of any one of the above; and a memory.
A third aspect of the disclosure provides a computer-readable storage medium. The computer-readable storage medium stores at least one instruction that when executed by a processor implements the physical layer authentication method of any of the first aspects above.
A fourth aspect of the present disclosure provides a physical layer authentication system based on group connection between internet of things devices, including: a service network, configured to receive communication requests of a plurality of user devices in the same group, generate seeds of corresponding encryption functions, and send notification signals carrying the same seeds of the encryption functions to the plurality of user devices; a plurality of user devices for generating the same secret key based on the notification signal, generating a label signal based on the information signal, the secret key and a shared hash encryption function, embedding the label signal into the information signal in an overlapping manner to generate a carrier signal, broadcasting the carrier signal to other user devices in the same group, and receiving the carrier signal by other user devices to perform physical layer authentication.
In the disclosure, a service network sends a notification signal to a plurality of user apparatuses, the plurality of user apparatuses generate the same key based on the notification signal, generate a tag signal based on an information signal, the key and a shared hash encryption function, superimpose and embed the tag signal into the information signal to generate a carrier signal, broadcast the carrier signal to other user apparatuses in the same group, and the other user apparatuses receive the carrier signal to perform physical layer authentication. Thus, wireless user device application efficiency and storage issues can be improved, as well as user device compatibility issues.
In a physical layer authentication system according to a fourth aspect of the present disclosure, the physical layer authentication method includes: the user device obtaining a target information signal based on the carrier signal and obtaining a first tag signal based on the target information signal, the secret key and the shared hash encryption function; the user device obtaining a residual signal based on the carrier signal and obtaining a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the authentication when the result is greater than a certain specified threshold value. Physical layer authentication is possible in a heterogeneous coexistence environment, and thus, the compatibility problem of the user equipment can be solved.
In the physical layer authentication system according to the fourth aspect of the present disclosure, the seed of the encryption function is a seed of a pseudo random number generator of the user device. Thereby, randomness of the seed of the cryptographic function can be ensured.
In the physical layer authentication system according to the fourth aspect of the present disclosure, the seed of the encryption function further includes an effective period of an initial transmission phase, and a notification signal that carries the same seed of the encryption function is transmitted to the plurality of user apparatuses by the service network is realized in the effective period.
In the method, the internet of things equipment is developed by different manufacturers, the large-scale internet of things connection is obstructed by different digital languages and upper-layer communication programs, and the physical layer authentication introduced under the new authentication method and system is feasible in the heterogeneous coexistence environment, so that the compatibility problem of the internet of things equipment can be solved. The novel physical layer authentication method and system provided by the disclosure not only fill the defects of the existing protocol in the field of unlimited Internet of things, but also develop a new direction for the research of the physical layer authentication protocol in future.
Drawings
Fig. 1 is a schematic diagram illustrating a physical layer authentication method model based on group connection between devices of the internet of things according to an example of the present disclosure.
Fig. 2 is a flowchart illustrating a physical layer authentication method based on group connection between devices of the internet of things according to an example of the present disclosure.
Fig. 3 is a schematic diagram illustrating classification performance evaluation of a physical layer authentication method based on group connection between internet of things devices according to an example of the present disclosure when a signal-to-noise ratio is 10 dB.
Fig. 4 is a schematic diagram illustrating classification performance evaluation of a physical layer authentication method based on group connection between internet of things devices according to an example of the present disclosure when a signal-to-noise ratio is 20 dB.
Fig. 5 is a schematic diagram illustrating an evaluation of the identification performance of the physical layer authentication method based on the group connection between the internet of things devices according to the example of the present disclosure when the fading correlation coefficient is 0.95.
Fig. 6 is a schematic diagram illustrating an evaluation of the identification performance of the physical layer authentication method based on the group connection between the internet of things devices according to the example of the present disclosure when the fading correlation coefficient is 0.9.
Fig. 7 is a schematic structural diagram illustrating a physical layer authentication system based on group connection between devices of the internet of things according to an example of the present disclosure.
Fig. 8 is a schematic structural diagram illustrating a physical layer authentication device based on a group connection between devices of the internet of things according to an example of the present disclosure.
Detailed Description
Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In the following description, the same components are denoted by the same reference numerals, and redundant description thereof is omitted. The drawings are schematic and the ratio of the dimensions of the components and the shapes of the components may be different from the actual ones.
It should be noted that the terms "first," "second," "third," and "fourth," etc. in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram illustrating a physical layer authentication method model based on group connection between devices of the internet of things according to an example of the present disclosure. In some examples, there may be one Service Network (SN) as shown in fig. 1. The internet of things device can include at least two. The internet of things device may be located within a wireless coverage range of the SN.
In some examples, in the authentication method model shown in fig. 1, a Service Network (SN) may be responsible for user identity, key, and group connection management, and may also generate and manage keys for internet devices and may help internet of things devices to establish group connection sessions. The internet of things equipment can be safely connected with the SN through the existing infrastructure, and can also be communicated with other internet of things equipment in the same group through unsafe connection in group connection.
In some examples, the Internet of things Device may include, but is not limited to, a smart phone, a laptop Computer, a Personal Computer (PC), a Personal Digital Assistant (PDA), a Mobile Internet Device (MID), a wearable Device (e.g., a smart watch, a smart bracelet, smart glasses), and various other electronic devices. The operating system of the user equipment or the test equipment may include, but is not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Black Berry operating system, a Windows Phone8 operating system, and the like. The internet of things devices may also be referred to as "legitimate receivers".
In addition, in some examples, an attacker may also be included in the authentication method model shown in fig. 1. An attacker may be used to disrupt the communication transmission between the services network and the internet of things device. The attacker can be an illegal internet of things device.
In some examples, as shown in fig. 1, dashed line a may represent a Request Transmission (RT). The dotted line B may represent Initial Transmission (IT). The solid line C may represent Message Transmission (MT).
Based on the above wireless internet of things physical layer authentication method model, the present disclosure relates to a physical layer authentication method (may be referred to as an "authentication method" for short) based on group connection between internet of things devices.
Fig. 2 is a flowchart illustrating a physical layer authentication method based on group connection between devices of the internet of things according to an example of the present disclosure.
Based on the model shown in fig. 1, as shown in fig. 2, the physical layer authentication method based on group connection between internet of things devices may include that the internet of things devices send a communication request to a Service Network (SN), and the Service Network (SN) generates a seed of a cryptographic function of the internet of things devices (step S100). Step S100 may be a request transmission phase of the authentication method.
In step S100, the seed of the encryption function may be a seed of a pseudo random number generator of the internet of things device. Thereby, randomness of the seed of the cryptographic function can be ensured.
In other examples, the cryptographic function may also contain a validity period of the initial transmission phase. The initial transmission phase is described subsequently. The initial transmission phase is completed within the validity period.
In some examples, as shown in fig. 2, the physical layer authentication method based on group connection between internet of things devices may further include the service network transmitting a notification signal carrying a seed of an encryption function to the plurality of internet of things devices, respectively (step S200). Step S200 may be an initial transmission phase of the authentication method.
In step S200, the service network may send a notification signal carrying the seed of the encryption function to the internet of things device through the secure channel. Wherein the secure channel may be a wired channel or a secure wireless channel.
In some examples, as shown in fig. 2, the physical layer authentication method based on group connection between internet of things devices may further include a plurality of internet of things devices generating the same key based on the notification signal, each of the internet of things devices generating a tag signal based on the information signal, the key, and the shared hash encryption function (step S300).
In step S300, each internet of things device may receive the notification signal, and generate the same key k based on the notification signali. Each Internet of things device can be based on information signals and a secret key kiAnd sharing the hash encryption function to generate the tag signal. The tag signal may be denoted ti=g(si,ki). The length can be L, where g (-) is a hash function, siIs the original message. In the tag signal, it is possible to,
Figure BDA0001816031390000061
and
Figure BDA0001816031390000062
factors are assigned for the power of the message and tag, respectively. The information signal may be a signal containing information to be communicated by the internet of things device.
In some examples, as shown in fig. 2, the physical layer authentication method based on group connection between internet of things devices may further include that each internet of things device superimposes and embeds a tag signal into a carrier signal generated by an information signal, and broadcasts the carrier signal to other internet of things devices in the same group, and the other internet of things devices accept the carrier signal to perform physical layer authentication (step S400). Step S400 may be a message transmission phase of the authentication method. Therefore, the network connection safety between the Internet of things devices can be effectively guaranteed.
In some examples, in step S400, tag ti=g(si,ki) The carrier signal may be generated embedded in the information signal. I.e. the carrier signal may be an information signal in which the tag is embedded. Each internet of things device may broadcast the carrier signal to other internet of things devices in the same group.
In some examples, other internet of things devices may receive the carrier signal and perform physical layer authentication in step S400. The carrier signal received by other internet of things devices may be an information signal affected by a wireless channel. The carrier signal may be denoted yA,i(k+1)。
