CN110086604A - A kind of security hardening system and method based on Beidou life saving system - Google Patents
A kind of security hardening system and method based on Beidou life saving system Download PDFInfo
- Publication number
- CN110086604A CN110086604A CN201910380506.2A CN201910380506A CN110086604A CN 110086604 A CN110086604 A CN 110086604A CN 201910380506 A CN201910380506 A CN 201910380506A CN 110086604 A CN110086604 A CN 110086604A
- Authority
- CN
- China
- Prior art keywords
- handheld terminal
- transceiver
- beidou
- authentication
- sub module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
It is particularly related to a kind of information security reinforcement means.A kind of security hardening system and method based on Beidou life saving system, handheld terminal, hand-held Beidou transceiver, big-dipper satellite and control centre including successively carrying out information transmitting;The control centre includes sequentially connected Beidou earth station and the end Web server;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver;The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include the crypto module between handheld terminal authentication sub module and handheld terminal transceiver authentication sub module, the crypto module includes handheld terminal encryption submodule and hand-held Beidou transceiver decryption submodule;The present invention prevents hacker by interception Receive message agreement legal address and legal function code, establishes the communication session of " legal ", while ensuring information safety property, takes into account the real-time Transmission of information.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of information security reinforcement means.
Background technique
Now, Beidou life saving system is widely used in the fields such as the army and the people's rescue, geological exploration, jungle venture, Jobs on the sea;
Existing Beidou life saving system is divided into four modules, handheld terminal, hand-held Beidou transceiver, earth station and web terminal substantially;Wherein hand
It holds and is interacted between terminal and hand-held Beidou transceiver by Bluetooth protocol.And Bluetooth protocol exists significantly at the beginning of design
Security breaches.
And existing information safety encryption is often difficult the requirement of compromise between security and information transmission real-time.Existing skill
101197667 B of art notification number CN], patent name is the guarantor in " a kind of method of dynamic password authentication " to information security
Shield, is encrypted just for prefabricated seed information, is not encrypted to message, equally exist very big security risk.Gu Yun
In the paper " Dynamic Password Identity Authentication Mechanism and its safety research " of China, information is realized simultaneously using dynamic password token
Verifying and anti-replay-attack, once hacker obtains seed file, still can threat information safety.I.e. existing Beidou life saving system
Lack information security at the beginning of design to consider, seriously threatens national security and social stability.
Summary of the invention
The present invention is directed in view of the above-mentioned problems, proposing a kind of safety encryption based on Beidou life saving system.
Technical program of the present invention lies in:
A kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding north
Struggle against transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web
Device;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver;
The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include being located at handheld terminal
Crypto module between authentication sub module and handheld terminal transceiver authentication sub module, the crypto module include that handheld terminal adds
Close submodule and hand-held Beidou transceiver decrypt submodule;That is handheld terminal, handheld terminal authentication sub module, handheld terminal encryption
Submodule, hand-held Beidou transceiver decryption submodule, handheld terminal transceiver authentication sub module and hand-held Beidou transceiver are successively
Connection.
It is additionally provided between the hand-held Beidou transceiver decryption submodule and handheld terminal transceiver authentication sub module anti-heavy
Put attack module.
A kind of safety encryption based on Beidou life saving system uses the peace as described above based on Beidou life saving system
Full hardened system, this method are as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module
Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends handheld terminal transceiver certification to
Module;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate
Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram
Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram
Text terminates.
A kind of safety encryption based on Beidou life saving system uses the peace as described above based on Beidou life saving system
Full hardened system, this method are as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module
Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends anti-replay-attack module to;
Anti-replay-attack module is to verifying new data message after decryption, if being verified, by after decryption to new
Data message sends handheld terminal transceiver authentication sub module to;Otherwise, then the new data message after abandoning decryption;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate
Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram
Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram
Text terminates.
The anti-replay-attack module uses the anti-replay method based on hash chain and synchronization mechanism, i.e., first against each
A data packet generates a random number, the unique identifier of the data packet is then generated using hash function, then by the mark
Symbol is added in the data message encrypted, completes anti-replay-attack method;The specific method is as follows:
(1) firstly, setting two constants m and n, wherein n is not less than instruction strip number;
(2) the random number r generatedi, and according to riCalculate y0=f (ri);Wherein y0Length is 16 bytes, is denoted as y respectively0,0y0, 1y0,2y0,3y0,4y0,5y0,6y0,7y0,8y0,9y0,10y0,11y0,12y0,13y0,14y0,15;If verification bit length is 8bit, Yi,0=y0, 0y0,2y0,4y0,6y0,8y0,10y0,12y0,14, then according to Yi,0Calculate y1=f (Yi,0), then choose its check bit Yi,1=y1,0y1, 2y1,4y1,6y1,8y1,10y1,12y1,14, and so on, calculate yn-1=f (Yi,n-2), choose Yi,n-1Check bit Yi,n-1=yn-1,0yn-1, 2yn-1,4yn-1,6yn-1,8yn-1,10yn-1,12yn-1,14;Enable Yi,0=hi,n-1, Yi,1=hi,n-2, Yi,2=hi,n-3..., Yi,n-1=
hi,0, by a upper available hash chain Hi=hi,0hi,1hi,2hi,3......hi,n-1;
(3) m hash chain can be generated according to the method for above step, is denoted as H respectively0, H1..., Hm;H is set simultaneouslyi
Header element is Pi, initial value Hi,0;If QiFor PiGeneration source, initial value is set as xi;
(4) handheld terminal saves the complete hash chain of m item, first-in-chain(FIC) value and index { i, p as transmitting terminali,Hi}(1≤i≤
m);Hand-held Beidou transceiver saves the generation source Q of every hash chain as receiving endiAnd its index { i, Qi};Wherein, the two rope
Quotation marks correspond;
(5) when handheld terminal sends datagram, i=rmodm is enabled, wherein r is random number;For specified hash chain Hi, will
Its first-in-chain(FIC) value Pi=Hi,jIt is added in data message, and from HiMiddle deletion Hi,jAnd update PiFor Hi,j+1;
(6) after holding the data message that Beidou transceiver is sent to handheld terminal, H therein is extractedi,j, calculate f (Hi,j),
Take out check bit, and the Q that check bit and hand-held Beidou transceiver are savediIt compares and analyzes;If the two is equal, hold
Beidou transceiver is by the Q of preservationiIt is updated to Hi,j, exception is otherwise returned to, and abandon new data message.
The Encryption Algorithm that handheld terminal encryption submodule and hand-held Beidou transceiver decryption submodule use for
PRESENT cryptographic algorithm.
The authentication information is dynamic cipher password.
The technical effects of the invention are that:
The present invention prevents hacker by interception Receive message agreement legal address and legal function code, so that communication message is forged,
The communication session for establishing " legal ", misleads correct distress signals, while ensuring information safety property, takes into account the real-time biography of information
It is defeated.
Detailed description of the invention
Fig. 1 is that Beidou life saving system of the present invention connects block diagram.
Fig. 2 is Bluetooth protocol data cellular construction figure of the present invention.
Fig. 3 is that the present invention is based on the security hardening systems of Beidou life saving system to connect block diagram.
Fig. 4 is that the present invention is based on the security hardening system, method flow charts of Beidou life saving system.
Specific embodiment
Embodiment 1
A kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding north
Struggle against transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web
Device;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver;
The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include being located at handheld terminal
Crypto module between authentication sub module and handheld terminal transceiver authentication sub module, the crypto module include that handheld terminal adds
Close submodule and hand-held Beidou transceiver decrypt submodule;That is handheld terminal, handheld terminal authentication sub module, handheld terminal encryption
Submodule, hand-held Beidou transceiver decryption submodule, handheld terminal transceiver authentication sub module and hand-held Beidou transceiver are successively
Connection.
Embodiment 2
A kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding north
Struggle against transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web
Device;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver;
The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include being located at handheld terminal
Crypto module between authentication sub module and handheld terminal transceiver authentication sub module, the crypto module include that handheld terminal adds
Close submodule and hand-held Beidou transceiver decrypt submodule;It further include being located at hand-held Beidou transceiver decryption submodule and holding eventually
Hold the anti-replay-attack module between transceiver authentication sub module;It is handheld terminal, handheld terminal authentication sub module, holds eventually
End encryption submodule, hand-held Beidou transceiver decrypt submodule, anti-replay-attack module, handheld terminal transceiver authentication sub module
And hand-held Beidou transceiver is sequentially connected.
Embodiment 3
A kind of safety encryption based on Beidou life saving system is added using the safety as described above based on Beidou life saving system
Gu system, this method is as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module
Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends handheld terminal transceiver certification to
Module;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate
Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram
Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram
Text terminates.
Embodiment 4
A kind of safety encryption based on Beidou life saving system is added using the safety as described above based on Beidou life saving system
Gu system, this method is as follows:
Step 1:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Step 2:
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module are marked according to identical seed file and current UTC
Between punctual, using the time synchronization dynamic-password technique based on SM3, disposable dynamic password is generated as authentication information;It is hand-held
The dynamic cipher password that data message and handheld terminal authentication sub module generate is formed new data message by terminal authentication submodule
And send handheld terminal encryption submodule to;
Step 3:
Handheld terminal encryption submodule parses new data message, obtains data message, passes through PRESENT cryptographic algorithm pair
Data message is encrypted.And hand-held Beidou transceiver is given to decrypt submodule message transmissions.
PRESENT cryptographic algorithm is a kind of extra lightweight block cipher of SPN structure, which combines in design
The feature of Serpent and DES, wherein PRESENT-80bit hardware algorithm realization only need about 1570 NAND gates, can be effective
Keep out differential power attack in ground.Data message can meet the requirements in terms of being encrypted in safety and efficiency two.
Step 4:
New data message is decrypted by PRESENT cryptographic algorithm and is sent to anti-for hand-held Beidou transceiver decryption submodule
Replay Attack module;Anti-replay-attack module is to verifying new data message after decryption, will decryption if being verified
Afterwards handheld terminal transceiver authentication sub module is sent to new data message;Otherwise, then the new data message after abandoning decryption;
Wherein, anti-replay-attack module uses the anti-replay method based on hash chain and synchronization mechanism, i.e., first against each
Data packet generates a random number, the unique identifier of the data packet is then generated using hash function, then by the identifier
It is added in the data message encrypted, completes anti-replay-attack method;The specific method is as follows:
(1) firstly, setting two constants m and n, wherein n is not less than instruction strip number;
(2) the random number r generatedi, and according to riCalculate y0=f (ri);Wherein y0Length is 16 bytes, is denoted as y respectively0,0y0, 1y0,2y0,3y0,4y0,5y0,6y0,7y0,8y0,9y0,10y0,11y0,12y0,13y0,14y0,15;If verification bit length is 8bit, Yi,0=y0, 0y0,2y0,4y0,6y0,8y0,10y0,12y0,14, then according to Yi,0Calculate y1=f (Yi,0), then choose its check bit Yi,1=y1,0y1, 2y1,4y1,6y1,8y1,10y1,12y1,14, and so on, calculate yn-1=f (Yi,n-2), choose Yi,n-1Check bit Yi,n-1=yn-1,0yn-1, 2yn-1,4yn-1,6yn-1,8yn-1,10yn-1,12yn-1,14;Enable Yi,0=hi,n-1, Yi,1=hi,n-2, Yi,2=hi,n-3..., Yi,n-1=
hi,0, by a upper available hash chain Hi=hi,0hi,1hi,2hi,3......hi,n-1;
(3) m hash chain can be generated according to the method for above step, is denoted as H respectively0, H1..., Hm;H is set simultaneouslyi
Header element is Pi, initial value Hi,0;If QiFor PiGeneration source, initial value is set as xi;
(4) handheld terminal saves the complete hash chain of m item, first-in-chain(FIC) value and index { i, p as transmitting terminali,Hi}(1≤i≤
m);Hand-held Beidou transceiver saves the generation source Q of every hash chain as receiving endiAnd its index { i, Qi};Wherein, the two rope
Quotation marks correspond;
(5) when handheld terminal sends datagram, i=rmodm is enabled, wherein r is random number;For specified hash chain Hi, will
Its first-in-chain(FIC) value Pi=Hi,jIt is added in data message, and from HiMiddle deletion Hi,jAnd update PiFor Hi,j+1;
(6) after holding the data message that Beidou transceiver is sent to handheld terminal, H therein is extractedi,j, calculate f (Hi,j),
Take out check bit, and the Q that check bit and hand-held Beidou transceiver are savediIt compares and analyzes;If the two is equal, hold
Beidou transceiver is by the Q of preservationiIt is updated to Hi,j, exception is otherwise returned to, and abandon new data message.
Step 5:
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate
Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram
Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram
Text terminates.
Claims (7)
1. a kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding
Beidou transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web
Device;The Beidou earth station connect with big-dipper satellite;It is characterized by: being wrapped between the handheld terminal and hand-held Beidou transceiver
Include authentication module;The authentication module includes handheld terminal authentication sub module and handheld terminal transceiver authentication sub module;Also wrap
Include the crypto module between handheld terminal authentication sub module and handheld terminal transceiver authentication sub module, the crypto module
Submodule is encrypted including handheld terminal and hand-held Beidou transceiver decrypts submodule;I.e. handheld terminal, handheld terminal authenticate submodule
Block, handheld terminal encryption submodule, hand-held Beidou transceiver are decrypted submodule, handheld terminal transceiver authentication sub module and are held
Beidou transceiver is sequentially connected.
2. according to claim 1 based on the security hardening system of Beidou life saving system, it is characterised in that: the hand-held Beidou
Anti-replay-attack module is additionally provided between transceiver decryption submodule and handheld terminal transceiver authentication sub module.
3. a kind of safety encryption based on Beidou life saving system, it is characterised in that: use base described in claim 1 as above
In the security hardening system of Beidou life saving system, this method is as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module
Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends handheld terminal transceiver certification to
Module;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate
Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram
Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram
Text terminates.
4. a kind of safety encryption based on Beidou life saving system, it is characterised in that: use base as claimed in claim 2 as above
In the security hardening system of Beidou life saving system, this method is as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module
Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends anti-replay-attack module to;
Anti-replay-attack module verifies the new data message after decryption, if being verified, by the new data after decryption
Message sends handheld terminal transceiver authentication sub module to;Otherwise, then the new data message after abandoning decryption;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate
Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram
Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram
Text terminates.
5. the safety encryption according to claim 4 based on Beidou life saving system, it is characterised in that: the anti-replay is attacked
Module is hit using the anti-replay method based on hash chain and synchronization mechanism, i.e., generates one at random first against each data packet
Then number is generated the unique identifier of the data packet using hash function, then which is added to the data encrypted
In message, anti-replay-attack method is completed;The specific method is as follows:
(1) firstly, setting two constants m and n, wherein n is not less than instruction strip number;
(2) the random number r generatedi, and according to riCalculate y0=f (ri);Wherein y0Length is 16 bytes, is denoted as y respectively0,0y0, 1y0,2y0,3y0,4y0,5y0,6y0,7y0,8y0,9y0,10y0,11y0,12y0,13y0,14y0,15;If verification bit length is 8bit, Yi,0=y0, 0y0,2y0,4y0,6y0,8y0,10y0,12y0,14, then according to Yi,0Calculate y1=f (Yi,0), then choose its check bit Yi,1=y1,0y1, 2y1,4y1,6y1,8y1,10y1,12y1,14, and so on, calculate yn-1=f (Yi,n-2), choose Yi,n-1Check bit Yi,n-1=yn-1,0yn-1, 2yn-1,4yn-1,6yn-1,8yn-1,10yn-1,12yn-1,14;Enable Yi,0=hi,n-1, Yi,1=hi,n-2, Yi,2=hi,n-3..., Yi,n-1=
hi,0, by a upper available hash chain Hi=hi,0hi,1hi,2hi,3......hi,n-1;
(3) m hash chain can be generated according to the method for above step, is denoted as H respectively0, H1..., Hm;H is set simultaneouslyiIt is first
Element is Pi, initial value Hi,0;If QiFor PiGeneration source, initial value is set as xi;
(4) handheld terminal saves the complete hash chain of m item, first-in-chain(FIC) value and index { i, p as transmitting terminali,Hi}(1≤i≤
m);Hand-held Beidou transceiver saves the generation source Q of every hash chain as receiving endiAnd its index { i, Qi};Wherein, the two rope
Quotation marks correspond;
(5) when handheld terminal sends datagram, i=r mod m is enabled, wherein r is random number;For specified hash chain Hi, will
Its first-in-chain(FIC) value Pi=Hi,jIt is added in data message, and from HiMiddle deletion Hi,jAnd update PiFor Hi,j+1;
(6) after holding the data message that Beidou transceiver is sent to handheld terminal, H therein is extractedi,j, calculate f (Hi,j),
Take out check bit, and the Q that check bit and hand-held Beidou transceiver are savediIt compares and analyzes;If the two is equal, hold
Beidou transceiver is by the Q of preservationiIt is updated to Hi,j, exception is otherwise returned to, and abandon new data message.
6. the safety encryption according to claim 4 based on Beidou life saving system, it is characterised in that: the handheld terminal
The Encryption Algorithm that encryption submodule and hand-held Beidou transceiver decryption submodule use is PRESENT cryptographic algorithm.
7. the safety encryption according to claim 6 based on Beidou life saving system, it is characterised in that: the authentication information
For dynamic cipher password.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910380506.2A CN110086604A (en) | 2019-05-08 | 2019-05-08 | A kind of security hardening system and method based on Beidou life saving system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910380506.2A CN110086604A (en) | 2019-05-08 | 2019-05-08 | A kind of security hardening system and method based on Beidou life saving system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110086604A true CN110086604A (en) | 2019-08-02 |
Family
ID=67419393
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910380506.2A Pending CN110086604A (en) | 2019-05-08 | 2019-05-08 | A kind of security hardening system and method based on Beidou life saving system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110086604A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101197667A (en) * | 2007-12-26 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password authentication method |
CN104808228A (en) * | 2015-04-22 | 2015-07-29 | 吉林大学 | Oil field remote sensing information verification system and method based on Beidou satellite |
CN106534194A (en) * | 2016-12-16 | 2017-03-22 | 湖南国科微电子股份有限公司 | Safe data transmission method and device for Beidou chip, and terminal |
CN108008420A (en) * | 2017-11-30 | 2018-05-08 | 北京卫星信息工程研究所 | Beidou navigation text authentication method based on Big Dipper short message |
CN109581421A (en) * | 2018-12-14 | 2019-04-05 | 中国民航大学 | The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language |
-
2019
- 2019-05-08 CN CN201910380506.2A patent/CN110086604A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101197667A (en) * | 2007-12-26 | 2008-06-11 | 北京飞天诚信科技有限公司 | Dynamic password authentication method |
CN104808228A (en) * | 2015-04-22 | 2015-07-29 | 吉林大学 | Oil field remote sensing information verification system and method based on Beidou satellite |
CN106534194A (en) * | 2016-12-16 | 2017-03-22 | 湖南国科微电子股份有限公司 | Safe data transmission method and device for Beidou chip, and terminal |
CN108008420A (en) * | 2017-11-30 | 2018-05-08 | 北京卫星信息工程研究所 | Beidou navigation text authentication method based on Big Dipper short message |
CN109581421A (en) * | 2018-12-14 | 2019-04-05 | 中国民航大学 | The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language |
Non-Patent Citations (3)
Title |
---|
刘飞等: "基于哈希链与同步性机制的Modbus/TCP安全认证协议", 《计算机应用研究》 * |
王俊平等: "海上信息系统图像加密算法的关键技术", 《舰船科学技术》 * |
陆倓等: "基于安卓平台的北斗卫星报文通信系统设计", 《信息技术》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101917270B (en) | Weak authentication and key agreement method based on symmetrical password | |
CN105357218B (en) | A kind of router and its encipher-decipher method having hardware enciphering and deciphering function | |
CN105162599B (en) | A kind of data transmission system and its transmission method | |
CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
HRP20090506T1 (en) | A method of encrypting and transferring data between a sender and a receiver using a network | |
CN102111273B (en) | Pre-sharing-based secure data transmission method for electric load management system | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
US20100199091A1 (en) | Authentication and Encryption for Secure Data Transmission | |
KR102172181B1 (en) | Apparatus and Method for Patterned Cipher Block for Real-Time Data Communication | |
CN106067878A (en) | A kind of network data encryption transmission method | |
US20120284524A1 (en) | Low overhead nonce construction for message security | |
CN112713995A (en) | Dynamic communication key distribution method and device for terminal of Internet of things | |
CN106789524A (en) | The high speed parsing of VPN encrypted tunnels and restoring method | |
CN111988301A (en) | Secure communication method for preventing client from hacker violence attack | |
Borsc et al. | Wireless security & privacy | |
KR102219086B1 (en) | HMAC-based source authentication and secret key sharing method and system for Unnamed Aerial vehicle systems | |
Caneill et al. | Attacks against the WiFi protocols WEP and WPA | |
CN102281303A (en) | Data exchange method | |
CN114003970A (en) | Hash chain-based low-overhead message integrity protection method | |
CN102056156B (en) | Computer Data Security is downloaded to the method and system of mobile terminal | |
CN110086604A (en) | A kind of security hardening system and method based on Beidou life saving system | |
CN112069487B (en) | Intelligent equipment network communication safety implementation method based on Internet of things | |
CN108111515A (en) | A kind of End-to-End Security communication encrypting method suitable for satellite communication | |
Ferreira | (In) security of the radio interface in Sigfox | |
CN103634113B (en) | Encryption and decryption method and device with user/equipment identity authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |