CN110086604A - A kind of security hardening system and method based on Beidou life saving system - Google Patents

A kind of security hardening system and method based on Beidou life saving system Download PDF

Info

Publication number
CN110086604A
CN110086604A CN201910380506.2A CN201910380506A CN110086604A CN 110086604 A CN110086604 A CN 110086604A CN 201910380506 A CN201910380506 A CN 201910380506A CN 110086604 A CN110086604 A CN 110086604A
Authority
CN
China
Prior art keywords
handheld terminal
transceiver
beidou
authentication
sub module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910380506.2A
Other languages
Chinese (zh)
Inventor
刘升
董巧
王渤
肖争
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Qiwei Technology Co Ltd
Original Assignee
Xi'an Qiwei Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Qiwei Technology Co Ltd filed Critical Xi'an Qiwei Technology Co Ltd
Priority to CN201910380506.2A priority Critical patent/CN110086604A/en
Publication of CN110086604A publication Critical patent/CN110086604A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

It is particularly related to a kind of information security reinforcement means.A kind of security hardening system and method based on Beidou life saving system, handheld terminal, hand-held Beidou transceiver, big-dipper satellite and control centre including successively carrying out information transmitting;The control centre includes sequentially connected Beidou earth station and the end Web server;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver;The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include the crypto module between handheld terminal authentication sub module and handheld terminal transceiver authentication sub module, the crypto module includes handheld terminal encryption submodule and hand-held Beidou transceiver decryption submodule;The present invention prevents hacker by interception Receive message agreement legal address and legal function code, establishes the communication session of " legal ", while ensuring information safety property, takes into account the real-time Transmission of information.