In some examples, a physical layer authentication method may include: the Internet of things equipment can obtain a target information signal based on the carrier signal and obtain a first label signal based on the target information signal, the secret key and the shared Hash encryption function; the Internet of things equipment obtains a residual signal based on the carrier signal and obtains a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the authentication when the result is greater than a certain specified threshold value. And the secret key is only known by the Internet of things equipment in the group, and the secret key is not known by the Internet of things equipment in the non-group, so that the communication safety of the Internet of things equipment in the group can be ensured. Physical layer authentication is feasible in heterogeneous coexistence environments, and thus, the compatibility problem of the internet of things equipment can be solved.
In particular, the internet of things device may be slave to the carrier signal yA,iRecovering target information signal in (k +1)
Figure BDA0001816031390000071
And further generates a key with a shared key kiFirst tag signal of
Figure BDA0001816031390000072
The internet of things device may then be based on the carrier signal yA,i(k +1) construction of the residual Signal riFrom the residual signal riIn extracting the second tag signal tiI.e. based on the residual signal riObtaining a second tag signal ti. Comparing the first label signal
Figure BDA0001816031390000073
And a second tag signal tiThe transmitter is authenticated. Due to lack of key kiThe attacker cannot generate the first tag signal
Figure BDA0001816031390000074
Authentication cannot be passed. In some examples, the receiver may be a receiving internet of things device and the transmitter may be a transmitting internet of things device.
In some examples, as shown in fig. 3, 4, 5, and 6, the qualification accuracy of any physical layer authentication method can be evaluated based on classification performance and recognition performance, legally accept and calculate the distance of the matching score and make a classification or identification decision. Both performance indicators can be theoretically calculated by assuming a test model, and in the present disclosure, the channel estimation error can be neglected.
Fig. 3 is a schematic diagram illustrating classification performance evaluation of a physical layer authentication method based on group connection between internet of things devices according to an example of the present disclosure when a signal-to-noise ratio is 10 dB. Fig. 4 is a schematic diagram illustrating classification performance evaluation of a physical layer authentication method based on group connection between internet of things devices according to an example of the present disclosure when a signal-to-noise ratio is 20 dB. For K Internet of things devicesIn classification, a K-interior hypothesis testing technique may be applied to fit K legitimate receivers. Suppose that
Figure BDA0001816031390000081
Is from a legitimate internet of things device DiObtaining a signal of wherein
Figure BDA0001816031390000082
A measure of the probability is represented and,
Figure BDA0001816031390000083
may represent the likelihood that a signal received from an internet of things device j is classified as coming from an internet of things device i, may be based on a test feature vector fiAnd a reference feature vector fR,iThe characteristic distance between them deduces this probability. Test feature vector fiMatches all reference feature vectors and is assigned the identity of the minimum distance score. For the authentication method, the feature vector f is testediIncluding a first tag signal
Figure BDA0001816031390000084
And reference feature vector fR,iIncluding a second tag signal ti
The present disclosure contemplates using two internet of things devices to evaluate classification performance in terms of feature distance. In some examples, as shown in fig. 3, 4, where d2=10m,α=2,fc=2GHz,
Figure BDA0001816031390000085
L-16, signal-to-noise ratio SNR1Is shown as
Figure BDA0001816031390000086
The characteristic distance of the authentication method is normalized, as can be seen with the distance d between the transmitter and the receiver2And increasing, the classification performance of the authentication method is gradually reduced to a stable value. FIG. 4 shows, as a function of SNR1The value increases, and the stable value of the authentication method increases.
Fig. 5 is a schematic diagram illustrating an evaluation of the identification performance of the physical layer authentication method based on the group connection between the internet of things devices according to the example of the present disclosure when the fading correlation coefficient is 0.95. Fig. 6 is a schematic diagram illustrating an evaluation of the identification performance of the physical layer authentication method based on the group connection between the internet of things devices according to the example of the present disclosure when the fading correlation coefficient is 0.9.
In some examples, as shown in fig. 5 and 6, wherein
Figure BDA0001816031390000087
Is an assumption of a received signal from a legitimate user,
Figure BDA0001816031390000088
indicating that the received signal is from an unknown transmitter. All K legitimate internet of things devices that store reference feature vectors in a database of SNs can be considered a class. When in use
Figure BDA0001816031390000089
When true, the assumption obtained
Figure BDA00018160313900000810
May be referred to as a "false alarm. The false alarm probability may be represented by PFAAnd (4) showing. When P is presentFA≤εPFAThe optimal threshold is determined by maximizing the detection Probability (PD) PDIs determined where epsilonPFAIs the allowable upper limit for PFA. If the minimum feature distance score is greater than the threshold, the test feature is identified as being from an illegal transmitter
Figure BDA0001816031390000091
Otherwise, is judged to be from a legal transmitter
Figure BDA0001816031390000092
In some examples, as shown in fig. 6 and 7, illustrating the identification performance of the authentication method, the signal-to-noise ratio of the reference channel is 10db, i.e., SNR1=10dB,εPFA0.01, except for fig. 5 where a is 0.95 and fig. 6 where a is 0.9, other parameters are added to fig. 3,The same as in fig. 4. As shown in fig. 5, when the distance d between the transmitter and the receiver is large1When the distance between the legitimate transmitter and receiver is small, the authentication method has coding gain when the signal-to-noise ratio is large, but with d1Increasing, the performance of the authentication method decreases. For larger d1The performance of the authentication method may decrease to a constant value, similar to the results in fig. 4 and 5. Furthermore, as can be seen from fig. 6, as a decreases, indicating that the channel dynamically increases, the performance of the authentication method is not affected.
The disclosure also relates to a physical layer authentication system based on group connection between internet of things devices, which comprises a service network and a user device. Wherein, the user device can be the same concept with the internet of things device. Information signals may be transmitted between user devices. For convenience of description, a user apparatus that transmits an information signal is referred to as a user transmitting apparatus. A user apparatus that receives an information signal is referred to as a user reception apparatus.
In some examples, the user device may maintain a secure connection with the services network through the existing infrastructure. It is assumed that the service network 10 is honest and strictly protocol-compliant. The user device may also communicate with other user devices in the same group through an unsecured connection in the group connection.
Fig. 7 is a schematic structural diagram illustrating a physical layer authentication system based on group connection between devices of the internet of things according to an example of the present disclosure. In some examples, as shown in fig. 7, the structure of the physical layer authentication system based on the group connection between the devices of the internet of things according to the examples of the present disclosure may include a service network 10 (e.g., a server), a user transmitting apparatus 20 (e.g., a mobile phone), and a user receiving apparatus 30 (e.g., a personal computer).
In some examples, the serving network 10 may be used to be responsible for user identity, key, and group connection management, and the serving network 10 may generate and manage keys for the user transmitting device 20 and the user receiving device 30 and help the user transmitting device 20 and the user receiving device 30 to establish a group connection session, each of which may be securely connected to the serving network 10 through existing infrastructure.
In some examples, the service network 10 may receive the communication request transmitted by the user transmitting device 20 and the user receiving device 30, and if the user transmitting device 20 and the user receiving device 30 and an identification database belonging to the service network 10, the service network 10 may generate a seed of an encryption function of the user device 30 and may transmit a notification signal carrying the seed of the encryption function to the user transmitting device 20 and the user receiving device 30 through a secure channel.
In some examples, the user transmitting apparatus 20 and the user receiving apparatus 30 may generate a key based on the notification signal carrying the seed of the encryption function sent by the service network 10, and further generate a tag signal based on the information signal, the key and the shared hash encryption function, and compare in the physical layer authentication process to implement the security authentication of the connection between the user transmitting apparatus 20 and the user receiving apparatus 30. The physical layer authentication method can be seen in step S400.
Fig. 8 is a schematic structural diagram illustrating a physical layer authentication device based on a group connection between devices of the internet of things according to an example of the present disclosure. In some examples, as shown in fig. 8, authentication device 40 includes a processor 401 and a memory 402. The processor 401 and the memory 402 are connected to a communication bus, respectively. The memory 402 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory). Those skilled in the art will appreciate that the configuration of the authentication device 40 shown in fig. 8 is not intended to limit the present disclosure, and may be a bus configuration, a star configuration, a combination of more or fewer components than those shown in fig. 8, or a different arrangement of components.
The processor 401 is a control center of the authentication device 40, and may be a Central Processing Unit (CPU), and the processor 401 is connected to various portions of the entire authentication device 40 by using various interfaces and lines, and is configured to run or execute software programs and/or modules stored in the memory 402, and call program codes stored in the memory 402, so as to perform all or part of the operations in the above physical layer authentication method based on group connection between devices in the internet of things.
In the present disclosure, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the units is merely a logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the disclosure.
In addition, each functional unit in the embodiments of the present disclosure may be integrated into one processing unit, each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solutions of the present disclosure may be embodied in the form of software products, and it will be understood by those skilled in the art that all or part of the steps in the various physical layer authentication methods of the foregoing embodiments may be implemented by related hardware through a program (instructions) which may be stored in a computer-readable memory (storage medium), and the memory may include: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
This embodiment discloses a computer readable storage medium, and those skilled in the art will understand that all or part of the steps in the above various authentication methods can be implemented by a program (instructions) to instruct related hardware, where the program (instructions) can be stored in a computer readable memory (storage medium), and the memory can include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
While the present disclosure has been described in detail in connection with the drawings and examples, it should be understood that the above description is not intended to limit the disclosure in any way. Those skilled in the art can make modifications and variations to the present disclosure as needed without departing from the true spirit and scope of the disclosure, which fall within the scope of the disclosure.

Claims (8)

1. A physical layer authentication method based on group connection between Internet of things devices is characterized in that,
the method comprises the following steps:
in the request transmission stage, a service network receives communication requests of a plurality of devices of the same group of Internet of things and generates seeds of corresponding encryption functions;
in an initial transmission stage, the service network sends notification signals carrying the same seeds of the encryption function to a plurality of internet of things devices; and
in a message transmission phase, the plurality of internet of things devices generate the same secret key based on the notification signal, each internet of things device generates a tag signal based on an information signal, the secret key and a shared hash encryption function, the tag signal is overlapped and embedded into the information signal to generate a carrier signal, the carrier signal is broadcasted to other internet of things devices in the same group, and the other internet of things devices receive the carrier signal to perform physical layer authentication, wherein the physical layer authentication method includes the following steps: the Internet of things equipment obtains a target information signal based on the carrier signal and obtains a first label signal based on the target information signal, the secret key and the shared Hash encryption function; the Internet of things equipment obtains a residual signal based on the carrier signal and obtains a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the authentication when the result is greater than a certain specified threshold value.
2. The physical layer authentication method of claim 1, wherein:
the seed of the encryption function is the seed of a pseudo random number generator of the Internet of things equipment.
3. The physical layer authentication method of claim 1, wherein:
the cryptographic function also contains a validity period of an initial transmission phase, the initial transmission phase being completed within the validity period.
4. A physical layer authentication device based on group connection between Internet of things devices is characterized in that,
the method comprises the following steps:
a processor executing the memory-stored computer program to implement the authentication method of one of claims 1 to 3; and
a memory.
5. A computer-readable storage medium, characterized in that,
the computer-readable storage medium stores at least one instruction that when executed by a processor implements the authentication method of any of claims 1 to 3.
6. A physical layer authentication system based on group connection between Internet of things devices is characterized in that,
the method comprises the following steps:
a service network, configured to receive communication requests of a plurality of user devices in the same group, generate seeds of corresponding encryption functions, and send notification signals carrying the same seeds of the encryption functions to the plurality of user devices; and
a plurality of user devices for generating the same key based on the notification signal, generating a tag signal based on an information signal, the key and a shared hash encryption function, generating a carrier signal by superimposing and embedding the tag signal into the information signal, and broadcasting the carrier signal to other user devices in the same group, the other user devices receiving the carrier signal for physical layer authentication, the physical layer authentication method comprising: the user device obtaining a target information signal based on the carrier signal and obtaining a first tag signal based on the target information signal, the secret key and the shared hash encryption function; the user device obtaining a residual signal based on the carrier signal and obtaining a second label signal based on the residual signal; and performing correlation matching on the two tag signals, and passing the authentication when the result is greater than a certain specified threshold value.
7. The physical layer authentication system of claim 6, wherein:
the seed of the encryption function is a seed of a pseudo random number generator of the user device.
8. The physical layer authentication system of claim 6, wherein:
the encryption function also includes an active period of an initial transmission phase within which the serving network is enabled to send notification signals carrying the same seed of the encryption function to a plurality of the user devices.
CN201811142085.1A 2018-09-28 2018-09-28 Physical layer authentication method and system based on group connection among Internet of things devices Active CN109068284B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811142085.1A CN109068284B (en) 2018-09-28 2018-09-28 Physical layer authentication method and system based on group connection among Internet of things devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811142085.1A CN109068284B (en) 2018-09-28 2018-09-28 Physical layer authentication method and system based on group connection among Internet of things devices

Publications (2)

Publication Number Publication Date
CN109068284A CN109068284A (en) 2018-12-21
CN109068284B true CN109068284B (en) 2021-05-25

Family

ID=64766537

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811142085.1A Active CN109068284B (en) 2018-09-28 2018-09-28 Physical layer authentication method and system based on group connection among Internet of things devices

Country Status (1)

Country Link
CN (1) CN109068284B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109769258B (en) * 2019-03-05 2020-01-31 深圳大学 Resource optimization method based on secure URLLC communication protocol
CN110381511B (en) * 2019-07-24 2020-11-20 深圳大学 Non-orthogonal multiple access authentication system based on shared physical layer authentication label
CN112492609B (en) * 2020-12-07 2021-05-18 广州大学 Wi-Fi signal fluctuation-based IoT equipment safety automatic pairing method and device
CN113242548B (en) * 2021-07-09 2021-09-17 四川大学 Wireless Internet of things equipment communication key exchange method under 5G network environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105846994A (en) * 2016-03-24 2016-08-10 深圳大学 Physical layer steganography method and physical layer steganography system
CN108156102A (en) * 2017-12-13 2018-06-12 深圳大学 The blind authentication method and system of frequency selective fading channels based on smoothing technique

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105846994A (en) * 2016-03-24 2016-08-10 深圳大学 Physical layer steganography method and physical layer steganography system
CN108156102A (en) * 2017-12-13 2018-06-12 深圳大学 The blind authentication method and system of frequency selective fading channels based on smoothing technique

Also Published As

Publication number Publication date
CN109068284A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
CN109068284B (en) Physical layer authentication method and system based on group connection among Internet of things devices
CN110678770B (en) Positioning information verification
CN114982197B (en) Authentication method, system and storage medium
JP5356409B2 (en) Abstraction functions in mobile handsets
KR101410764B1 (en) Apparatus and method for remotely deleting important information
CN109348477B (en) Wireless internet of things physical layer authentication method based on service network
CN108966232B (en) Service network-based wireless Internet of things physical layer hybrid authentication method and system
CN111246474B (en) Base station authentication method and device
CN113079508B (en) Data transmission method, device and equipment based on block chain network
US20120166801A1 (en) Mutual authentication system and method for mobile terminals
Karimi et al. Enhancing security and confidentiality in location-based data encryption algorithms
Ho Covert channel establishment through the dynamic adaptation of the sequential probability ratio test to sensor data in IoT
KR20120070808A (en) Rfid tag device and method of recognizing rfid tag device
CN112423302B (en) Wireless network access method, terminal and wireless access equipment
US9698983B2 (en) Method and apparatus for disabling algorithms in a device
WO2017040124A1 (en) System and method for detection of cloned devices
US20230308298A1 (en) Encrypted Response Timing for Presence Detection
CN105743859A (en) Method, device and system for authenticating light application
WO2020062072A1 (en) Wireless internet of things physical layer hybrid authentication method and system based on service network
US20210099863A1 (en) Dynamic data sequence puncturing
CN108419241B (en) Method and device for determining pseudo base station and terminal equipment
US20100162366A1 (en) Apparatus and method of protecting private information in distributed network
Verchok et al. Hunting Sybils in Participatory Mobile Consensus-Based Networks
KR101490638B1 (en) Method of authenticating smart card, server performing the same and system performint the same
CN116049913B (en) Data storage method, device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant