CN109728898A - Internet-of-things terminal safety communicating method based on block chain technology - Google Patents
Internet-of-things terminal safety communicating method based on block chain technology Download PDFInfo
- Publication number
- CN109728898A CN109728898A CN201910176227.4A CN201910176227A CN109728898A CN 109728898 A CN109728898 A CN 109728898A CN 201910176227 A CN201910176227 A CN 201910176227A CN 109728898 A CN109728898 A CN 109728898A
- Authority
- CN
- China
- Prior art keywords
- public key
- communication
- data
- internet
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of internet-of-things terminal safety communicating methods based on block chain technology, including the Internet of Things communication server to generate key;Each IoT equipment generates cipher generating parameter, generates respective private key;Communicating pair calculates respective public key, the key for obtaining the Internet of Things communication server, respective public key submission connected network communication server is carried out to the public key for being stored, obtaining communication counterpart by the Internet of Things communication server, calculates when time communication key of communication and by when time communication key of communication securely communicates.The present invention realizes the automatic coded communication of IoT equipment and service centre and IoT equipment room;Reduce service centre's load capacity, and realizes the high efficiency of data communication;The reliable memory for finally realizing the data such as the IoT equipment public key based on block chain ensure that the integrality of storage and being difficult to tamper with property, meet the requirement of storage safety.
Description
Technical field
Present invention relates particularly to a kind of internet-of-things terminal safety communicating methods based on block chain technology.
Background technique
With the development of economic technology, Internet of Things is had been widely used in people's production and life, to the life of people
It produces and life brings endless convenience.
From smart grid, wisdom traffic, smart city to the industry application scenarios such as 4.0, Internet of Things (IoT) terminal device and
System is at explosive growth, and Internet of Things is using more and more extensive.However equipment once accesses network, certainly will exist attacked can
Energy property leads to data and privacy leakage once being attacked, serious to can lead to the major accidents such as traffic paralysis, grid disruption,
Internet of things system receives more and more attention safely.
The method for mostly using comparison traditional in practical applications at present, for example IoT equipment set username and password, pass through
Control centre realizes safety certification and data interaction.There is certain deficiencies for this mechanism: (1) many IoT equipment generally use
Default factory username and password, a possibility that increasing Brute Force.(2) every time IoT equipment session will pass through in it is genuinely convinced
Business device carries out certification and transmits with information, and with being continuously increased for IoT equipment, central server load is significantly greatly increased.(3) password number
According to the routine preservation in server-side, privacy of user is be easy to cause to reveal.(4) on the guaranteed reliability of data storage, in service
The heart mostly uses master-slave back-up mechanism, is able to solve single point failure problem, but to data itself and integrity protection is not implemented.
Many scholars have carried out correlative study for Internet of Things safety problem, propose encryption, authentication, privacy guarantor
The security mechanisms such as shield, intrusion detection.However, academia compares the technical security study of concern, the meter of many internet of things equipment
It calculates and storage resource is very limited, realize that difficulty is relatively high in practical applications.With the invention and rise of block chain technology,
Internet of Things secure context also results in concern.
The patent (CN108270571A) of Xi'an electronics University of Science and Technology application proposes a kind of Internet of Things identity based on block chain
Verification System and its method build block chain network by trusted third party, dispose intelligent contract, based on POW common recognition algorithm note
Account, carries out the creation of equipment Transaction Information and verifying, and module and user are realized in association, the creation of control equipment Transaction Information and verifying
Legitimate verification, secret protection etc..But equipment association is required to verify with control, and communication and computing cost are larger, influences to imitate
Rate.The patent (CN107749848A) of China Unicom application provides processing method, device and the Internet of Things of a kind of internet of things data
Net system, the first internet of things equipment are responsible for data acquisition, send the authentication information comprising equipment and Data Identification to second
Internet of things equipment, the second Internet of Things equipment carry out authentication according to corresponding block chain, are verified and add new block,
And data, mark and block number are stored in database together.It is main realize internet of things data storage can not distort and trackability.
The patent (CN108111312A) of University of Electronic Science and Technology's application proposes a kind of intelligent terminal peace based on block chain
Full communication method.Each terminal generates safety test data as block, by POW common recognition mechanism, carries out according to intelligent contract
Data interaction is combined into chain structure, guarantees the safety of block interchain information transmitting by Encryption Algorithm, realizes intelligence
The security protection of terminal.Storage and common recognition are realized in each terminal room, calculates and storage overhead is larger, do not meet internet of things equipment money
The limited feature in source.
Summary of the invention
The purpose of the present invention is to provide a kind of high reliablity, good confidentiality and efficiency are higher based on block chain technology
Internet-of-things terminal safety communicating method.
This Internet of Things communication means based on block chain technology provided by the invention, includes the following steps:
S1. the Internet of Things communication server generates key;
S2. each IoT equipment generates cipher generating parameter;
S3. the cipher generating parameter that each Iot equipment is generated according to step S2, generates respective private key;
S4. respective public key is calculated according to cipher generating parameter and private key in communicating pair;
S5. communicating pair obtains the public key of the Internet of Things communication server;
S6. communicating pair carries out respective public key submission connected network communication server to carry out the storage of block chain;
S7. communicating pair obtains the public key of communication counterpart by the Internet of Things communication server;
S8. communicating pair is calculated when time communication key of communication;
S9. communicating pair when time communication key of communication by securely communicating.
The Internet of Things communication server described in step S1 generates key, is specially generated using ECC rivest, shamir, adelman
Server key pair;Server key is to including server public key and privacy key, and wherein privacy key is stored in Internet of Things
Network Communication server, server public key are transferred to each IoT equipment.
Cipher generating parameter described in step S2 specifically includes and negotiates the prime number p generated, elliptic curve by communicating pair
Coefficient a and b, basic point G and subgroup order n.