Description

A kind of security hardening system and method based on Beidou life saving system
Technical field
The present invention relates to field of information security technology, more particularly to a kind of information security reinforcement means.
Background technique
Now, Beidou life saving system is widely used in the fields such as the army and the people's rescue, geological exploration, jungle venture, Jobs on the sea; Existing Beidou life saving system is divided into four modules, handheld terminal, hand-held Beidou transceiver, earth station and web terminal substantially;Wherein hand It holds and is interacted between terminal and hand-held Beidou transceiver by Bluetooth protocol.And Bluetooth protocol exists significantly at the beginning of design Security breaches.
And existing information safety encryption is often difficult the requirement of compromise between security and information transmission real-time.Existing skill 101197667 B of art notification number CN], patent name is the guarantor in " a kind of method of dynamic password authentication " to information security Shield, is encrypted just for prefabricated seed information, is not encrypted to message, equally exist very big security risk.Gu Yun In the paper " Dynamic Password Identity Authentication Mechanism and its safety research " of China, information is realized simultaneously using dynamic password token Verifying and anti-replay-attack, once hacker obtains seed file, still can threat information safety.I.e. existing Beidou life saving system Lack information security at the beginning of design to consider, seriously threatens national security and social stability.
Summary of the invention
The present invention is directed in view of the above-mentioned problems, proposing a kind of safety encryption based on Beidou life saving system.
Technical program of the present invention lies in:
A kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding north Struggle against transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web Device;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver; The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include being located at handheld terminal Crypto module between authentication sub module and handheld terminal transceiver authentication sub module, the crypto module include that handheld terminal adds Close submodule and hand-held Beidou transceiver decrypt submodule;That is handheld terminal, handheld terminal authentication sub module, handheld terminal encryption Submodule, hand-held Beidou transceiver decryption submodule, handheld terminal transceiver authentication sub module and hand-held Beidou transceiver are successively Connection.
It is additionally provided between the hand-held Beidou transceiver decryption submodule and handheld terminal transceiver authentication sub module anti-heavy Put attack module.
A kind of safety encryption based on Beidou life saving system uses the peace as described above based on Beidou life saving system Full hardened system, this method are as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends handheld terminal transceiver certification to Module;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram Text terminates.
A kind of safety encryption based on Beidou life saving system uses the peace as described above based on Beidou life saving system Full hardened system, this method are as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends anti-replay-attack module to;
Anti-replay-attack module is to verifying new data message after decryption, if being verified, by after decryption to new Data message sends handheld terminal transceiver authentication sub module to;Otherwise, then the new data message after abandoning decryption;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram Text terminates.
The anti-replay-attack module uses the anti-replay method based on hash chain and synchronization mechanism, i.e., first against each A data packet generates a random number, the unique identifier of the data packet is then generated using hash function, then by the mark Symbol is added in the data message encrypted, completes anti-replay-attack method;The specific method is as follows:
(1) firstly, setting two constants m and n, wherein n is not less than instruction strip number;
(2) the random number r generatedi, and according to riCalculate y0=f (ri);Wherein y0Length is 16 bytes, is denoted as y respectively0,0y0, 1y0,2y0,3y0,4y0,5y0,6y0,7y0,8y0,9y0,10y0,11y0,12y0,13y0,14y0,15;If verification bit length is 8bit, Yi,0=y0, 0y0,2y0,4y0,6y0,8y0,10y0,12y0,14, then according to Yi,0Calculate y1=f (Yi,0), then choose its check bit Yi,1=y1,0y1, 2y1,4y1,6y1,8y1,10y1,12y1,14, and so on, calculate yn-1=f (Yi,n-2), choose Yi,n-1Check bit Yi,n-1=yn-1,0yn-1, 2yn-1,4yn-1,6yn-1,8yn-1,10yn-1,12yn-1,14;Enable Yi,0=hi,n-1, Yi,1=hi,n-2, Yi,2=hi,n-3..., Yi,n-1= hi,0, by a upper available hash chain Hi=hi,0hi,1hi,2hi,3......hi,n-1
(3) m hash chain can be generated according to the method for above step, is denoted as H respectively0, H1..., Hm;H is set simultaneouslyi Header element is Pi, initial value Hi,0;If QiFor PiGeneration source, initial value is set as xi
(4) handheld terminal saves the complete hash chain of m item, first-in-chain(FIC) value and index { i, p as transmitting terminali,Hi}(1≤i≤ m);Hand-held Beidou transceiver saves the generation source Q of every hash chain as receiving endiAnd its index { i, Qi};Wherein, the two rope Quotation marks correspond;
(5) when handheld terminal sends datagram, i=rmodm is enabled, wherein r is random number;For specified hash chain Hi, will Its first-in-chain(FIC) value Pi=Hi,jIt is added in data message, and from HiMiddle deletion Hi,jAnd update PiFor Hi,j+1
(6) after holding the data message that Beidou transceiver is sent to handheld terminal, H therein is extractedi,j, calculate f (Hi,j), Take out check bit, and the Q that check bit and hand-held Beidou transceiver are savediIt compares and analyzes;If the two is equal, hold Beidou transceiver is by the Q of preservationiIt is updated to Hi,j, exception is otherwise returned to, and abandon new data message.
The Encryption Algorithm that handheld terminal encryption submodule and hand-held Beidou transceiver decryption submodule use for PRESENT cryptographic algorithm.
The authentication information is dynamic cipher password.
The technical effects of the invention are that:
The present invention prevents hacker by interception Receive message agreement legal address and legal function code, so that communication message is forged, The communication session for establishing " legal ", misleads correct distress signals, while ensuring information safety property, takes into account the real-time biography of information It is defeated.
Detailed description of the invention
Fig. 1 is that Beidou life saving system of the present invention connects block diagram.
Fig. 2 is Bluetooth protocol data cellular construction figure of the present invention.
Fig. 3 is that the present invention is based on the security hardening systems of Beidou life saving system to connect block diagram.
Fig. 4 is that the present invention is based on the security hardening system, method flow charts of Beidou life saving system.
Specific embodiment
Embodiment 1
A kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding north Struggle against transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web Device;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver; The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include being located at handheld terminal Crypto module between authentication sub module and handheld terminal transceiver authentication sub module, the crypto module include that handheld terminal adds Close submodule and hand-held Beidou transceiver decrypt submodule;That is handheld terminal, handheld terminal authentication sub module, handheld terminal encryption Submodule, hand-held Beidou transceiver decryption submodule, handheld terminal transceiver authentication sub module and hand-held Beidou transceiver are successively Connection.
Embodiment 2
A kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding north Struggle against transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web Device;The Beidou earth station connect with big-dipper satellite;It include authentication module between the handheld terminal and hand-held Beidou transceiver; The authentication module includes handheld terminal authentication sub module and holds terminal transceiver authentication sub module;It further include being located at handheld terminal Crypto module between authentication sub module and handheld terminal transceiver authentication sub module, the crypto module include that handheld terminal adds Close submodule and hand-held Beidou transceiver decrypt submodule;It further include being located at hand-held Beidou transceiver decryption submodule and holding eventually Hold the anti-replay-attack module between transceiver authentication sub module;It is handheld terminal, handheld terminal authentication sub module, holds eventually End encryption submodule, hand-held Beidou transceiver decrypt submodule, anti-replay-attack module, handheld terminal transceiver authentication sub module And hand-held Beidou transceiver is sequentially connected.
Embodiment 3
A kind of safety encryption based on Beidou life saving system is added using the safety as described above based on Beidou life saving system Gu system, this method is as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends handheld terminal transceiver certification to Module;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram Text terminates.
Embodiment 4
A kind of safety encryption based on Beidou life saving system is added using the safety as described above based on Beidou life saving system Gu system, this method is as follows:
Step 1:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Step 2:
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module are marked according to identical seed file and current UTC Between punctual, using the time synchronization dynamic-password technique based on SM3, disposable dynamic password is generated as authentication information;It is hand-held The dynamic cipher password that data message and handheld terminal authentication sub module generate is formed new data message by terminal authentication submodule And send handheld terminal encryption submodule to;
Step 3:
Handheld terminal encryption submodule parses new data message, obtains data message, passes through PRESENT cryptographic algorithm pair Data message is encrypted.And hand-held Beidou transceiver is given to decrypt submodule message transmissions.
PRESENT cryptographic algorithm is a kind of extra lightweight block cipher of SPN structure, which combines in design The feature of Serpent and DES, wherein PRESENT-80bit hardware algorithm realization only need about 1570 NAND gates, can be effective Keep out differential power attack in ground.Data message can meet the requirements in terms of being encrypted in safety and efficiency two.
Step 4:
New data message is decrypted by PRESENT cryptographic algorithm and is sent to anti-for hand-held Beidou transceiver decryption submodule Replay Attack module;Anti-replay-attack module is to verifying new data message after decryption, will decryption if being verified Afterwards handheld terminal transceiver authentication sub module is sent to new data message;Otherwise, then the new data message after abandoning decryption;
Wherein, anti-replay-attack module uses the anti-replay method based on hash chain and synchronization mechanism, i.e., first against each Data packet generates a random number, the unique identifier of the data packet is then generated using hash function, then by the identifier It is added in the data message encrypted, completes anti-replay-attack method;The specific method is as follows:
(1) firstly, setting two constants m and n, wherein n is not less than instruction strip number;
(2) the random number r generatedi, and according to riCalculate y0=f (ri);Wherein y0Length is 16 bytes, is denoted as y respectively0,0y0, 1y0,2y0,3y0,4y0,5y0,6y0,7y0,8y0,9y0,10y0,11y0,12y0,13y0,14y0,15;If verification bit length is 8bit, Yi,0=y0, 0y0,2y0,4y0,6y0,8y0,10y0,12y0,14, then according to Yi,0Calculate y1=f (Yi,0), then choose its check bit Yi,1=y1,0y1, 2y1,4y1,6y1,8y1,10y1,12y1,14, and so on, calculate yn-1=f (Yi,n-2), choose Yi,n-1Check bit Yi,n-1=yn-1,0yn-1, 2yn-1,4yn-1,6yn-1,8yn-1,10yn-1,12yn-1,14;Enable Yi,0=hi,n-1, Yi,1=hi,n-2, Yi,2=hi,n-3..., Yi,n-1= hi,0, by a upper available hash chain Hi=hi,0hi,1hi,2hi,3......hi,n-1
(3) m hash chain can be generated according to the method for above step, is denoted as H respectively0, H1..., Hm;H is set simultaneouslyi Header element is Pi, initial value Hi,0;If QiFor PiGeneration source, initial value is set as xi
(4) handheld terminal saves the complete hash chain of m item, first-in-chain(FIC) value and index { i, p as transmitting terminali,Hi}(1≤i≤ m);Hand-held Beidou transceiver saves the generation source Q of every hash chain as receiving endiAnd its index { i, Qi};Wherein, the two rope Quotation marks correspond;
(5) when handheld terminal sends datagram, i=rmodm is enabled, wherein r is random number;For specified hash chain Hi, will Its first-in-chain(FIC) value Pi=Hi,jIt is added in data message, and from HiMiddle deletion Hi,jAnd update PiFor Hi,j+1
(6) after holding the data message that Beidou transceiver is sent to handheld terminal, H therein is extractedi,j, calculate f (Hi,j), Take out check bit, and the Q that check bit and hand-held Beidou transceiver are savediIt compares and analyzes;If the two is equal, hold Beidou transceiver is by the Q of preservationiIt is updated to Hi,j, exception is otherwise returned to, and abandon new data message.
Step 5:
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram Text terminates.

Claims (7)

1. a kind of security hardening system based on Beidou life saving system, including successively carrying out the handheld terminal of information transmitting, holding Beidou transceiver, big-dipper satellite and control centre;The control centre includes sequentially connected Beidou earth station and the service of the end Web Device;The Beidou earth station connect with big-dipper satellite;It is characterized by: being wrapped between the handheld terminal and hand-held Beidou transceiver Include authentication module;The authentication module includes handheld terminal authentication sub module and handheld terminal transceiver authentication sub module;Also wrap Include the crypto module between handheld terminal authentication sub module and handheld terminal transceiver authentication sub module, the crypto module Submodule is encrypted including handheld terminal and hand-held Beidou transceiver decrypts submodule;I.e. handheld terminal, handheld terminal authenticate submodule Block, handheld terminal encryption submodule, hand-held Beidou transceiver are decrypted submodule, handheld terminal transceiver authentication sub module and are held Beidou transceiver is sequentially connected.
2. according to claim 1 based on the security hardening system of Beidou life saving system, it is characterised in that: the hand-held Beidou Anti-replay-attack module is additionally provided between transceiver decryption submodule and handheld terminal transceiver authentication sub module.
3. a kind of safety encryption based on Beidou life saving system, it is characterised in that: use base described in claim 1 as above In the security hardening system of Beidou life saving system, this method is as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends handheld terminal transceiver certification to Module;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram Text terminates.
4. a kind of safety encryption based on Beidou life saving system, it is characterised in that: use base as claimed in claim 2 as above In the security hardening system of Beidou life saving system, this method is as follows:
Handheld terminal sends datagram to handheld terminal authentication sub module;
Handheld terminal authentication sub module and handheld terminal transceiver authentication sub module generate authentication information;
The authentication information that data message and handheld terminal authentication sub module generate is formed new data by handheld terminal authentication sub module Message simultaneously sends handheld terminal encryption submodule to;
Handheld terminal encryption submodule encrypts new data message and sends hand-held Beidou transceiver decryption submodule to;
Hand-held Beidou transceiver decryption submodule is decrypted new data message and sends anti-replay-attack module to;
Anti-replay-attack module verifies the new data message after decryption, if being verified, by the new data after decryption Message sends handheld terminal transceiver authentication sub module to;Otherwise, then the new data message after abandoning decryption;
Handheld terminal transceiver authentication sub module judges that the authentication information that new data message includes and handheld terminal transceiver authenticate Whether the authentication information that submodule generates is consistent;If two authentication informations are consistent, judge to authenticate successfully, then by original datagram Text sends hand-held Beidou transceiver to;If two authentication informations are inconsistent, judge authentification failure, then abandon original datagram Text terminates.
5. the safety encryption according to claim 4 based on Beidou life saving system, it is characterised in that: the anti-replay is attacked Module is hit using the anti-replay method based on hash chain and synchronization mechanism, i.e., generates one at random first against each data packet Then number is generated the unique identifier of the data packet using hash function, then which is added to the data encrypted In message, anti-replay-attack method is completed;The specific method is as follows:
(1) firstly, setting two constants m and n, wherein n is not less than instruction strip number;
(2) the random number r generatedi, and according to riCalculate y0=f (ri);Wherein y0Length is 16 bytes, is denoted as y respectively0,0y0, 1y0,2y0,3y0,4y0,5y0,6y0,7y0,8y0,9y0,10y0,11y0,12y0,13y0,14y0,15;If verification bit length is 8bit, Yi,0=y0, 0y0,2y0,4y0,6y0,8y0,10y0,12y0,14, then according to Yi,0Calculate y1=f (Yi,0), then choose its check bit Yi,1=y1,0y1, 2y1,4y1,6y1,8y1,10y1,12y1,14, and so on, calculate yn-1=f (Yi,n-2), choose Yi,n-1Check bit Yi,n-1=yn-1,0yn-1, 2yn-1,4yn-1,6yn-1,8yn-1,10yn-1,12yn-1,14;Enable Yi,0=hi,n-1, Yi,1=hi,n-2, Yi,2=hi,n-3..., Yi,n-1= hi,0, by a upper available hash chain Hi=hi,0hi,1hi,2hi,3......hi,n-1
(3) m hash chain can be generated according to the method for above step, is denoted as H respectively0, H1..., Hm;H is set simultaneouslyiIt is first Element is Pi, initial value Hi,0;If QiFor PiGeneration source, initial value is set as xi
(4) handheld terminal saves the complete hash chain of m item, first-in-chain(FIC) value and index { i, p as transmitting terminali,Hi}(1≤i≤ m);Hand-held Beidou transceiver saves the generation source Q of every hash chain as receiving endiAnd its index { i, Qi};Wherein, the two rope Quotation marks correspond;
(5) when handheld terminal sends datagram, i=r mod m is enabled, wherein r is random number;For specified hash chain Hi, will Its first-in-chain(FIC) value Pi=Hi,jIt is added in data message, and from HiMiddle deletion Hi,jAnd update PiFor Hi,j+1
(6) after holding the data message that Beidou transceiver is sent to handheld terminal, H therein is extractedi,j, calculate f (Hi,j), Take out check bit, and the Q that check bit and hand-held Beidou transceiver are savediIt compares and analyzes;If the two is equal, hold Beidou transceiver is by the Q of preservationiIt is updated to Hi,j, exception is otherwise returned to, and abandon new data message.
6. the safety encryption according to claim 4 based on Beidou life saving system, it is characterised in that: the handheld terminal The Encryption Algorithm that encryption submodule and hand-held Beidou transceiver decryption submodule use is PRESENT cryptographic algorithm.
7. the safety encryption according to claim 6 based on Beidou life saving system, it is characterised in that: the authentication information For dynamic cipher password.
CN201910380506.2A 2019-05-08 2019-05-08 A kind of security hardening system and method based on Beidou life saving system Pending CN110086604A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910380506.2A CN110086604A (en) 2019-05-08 2019-05-08 A kind of security hardening system and method based on Beidou life saving system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910380506.2A CN110086604A (en) 2019-05-08 2019-05-08 A kind of security hardening system and method based on Beidou life saving system

Publications (1)

Publication Number Publication Date
CN110086604A true CN110086604A (en) 2019-08-02

Family

ID=67419393

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910380506.2A Pending CN110086604A (en) 2019-05-08 2019-05-08 A kind of security hardening system and method based on Beidou life saving system

Country Status (1)

Country Link
CN (1) CN110086604A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197667A (en) * 2007-12-26 2008-06-11 北京飞天诚信科技有限公司 Dynamic password authentication method
CN104808228A (en) * 2015-04-22 2015-07-29 吉林大学 Oil field remote sensing information verification system and method based on Beidou satellite
CN106534194A (en) * 2016-12-16 2017-03-22 湖南国科微电子股份有限公司 Safe data transmission method and device for Beidou chip, and terminal
CN108008420A (en) * 2017-11-30 2018-05-08 北京卫星信息工程研究所 Beidou navigation text authentication method based on Big Dipper short message
CN109581421A (en) * 2018-12-14 2019-04-05 中国民航大学 The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197667A (en) * 2007-12-26 2008-06-11 北京飞天诚信科技有限公司 Dynamic password authentication method
CN104808228A (en) * 2015-04-22 2015-07-29 吉林大学 Oil field remote sensing information verification system and method based on Beidou satellite
CN106534194A (en) * 2016-12-16 2017-03-22 湖南国科微电子股份有限公司 Safe data transmission method and device for Beidou chip, and terminal
CN108008420A (en) * 2017-11-30 2018-05-08 北京卫星信息工程研究所 Beidou navigation text authentication method based on Big Dipper short message
CN109581421A (en) * 2018-12-14 2019-04-05 中国民航大学 The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
刘飞等: "基于哈希链与同步性机制的Modbus/TCP安全认证协议", 《计算机应用研究》 *
王俊平等: "海上信息系统图像加密算法的关键技术", 《舰船科学技术》 *
陆倓等: "基于安卓平台的北斗卫星报文通信系统设计", 《信息技术》 *

Similar Documents

Publication Publication Date Title
CN101917270B (en) Weak authentication and key agreement method based on symmetrical password
CN105357218B (en) A kind of router and its encipher-decipher method having hardware enciphering and deciphering function
CN105162599B (en) A kind of data transmission system and its transmission method
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
HRP20090506T1 (en) A method of encrypting and transferring data between a sender and a receiver using a network
CN102111273B (en) Pre-sharing-based secure data transmission method for electric load management system
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
US20100199091A1 (en) Authentication and Encryption for Secure Data Transmission
KR102172181B1 (en) Apparatus and Method for Patterned Cipher Block for Real-Time Data Communication
CN106067878A (en) A kind of network data encryption transmission method
US20120284524A1 (en) Low overhead nonce construction for message security
CN112713995A (en) Dynamic communication key distribution method and device for terminal of Internet of things
CN106789524A (en) The high speed parsing of VPN encrypted tunnels and restoring method
CN111988301A (en) Secure communication method for preventing client from hacker violence attack
Borsc et al. Wireless security & privacy
KR102219086B1 (en) HMAC-based source authentication and secret key sharing method and system for Unnamed Aerial vehicle systems
Caneill et al. Attacks against the WiFi protocols WEP and WPA
CN102281303A (en) Data exchange method
CN114003970A (en) Hash chain-based low-overhead message integrity protection method
CN102056156B (en) Computer Data Security is downloaded to the method and system of mobile terminal
CN110086604A (en) A kind of security hardening system and method based on Beidou life saving system
CN112069487B (en) Intelligent equipment network communication safety implementation method based on Internet of things
CN108111515A (en) A kind of End-to-End Security communication encrypting method suitable for satellite communication
Ferreira (In) security of the radio interface in Sigfox
CN103634113B (en) Encryption and decryption method and device with user/equipment identity authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination