CN109245882A - A kind of SM2 endorsement method suitable for electric power wireless sensor network - Google Patents

A kind of SM2 endorsement method suitable for electric power wireless sensor network Download PDF

Info

Publication number
CN109245882A
CN109245882A CN201811046493.7A CN201811046493A CN109245882A CN 109245882 A CN109245882 A CN 109245882A CN 201811046493 A CN201811046493 A CN 201811046493A CN 109245882 A CN109245882 A CN 109245882A
Authority
CN
China
Prior art keywords
sensing node
data cloud
key
public key
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811046493.7A
Other languages
Chinese (zh)
Inventor
左黎明
陈兰兰
康文洋
周庆
陈祚松
胡凯雨
张梦丽
夏萍萍
艾美珍
王露
易传佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Jiaotong University
Original Assignee
East China Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Jiaotong University filed Critical East China Jiaotong University
Priority to CN201811046493.7A priority Critical patent/CN109245882A/en
Publication of CN109245882A publication Critical patent/CN109245882A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

The invention discloses a kind of SM2 endorsement methods suitable for electric power wireless sensor network, this method comprises: data cloud generates SM2 algorithm elliptic curve parameter, secret saves master key, announce other parameters;Using sensing node sequence number as identity ID, data cloud calculates each public and private key of sensing node by identity ID, and private key is injected sensing node;Sensing node signs to data packet with private key, exports digital signature value (r, s);Data cloud calculates corresponding sensing node public key according to sensing node public key calculation method, then verifies to signature, exports verification result;The corresponding authorization message Q of sensing node that data cloud is ID to verifier's public identity, grantee can be verified by sensing node ID and Q and be signed, and export verification result.Data cloud can calculate it according to sensing node identity ID and correspond to public key, so there is no need to store, to save data cloud storage space.

Description

A kind of SM2 endorsement method suitable for electric power wireless sensor network
Technical field
The invention belongs to field of information security technology more particularly to a kind of SM2 suitable for electric power wireless sensor network Endorsement method.
Background technique
SM2 is the advanced safe ellipse curve public key cipher algorithm of national Password Management office publication, and SM2 has performance more The advantages such as excellent, fast, the password complexity height of processing speed, have higher safety compared with RSA Algorithm.SM2 algorithm defines Digital Signature Algorithm, Key Exchange Protocol and public key encryption algorithm, wherein Digital Signature Algorithm includes signature generating algorithm and label Name verification algorithm.The private key of SM2 Digital Signature Algorithm be generally used for signer generate signature, public key for verifier to sign into Row verifying.In the application, verifier generally requires keeping public key, and for the wireless sensor network of electric system, information Security kernel is the foundation of security key, and sensing node is often distributed among remote, dtr signal region, often resource by Limit, to cause the problems such as data transmission is unstable, informed source identifies difficulty.
Currently, there are four types of types for wireless sensor network key administrative mechanism, it is cipher key pre-distribution, dynamic key pipe respectively Reason mechanism, the key management mechanism based on public key system and the key management mechanism based on trusted key Distribution Center.However not The problems such as key updating cost that same key managing project may cause node is larger, safety is low and computing cost is larger. Simultaneously because client public key is longer, how to reduce public key memory space and do not influence authentication efficiency and safety is also design signature Problem to be solved when method.
Summary of the invention
The main object of the present invention is to propose a kind of SM2 endorsement method suitable for electric power wireless sensor network, is solved Wireless sensor network mentioned above in the background art reduces public key memory space and does not influence to authenticate when message identifies Efficiency and safety issue.
For this purpose, the present invention provides a kind of SM2 endorsement method suitable for electric power wireless sensor network, the method packet Include following steps:
Step a: system parameter,
Data cloud generates SM2 algorithmic system parameter, whereinTo be defined on finite fieldOn elliptic curve equation,ForOnRank basic point,ForGeneration member, selection For system, master is close Key,For system Your Majesty's key,For the hash function of safety, data cloud secret is saved, announce Other parameters;
Step b: sensing node key generates,
Using sensing node sequence number as identity ID, sensing node private key is calculated, sensing node public key Calculation method is, data cloud is using the identity ID of each node as index to sensing node Information is managed, and injects private key to each sensing node by secured fashion, this key generating mode requires only data cloud End can verify that grantee also can verify that after being authorized, or by master key in step a described in data cloud to and pass Sense sequence node number is authenticated;
Step c: signature generates,
For the data packet of sensing node, sensing node signs data packet using sensing node private key in the step b Name exports digital signature value (r, s);
Step d: signature verification,
The data packet that the docking of data cloud is receivedAnd signature, using sensing node public key calculation method in the step b, Corresponding sensing node public key is calculated, then signature is verified with the sensing node public key, exports verification result;
Step e: authorized signature verifying,
Data cloud discloses the corresponding authorization message of sensing node that identity in the step b is ID to verifier, grantee is signed by sensing node ID and Q verifying, and exports verification result.
Further, the step b includes: data cloud about sensing node, without storing the sensing node public key, And it need to only store sensing node identity ID.
Further, the step c includes: that sensing node calculates data packetWith the cryptographic Hash of identity ID, Negotiate a random number, calculate the point on elliptic curve, then calculateIfOr, then regenerate, then calculateObtain signature value, such as Fruit, then regenerate, finally export signature value (r, s).
Further, the step d includes: that data cloud first separately verifiesWithWhether at It is vertical, the authentication failed if invalid, then calculateIfThen authentication failed, The point on elliptic curve is calculated againWith, examineIt is whether true, if Establishment is then proved to be successful, and otherwise authentication failed, finally exports verification result.
Further, it before the step d includes: data cloud verifying signature, is calculated by sensing node ID corresponding The sensing node public key cancels the sensing node public key after verifying signature, discharges memory space.
The invention discloses a kind of SM2 endorsement method suitable for electric power wireless sensor network, beneficial effect includes:
1. data cloud can calculate it according to sensing node identity ID and correspond to public key, so there is no need to store, to save data Cloud storage space.
2. verifying signer is only limitted to data cloud or the grantee by the authorization of data cloud, to improve verifying As a result reliability.
Detailed description of the invention
The present embodiment or technical solution are further illustrated with reference to the accompanying drawing.
Fig. 1 is the flow chart of endorsement method of the present invention.
Fig. 2 is the flow chart that signature key of the present invention generates.
Specific embodiment
The scheme of embodiment in order to preferably explain the present invention, is described further with reference to the accompanying drawing.
As shown in Figure 1, endorsement method of the present invention substantially process is as follows:
101, data cloud generates SM2 algorithm elliptic curve parameter, and secret saves master key, announces other parameters;
102, using sensing node sequence number as identity ID, data cloud calculates each public and private key of sensing node by identity ID, And private key is injected into sensing node;
103, sensing node signs to data packet with private key, exports digital signature value (r, s);
104, data cloud calculates corresponding sensing node public key according to sensing node public key calculation method, then carries out to signature Verifying exports verification result;
105, the corresponding authorization message Q of sensing node that data cloud is ID to verifier's public identity, grantee can lead to Sensing node ID and Q verifying signature are crossed, and exports verification result.
As shown in Fig. 2, signature key generation method of the present invention is specific as follows:
201, sensing node sends identity ID to data cloud;
202, data cloud calculates private key according to identity ID, and design public key calculation method, and sensing node index is established according to identity ID;
203, private key is injected to each sensing node by secured fashion.
Embodiment 1:
After system parameter generates, sequence number is sent to data cloud by sensing node A, and data cloud is according to identity ID generates private key, and sensing node public key calculation method is designed, then in a secured manner by sensing node private keyInjection Sensing node A, sensing node A utilize private keyIt signs to the data packet of acquisition, generates signature (r, s), then by data packet It is sent to data cloud with signature, after data cloud end receives, is calculated using the identity ID of sensing node A according to sensing node public key Method generates corresponding public key, then use public keySignature is verified, verification result is finally exported, and cancels sensing node A Public key, discharge data cloud storage space.
The above is only a preferred embodiment of the present invention, it is not limited to this mode, it is noted that although to this hair It is bright to be described in detail, those skilled in the art should understand that, to part of or complete to the various embodiments described above Portion's technical characteristic is equivalently replaced, or is still able to carry out modification to the technical solution, and these substitutions and modifications, and Its essence is not set to depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (5)

1. a kind of SM2 endorsement method suitable for electric power wireless sensor network characterized by comprising
Step a: system parameter,
Data cloud generates SM2 algorithmic system parameter, whereinTo be defined on finite field On elliptic curve equation,ForOnRank basic point,ForGeneration member, selection For system master key,For system Your Majesty's key,For the hash function of safety, data cloud secret is saved, announce other Parameter;
Step b: sensing node key generates,
Using sensing node sequence number as identity ID, sensing node private key is calculated, sensing node public key meter Calculation method is, sensing node is believed using the identity ID of each node as index in data cloud Breath is managed, and injects private key to each sensing node by secured fashion, this key generating mode requires only data cloud Can verify that, grantee also can verify that after being authorized, or by master key in step a described in data cloud to and sensing Sequence node number is authenticated;
Step c: signature generates,
For the data packet of sensing node, sensing node signs data packet using sensing node private key in the step b Name exports digital signature value (r, s);
Step d: signature verification,
The data packet that the docking of data cloud is receivedAnd signature, using sensing node public key calculation method in the step b, Corresponding sensing node public key is first calculated, then signature is verified with the sensing node public key, exports verification result, and remove Sell the sensing node public key;
Step e: authorized signature verifying,
Data cloud discloses the corresponding authorization message of sensing node that identity in the step b is ID to verifier, Grantee exports verification result by sensing node ID and Q verifying signature.
2. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 1, feature exist In the step b includes: data cloud about sensing node, without storing the sensing node public key, and need to only be stored described Sensing node identity ID.
3. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 1, feature exist In the step c includes: that sensing node calculates data packetWith the cryptographic Hash of identity ID, negotiate one with Machine number, calculate the point on elliptic curve, then calculateIfOr, then regenerate, then calculateObtain signature valueIf, Then regenerate, finally export signature value (r, s).
4. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 1, feature exist In the step d includes: that data cloud first separately verifiesWithIt is whether true, if invalid Authentication failed, then calculateIfThen authentication failed, then calculate elliptic curve On pointWith, examineIt is whether true, it is proved to be successful if setting up, Otherwise authentication failed finally exports verification result.
5. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 4, feature exist In before data cloud verifying signature, by the corresponding sensing node public key of sensing node ID calculating, in verifying label After name, the sensing node public key is cancelled, discharges memory space.
CN201811046493.7A 2018-09-08 2018-09-08 A kind of SM2 endorsement method suitable for electric power wireless sensor network Pending CN109245882A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811046493.7A CN109245882A (en) 2018-09-08 2018-09-08 A kind of SM2 endorsement method suitable for electric power wireless sensor network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811046493.7A CN109245882A (en) 2018-09-08 2018-09-08 A kind of SM2 endorsement method suitable for electric power wireless sensor network

Publications (1)

Publication Number Publication Date
CN109245882A true CN109245882A (en) 2019-01-18

Family

ID=65060172

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811046493.7A Pending CN109245882A (en) 2018-09-08 2018-09-08 A kind of SM2 endorsement method suitable for electric power wireless sensor network

Country Status (1)

Country Link
CN (1) CN109245882A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995992A (en) * 2021-03-09 2021-06-18 大连理工大学 Large-scale wireless sensor network collaborative identity verification method
CN115001705A (en) * 2022-05-25 2022-09-02 深圳市证通电子股份有限公司 Network protocol security improving method based on encryption equipment
CN116015679A (en) * 2022-12-20 2023-04-25 浪潮云信息技术股份公司 Multi-cloud management authentication method and system based on SM2 digital signature for government cloud
CN116015679B (en) * 2022-12-20 2024-04-30 浪潮云信息技术股份公司 Government cloud multi-cloud management authentication system based on SM2 digital signature

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102510333A (en) * 2011-09-30 2012-06-20 飞天诚信科技股份有限公司 Authorization method and system
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望系统服务有限公司 Identity-based safety signature method
CN108234515A (en) * 2018-01-25 2018-06-29 中国科学院合肥物质科学研究院 A kind of Self-certified digital identity management system and its method based on intelligent contract

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102510333A (en) * 2011-09-30 2012-06-20 飞天诚信科技股份有限公司 Authorization method and system
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望系统服务有限公司 Identity-based safety signature method
CN108234515A (en) * 2018-01-25 2018-06-29 中国科学院合肥物质科学研究院 A kind of Self-certified digital identity management system and its method based on intelligent contract

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周大伟等: ""基于无证书公钥体制的层簇式WSN密钥管理方案"", 《北京工业大学学报》 *
左黎明等: ""铁路桥梁监测中基于短签名方案的数据传输协议"", 《计算机应用》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995992A (en) * 2021-03-09 2021-06-18 大连理工大学 Large-scale wireless sensor network collaborative identity verification method
CN112995992B (en) * 2021-03-09 2022-01-04 大连理工大学 Large-scale wireless sensor network collaborative identity verification method
CN115001705A (en) * 2022-05-25 2022-09-02 深圳市证通电子股份有限公司 Network protocol security improving method based on encryption equipment
CN115001705B (en) * 2022-05-25 2024-01-26 深圳市证通电子股份有限公司 Network protocol security improving method based on encryption equipment
CN116015679A (en) * 2022-12-20 2023-04-25 浪潮云信息技术股份公司 Multi-cloud management authentication method and system based on SM2 digital signature for government cloud
CN116015679B (en) * 2022-12-20 2024-04-30 浪潮云信息技术股份公司 Government cloud multi-cloud management authentication system based on SM2 digital signature

Similar Documents

Publication Publication Date Title
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
US9467430B2 (en) Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
US20150113275A1 (en) Tamper-resistant and scalable mutual authentication for machine-to-machine devices
CN102026195B (en) One-time password (OTP) based mobile terminal identity authentication method and system
EP4007983A1 (en) Systems and methods for generating signatures
CN109379387B (en) Safety certification and data communication system between Internet of things equipment
US9185111B2 (en) Cryptographic authentication techniques for mobile devices
CN101764693B (en) Authentication method, system, client and network equipment
CN105553654B (en) Key information processing method and device, key information management system
CN109359464B (en) Wireless security authentication method based on block chain technology
TW201334493A (en) Secure key generation
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
CN112866242B (en) Block chain-based digital identity authentication method, equipment and storage medium
CN110401615A (en) A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing
CN109714176A (en) Command identifying method, device and storage medium
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN110929300B (en) Trusted computing security chip construction method based on identification password
CN107302436A (en) A kind of USB interface id password key
CN103079198A (en) Key updating method and system for sensor node
CN112019326A (en) Vehicle charging safety management method and system
US20160044031A1 (en) Protecting against malicious modification in cryptographic operations
CN108347335A (en) Login validation method based on SM3 algorithms and random challenge code and system
CN109245882A (en) A kind of SM2 endorsement method suitable for electric power wireless sensor network
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN110233729A (en) A kind of encryption solid-state disk key management method based on PUF

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190118

WD01 Invention patent application deemed withdrawn after publication