The respective private key of generation described in step S3, specially communicating pair are according to elliptic curve parameter n, in [1, n-1]
Section respectively generates a random number d using random () functionaAnd db, as respective private key and it is stored in local.
Respective public key is calculated described in step S4, public key is specially calculated using following formula:
Ha=da*G
Hb=db*G
In formula, HaFor the public key of communication party a, HbFor the public key of communication party b, daAnd dbIt is respective in step s3 for communication party
The private key of generation, G are basic point.
Communicating pair described in step S5 obtains the key of the Internet of Things communication server, and specially communicating pair passes through with bright
The mode of text obtains the public key of the Internet of Things communication server.
Respective public key submission connected network communication server is carried out progress block chain and deposited by communicating pair described in step S6
It is single-ended non-right that storage, specially communicating pair carry out respective public key and ID by the public key of the Internet of Things communication server obtained
Claim encryption, and submission connected network communication server is stored, after the communication server is reached common understanding, respective block chain is arrived in storage
In.
Communicating pair described in step S7 obtains the public key of communication counterpart by the Internet of Things communication server, will specially lead to
Letter side ID and communication counterpart ID data use communication server public key encryption, upload in the communication server, store from server
Block chain in inquire public key corresponding to two stored device ids, the Internet of Things communication server uses respective public key
The public key of other side is encrypted, and encrypted data are respectively sent to communication counterpart;Communicating pair uses respective private
Key received encryption data is decrypted the public key that can obtain communication counterpart.
Communicating pair described in step S8 is calculated when time communication key of communication, is assisted specifically, being exchanged according to D-H key
View, after obtaining other side's public key, communicating pair is calculated using following formula when time communication key of communication:
K=da*Hb=db*Ha
In formula, HaFor the public key of communication party a, HbFor the public key of communication party b, daAnd dbIt is respective in step s3 for communication party
The private key of generation.
The Internet of Things communication server, specially using Raft common recognition protocol realization.
Described uses Raft common recognition protocol realization, is specially realized using following steps:
The election of A.leader node;
The data of B.IoT equipment are synchronous;
The data of C.IoT equipment store;
D. the response of the Internet of Things communication server;
The repeating transmission of E.IoT device data;
F.Leader node gravity treatment.
Original state is set follower state by the leader node election, specially each server node;
If certain node does not receive the heartbeat message that leader node issues in certain random time interval, oneself state is converted to
Candidate state;The node of candidate state sends ballot request to remaining node;Remaining node receives ballot and asks
After asking, each node judges whether the random time section of setting themselves expires, if it is not yet due, and do not vote to oneself or its
Its node then issues confirmation polling response message to the node of the current candidate received;The final most most ballots of acquisition
Node is converted to leader node.
The data of the IoT equipment are synchronous, if leader node is not received and newly uploaded specially in random period
The public key data of IoT terminal, then leader node sends data synchronization request to remaining node;If synchrodata content is sky
When, it is still active to remaining node confirmation leader node as heartbeat detection data;If leader node receives residue
The public key data that IoT equipment is newly submitted, then leader node sends record request to remaining node, and remaining node is required to receive
The public key data that IoT equipment is newly submitted;After remaining node receives new IoT equipment public key, information is issued simultaneously to leader node
Confirmation is properly received.
The data of the IoT equipment store, specially when leader node receives the residue section more than setting ratio
It, will be new that IoT public key data is submitted in the block chain of oneself after the confirmation message of point;Simultaneously in next heartbeat,
Leader node notifies all remaining nodes that new received IoT public key data is appended in respective block chain.
The IoT equipment is retransmitted, if the specially IoT equipment response that does not receive the communication server within the set time,
Public key data is resubmited, attempts to terminate to time-out.
The Leader node gravity treatment, once specially leader failure or out of touch with other nodes, passes through
After the identification of heartbeat detection data, the triggering communication server restarts the election of leader node, then executes data common recognition and storage
Etc. processes.
The block chain links a series of blocks using hash pointer and constitutes block chained list, and each block includes data
And it is directed toward the Hash pointer of previous block in chain, and also provide whether cryptographic Hash goes to verify data that this block is included
It changes, while providing that Head Section module unit content pointed by the head Hash pointer of block chained list is immutable.
The unit of block chain replaces the relevant Nonce random number of POW common recognition mechanism and objective_hash value field
For the height field of term term of office field and expression block height, retain hash pointer and Merkle tree.
The hash pointer, specially hash pointer data structure include the finger for being directed toward previous block unit
Needle, while the cryptographic Hash of previous block IoT equipment public key data is also safeguarded by hash function.
SHA256 algorithm is selected to realize that the cryptographic Hash of storing data calculates.
The amendment Merkle tree, for IoT public key data with the tree-like formula group of Merkle specially in block unit
Knit storage.
If the IoT public key data in any one block changes, the subsequent whole of the block has block and increases newly
Block must also recalculate cryptographic Hash, and calculate to calculate power and must be over block and increase speed, otherwise leader node maintenance
Block chain is always newest, distorts so as to identify.
This internet-of-things terminal safety communicating method based on block chain technology provided by the invention, changes traditional hand
Dynamic password configuration realizes that IoT equipment and service centre and the automatic of IoT equipment room add in conjunction with Encryption Tools such as ECC and D-H
Close communication;It mutually being separated by authenticating IoT device authorization with IoT communication between devices, not only having reduced service centre's load capacity, but also real
The high efficiency of data communication is showed;Block chain data structure and Raft common recognition mechanism are finally integrated, IoT equipment public key etc. is realized
The reliable memory of data ensure that the integrality of storage and being difficult to tamper with property, meet the requirement of key storage safety.
Detailed description of the invention
Fig. 1 is the method flow schematic diagram of the method for the present invention.
Fig. 2 is the Internet of things system security architecture schematic diagram of the method for the present invention.
Fig. 3 is the block chain structure schematic diagram of the method for the present invention.
Fig. 4 is the structural schematic diagram of the block chain element of the method for the present invention.
Fig. 5 is the IoT device data schematic diagram of the method for the present invention.
Specific embodiment
To mitigate service centre's load pressure, efficient, the safe communications and data between realization IoT terminal device is transmitted,
Guarantee data can not tamper, the convenience that equipment uses is based on block chain technology, and the Internet of Things for proposing a kind of compromise is whole
Safe information transmission and storage method between end equipment, the security architecture of system are as shown in Figure 2.It is logical that the program can solve strange land simultaneously
Letter, transmission safety problem, meet and load the practical application requests such as small, secure storage.Main includes three aspect work: (1) with
IoT device authorization is mutually separated into starting point with communication between devices, is based on rivest, shamir, adelman and D-H cipher key exchange mechanism, real
The secure communication of existing internet-of-things terminal equipment;(2) design Raft common recognition algorithm, meets the IoT in the communication server for storage
Equipment public key data strong consistency and correctness requirement guarantee the real-time and correctness of the communication of IoT equipment.(3) design is based on
The data store organisation of block chain realizes efficient IOT public key number using technologies such as Hash pointer, Merkled tree, timestamps
According to integrity verification and data be difficult to tamper with.
Specifically, this internet-of-things terminal safety communicating method based on block chain technology provided by the invention, method
Process is as shown in Figure 1:
This internet-of-things terminal safety communicating method based on block chain technology provided by the invention, includes the following steps:
S1. the Internet of Things communication server generates key;Server key is specially generated using ECC rivest, shamir, adelman
It is right;Server key is to including server public key and privacy key, and wherein privacy key is stored in Internet of Things communication service
Device, server public key are transferred to each IoT equipment;
S2. each IoT equipment generates cipher generating parameter;It specifically includes and the prime number p generated, ellipse is negotiated by communicating pair
The parameters such as curve coefficients a and b, basic point G and subgroup order n;
S3. the cipher generating parameter that each Iot equipment is generated according to step S2, generates respective private key;Specially communication is double
Side respectively generates a random number d using random () function according to elliptic curve parameter n, in [1, n-1] sectionaAnd db, make
For respective private key and it is stored in local;
S4. respective public key is calculated according to cipher generating parameter and private key in communicating pair;Specially calculated using following
Formula calculates public key:
Ha=da*G
Hb=db*G
In formula, HaFor the public key of communication party a, HbFor the public key of communication party b, daAnd dbIt is respective in step s3 for communication party
The private key of generation, G are basic point;
S5. communicating pair obtains the key of the Internet of Things communication server;Specially communicating pair passes through in clear text manner,
Obtain the public key of the Internet of Things communication server;
S6. communicating pair carries out respective public key submission connected network communication server to carry out the storage of block chain, specially
Communicating pair carries out single-ended asymmetric encryption to respective public key and ID by the public key of the Internet of Things communication server obtained, and
Submission connected network communication server is stored;
Specifically, the exposure of a possibility that for when preventing public key from submitting, and it is public for IoT in later period extended communication services device
Key data access authority management provides convenience, IoT equipment public key and ID and carries out list using the public key at the communication server end obtained
Asymmetric encryption is held, then is submitted to the communication server, after the communication server is reached common understanding, is stored into respective block chain;
S7. communicating pair obtains the public key of communication counterpart by the Internet of Things communication server;Specially by communication party ID and
Communication counterpart ID data use communication server public key encryption, upload in the communication server, the block chain stored from server
In inquire public key corresponding to two stored device ids, the Internet of Things communication server is using respective public key to other side's
Public key is encrypted, and encrypted data are respectively sent to communication counterpart;Communicating pair is using respective private key to reception
Encryption data the public key that can obtain communication counterpart is decrypted;
S8. communicating pair is calculated when time communication key of communication;Specifically, obtaining other side according to D-H Key Exchange Protocol
After public key, communicating pair is calculated using following formula when time communication key of communication:
K=da*Hb=db*Ha
In formula, HaFor the public key of communication party a, HbFor the public key of communication party b, daAnd dbIt is respective in step s3 for communication party
The private key of generation;
S9. communicating pair when time communication key of communication by securely communicating;After generating session shared key, communication
Both sides, which carry out symmetric cryptography using shared key, to be securely communicated, and eliminate the calculating method complexity of symmetric cryptography, mention
High communication efficiency.
In above-mentioned communication process, the Internet of Things communication server is specially to use Raft protocol realization;Build Raft collection
Group's server, the IoT device id reached common understanding and its public key data is submitted in the block chain of Raft cluster maintenance, realizes number
According to reliable memory.When there is Single Point of Faliure in Raft cluster, still normal service can be provided for IoT equipment.In our peace
In full framework, there are very strong consistency and a correctness requirement to the IoT equipment public key data of storage, therefore using being simple and efficient
Raft protocol realization common recognition.Accounting Request in scheme is substantially exactly that each IoT device request deposits the public key data of itself
Storage is in the block chain of Raft cluster.
Using Raft protocol realization, specially realized using following steps:
The election of A.leader node;Before the storage of the data such as IoT public key, Raft cluster need to select a Leader section
Point carries out accounting management
Original state is set follower state by specially each server node;If certain node is in certain random time interval
The heartbeat message that leader node issues is not received, then oneself state is converted into candidate state;Candidate state
Node to remaining node send ballot request;After remaining node receives ballot request, each node judges setting themselves
Whether random time section expires, if it is not yet due, and do not vote to oneself or other nodes, then it is current to what is received
The node of candidate issues confirmation polling response message;The final node for obtaining most most ballots is converted to leader node;
The data of B.IoT equipment are synchronous: if leader node does not receive the public affairs of the IoT terminal newly uploaded in random period
Key data, then leader node sends data synchronization request to remaining node, still lives to remaining node confirmation leader node
Jump;If leader node receives the public key data that remaining IoT equipment is newly submitted, leader node is sent to remaining node to be remembered
Record request, and remaining node is required to receive the public key data that IoT equipment is newly submitted;Remaining node receives new IoT equipment public key
Afterwards, information is issued to leader node and confirm successful reception;
Specifically, after leader node is selected, if in random period time value, if not receiving the IoT newly uploaded
Public key data, leader node send data synchronization request to other nodes, when synchrodata content is empty, examine as heartbeat
Survey mechanism allows other follower nodes to be used to determine whether leader node is still active;If receiving IoT equipment newly to submit
Public key data, then send record request to other follower nodes, that is, other follower nodes required to receive IoT equipment
The public key data newly submitted;After other follower nodes are properly received new IoT public key data, to leader node issue at
Function receives confirmation message;
The data of C.IoT equipment store: when the confirmation that leader node receives the remaining node more than setting ratio disappears
It, will be new that IoT public key data is submitted in the block chain of oneself after breath;Simultaneously in next heartbeat, leader node notice
New received IoT public key data is appended in respective block chain by all remaining nodes;
Specifically, working as leader node receives whole follower nodes or the follower section more than 50% or more
The confirmation message of point, new IoT public key data is submitted in the block chain of oneself, i.e., by public key that is recording before but not submitting
Data are submitted;In next heartbeat, leader is notified that all follower nodes will new received IoT public key data
It is appended in respective block chain, i.e., the new district module unit reached common understanding in leader node is subjected to the whole network confirmation;
D. it the response of the Internet of Things communication server: after the Raft communication server completes data common recognition and storage, sends true
Recognize message and give IOT equipment, completes the submission of this data;
The repeating transmission of E.IoT device data: it if IoT equipment does not receive communication server response within a certain period of time, mentions again
Public key data is handed over, attempts to terminate to time-out;
F.Leader node gravity treatment: once leader failure or out of touch with other nodes, passes through heartbeat detection machine
After system identification, triggering Raft cluster server restarts the election of leader node, then executes the processes such as data common recognition and storage.
Raft common recognition agreement ensure that service centre can provide the public key number of consistency still after single machine failure for IoT equipment
According to content, but in some node, certain IoT public key datas may be tampered, data integrity and being difficult to tamper with property still without
To guarantee.For this purpose, introducing block chain data structure, data are realized using technologies such as Hash pointer, Merkled tree, timestamps
Secure storage.
Block chain links a series of blocks using hash pointer and constitutes block chained list, and each block includes data and refers to
The Hash pointer of previous block into chain, and cryptographic Hash is also provided and goes to verify whether the data that this block is included become
Change, while providing that Head Section module unit content pointed by the head Hash pointer of block chained list is immutable.
The unit of block chain replaces the relevant Nonce random number of POW common recognition mechanism and objective_hash value field
For term term of office field and indicate block height height field, using hash pointer and Merkle tree;Specifically, to protect
Strong consistency is demonstrate,proved, we use for reference bit coin block chain structure, and are modified accordingly according to our own safety approach, will
Nonce random number relevant to bit coin POW common recognition mechanism is removed with objective_hash value field, changes the term term of office number into
Field and the height field for indicating block height.In addition, block chain data structure be mainly concerned with hash pointer and
Merkle tree.
Hash pointer, the hash pointer specially used are directed toward the pointer of previous block unit including one, simultaneously also
The cryptographic Hash of previous block IoT equipment public key data is safeguarded by hash function.
SHA256 algorithm is selected to realize that the cryptographic Hash of storing data calculates.
Merkle tree is stored IoT public key data with the tree-like formula tissue of Merkle specially in block unit;Specifically
, IoT public key data is stored with the tree-like formula tissue of Merkle in block unit.Leaf node stores IoT public key data
Cryptographic Hash, and the value in non-leaf nodes is by the cryptographic Hash of the combined result of all child nodes of the node.It uses
When Merkle Hash tree carries out IoT public key data integrity verification, only branch where IoT public key data need to be subjected to hash value meter
It calculates, is simple and efficient;
If the IoT public key data in any one block changes, the subsequent whole of the block has block and increases newly
Block must also recalculate cryptographic Hash, and calculate to calculate power and must be over block and increase speed, otherwise leader node maintenance
Block chain is always newest, distorts so as to identify.
Fig. 2 shows the example system roll-over protective structurves for the embodiment that can be applied to Internet of Things safe information transmission and storage
Structure, system are made of the communication server and internet of things equipment terminal node.Four nodes are the communication servers in box, also referred to as
Raft cluster server, between each other usually through using cable network to be in communication with each other.IoT equipment 1 to 6 is to all types of Internet of Things
Terminal is abstracted, and without specific reference, each IoT equipment uses and generallys use communication.Number of servers and IoT in figure
Number of devices is only schematical, and specific system can be increased and decreased according to practical application request.
The strong consistency of the data such as public key, device id for guarantee IoT equipment and data storage and verification time effect
Rate introduces block chain data structure, as shown in Figure 3 in each of Fig. 2 server node.
A series of block units are linked using hash pointer in Fig. 3 structure and constitute block chained list, and each block unit includes
Data portion and the Hash pointer for being directed toward previous block in chain.Each block not only may be notified that previous block locations, moreover it is possible to
Cryptographic Hash is enough provided to go to verify whether the data that this block is included change.
The design of block unit has been as shown in figure 4, used for reference bit coin block chain structure in block chain, and according to ourselves
Safety approach carried out corresponding modification, Term field indicates the term of office number, and height field indicates block height, other fields
Substantially identical as bit coin block chain structure meaning.
In block cellular construction shown in Fig. 4, the tissue storage number such as IoT equipment public key and ID is come with the tree-like formula of Merkle
According to.Merkle leaf child node stores the cryptographic Hash of IoT device data, and the value in non-leaf nodes is by all of the node
The cryptographic Hash of the combined result of child node.When carrying out IoT equipment public key data integrity verification using Merkle Hash tree, only need
Branch where IoT public key data is subjected to the calculating of hash value, is simple and efficient.
Hash value in Fig. 4 is calculated, optional SHA256 realizes the cryptographic Hash calculating operation of storing data.It is complete first
At the filling and extension filling of data, the initial data inputted is converted to the block of information of n 512 bits, then to each letter
Breath block is handled using SHA256 compression function, by iterative calculation, generates one 256 data summarizations, i.e., required
Cryptographic Hash.
Key pair is generated using ECC rivest, shamir, adelman for the communication server.Elliptic curve is selected first, according to choosing
Fixed elliptic curve generates elliptic curve parameter Group, including prime P, basic point G, subgroup rank n, curve coefficients a and b etc.;According to
Parameter of curve Group generates public and private key;Private key saves locally, and public key can be transferred to each IoT terminal device.
Each IoT equipment also uses ECC Encryption Algorithm, and equipment uses identical elliptic curve and parameter of curve, including prime number p,
The parameters such as basic point G, subgroup rank n, curve coefficients a and b, the public and private key of IoT equipment is generated with this.For example, 1 He of IoT terminal device
Equipment 2 generates private key d using elliptic curve parameter respectively1And d2, then calculate separately respective public key H1=d1* G and H2=
d2*G.After IoT equipment public key generates, it is transferred to the storage of Raft server end.Raft cluster server should be before being transmitted
It operates normally, i.e., should elect Leader node, otherwise response results of the IoT equipment due to not receiving Raft cluster
And continuously attempt to submit, until trial time-out stops.
To realize that IoT equipment public key and ID data are stored in cluster server based on block chain common recognition, in IoT number of devices
According to before being submitted to server, Leader node need to be elected.
As shown in Fig. 2, being communication server node in box, when server node starts, state is set as follower
State.If not receiving the heartbeat message of leader in the election time-out time of setting, the node of follower state is converted
For candidate state.Meanwhile to avoid election from conflicting, election time-out time is the random value of some time interval.
Then it is issued as the server node of candidate state to other follower/candidate state nodes
The request voted to oneself.
After other follower nodes receive ballot request, by judging that local block chain updates degree and candidate
After the consistency of the update degree of node block chain, issues confirmation polling response message and give candidate node.
If in this process, there is a follower state node delay machine without receiving request election information,
Candidate node can vote at this time for oneself.After candidate node obtains most of tickets of N/2+1, candidate
State node is converted into leader node.
After leader node, in next random time period, it can be sent to other follower state nodes
Instruction.If leader node does not receive the IoT public key data newly submitted in certain random time, to other follower
Node send comprising leader node block chain update degree message, as follower nodal test leader node whether
Active heartbeat detection information.
After the completion of the election of server end Leader node, IoT device request stores public key data itself to Raft cluster
In block chain shown in Fig. 4, process is as shown in Figure 5.The public key of oneself and id information are used server end by IoT equipment first
Public key is encrypted, and Leader node or follower node are then submitted to.
For encryption of the IoT public key data when submitting, be to have following situation to consider: if in Fig. 1, IoT5 equipment belongs to
Party A-subscriber family, IoT3 and IoT4 equipment belong to party B-subscriber family, the two unencryption when submitting public key data content, then both sides
The public key data that all can inquire and directly intercept other side without Raft cluster, then uses D-H Key Exchange Protocol, AYong Hujia
The IoT equipment in front yard and the IoT equipment of party B-subscriber family can with direct communication, this be in reality it is worthless, there is very big peace
Full hidden danger.
If IoT equipment public key data is submitted to follower node, it will continue to be transmitted to leader node.Leader is received
To after IoT equipment message, other follower nodes of Xiang Suoyou send record request, that is, other follower nodes is required to connect
The public key and ID data newly submitted by IoT equipment.
After follower node receives new IoT public key data, confirmation receives successfully, and to leader node sending at
Function receives information.When leader node receives whole follower nodes or follower node more than 50% or more
New IoT public key data is then submitted in the block chain of oneself by confirmation message, is stored into block unit as shown in Figure 3.
In next time cycle, leader is notified that the IoT public key data that all follower nodes will newly receive
It is appended in respective block chain, i.e., the new district module unit reached common understanding in server node is subjected to the whole network confirmation, just
Formula is submitted in the block chain of the whole network, so that the block chain data height that each server node is kept is consistent.
After the communication server completes data common recognition and storage, sends confirmation message and give IOT equipment, complete this data and mention
It hands over.If IoT equipment does not receive the response of Raft server within a certain period of time, public key data is resubmited, is attempted to time-out
And it terminates.
Once leader failure or out of touch with other nodes, after being identified by heartbeat detection mechanism, triggering communication
Server restarts the election of leader node, then executes the processes such as data common recognition and storage.
After the completion of the election of Leader node, when IoT equipment needs to be in communication with each other, by certain IoT equipment ID itself and communication
Other side ID uses the public key encryption of the communication server, uploads to the communication server, in the block chain of server, is set according to two
The corresponding equipment public key of standby ID inquiry, is then encrypted using public key of communication party oneself public key to communication counterpart, so
It is sent to communication partner device from server afterwards, communication partner device is decrypted using the private key of oneself, obtains communication counterpart public key.
For example, communication party IoT equipment 1 is communicated with communication counterpart IoT equipment 2, the ID of IoT equipment 1 and 2 is sent to taking
Business device inquires the public key H of equipment 2 in server block chain2With the public key H of equipment 11, use the public key H of equipment 11To setting
Standby 2 public key H2Encryption, is transferred to equipment 1, and equipment 1 uses private key d1Decryption obtains the public key H of equipment 22, can calculate shared
Key k=d1*H2;For equipment 2,2 public key H is used2To the public key H of equipment 11Encryption, is transferred to equipment 2, and equipment 2 uses
Private key d2Decryption obtains the public key H of equipment 11, shared key k can be calculated*=d2*H1, according to ECDH agreement, available k=
k*, therefore k is as communicating pair session shared key.
After generating session shared key k, communicating pair, which carries out symmetric cryptography using shared key, to be securely communicated,
The calculating method complexity of asymmetric encryption is eliminated, communication efficiency is improved.It does not verify, alleviates by server end when communication
The load pressure of server.
Claims (8)
1. a kind of internet-of-things terminal safety communicating method based on block chain technology, includes the following steps:
S1. the Internet of Things communication server generates key;
S2. each IoT equipment generates cipher generating parameter;
S3. the cipher generating parameter that each IoT equipment is generated according to step S2, generates respective private key;
S4. respective public key is calculated according to cipher generating parameter and private key in communicating pair;
S5. communicating pair obtains the public key of the Internet of Things communication server;
S6. communicating pair carries out respective public key submission connected network communication server to carry out the storage of block chain;
S7. communicating pair obtains the public key of communication counterpart by the Internet of Things communication server;
S8. communicating pair is calculated when time communication key of communication;
S9. communicating pair when time communication key of communication by securely communicating.
2. the internet-of-things terminal safety communicating method according to claim 1 based on block chain technology, it is characterised in that step
The Internet of Things communication server described in rapid S1 generates key, specially generates server key using ECC rivest, shamir, adelman
It is right;Server key is to including server public key and privacy key, and wherein privacy key is stored in Internet of Things communication service
Device, server public key are transferred to each IoT equipment;In step s 2, communicating pair negotiates the prime number p generated, elliptic curve system
Number a and b, basic point G and subgroup order n;In step S3, a random number d is respectively generated in [1, n-1] sectionaAnd db, as
Respective private key is simultaneously stored in local.
3. the internet-of-things terminal safety communicating method according to claim 2 based on block chain technology, it is characterised in that step
Respective public key is calculated described in rapid S4, public key is specially calculated using following formula:
Ha=da*G
Hb=db*G
In formula, HaFor the public key of communication party a, HbFor the public key of communication party b, daAnd dbIt is respectively generated in step s3 for communication party
Private key, G are basic point.
4. the internet-of-things terminal safety communicating method according to claim 5 based on block chain technology, it is characterised in that step
Communicating pair described in rapid S5 obtains the key of the Internet of Things communication server, and specially communicating pair passes through in clear text manner,
Obtain the public key of the Internet of Things communication server;For communicating pair described in step S6 by respective public key submission connected network communication
Server carries out the storage of block chain, and specially communicating pair is by the public key of the Internet of Things communication server obtained to respective public key
Single-ended asymmetric encryption is carried out with ID, and submission connected network communication server is stored, and after the communication server is reached common understanding, is deposited
It stores up in respective block chain.
5. the internet-of-things terminal safety communicating method according to claim 4 based on block chain technology, it is characterised in that step
Communicating pair described in rapid S7 obtains the public key of communication counterpart by the Internet of Things communication server, specially by communication party ID and logical
Believe that other side ID data use communication server public key encryption, upload in the communication server, from the block chain that server stores
Public key corresponding to two stored device ids is inquired, the Internet of Things communication server is using respective public key to the public affairs of other side
Key is encrypted, and encrypted data are respectively sent to communication counterpart;Communicating pair is using respective private key to received
The public key that can obtain communication counterpart is decrypted in encryption data;Object according to claim 5 based on block chain technology
Networked terminals safety communicating method, it is characterised in that communicating pair described in step S8 is calculated when time communication key of communication, tool
Body is, according to D-H Key Exchange Protocol, after obtaining other side's public key, communicating pair is calculated using following formula works as the logical of time communication
Believe key:
K=da*Hb=db*Ha
In formula, HaFor the public key of communication party a, HbFor the public key of communication party b, daAnd dbIt is respectively generated in step s3 for communication party
Private key.
6. the internet-of-things terminal safety communicating method based on block chain technology described according to claim 1~one of 5, feature
It is that the Internet of Things communication server is specially carried out using following steps specially using Raft common recognition protocol realization
It realizes:
The election of A.leader node;
The data of B.IoT equipment are synchronous;
The data of C.IoT equipment store;
D. the response of the Internet of Things communication server;
The repeating transmission of E.IoT device data;
F.Leader node gravity treatment;
Leader node is elected, original state is set follower state by specially each server node;If certain is saved
Point does not receive the heartbeat message that leader node issues in certain random time interval, then oneself state is converted to candidate shape
State;The node of candidate state sends ballot request to remaining node;After remaining node receives ballot request, Mei Gejie
Point judges whether the random time section of setting themselves expires, if it is not yet due, and do not vote to oneself or other nodes, then it is right
The node of the current candidate received issues confirmation polling response message;The final node for obtaining most most ballots is converted to
Leader node;
It is for the data of the IoT equipment synchronous, if leader node is not received and is newly uploaded specially in random period
The public key data of IoT equipment, then leader node sends data synchronization request to remaining node;If synchrodata content is sky
When, it is still active to remaining node confirmation leader node as heartbeat detection data;If leader node receives residue
The public key data that IoT equipment is newly submitted, then leader node sends record request to remaining node, and remaining node is required to receive
The public key data that IoT equipment is newly submitted;After remaining node receives new IoT equipment public key, information is issued simultaneously to leader node
Confirmation is properly received;
Data storage for the IoT equipment, specially when leader node receives the residue section more than setting ratio
It, will be new that IoT public key data is submitted in the block chain of oneself after the confirmation message of point;Simultaneously in next heartbeat,
Leader node notifies all remaining nodes that new received IoT public key data is appended in respective block chain.
7. the internet-of-things terminal safety communicating method according to claim 6 based on block chain technology, it is characterised in that institute
The block chain stated links a series of blocks using hash pointer and constitutes block chained list, and each block includes data and direction chain
In previous block Hash pointer, and also provide cryptographic Hash go to verify whether the data that this block is included change,
Provide that Head Section module unit content pointed by the head Hash pointer of block chained list is immutable simultaneously;For the unit of block chain,
The Nonce random number of bit coin Correlation block and objective_hash value field are changed to term term of office field and expression
The height field of block height, and use hash pointer and Merkle tree construction;For the hash pointer, specially
Hash pointer includes one and is directed toward the pointer of previous block unit, while also safeguarding that previous block IoT is set by hash function
The cryptographic Hash of standby public key data;For the Merkle tree, specially in block unit for IoT public key data with
The tree-like formula tissue storage of Merkle;Data are stored with the cryptographic Hash for selecting SHA256 algorithm to realize storing data to calculate.
8. the internet-of-things terminal safety communicating method according to claim 7 based on block chain technology, it is characterised in that if
IoT public key data in any one block changes, and the subsequent whole of the block has block and newly-increased block is also necessary
It recalculates cryptographic Hash, and calculates to calculate power and must be over block and increase speed, otherwise the block chain of leader node maintenance is always
It is newest, it is distorted so as to identify.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910176227.4A CN109728898A (en) | 2019-03-08 | 2019-03-08 | Internet-of-things terminal safety communicating method based on block chain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910176227.4A CN109728898A (en) | 2019-03-08 | 2019-03-08 | Internet-of-things terminal safety communicating method based on block chain technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109728898A true CN109728898A (en) | 2019-05-07 |
Family
ID=66301975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910176227.4A Pending CN109728898A (en) | 2019-03-08 | 2019-03-08 | Internet-of-things terminal safety communicating method based on block chain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109728898A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111541668A (en) * | 2020-04-16 | 2020-08-14 | 华北电力大学 | Energy Internet of things information safe transmission and storage method based on block chain |
| CN111586125A (en) * | 2020-04-28 | 2020-08-25 | 济南浪潮高新科技投资发展有限公司 | Internet of things system |
| CN111770089A (en) * | 2020-06-29 | 2020-10-13 | 福建福链科技有限公司 | Authentication method for blockchain sensor and blockchain network |
| CN111858768A (en) * | 2020-07-27 | 2020-10-30 | 苏州区盟链数字科技有限公司 | Device for optimizing block chain trusted node and consensus algorithm |
| CN112118254A (en) * | 2020-09-16 | 2020-12-22 | 许永宾 | Internet of things intelligent terminal device privacy data protection system |
| CN112333187A (en) * | 2020-11-04 | 2021-02-05 | 齐鲁工业大学 | Intelligent edge calculation method and intelligent edge system based on block chain |
| CN112566114A (en) * | 2020-11-25 | 2021-03-26 | 四川易诚智讯科技有限公司 | WLAN (Wireless local area network) mesh network secure communication method based on block chain |
| CN112765278A (en) * | 2021-01-28 | 2021-05-07 | 西华大学 | Wireless Internet of things system based on block chain |
| CN112866324A (en) * | 2019-11-28 | 2021-05-28 | 普天信息技术有限公司 | Block chain-based Internet of things terminal management method and system |
| CN112904734A (en) * | 2020-12-23 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Intelligent household appliance control system and method based on Internet of things and block chain double gateways |
| CN113051616A (en) * | 2021-04-09 | 2021-06-29 | 张宇翔 | Method and system for improving block chain safety |
| CN113536388A (en) * | 2020-04-16 | 2021-10-22 | 中移物联网有限公司 | Data sharing method and system based on block chain |
| CN114448900A (en) * | 2022-04-02 | 2022-05-06 | 南京邮电大学 | SDN controller interaction method and system based on extended raft algorithm |
| CN115242440A (en) * | 2020-07-16 | 2022-10-25 | 华北电力科学研究院有限责任公司 | Block chain-based Internet of things equipment trusted calling method, device and equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107749848A (en) * | 2017-10-23 | 2018-03-02 | 中国联合网络通信集团有限公司 | Processing method, device and the Internet of things system of Internet of Things data |
| CN108111312A (en) * | 2017-12-28 | 2018-06-01 | 电子科技大学 | A kind of intelligent terminal safety communicating method based on block chain |
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
| CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
| CN109150972A (en) * | 2018-07-17 | 2019-01-04 | 湖南宸瀚信息科技有限责任公司 | A kind of the common recognition mechanism and its working method of the efficient block chain of bilayer fragment |
-
2019
- 2019-03-08 CN CN201910176227.4A patent/CN109728898A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107749848A (en) * | 2017-10-23 | 2018-03-02 | 中国联合网络通信集团有限公司 | Processing method, device and the Internet of things system of Internet of Things data |
| CN108270571A (en) * | 2017-12-08 | 2018-07-10 | 西安电子科技大学 | Internet of Things identity authorization system and its method based on block chain |
| CN108111312A (en) * | 2017-12-28 | 2018-06-01 | 电子科技大学 | A kind of intelligent terminal safety communicating method based on block chain |
| CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
| CN109150972A (en) * | 2018-07-17 | 2019-01-04 | 湖南宸瀚信息科技有限责任公司 | A kind of the common recognition mechanism and its working method of the efficient block chain of bilayer fragment |
Non-Patent Citations (3)
| Title |
|---|
| PING ZHONG ECT.: "An Extension to ns-3 for Simulating Mobile Charging with Wireless Energy Transfer", 《SPRINGERLINK》 * |
| 张建强,张高毓: "区块链技术在物联网中的应用分析", 《电信科学》 * |
| 赵艳杰: ""基于区块链的物联网信息安全传输与存储研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866324A (en) * | 2019-11-28 | 2021-05-28 | 普天信息技术有限公司 | Block chain-based Internet of things terminal management method and system |
| CN111541668A (en) * | 2020-04-16 | 2020-08-14 | 华北电力大学 | Energy Internet of things information safe transmission and storage method based on block chain |
| CN113536388B (en) * | 2020-04-16 | 2023-02-28 | 中移物联网有限公司 | Data sharing method and system based on block chain |
| CN113536388A (en) * | 2020-04-16 | 2021-10-22 | 中移物联网有限公司 | Data sharing method and system based on block chain |
| CN111586125A (en) * | 2020-04-28 | 2020-08-25 | 济南浪潮高新科技投资发展有限公司 | Internet of things system |
| CN111770089B (en) * | 2020-06-29 | 2022-04-08 | 福建福链科技有限公司 | Authentication method for blockchain sensor and blockchain network |
| CN111770089A (en) * | 2020-06-29 | 2020-10-13 | 福建福链科技有限公司 | Authentication method for blockchain sensor and blockchain network |
| CN115242440B (en) * | 2020-07-16 | 2024-01-26 | 华北电力科学研究院有限责任公司 | Block chain-based internet of things equipment trusted calling method, device and equipment |
| CN115242440A (en) * | 2020-07-16 | 2022-10-25 | 华北电力科学研究院有限责任公司 | Block chain-based Internet of things equipment trusted calling method, device and equipment |
| CN111858768A (en) * | 2020-07-27 | 2020-10-30 | 苏州区盟链数字科技有限公司 | Device for optimizing block chain trusted node and consensus algorithm |
| CN111858768B (en) * | 2020-07-27 | 2023-06-16 | 苏州区盟链数字科技有限公司 | Device for optimizing block chain trusted node and consensus algorithm |
| CN112118254A (en) * | 2020-09-16 | 2020-12-22 | 许永宾 | Internet of things intelligent terminal device privacy data protection system |
| CN112333187A (en) * | 2020-11-04 | 2021-02-05 | 齐鲁工业大学 | Intelligent edge calculation method and intelligent edge system based on block chain |
| CN112566114B (en) * | 2020-11-25 | 2023-03-17 | 四川易诚智讯科技有限公司 | WLAN (Wireless local area network) mesh network secure communication method based on block chain |
| CN112566114A (en) * | 2020-11-25 | 2021-03-26 | 四川易诚智讯科技有限公司 | WLAN (Wireless local area network) mesh network secure communication method based on block chain |
| CN112904734A (en) * | 2020-12-23 | 2021-06-04 | 上海上实龙创智能科技股份有限公司 | Intelligent household appliance control system and method based on Internet of things and block chain double gateways |
| CN112765278B (en) * | 2021-01-28 | 2023-03-24 | 西华大学 | Wireless Internet of things system based on block chain |
| CN112765278A (en) * | 2021-01-28 | 2021-05-07 | 西华大学 | Wireless Internet of things system based on block chain |
| CN113051616A (en) * | 2021-04-09 | 2021-06-29 | 张宇翔 | Method and system for improving block chain safety |
| CN113051616B (en) * | 2021-04-09 | 2023-12-19 | 新疆量子通信技术有限公司 | Method and system for improving safety of block chain |
| CN114448900A (en) * | 2022-04-02 | 2022-05-06 | 南京邮电大学 | SDN controller interaction method and system based on extended raft algorithm |
| CN114448900B (en) * | 2022-04-02 | 2022-08-02 | 南京邮电大学 | SDN controller interaction method and system based on extended raft algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109728898A (en) | Internet-of-things terminal safety communicating method based on block chain technology | |
| CN111083131B (en) | Lightweight identity authentication method for power Internet of things sensing terminal | |
| Challa et al. | Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems | |
| Srinivas et al. | Designing anonymous signature-based authenticated key exchange scheme for Internet of Things-enabled smart grid systems | |
| Xu et al. | A lightweight mutual authentication and key agreement scheme for medical Internet of Things | |
| CN113783836B (en) | Internet of things data access control method and system based on block chain and IBE algorithm | |
| Yu et al. | SLAP-IoD: Secure and lightweight authentication protocol using physical unclonable functions for internet of drones in smart city environments | |
| Lei et al. | A lightweight authentication protocol for UAV networks based on security and computational resource optimization | |
| CN107231351A (en) | The management method and relevant device of electronic certificate | |
| Liu et al. | A physically secure, lightweight three-factor and anonymous user authentication protocol for IoT | |
| Alsahlani et al. | LMAAS-IoT: Lightweight multi-factor authentication and authorization scheme for real-time data access in IoT cloud-based environment | |
| CN110234111A (en) | A kind of two-factor authentication key agreement protocol suitable for multiple gateway wireless sensor network | |
| Jia et al. | A Blockchain-Assisted Privacy-Aware Authentication scheme for internet of medical things | |
| Liu et al. | MBPA: A medibchain-based privacy-preserving mutual authentication in TMIS for mobile medical cloud architecture | |
| CN110267270A (en) | A kind of substation's inner sensor terminal access Border Gateway authentication intelligence contract | |
| Taher et al. | Low-overhead remote user authentication protocol for IoT based on a fuzzy extractor and feature extraction | |
| Saha et al. | Consortium blockchain‐enabled access control mechanism in edge computing based generic Internet of Things environment | |
| Wazid et al. | BUAKA-CS: Blockchain-enabled user authentication and key agreement scheme for crowdsourcing system | |
| Xu et al. | A secure mutual authentication scheme of blockchain-based in WBANs | |
| WO2023236551A1 (en) | Decentralized trusted access method for cellular base station | |
| Shuai et al. | Lightweight and privacy‐preserving authentication scheme with the resilience of desynchronisation attacks for WBANs | |
| CN114357492A (en) | Medical data privacy fusion method and device based on block chain | |
| Butt et al. | Cogent and energy efficient authentication protocol for wsn in iot | |
| Cao et al. | A PUF-based lightweight authenticated metering data collection scheme with privacy protection in smart grid | |
| Ayub et al. | Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190507 |
|
| RJ01 | Rejection of invention patent application after publication |