CN109639647A - A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA - Google Patents
A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA Download PDFInfo
- Publication number
- CN109639647A CN109639647A CN201811365962.1A CN201811365962A CN109639647A CN 109639647 A CN109639647 A CN 109639647A CN 201811365962 A CN201811365962 A CN 201811365962A CN 109639647 A CN109639647 A CN 109639647A
- Authority
- CN
- China
- Prior art keywords
- key
- blowfish
- pbox
- rsa
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method that a kind of RSA and BLOWFISH Hybrid Encryption OPC UA is claimed in the present invention, is related to industrial data communication, information security.This method is mainly used in data communication safe between OPC UA client and server, since RSA will realize that fixed-encryption needs the code key of 1024bit length, it is big with the such operand of code key encryption data of RSA again, encryption times are long, so encrypting OPC UA data using the code key with rsa encryption BLOWFISH production, then with the code key that BLIOWFISH algorithm generates.The method increase the encryption efficiencies of OPC UA system.
Description
Technical field
The invention belongs to industrial data communication fields, in terms of belonging to information security, and in particular to a kind of RSA and BLOWFISH
The method of Hybrid Encryption OPC UA.
Background technique
For the OPC UA of publication in 2008 relative to traditional OPC technology, the production model for proposing an enterprise has phase
With the mode of purpose and definition, based on complete service (SOA), by the platform migration originally based on DCOM technology to being based on
Under the frame of Web Service technology.Focus on solving the problems, such as that current manufacturing system carries out across firewall communication,
New unified standard has specific safety standard, and it is important in manufacturing Industrial Security to highlight safe network communication
Property.
Due to present most of manufacture systems be based on IT system, a system be not it is isolated, all will and other systems
Information swaps, and recognizing for most manufacturers has been obtained as an information communication protocol of modern industry in OPC UA
Can, the industrial information communication system of mainstream will be become.But the research of the security fields OPC UA is very little, only RSA adds at present
Close algorithm and SHA-1 Digital Signature Algorithm, OPC UA specification define the security mechanism and Environmental security of OPC UA support, not
Have and carries out detailed security strategy for specific running environment.
OPC UA first has to establish exit passageway in communication process, and client and server needs to be mutually authenticated mutual
Certificate standardizes, using RSA if trusted certificate each other between both sides, can establish safe session channel according to OPC UA
OPC UA data are encrypted with the mixed encryption method of BLOWFISH, wherein RSA Algorithm is rivest, shamir, adelman, asymmetric encryption
The speed of algorithm is more many slowly than symmetrical confidentiality algorithm, and can not to resist exhaustive attack and chosen ciphertext attacks etc. special for RSA Algorithm
Fixed attack pattern, if only use symmetric encipherment algorithm, due to symmetric encipherment algorithm plus decryption code key be identical code key,
And need to manage code key in encryption side and decryption side both sides, it is easier to occur leading to code key after a side is under attack in this way
The case where loss is that attacker is easy for decryption ciphertext after intercepting and capturing ciphertext and obtains in plain text, and safety cannot ensure.
Summary of the invention
Present invention seek to address that the above problem of the prior art.It proposes and a kind of promote data in current OPC UA system and hand over
Change be encryption efficiency RSA and BLOWFISH Hybrid Encryption OPC UA method.Technical scheme is as follows:
A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA, be used primarily in OPC UA server and client it
Between carry out Hybrid Encryption comprising following steps:
A. user end to server sends communication request;
B. the request of server response client, whether verifying client can communicate, if can be to utilize BLOWFISH cloth
Lu Sisinaier algorithm and RSA Algorithm generate respective public private key pair;
C. server encrypts public key with RSA Algorithm, is sent to client;
D. whether client validation server is credible, if credible, the public affairs for the BLOWFISH that client is generated using server
Key encrypts information, then replys server;
E. the private key of server by utilizing oneself is decrypted, and obtains in plain text;
F. server and client side both sides carry out Hybrid Encryption communication.
Further, user end to server sends communication request in the step a, and client is mainly provided to server
Following information:
1.1) client is supported security mechanism, Encryption Algorithm, digital signature SHA-1 and the corresponding maximum supported and
Minimum code key length;
1.2) safety certificate of client is X509.v3 certificate.
Further, the Encryption Algorithm that the client is supported are as follows: RSA Algorithm and BLOWFISH algorithm.
Further, server response client request in the step b, primarily to whether verifying client may be used
Letter generates secret key pair using BLOWFISH algorithm if credible, and steps are as follows:
2.1) BLOWFISH public affairs private key generate process:
1. pbox and sbox is fixed in BLOWFISH, a key is randomly choosed, fills key_sbox with sbox, so
XOR operation is carried out with pbox with key8 one group afterwards, obtained result is as key_pbox;
2. with BF_En core function encrypt a full 0 64bit information, output result replacement key_pbox [0] and
key_pbox[1];
3. encrypting replaced key_pbox and key_pbox [i+1], i=0 with BF_En, result replaces key_pbox
[i+2] and key_pbox [i+3], so circulation are all replaced until key_pbox;
4. replacing key_sbox encryption information with same method.
Further, the step b generates secret key pair using RSA Algorithm, and steps are as follows:
2.2) RSA public affairs private key generate process:
1. randomly choosing two unequal prime number p and q;
2. then n=p*q converts binary system for n;
③
4. an integer e is selected at random,And e withIt is relatively prime;
5. calculate e withMould antielement d:Find out d;
6. n and e are packaged into public key, n and d are packaged into private key.
Further, server by utilizing RSA Algorithm is sent to client to the public key encryption of BLOWFISH in the step c
End, steps are as follows:
3.1) public key of BLOWFISH is set as x;
3.2) formula x is utilizedeThe public key that ≡ c (mod n), n and e are RSA, finds out c encryption information;
Further, whether the certificate of client validation server is credible in the step d, utilizes if credible
The public key of BLOWFISH, if insincere, issues the user with safety warning to encrypting in plain text, is decided whether also by user
Continue to communicate, plaintext ciphering process is as follows:
4.1) confidential information m to be added is divided to for two parts 32bit: mL and mR, mL indicate the left half of confidential information to be added, mR
Indicate the right half of confidential information to be added;
4.2) mL=mL^Pi, mR=F (mL) ^mR, i ∈ [1,16];
4.3) mL and mR are reconsolidated.
Further, server is decrypted the ciphertext that client is sent with the private key of BLOWFISH in the step e,
Steps are as follows:
5.1) identical when code key pretreatment is with encryption:
1. pbox and sbox is fixed in BLOWFISH, a key is randomly choosed, fills key_sbox with sbox, so
XOR operation is carried out with pbox with key8 one group afterwards, obtained result is as key_pbox;
2. encrypting the 64bit information of a full 0 with BF_En, output result replacement key_pbox [0] and key_pbox
[1];
3. encrypting replaced key_pbox and key_pbox [i+1] (i=0) with BF_En, result replaces key_pbox
[i+2] and key_pbox [i+3], so circulation are all replaced until key_pbox;
5.2) decryption is that the key_pbox backward in information ciphering process is used.
Further, the step f server and client side both sides carry out Hybrid Encryption communication, specifically include step: clothes
Business device generates the secret key pair of RSA and BLOWFISH respectively;
With the public key of the public key encryption BLOWFISH of RSA and encrypted ciphertext is issued into client;
Client obtains BLOWFISH public key with the private key of RSA decryption ciphertext, needs to encrypt with this public key encryption
Data, be sent to server.
Server BLOWFISH private key ciphertext data ciphertext obtains in plain text, terminating program.
It advantages of the present invention and has the beneficial effect that:
1. innovative point of the present invention is RSA and BLOWFISH (Bruce Si Naier) two kinds of Encryption Algorithm Hybrid Encryptions,
Using the public key of rsa encryption BLOWFISH, it is sent to client, is decrypted to obtain the public key of BLOWFISH by client.Due to
RSA cryptographic algorithms calculate complexity, and encryption times are long, and the information of encryption is longer, and the time used is more, so using rsa encryption
The public key of BLOWFISH, rather than encrypted transmission data.
2. utilizing BLOWFISH encryption data, BLOWFISH can guarantee good enciphering rate, and up to this point
Effective crack method is not found, it is ensured that the safety during data biography.
Detailed description of the invention
Fig. 1 is that the present invention provides preferred embodiment OPC UA communication flow diagram.
Fig. 2 is RSA and BLOWFISH Hybrid Encryption flow chart.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, detailed
Carefully describe.Described embodiment is only a part of the embodiments of the present invention.
The technical solution that the present invention solves above-mentioned technical problem is:
The method that the present invention proposes a kind of RSA and BLOWFISH Hybrid Encryption OPC UA, it is characterised in that communication makes every time
With the public key of RSA cryptographic algorithms encryption BLOWFISH, it is sent to client, client decrypts after the public key of BLOWFISH again
In plain text with this public key encryption, it is sent to server, server is decrypted to obtain in plain text with private key again.With reference to the accompanying drawing and specifically
The present invention is described in more detail for embodiment.
Fig. 1 gives OPC UA communication flow diagram.Specific implementation process is:
1.OPC UA client first has to send communication request as server when needing with server communication;It is wrapped in request
All security mechanisms for including client support for the identity to server authentication oneself and negotiate unified safety secret side
Method.
After 2.OPC UA server receives the communication request of client, whether verifying client is credible, if credible, establishes peace
Full communication channel, using RSA and BLOWFISH generate it is respective it is public private key, BLOWFISH code key production process: in BLOWFISH
Pbox and sbox be it is fixed, randomly choose a key, fill key_sbox with sbox, then with key8 one group and pbox
XOR operation is carried out, obtained result is as key_pbox;The 64bit information of a full 0 is encrypted with BF_En, exports result
Its unreal key_pbox [0] and key_pbox [1];Replaced key_pbox and key_pbox [i+1] (i=is encrypted with BF_En
0), result replacement key_pbox [i+2] and key_pbox [i+3], so circulation know that key_pbox is all replaced;With same
The method of sample replaces key_sbox encryption information.RSA code key production process: two unequal prime number p and q of random selection;N=
Then p*q converts binary system for n;An integer is selected at randomAnd e
With(n) relatively prime);Calculate e withMould antielement d:Find out d;N and e are packaged into public affairs
Key, n and d are packaged into private key;Then with the public key of the public key encryption BLOWFISH of RSA, encrypted BLOWFISH public key is deposited
It is placed in X509.v3 certificate, then certificate is sent to client;If insincere, terminate this communication, waits next client
Communication request.
For 3.OPC UA client after receiving the reply of server, whether authentication server certificate is credible, if credible, uses
RSA decrypts to obtain the public key of BLOWFISH, and confidential information m to be added is divided to for two parts 32bit with this public key encryption data: mL and
mR;ML=mL^Pi, mR=F (mL) ^mR;Reconsolidate mL and mR;It is sent to server;If insincere, issue and warn to client
It accuses, decides whether to continue to communicate by client, if continuing, trust server;If distrusting, terminate to communicate.
4.OPC UA server decrypts ciphertext with BLOWFISH private key: the key_pbox backward in ciphering process used,
It decrypts in plain text.
5. supporting that server and client side can be according to the carry out Hybrid Encryption communication appointed in advance.
Fig. 2 gives the Hybrid Encryption process of RSA and BLOWFISH:
1. the secret key pair that server generates RSA and BLOWFISH respectively;
2. with the public key of the public key encryption BLOWFISH of RSA and encrypted ciphertext is issued client;
3. client obtains BLOWFISH public key with the private key of RSA decryption ciphertext, the number encrypted is needed with this public key encryption
According to being sent to server.
Server BLOWFISH private key ciphertext data ciphertext obtains in plain text, introducing program
The above embodiment is interpreted as being merely to illustrate the present invention rather than limit the scope of the invention.?
After the content for having read record of the invention, technical staff can be made various changes or modifications the present invention, these equivalent changes
Change and modification equally falls into the scope of the claims in the present invention.
Claims (9)
1. the method for a kind of RSA and BLOWFISH Hybrid Encryption OPC UA, are used primarily between OPC UA server and client
Carry out Hybrid Encryption, which comprises the following steps:
A. user end to server sends communication request;
B. the request of server response client, whether verifying client can communicate, if can be with server by utilizing BLOWFISH
Bruce Si Naier algorithm and RSA Algorithm generate respective public private key pair;
C. server encrypts public key with RSA Algorithm, is sent to client;
D. whether client validation server is credible, if credible, the public key for the BLOWFISH that client is generated using server is right
Information carries out plaintext encryption, then replys server;
E. the private key of server by utilizing oneself is decrypted, and obtains in plain text;
F. server and client side both sides carry out Hybrid Encryption communication.
2. the method for a kind of RSA according to claim 1 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
It states user end to server in step a and sends communication request, client mainly provides following information to server:
1.1) security mechanism, Encryption Algorithm of client support, digital signature SHA-1 and corresponding support is minimum and maximum
Code key length;
1.2) safety certificate of client is X509.v3 certificate.
3. the method for a kind of RSA according to claim 2 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
State the Encryption Algorithm of client support are as follows: RSA Algorithm and BLOWFISH algorithm.
4. the method for a kind of RSA according to claim 2 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
Server response client request in step b is stated, primarily to whether verifying client is credible, is utilized if credible
BLOWFISH algorithm generates secret key pair, and steps are as follows:
2.1) BLOWFISH public affairs private key generate process:
1. pbox and sbox is fixed in BLOWFISH, a key is randomly choosed, key_sbox is filled with sbox, then uses
Key8 one group carries out XOR operation with pbox, and obtained result is as key_pbox;
2. encrypting the 64bit information of a full 0 with BF_En core function, output result replacement key_pbox [0] and key_
pbox[1];
3. encrypting replaced key_pbox and key_pbox [i+1], i=0 with BF_En, result replaces key_pbox [i+2]
With key_pbox [i+3], so recycle until key_pbox is all replaced;
4. replacing key_sbox encryption information with same method.
5. the method for a kind of RSA according to claim 4 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
It states step b and generates secret key pair using RSA Algorithm, steps are as follows:
2.2) RSA public affairs private key generate process:
1. randomly choosing two unequal prime number p and q;
2. then n=p*q converts binary system for n;
③
4. an integer e is selected at random,And e withIt is relatively prime;
5. calculate e withMould antielement d:Find out d;
6. n and e are packaged into public key, n and d are packaged into private key.
6. the method for a kind of RSA according to claim 5 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
It states server by utilizing RSA Algorithm in step c and is sent to client to the public key encryption of BLOWFISH, steps are as follows:
3.1) public key of BLOWFISH is set as x;
3.2) formula x is utilizede≡ c (mod n), n and e are RSA public key, find out c, and c indicates encryption information.
7. the method for a kind of RSA according to claim 6 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
Whether the certificate for stating client validation server in step d credible, if credible using BLOWFISH public key to plaintext into
Row encryption, if insincere, issues the user with safety warning, decides whether also to continue to communicate by user, encrypted in plain text
Journey is as follows:
4.1) confidential information m to be added is divided to for two parts 32bit: mL and mR, mL indicate that the left half of confidential information to be added, mR indicate
The right half of confidential information to be added;
4.2) mL=mL^Pi, mR=F (mL) ^mR, i ∈ [1,16];
4.3) mL and mR are reconsolidated.
8. the method for a kind of RSA according to claim 6 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
It states server in step e the ciphertext that client is sent is decrypted with the private key of BLOWFISH, steps are as follows:
5.1) identical when code key pretreatment is with encryption:
1. pbox and sbox is fixed in BLOWFISH, a key is randomly choosed, key_sbox is filled with sbox, then uses
Key8 one group carries out XOR operation with pbox, and obtained result is as key_pbox;
2. encrypting the 64bit information of a full 0 with BF_En, output result replacement key_pbox [0] and key_pbox [1];
3. encrypting replaced key_pbox and key_pbox [i+1] (i=0) with BF_En, result replaces key_pbox [i+
2] it is all replaced with key_pbox [i+3], such circulation until key_pbox;
5.2) decryption is that the key_pbox backward in information ciphering process is used.
9. the method for a kind of RSA according to claim 8 and BLOWFISH Hybrid Encryption OPC UA, which is characterized in that institute
State step f server and client side both sides carry out Hybrid Encryption communication, specifically include step: server generate respectively RSA and
The secret key pair of BLOWFISH;
With the public key of the public key encryption BLOWFISH of RSA and encrypted ciphertext is issued into client;
Client obtains BLOWFISH public key with the private key of RSA decryption ciphertext, and the data encrypted are needed with this public key encryption, sends
To server;
Server BLOWFISH private key ciphertext data ciphertext obtains in plain text, terminating program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811365962.1A CN109639647A (en) | 2018-11-16 | 2018-11-16 | A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811365962.1A CN109639647A (en) | 2018-11-16 | 2018-11-16 | A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109639647A true CN109639647A (en) | 2019-04-16 |
Family
ID=66068180
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811365962.1A Pending CN109639647A (en) | 2018-11-16 | 2018-11-16 | A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109639647A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116980237A (en) * | 2023-09-25 | 2023-10-31 | 北京智城联合科技发展有限公司 | Urban safety informatization data acquisition method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697365A (en) * | 2005-03-04 | 2005-11-16 | 南京邮电学院 | Secure transmission method oriented to mobile agent |
US20090119761A1 (en) * | 2003-12-12 | 2009-05-07 | International Business Machines Corporation | Apparatus and computer program product for password generation |
CN108282327A (en) * | 2017-01-06 | 2018-07-13 | 重庆邮电大学 | A kind of OPC UA secret key exchange methods based on chaos rsa encryption |
-
2018
- 2018-11-16 CN CN201811365962.1A patent/CN109639647A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090119761A1 (en) * | 2003-12-12 | 2009-05-07 | International Business Machines Corporation | Apparatus and computer program product for password generation |
CN1697365A (en) * | 2005-03-04 | 2005-11-16 | 南京邮电学院 | Secure transmission method oriented to mobile agent |
CN108282327A (en) * | 2017-01-06 | 2018-07-13 | 重庆邮电大学 | A kind of OPC UA secret key exchange methods based on chaos rsa encryption |
Non-Patent Citations (3)
Title |
---|
SUNHYUKSUN: ""BLOWFISH"", 《百度百科》 * |
VINEY PALBANSAL: ""A Hybrid Data Encryption Technique using RSA and Blowfish for Cloud Computing on FPGAs"", 《IEEE》 * |
赵宴辉: ""OPC UA 技术综述"", 《舰船防化》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116980237A (en) * | 2023-09-25 | 2023-10-31 | 北京智城联合科技发展有限公司 | Urban safety informatization data acquisition method |
CN116980237B (en) * | 2023-09-25 | 2024-01-02 | 北京智城联合科技发展有限公司 | Urban safety informatization data acquisition method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6670395B2 (en) | System and method for distribution of identity-based key material and certificate | |
EP3210335B1 (en) | Efficient start-up for secured connections and related services | |
CN104219228B (en) | A kind of user's registration, user identification method and system | |
US8291231B2 (en) | Common key setting method, relay apparatus, and program | |
AU2016287732A1 (en) | Mutual authentication of confidential communication | |
Haakegaard et al. | The elliptic curve diffie-hellman (ecdh) | |
US11372986B1 (en) | Systems and methods for encrypted content management | |
CN103036684B (en) | Identity-based encryption (IBE) data encryption system and method capable of lowering damages of master key crack and disclosure | |
Obert et al. | Recommendations for trust and encryption in DER interoperability standards | |
JP2022521525A (en) | Cryptographic method for validating data | |
US11838409B2 (en) | Method and apparatus for transferring data in a publish-subscribe system | |
CN109800588A (en) | Bar code dynamic encrypting method and device, bar code dynamic decryption method and device | |
JP2020532177A (en) | Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission | |
Tong et al. | CCAP: A complete cross-domain authentication based on blockchain for Internet of things | |
Cho et al. | Using QKD in MACsec for secure Ethernet networks | |
CN116132043B (en) | Session key negotiation method, device and equipment | |
CN109639647A (en) | A kind of method of RSA and BLOWFISH Hybrid Encryption OPC UA | |
Siriwardena et al. | Mutual authentication with TLS | |
CN114866244A (en) | Controllable anonymous authentication method, system and device based on ciphertext block chaining encryption | |
KR100883442B1 (en) | Method of delivering direct proof private keys to devices using an on-line service | |
Yao et al. | Post Quantum KEM authentication in SPDM for secure session establishment | |
Arora et al. | Handling Secret Key Compromise by Deriving Multiple Asymmetric Keys based on Diffie-Hellman Algorithm | |
CN112035820A (en) | Data analysis method used in Kerberos encryption environment | |
Renner et al. | Towards key management challenges in the smart grid | |
Shi et al. | Verification of LINE encryption version 1.0 using proverif |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190416 |