CN109088728B - Electric power system debugging tool encrypted communication method based on shared secret key - Google Patents
Electric power system debugging tool encrypted communication method based on shared secret key Download PDFInfo
- Publication number
- CN109088728B CN109088728B CN201811080826.8A CN201811080826A CN109088728B CN 109088728 B CN109088728 B CN 109088728B CN 201811080826 A CN201811080826 A CN 201811080826A CN 109088728 B CN109088728 B CN 109088728B
- Authority
- CN
- China
- Prior art keywords
- communication
- key
- random number
- message
- req
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 167
- 238000004891 communication Methods 0.000 title claims abstract description 163
- 238000000034 method Methods 0.000 title claims abstract description 29
- 239000003999 initiator Substances 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims description 42
- 230000004044 response Effects 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 238000012360 testing method Methods 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 abstract description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
Abstract
The invention discloses a method for encrypting communication of a power system debugging tool based on a shared secret key. The same secret key is used for communication in all communication environments under the existing secret key sharing mechanism, and the risk that a malicious attacker carries out reverse analysis to crack the secret key by acquiring a large number of communication samples exists. The invention presets a shared initialization key KIntAnd a shared key set KGAnd appointing the same encryption and corresponding decryption algorithms; in the communication process, the communication initiator and the communication receiver use the initialization key K in a mode of checking random numbersIntImplementing a communication key KTThe mechanism that the communication receiver designates and negotiates and confirms the communication key together realizes the method that the two parties use different shared keys for each communication, and improves the security of encrypted communication.
Description
Technical Field
The invention belongs to the field of power system communication, and particularly relates to a power system debugging tool encryption communication method based on a shared key.
Background
In a communication protocol of a power system secondary equipment debugging tool, private plaintext transmission is often adopted, and the method is convenient for abnormal information diagnosis in use of the tool, but brings risks of information leakage in secondary equipment and has potential safety hazards.
In power system debugging tool encrypted communication, encrypted communication based on a shared key is a common communication method. According to the method, the two communication parties realize encrypted communication by sharing a preset symmetric key based on an agreed encryption algorithm. The method is simple to use and high in encryption efficiency, but the same key is used for communication with all devices, so that the risk that a malicious attacker carries out reverse analysis and key cracking by acquiring a large number of communication samples exists. Another encryption communication method is a communication mode based on an asymmetric key of a digital certificate, and the key of each communication is negotiated through the asymmetric key, so that the problem that the same key is used for each communication with different devices is solved; however, the algorithm of the asymmetric key method is complex, the execution efficiency is low, and the digital certificate needs to be downloaded before the first debugging, even the digital certificate needs to be managed and updated regularly, so that the maintenance and use cost is high.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the power system debugging tool encryption communication method based on the shared secret key solves the problem that a malicious attacker risks to crack the secret key by obtaining a large number of communication samples through reverse analysis because the same secret key is used for communication in all communication environments under the existing shared secret key mechanism, and achieves communication by using different shared secret keys each time based on a shared secret key group, so that the communication safety is improved, and the use is simple and reliable.
In order to achieve the purpose, the invention adopts the technical scheme that: a shared key based power system debugging tool encrypted communication method, comprising:
two communication parties agree to share an initial secret key KIntAnd a key set K containing N set keysGWherein N is more than or equal to 1; the two communication parties agree that the same encryption algorithm E (K, x) and the corresponding decryption algorithm are D (K, x), and the encryption and decryption satisfy x ≡ D (K, E (K, x)), wherein K is a secret key, and x is plaintext data;
the steps in the communication process are as follows:
step 1: communication initiator generates link request random number RdAnd using the initial key KIntEncryption with E (K)Int,Rd) As a message TReq_CA content sending communication link request;
step 2: the communication receiver passes Rd'=D(KInt,TReq_C) Decryption of TReq_CObtaining a Link request random number Rd', randomly selecting a communication key KTAnd generating a communication key authentication request random number Rd2And is combined withBy message IRsp_CPerforming a communication link request response; communication key KTIs KGThe Tth group key is that T is more than or equal to 1 and less than or equal to N;
and step 3: communication initiator decipher message IRsp_CAnd after verifying the correctness of the connection request response message, generating a communication key verification random number Rd3And initiating a communication key KTThe consistency verification request message TReq_V;
And 4, step 4: decryption T of communication receiverReq_VAnd verifies the negotiated communication key KTAfter the correctness is reached, a message I of successful verification is sentOK_V;
And 5: decryption I of communication senderOK_VAnd verify IOK_VThe correctness of the test;
step 6: after the verification is passed, the two communication parties use KTEncrypted communication is performed.
In addition to the above technical solution, the communication link request response message IRsp_CHas the structure ofRsp_C=E(KInt,(Rd',T,Rd2) Where kit initial key, R)d' is a decrypted link request random number, T is a group number of a key group corresponding to the communication key, Rd2A random number is requested for communication key authentication.
In addition to the above technical solution, a communication link request message IRsp_CThe verification method comprises the following steps: by (R)d”,T',Rd2')=D(KInt,IRsp_C) Decryption IRsp_CObtaining the random number R of the link request after decrypting the response request messaged", the decrypted communication key group number T', and the decrypted communication key verification request random number Rd2'; if R isd”==RdAnd the communication initiator judges that the communication link request message is correct.
In addition to the above technical solution, the communication key KTThe consistency verification request message TReq_VHas a structure of TReq_V=E(KT',(Rd2',Rd3) In which K) isT'is a communication key corresponding to the decrypted communication key group number T', Rd2' request random number for decrypted key authentication, Rd3The random number is verified for the newly generated communication key of the communication initiator.
In addition to the above technical solution, the communication key consistency verification request message TReq_VThe correctness verification method comprises the following steps: by (R)d2”,Rd3')=D(KT,TReq_V) Decryption of TReq_VObtaining the decrypted communication key verification request random number Rd2", the decrypted communication key verifies the random number Rd3'; if R isd2”==Rd2And the communication receiver judges that the communication key consistency verification request message is correct.
As a supplement to the above technical solution, the communication key consistency verification success message IOK_VHas the structure ofOK_V=E(KT,Rd3') wherein R isd3' to decrypt TReq_VThe subsequent communication key verifies the random number.
As a supplement to the above technical solution, the communication key consistency verification success message IOK_VThe correctness verification method comprises the following steps: by Rd3”=D(KT',TOK_V) Decryption IOK_VObtaining the decrypted communication key verification random number Rd3"; if R isd3”==Rd3Then the communication key negotiation is considered to be successful, at this moment KT'≡KT。
The invention realizes a communication method that different symmetric keys are used in each communication and the keys are randomly designated by a communication receiver under a negotiation authentication mechanism based on random numbers by setting an initial key pair and a symmetric key group. The invention solves the problem that the traditional symmetric key communication uses the same key each time, and has the characteristics of no need of configuration, simple use and high encryption efficiency.
Drawings
Fig. 1 is a flowchart of an encrypted communication method for a power system debugging tool based on a shared key according to the present invention.
Detailed Description
The method of the present invention is further described in conjunction with the accompanying drawings and specific embodiments so that those skilled in the art can better understand the invention and can implement it, but the examples are not intended to limit the invention.
The embodiment provides an encrypted communication method for a power system debugging tool based on a shared key, as shown in fig. 1, the steps are as follows:
the two communication parties agree to adopt an AES-256 encryption algorithm, and the key length is 256 bits (32 bytes); both communication parties share 256-bit initial secret key KIntAnd a key set K containing 1024 sets of 256-bit shared keysG(ii) a Communication key KTIs KGThe Tth (T is more than or equal to 1 and less than or equal to 1024) group key; the encryption process of the encryption algorithm AES-256 is marked as EAES-256(K, x), the decryption process is marked DAES-256(K, x), where K is a 256-bit key and x is the minimum length of the plaintext to be encrypted and decrypted, which is 256 bits.
In the communication process:
1) communication initiator generates 256bit link request random number RdAnd using the initial key KIntEncryption with EAES-256(KInt,Rd) As a message TReq_CThe content initiates a communication link request;
2) initial key K for communication receiverIntDecryption of TReq_CI.e. Rd'=DAES-256(KInt,TReq_C) And obtaining the random number R of the link request after decryptiond' (256 bits); and randomly selecting K from the shared secret key groupTGenerating 256-bit communication key verification request random number R as communication keyd2;
3) The communication receiver requests the random number R by the decrypted connectiond', communication key KTGroup number T, communication key authentication request random number Rd2As plaintext to initialize the key KIntEncrypting, constructing and sending communication link request response message with structure IRsp_C=EAES-256(KInt,(Rd',T,Rd2));
4) Initialization key K for communication initiatorIntDecipher message IRsp_CI.e. (R)d”,T',Rd2')=D(KInt,IRsp_C). After decryption, obtain IRsp_CReturned link request random number Rd", the decrypted communication key group number T', and the decrypted communication key verification request random number Rd2'; if R isd”==RdJudging that the communication link request message is correct;
5) after the communication initiator verifies the correctness of the communication link request message, the key of the group number T' is determined as the communication key KT', and generates a 256-bit communication key verification random number Rd3(ii) a Authentication of a request random number R with a communication keyd2', random number of communication key verification Rd3For plaintext input, by KT' construction of communication key consistency verification request message as key and transmission, its structure is TReq_V=EAES-256(KT',(Rd2',Rd3))。
6) Communication key K for communication receiverTDecryption of TReq_VI.e. (R)d2”,Rd3')=DAES-256(KT,TReq_V) Obtaining the decrypted communication key verification request random number Rd2", the decrypted communication key verifies the random number Rd3'; if R isd2”==Rd2Then, the communication key consistency verification request message is judged to be correct.
7) After the communication receiver verifies the correctness of the communication key consistency verification request message, the random number R is verified by the decrypted communication keyd3' as plaintext input, with a communication key KTThe message which is successfully verified by encrypting and constructing the consistency of the communication key is sent, and the structure of the message is as follows: i isOK_V=EAES-256(KT,Rd3')。
8) Secret key K for communication receiverT' decryption consistency verification success message IOK_VI.e. Rd3”=DAES-256(KT',TOK_V) Obtaining the decrypted communication key verification random number Rd3"; if R isd3”==Rd3If the consistency verification is successful, the message I is considered to be a consistency verification success messageOK_VSuccessfully verified and the communication key agreement is determined to be successful, i.e. KT'≡KT。
9) Communication receiver authentication IOK_VAfter passing, the two communication parties use KTEncrypted communication is performed.
The foregoing embodiments have described some of the details of the present invention, but are not to be construed as limiting the invention, and those skilled in the art may make variations, modifications, substitutions and alterations herein without departing from the principles and spirit of the invention.
Claims (4)
1. A power system debugging tool encryption communication method based on a shared key is characterized by comprising the following steps:
two communication parties agree to share an initial secret key KIntAnd a key set K containing N set keysGWherein N is more than or equal to 1; the two communication parties agree that the same encryption algorithm E (K, x) and the corresponding decryption algorithm are D (K, x), and the encryption and decryption satisfy x ≡ D (K, E (K, x)), wherein K is a secret key, and x is plaintext data;
the steps in the communication process are as follows:
step 1: communication initiator generates link request random number RdAnd using the initial key KIntEncryption with E (K)Int,Rd) As a message TReq_CA content sending communication link request;
step 2: the communication receiver passes Rd'=D(KInt,TReq_C) Decryption of TReq_CObtaining a Link request random number Rd', randomly selecting a communication key KTAnd generating a communication key authentication request random number Rd2And by message IRsp_CPerforming a communication link request response; communication key KTIs KGThe Tth group key is that T is more than or equal to 1 and less than or equal to N;
and step 3: communication initiator decipher message IRsp_CAnd after verifying the correctness of the connection request response message, generating a communication key verification random number Rd3And initiating a communication key KTThe consistency verification request message TReq_V;
And 4, step 4: decryption T of communication receiverReq_VAnd verifies the negotiated communication key KTAfter the correctness is reached, a message I of successful verification is sentOK_V;
And 5: decryption I of communication senderOK_VAnd verify IOK_VThe correctness of the test;
step 6: after the verification is passed, the two communication parties use KTCarrying out encrypted communication;
communication link request response message IRsp_CHas the structure ofRsp_C=E(KInt,(Rd',T,Rd2) In which K) isIntInitial secret key, Rd' is a decrypted link request random number, T is a group number of a key group corresponding to the communication key, Rd2Requesting a random number for communication key authentication;
communication key KTThe consistency verification request message TReq_VHas a structure of TReq_V=E(KT',(Rd2',Rd3) In which K) isT'is a communication key corresponding to the decrypted communication key group number T', Rd2' request random number for decrypted key authentication, Rd3Verifying a random number for a newly generated communication key of a communication initiator;
communication key consistency verification success message IOK_VHas the structure ofOK_V=E(KT,Rd3') wherein R isd3' to decrypt TReq_VThe subsequent communication key verifies the random number.
2. The encrypted communication method for the power system debugging tool based on the shared secret key as claimed in claim 1, wherein: communication link request message IRsp_CThe verification method comprises the following steps: by (R)d”,T',Rd2')=D(KInt,IRsp_C) Decryption IRsp_CObtaining the random number R of the link request after decrypting the response request messaged", the decrypted communication key group number T', and the decrypted communication key verification request random number Rd2'; if R isd”==RdThe communication initiator determines the communication link requestThe message is solved correctly.
3. The encrypted communication method for the power system debugging tool based on the shared secret key as claimed in claim 1, wherein: communication key consistency verification request message TReq_VThe correctness verification method comprises the following steps: by (R)d2”,Rd3')=D(KT,TReq_V) Decryption of TReq_VObtaining the decrypted communication key verification request random number Rd2", the decrypted communication key verifies the random number Rd3'; if R isd2”==Rd2And the communication receiver judges that the communication key consistency verification request message is correct.
4. The encrypted communication method for the power system debugging tool based on the shared secret key as claimed in claim 1, wherein: communication key consistency verification success message IOK_VThe correctness verification method comprises the following steps: by Rd3”=D(KT',TOK_V) Decryption IOK_VObtaining the decrypted communication key verification random number Rd3"; if R isd3”==Rd3Then the communication key negotiation is considered to be successful, at this moment KT'≡KT。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811080826.8A CN109088728B (en) | 2018-09-17 | 2018-09-17 | Electric power system debugging tool encrypted communication method based on shared secret key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811080826.8A CN109088728B (en) | 2018-09-17 | 2018-09-17 | Electric power system debugging tool encrypted communication method based on shared secret key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109088728A CN109088728A (en) | 2018-12-25 |
CN109088728B true CN109088728B (en) | 2021-02-12 |
Family
ID=64841737
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811080826.8A Active CN109088728B (en) | 2018-09-17 | 2018-09-17 | Electric power system debugging tool encrypted communication method based on shared secret key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109088728B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101119196A (en) * | 2006-08-03 | 2008-02-06 | 西安电子科技大学 | Bidirectional identification method and system |
CN102882688A (en) * | 2012-10-24 | 2013-01-16 | 北京邮电大学 | Lightweight authentication and key agreement protocol applicable to electric information acquisition |
CN103560879A (en) * | 2013-10-09 | 2014-02-05 | 中国科学院信息工程研究所 | Method for achieving lightweight authentication and key agreement |
CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
CN107483177A (en) * | 2017-07-07 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of method and system for verifying encryption device encryption data authenticity |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7127613B2 (en) * | 2002-02-25 | 2006-10-24 | Sun Microsystems, Inc. | Secured peer-to-peer network data exchange |
TWI393415B (en) * | 2006-10-12 | 2013-04-11 | Interdigital Tech Corp | A method and system for enhancing cryptographic capabilities of a wireless device using broadcasted random noise |
-
2018
- 2018-09-17 CN CN201811080826.8A patent/CN109088728B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101119196A (en) * | 2006-08-03 | 2008-02-06 | 西安电子科技大学 | Bidirectional identification method and system |
CN102882688A (en) * | 2012-10-24 | 2013-01-16 | 北京邮电大学 | Lightweight authentication and key agreement protocol applicable to electric information acquisition |
CN103560879A (en) * | 2013-10-09 | 2014-02-05 | 中国科学院信息工程研究所 | Method for achieving lightweight authentication and key agreement |
CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
CN107483177A (en) * | 2017-07-07 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of method and system for verifying encryption device encryption data authenticity |
Non-Patent Citations (1)
Title |
---|
适用于用电信息采集的轻量级认证密钥协商协议;赵兵;《电力系统自动化》;20130425(第12期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN109088728A (en) | 2018-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110380852B (en) | Bidirectional authentication method and communication system | |
CN108111301B (en) | Method and system for realizing SSH protocol based on post-quantum key exchange | |
WO2020087805A1 (en) | Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network | |
CN109756500B (en) | Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools | |
JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
CN111756529B (en) | Quantum session key distribution method and system | |
CN110048849B (en) | Multi-layer protection session key negotiation method | |
CN109861813B (en) | Anti-quantum computing HTTPS communication method and system based on asymmetric key pool | |
CN109040132B (en) | Encryption communication method based on random selection of shared secret key | |
CN104754581A (en) | Public key password system based LTE wireless network security certification system | |
WO2021103802A1 (en) | Methods and apparatuses for encrypting and decrypting data, storage medium and encrypted file | |
CN110087240B (en) | Wireless network security data transmission method and system based on WPA2-PSK mode | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN110635901B (en) | Local Bluetooth dynamic authentication method and system for Internet of things equipment | |
CN102811224A (en) | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection | |
CN111756528B (en) | Quantum session key distribution method, device and communication architecture | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN113630248A (en) | Session key negotiation method | |
CN111817846A (en) | Lightweight key negotiation communication protocol | |
CN106992866B (en) | Wireless network access method based on NFC certificateless authentication | |
CN109274663A (en) | Communication means based on SM2 dynamic key exchange and SM4 data encryption | |
CN114915396A (en) | Jump key digital communication encryption system and method based on national cryptographic algorithm | |
CN110266485A (en) | A kind of Internet of Things secure communication control method based on NB-IoT | |
CN102739660B (en) | Key exchange method for single sign on system | |
CN103856463A (en) | Lightweight directory access protocol realizing method and device based on key exchange protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |