CN109088728B - Electric power system debugging tool encrypted communication method based on shared secret key - Google Patents

Electric power system debugging tool encrypted communication method based on shared secret key Download PDF

Info

Publication number
CN109088728B
CN109088728B CN201811080826.8A CN201811080826A CN109088728B CN 109088728 B CN109088728 B CN 109088728B CN 201811080826 A CN201811080826 A CN 201811080826A CN 109088728 B CN109088728 B CN 109088728B
Authority
CN
China
Prior art keywords
communication
key
random number
message
req
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811080826.8A
Other languages
Chinese (zh)
Other versions
CN109088728A (en
Inventor
方芳
李广华
宣晓华
陆承宇
王松
孙文文
汪冬辉
戚宣威
陈明
杨涛
阮黎翔
吴栋萁
丁峰
顾浩
周强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
NR Engineering Co Ltd
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
NR Engineering Co Ltd
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, NR Engineering Co Ltd, Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201811080826.8A priority Critical patent/CN109088728B/en
Publication of CN109088728A publication Critical patent/CN109088728A/en
Application granted granted Critical
Publication of CN109088728B publication Critical patent/CN109088728B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys

Abstract

The invention discloses a method for encrypting communication of a power system debugging tool based on a shared secret key. The same secret key is used for communication in all communication environments under the existing secret key sharing mechanism, and the risk that a malicious attacker carries out reverse analysis to crack the secret key by acquiring a large number of communication samples exists. The invention presets a shared initialization key KIntAnd a shared key set KGAnd appointing the same encryption and corresponding decryption algorithms; in the communication process, the communication initiator and the communication receiver use the initialization key K in a mode of checking random numbersIntImplementing a communication key KTThe mechanism that the communication receiver designates and negotiates and confirms the communication key together realizes the method that the two parties use different shared keys for each communication, and improves the security of encrypted communication.

Description

Electric power system debugging tool encrypted communication method based on shared secret key
Technical Field
The invention belongs to the field of power system communication, and particularly relates to a power system debugging tool encryption communication method based on a shared key.
Background
In a communication protocol of a power system secondary equipment debugging tool, private plaintext transmission is often adopted, and the method is convenient for abnormal information diagnosis in use of the tool, but brings risks of information leakage in secondary equipment and has potential safety hazards.
In power system debugging tool encrypted communication, encrypted communication based on a shared key is a common communication method. According to the method, the two communication parties realize encrypted communication by sharing a preset symmetric key based on an agreed encryption algorithm. The method is simple to use and high in encryption efficiency, but the same key is used for communication with all devices, so that the risk that a malicious attacker carries out reverse analysis and key cracking by acquiring a large number of communication samples exists. Another encryption communication method is a communication mode based on an asymmetric key of a digital certificate, and the key of each communication is negotiated through the asymmetric key, so that the problem that the same key is used for each communication with different devices is solved; however, the algorithm of the asymmetric key method is complex, the execution efficiency is low, and the digital certificate needs to be downloaded before the first debugging, even the digital certificate needs to be managed and updated regularly, so that the maintenance and use cost is high.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the power system debugging tool encryption communication method based on the shared secret key solves the problem that a malicious attacker risks to crack the secret key by obtaining a large number of communication samples through reverse analysis because the same secret key is used for communication in all communication environments under the existing shared secret key mechanism, and achieves communication by using different shared secret keys each time based on a shared secret key group, so that the communication safety is improved, and the use is simple and reliable.
In order to achieve the purpose, the invention adopts the technical scheme that: a shared key based power system debugging tool encrypted communication method, comprising:
two communication parties agree to share an initial secret key KIntAnd a key set K containing N set keysGWherein N is more than or equal to 1; the two communication parties agree that the same encryption algorithm E (K, x) and the corresponding decryption algorithm are D (K, x), and the encryption and decryption satisfy x ≡ D (K, E (K, x)), wherein K is a secret key, and x is plaintext data;
the steps in the communication process are as follows:
step 1: communication initiator generates link request random number RdAnd using the initial key KIntEncryption with E (K)Int,Rd) As a message TReq_CA content sending communication link request;
step 2: the communication receiver passes Rd'=D(KInt,TReq_C) Decryption of TReq_CObtaining a Link request random number Rd', randomly selecting a communication key KTAnd generating a communication key authentication request random number Rd2And is combined withBy message IRsp_CPerforming a communication link request response; communication key KTIs KGThe Tth group key is that T is more than or equal to 1 and less than or equal to N;
and step 3: communication initiator decipher message IRsp_CAnd after verifying the correctness of the connection request response message, generating a communication key verification random number Rd3And initiating a communication key KTThe consistency verification request message TReq_V
And 4, step 4: decryption T of communication receiverReq_VAnd verifies the negotiated communication key KTAfter the correctness is reached, a message I of successful verification is sentOK_V
And 5: decryption I of communication senderOK_VAnd verify IOK_VThe correctness of the test;
step 6: after the verification is passed, the two communication parties use KTEncrypted communication is performed.
In addition to the above technical solution, the communication link request response message IRsp_CHas the structure ofRsp_C=E(KInt,(Rd',T,Rd2) Where kit initial key, R)d' is a decrypted link request random number, T is a group number of a key group corresponding to the communication key, Rd2A random number is requested for communication key authentication.
In addition to the above technical solution, a communication link request message IRsp_CThe verification method comprises the following steps: by (R)d”,T',Rd2')=D(KInt,IRsp_C) Decryption IRsp_CObtaining the random number R of the link request after decrypting the response request messaged", the decrypted communication key group number T', and the decrypted communication key verification request random number Rd2'; if R isd”==RdAnd the communication initiator judges that the communication link request message is correct.
In addition to the above technical solution, the communication key KTThe consistency verification request message TReq_VHas a structure of TReq_V=E(KT',(Rd2',Rd3) In which K) isT'is a communication key corresponding to the decrypted communication key group number T', Rd2' request random number for decrypted key authentication, Rd3The random number is verified for the newly generated communication key of the communication initiator.
In addition to the above technical solution, the communication key consistency verification request message TReq_VThe correctness verification method comprises the following steps: by (R)d2”,Rd3')=D(KT,TReq_V) Decryption of TReq_VObtaining the decrypted communication key verification request random number Rd2", the decrypted communication key verifies the random number Rd3'; if R isd2”==Rd2And the communication receiver judges that the communication key consistency verification request message is correct.
As a supplement to the above technical solution, the communication key consistency verification success message IOK_VHas the structure ofOK_V=E(KT,Rd3') wherein R isd3' to decrypt TReq_VThe subsequent communication key verifies the random number.
As a supplement to the above technical solution, the communication key consistency verification success message IOK_VThe correctness verification method comprises the following steps: by Rd3”=D(KT',TOK_V) Decryption IOK_VObtaining the decrypted communication key verification random number Rd3"; if R isd3”==Rd3Then the communication key negotiation is considered to be successful, at this moment KT'≡KT
The invention realizes a communication method that different symmetric keys are used in each communication and the keys are randomly designated by a communication receiver under a negotiation authentication mechanism based on random numbers by setting an initial key pair and a symmetric key group. The invention solves the problem that the traditional symmetric key communication uses the same key each time, and has the characteristics of no need of configuration, simple use and high encryption efficiency.
Drawings
Fig. 1 is a flowchart of an encrypted communication method for a power system debugging tool based on a shared key according to the present invention.
Detailed Description
The method of the present invention is further described in conjunction with the accompanying drawings and specific embodiments so that those skilled in the art can better understand the invention and can implement it, but the examples are not intended to limit the invention.
The embodiment provides an encrypted communication method for a power system debugging tool based on a shared key, as shown in fig. 1, the steps are as follows:
the two communication parties agree to adopt an AES-256 encryption algorithm, and the key length is 256 bits (32 bytes); both communication parties share 256-bit initial secret key KIntAnd a key set K containing 1024 sets of 256-bit shared keysG(ii) a Communication key KTIs KGThe Tth (T is more than or equal to 1 and less than or equal to 1024) group key; the encryption process of the encryption algorithm AES-256 is marked as EAES-256(K, x), the decryption process is marked DAES-256(K, x), where K is a 256-bit key and x is the minimum length of the plaintext to be encrypted and decrypted, which is 256 bits.
In the communication process:
1) communication initiator generates 256bit link request random number RdAnd using the initial key KIntEncryption with EAES-256(KInt,Rd) As a message TReq_CThe content initiates a communication link request;
2) initial key K for communication receiverIntDecryption of TReq_CI.e. Rd'=DAES-256(KInt,TReq_C) And obtaining the random number R of the link request after decryptiond' (256 bits); and randomly selecting K from the shared secret key groupTGenerating 256-bit communication key verification request random number R as communication keyd2
3) The communication receiver requests the random number R by the decrypted connectiond', communication key KTGroup number T, communication key authentication request random number Rd2As plaintext to initialize the key KIntEncrypting, constructing and sending communication link request response message with structure IRsp_C=EAES-256(KInt,(Rd',T,Rd2));
4) Initialization key K for communication initiatorIntDecipher message IRsp_CI.e. (R)d”,T',Rd2')=D(KInt,IRsp_C). After decryption, obtain IRsp_CReturned link request random number Rd", the decrypted communication key group number T', and the decrypted communication key verification request random number Rd2'; if R isd”==RdJudging that the communication link request message is correct;
5) after the communication initiator verifies the correctness of the communication link request message, the key of the group number T' is determined as the communication key KT', and generates a 256-bit communication key verification random number Rd3(ii) a Authentication of a request random number R with a communication keyd2', random number of communication key verification Rd3For plaintext input, by KT' construction of communication key consistency verification request message as key and transmission, its structure is TReq_V=EAES-256(KT',(Rd2',Rd3))。
6) Communication key K for communication receiverTDecryption of TReq_VI.e. (R)d2”,Rd3')=DAES-256(KT,TReq_V) Obtaining the decrypted communication key verification request random number Rd2", the decrypted communication key verifies the random number Rd3'; if R isd2”==Rd2Then, the communication key consistency verification request message is judged to be correct.
7) After the communication receiver verifies the correctness of the communication key consistency verification request message, the random number R is verified by the decrypted communication keyd3' as plaintext input, with a communication key KTThe message which is successfully verified by encrypting and constructing the consistency of the communication key is sent, and the structure of the message is as follows: i isOK_V=EAES-256(KT,Rd3')。
8) Secret key K for communication receiverT' decryption consistency verification success message IOK_VI.e. Rd3”=DAES-256(KT',TOK_V) Obtaining the decrypted communication key verification random number Rd3"; if R isd3”==Rd3If the consistency verification is successful, the message I is considered to be a consistency verification success messageOK_VSuccessfully verified and the communication key agreement is determined to be successful, i.e. KT'≡KT
9) Communication receiver authentication IOK_VAfter passing, the two communication parties use KTEncrypted communication is performed.
The foregoing embodiments have described some of the details of the present invention, but are not to be construed as limiting the invention, and those skilled in the art may make variations, modifications, substitutions and alterations herein without departing from the principles and spirit of the invention.

Claims (4)

1. A power system debugging tool encryption communication method based on a shared key is characterized by comprising the following steps:
two communication parties agree to share an initial secret key KIntAnd a key set K containing N set keysGWherein N is more than or equal to 1; the two communication parties agree that the same encryption algorithm E (K, x) and the corresponding decryption algorithm are D (K, x), and the encryption and decryption satisfy x ≡ D (K, E (K, x)), wherein K is a secret key, and x is plaintext data;
the steps in the communication process are as follows:
step 1: communication initiator generates link request random number RdAnd using the initial key KIntEncryption with E (K)Int,Rd) As a message TReq_CA content sending communication link request;
step 2: the communication receiver passes Rd'=D(KInt,TReq_C) Decryption of TReq_CObtaining a Link request random number Rd', randomly selecting a communication key KTAnd generating a communication key authentication request random number Rd2And by message IRsp_CPerforming a communication link request response; communication key KTIs KGThe Tth group key is that T is more than or equal to 1 and less than or equal to N;
and step 3: communication initiator decipher message IRsp_CAnd after verifying the correctness of the connection request response message, generating a communication key verification random number Rd3And initiating a communication key KTThe consistency verification request message TReq_V
And 4, step 4: decryption T of communication receiverReq_VAnd verifies the negotiated communication key KTAfter the correctness is reached, a message I of successful verification is sentOK_V
And 5: decryption I of communication senderOK_VAnd verify IOK_VThe correctness of the test;
step 6: after the verification is passed, the two communication parties use KTCarrying out encrypted communication;
communication link request response message IRsp_CHas the structure ofRsp_C=E(KInt,(Rd',T,Rd2) In which K) isIntInitial secret key, Rd' is a decrypted link request random number, T is a group number of a key group corresponding to the communication key, Rd2Requesting a random number for communication key authentication;
communication key KTThe consistency verification request message TReq_VHas a structure of TReq_V=E(KT',(Rd2',Rd3) In which K) isT'is a communication key corresponding to the decrypted communication key group number T', Rd2' request random number for decrypted key authentication, Rd3Verifying a random number for a newly generated communication key of a communication initiator;
communication key consistency verification success message IOK_VHas the structure ofOK_V=E(KT,Rd3') wherein R isd3' to decrypt TReq_VThe subsequent communication key verifies the random number.
2. The encrypted communication method for the power system debugging tool based on the shared secret key as claimed in claim 1, wherein: communication link request message IRsp_CThe verification method comprises the following steps: by (R)d”,T',Rd2')=D(KInt,IRsp_C) Decryption IRsp_CObtaining the random number R of the link request after decrypting the response request messaged", the decrypted communication key group number T', and the decrypted communication key verification request random number Rd2'; if R isd”==RdThe communication initiator determines the communication link requestThe message is solved correctly.
3. The encrypted communication method for the power system debugging tool based on the shared secret key as claimed in claim 1, wherein: communication key consistency verification request message TReq_VThe correctness verification method comprises the following steps: by (R)d2”,Rd3')=D(KT,TReq_V) Decryption of TReq_VObtaining the decrypted communication key verification request random number Rd2", the decrypted communication key verifies the random number Rd3'; if R isd2”==Rd2And the communication receiver judges that the communication key consistency verification request message is correct.
4. The encrypted communication method for the power system debugging tool based on the shared secret key as claimed in claim 1, wherein: communication key consistency verification success message IOK_VThe correctness verification method comprises the following steps: by Rd3”=D(KT',TOK_V) Decryption IOK_VObtaining the decrypted communication key verification random number Rd3"; if R isd3”==Rd3Then the communication key negotiation is considered to be successful, at this moment KT'≡KT
CN201811080826.8A 2018-09-17 2018-09-17 Electric power system debugging tool encrypted communication method based on shared secret key Active CN109088728B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811080826.8A CN109088728B (en) 2018-09-17 2018-09-17 Electric power system debugging tool encrypted communication method based on shared secret key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811080826.8A CN109088728B (en) 2018-09-17 2018-09-17 Electric power system debugging tool encrypted communication method based on shared secret key

Publications (2)

Publication Number Publication Date
CN109088728A CN109088728A (en) 2018-12-25
CN109088728B true CN109088728B (en) 2021-02-12

Family

ID=64841737

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811080826.8A Active CN109088728B (en) 2018-09-17 2018-09-17 Electric power system debugging tool encrypted communication method based on shared secret key

Country Status (1)

Country Link
CN (1) CN109088728B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119196A (en) * 2006-08-03 2008-02-06 西安电子科技大学 Bidirectional identification method and system
CN102882688A (en) * 2012-10-24 2013-01-16 北京邮电大学 Lightweight authentication and key agreement protocol applicable to electric information acquisition
CN103560879A (en) * 2013-10-09 2014-02-05 中国科学院信息工程研究所 Method for achieving lightweight authentication and key agreement
CN107018134A (en) * 2017-04-06 2017-08-04 北京中电普华信息技术有限公司 A kind of distribution terminal secure accessing platform and its implementation
CN107483177A (en) * 2017-07-07 2017-12-15 郑州云海信息技术有限公司 A kind of method and system for verifying encryption device encryption data authenticity

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7127613B2 (en) * 2002-02-25 2006-10-24 Sun Microsystems, Inc. Secured peer-to-peer network data exchange
TWI393415B (en) * 2006-10-12 2013-04-11 Interdigital Tech Corp A method and system for enhancing cryptographic capabilities of a wireless device using broadcasted random noise

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119196A (en) * 2006-08-03 2008-02-06 西安电子科技大学 Bidirectional identification method and system
CN102882688A (en) * 2012-10-24 2013-01-16 北京邮电大学 Lightweight authentication and key agreement protocol applicable to electric information acquisition
CN103560879A (en) * 2013-10-09 2014-02-05 中国科学院信息工程研究所 Method for achieving lightweight authentication and key agreement
CN107018134A (en) * 2017-04-06 2017-08-04 北京中电普华信息技术有限公司 A kind of distribution terminal secure accessing platform and its implementation
CN107483177A (en) * 2017-07-07 2017-12-15 郑州云海信息技术有限公司 A kind of method and system for verifying encryption device encryption data authenticity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
适用于用电信息采集的轻量级认证密钥协商协议;赵兵;《电力系统自动化》;20130425(第12期);全文 *

Also Published As

Publication number Publication date
CN109088728A (en) 2018-12-25

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
CN108111301B (en) Method and system for realizing SSH protocol based on post-quantum key exchange
WO2020087805A1 (en) Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network
CN109756500B (en) Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
CN111756529B (en) Quantum session key distribution method and system
CN110048849B (en) Multi-layer protection session key negotiation method
CN109861813B (en) Anti-quantum computing HTTPS communication method and system based on asymmetric key pool
CN109040132B (en) Encryption communication method based on random selection of shared secret key
CN104754581A (en) Public key password system based LTE wireless network security certification system
WO2021103802A1 (en) Methods and apparatuses for encrypting and decrypting data, storage medium and encrypted file
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN102811224A (en) Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection
CN111756528B (en) Quantum session key distribution method, device and communication architecture
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN113630248A (en) Session key negotiation method
CN111817846A (en) Lightweight key negotiation communication protocol
CN106992866B (en) Wireless network access method based on NFC certificateless authentication
CN109274663A (en) Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN114915396A (en) Jump key digital communication encryption system and method based on national cryptographic algorithm
CN110266485A (en) A kind of Internet of Things secure communication control method based on NB-IoT
CN102739660B (en) Key exchange method for single sign on system
CN103856463A (en) Lightweight directory access protocol realizing method and device based on key exchange protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant