CN110380848B - Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication - Google Patents

Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication Download PDF

Info

Publication number
CN110380848B
CN110380848B CN201910614825.5A CN201910614825A CN110380848B CN 110380848 B CN110380848 B CN 110380848B CN 201910614825 A CN201910614825 A CN 201910614825A CN 110380848 B CN110380848 B CN 110380848B
Authority
CN
China
Prior art keywords
node
sink
sin
fixed sensor
mobile sink
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910614825.5A
Other languages
Chinese (zh)
Other versions
CN110380848A (en
Inventor
陈惠芳
余修俊
谢磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Zhoushan Ocean Research Center of ZJU
Original Assignee
Zhejiang University ZJU
Zhoushan Ocean Research Center of ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU, Zhoushan Ocean Research Center of ZJU filed Critical Zhejiang University ZJU
Priority to CN201910614825.5A priority Critical patent/CN110380848B/en
Publication of CN110380848A publication Critical patent/CN110380848A/en
Application granted granted Critical
Publication of CN110380848B publication Critical patent/CN110380848B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B11/00Transmission systems employing sonic, ultrasonic or infrasonic waves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B13/00Transmission systems characterised by the medium used for transmission, not provided for in groups H04B3/00 - H04B11/00
    • H04B13/02Transmission systems in which the medium consists of the earth or a large mass of water thereon, e.g. earth telegraphy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for safely communicating a fixed sensor node and a mobile sink node in underwater acoustic communication. The existing safe communication method is not suitable for the scene that the underwater mobile sink node collects the fixed sensing nodes. Firstly, a mobile sink node broadcasts a control packet to inform and invite a fixed sensing node in a data collection range to transmit data to the mobile sink node; after the fixed sensing node receives the control packet, if data needs to be transmitted, a main key is generated by using the ID of the mobile sink node through a polynomial-based key negotiation algorithm. After two handshakes, the mutual authentication of the mobile sink node and the fixed sensing node is realized, and a session key is negotiated out; the fixed sensing node then transmits data to the mobile aggregation node using the session key. The invention realizes mutual authentication among the nodes, protects the confidentiality and integrity of data, has small communication overhead and less interaction times among the nodes, and is suitable for the underwater acoustic sensing network with limited resources.

Description

Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication
Technical Field
The invention belongs to the technical field of communication safety, and particularly relates to a safe communication method of a fixed sensor node and a mobile sink node in underwater acoustic communication.
Background
Under the background of the national vigorous development of ocean technology and ocean strategy, a large-scale communication network supporting ocean stereoscopic observation enables high-precision, real-time and space-time continuous monitoring of ocean environment, and has wide application prospects in the fields of environmental protection, deep sea exploration, auxiliary navigation, tsunami early warning, military and the like.
Besides the extremely low frequency, the electromagnetic wave is quickly attenuated in water, and the ultra-long wave with strong penetrating power can only penetrate the water surface by about 100 meters. Since sound waves can travel a relatively long distance in water, underwater acoustic communication is a main means of underwater wireless information transmission. However, the openness and unreliability of the underwater acoustic communication link, and the easily-captured nature of the underwater wireless devices, make the underwater acoustic sensing network vulnerable to various attacks, such as eavesdropping, message modification, message injection, route spoofing, denial of service, and malicious code. These safety issues are the serious challenges facing the development of underwater acoustic sensor networks and must be highly appreciated by researchers.
Because the resources of the underwater network nodes are extremely limited, and the storage, calculation and power supply capabilities of the nodes are very short, many mature security mechanisms in the traditional network, such as a public key encryption algorithm, a secure wireless transmission protocol and the like, cannot be applied to the underwater acoustic sensing network. In addition, the underwater acoustic channel is complex and changeable, the bandwidth is limited, and the problem that researchers need to solve is how to reduce the communication overhead and the number of interactions between nodes.
Due to these characteristics of underwater acoustic communication, new theories, new methods and new technologies suitable for underwater acoustic sensing networks need to be researched.
Disclosure of Invention
The invention aims to provide a safe communication method of a fixed sensor node and a mobile sink node in underwater acoustic communication, aiming at the scene that the traditional safety protocol is not suitable for collecting data of the fixed sensor node by an underwater mobile sink node.
The method adopts a polynomial-based key negotiation algorithm, firstly, a mobile sink node broadcasts a control packet to inform and invite a fixed sensor node in a data collection range to transmit data to the mobile sink node; after the fixed sensor node receives the control packet, if data needs to be transmitted, the ID of the mobile sink node and a sharing polynomial are used for generating a master key; after two handshakes, the mutual identity authentication of the mobile sink node and the fixed sensor node can be realized, a session key is negotiated out, and then the fixed sensor node transmits data to the mobile sink node by using the session key.
The method of the invention firstSelecting a binary symmetric t-degree polynomial for each fixed sensor node, substituting the node ID into the polynomial to obtain a unary t-degree polynomial, and storing the unary t-degree polynomial in the node; that is, for a fixed sensor node i, a polynomial f (x, y) is selected, and f (ID) is obtained by substituting the ID of the fixed sensor node i into f (x, y)iY), stored in node i.
For the sink of the mobile sink node, substituting the node ID into a polynomial selected by all fixed sensors communicating with the sink, and storing the polynomial into the mobile sink node; that is, for the mobile sink node sink, the node ID is substituted into the polynomial f (x, y) selected by the fixed sensor node i to obtain f (ID)sinkAnd y), storing into the node sink.
The process of the safe communication between the fixed sensor node i and the mobile sink node is as follows:
a. after the fixed sensor node i receives the broadcast packet of the mobile sink node sink, substituting the ID of the sink node into f (ID)iY) finding f (ID)i,IDsink) If f (ID)i,IDsink) A value of greater than 2128Then it is paired with 2128Modulo, i.e. the result of the calculation takes only f (ID)i,IDsink) Low 128 bits in binary representation.
Then through Kis=f(IDi,IDsink) + N calculation of the master key Kis,KisOnly the low 128 bits of the calculation result are taken; and N is the number of times that the fixed sensor node i and the mobile sink node successfully carry out conversation before the communication, and after key establishment and identity authentication are successfully carried out each time and the communication is successful, the nodes i and the sink node add 1 to N. Further, the value of N exceeds 216At this time, the count is started again from 0.
b. A fixed sensor node i generates a 128-bit random number stream P, a 32-bit message integrity identification code of the random number generated by a CRC-32 algorithm is attached to the random number stream P, the random number is filled to 256 bits to form a plaintext, and a master key K is usedisAs a secret key, an AES (advanced Encryption Standard) algorithm is adopted to encrypt a plaintext, a header is added to generate an authentication request message, and the message is sent to the sink of the mobile sink node.
c. Mobile convergenceAfter the node sink receives the authentication request message of the fixed sensor node i, the ID of the node i is determined, and the IDi is substituted into f (ID)sinkY) obtaining f (ID)sink,IDi) If f (ID)sink,IDi) A value of greater than 2128If the calculation result is f (ID) onlysink,IDi) Low 128 bits in binary representation.
Then through KisCalculating the master key K ═ f (ID sink, IDi) + Nis,KisOnly the low 128 bits of the calculation result are taken; using KisDecrypting the received ciphertext, performing CRC-32 calculation on the decrypted 128-bit random number, and checking whether the calculation result is consistent with the received 32-bit message integrity identification code after decryption: if yes, the sink successfully authenticates the identity of the i, and the step d is continuously executed; if the identity authentication of the node sink to the i is not consistent, the node sink fails to authenticate the identity of the i, and the session is ended after the authentication result message is sent to the i.
d. The sink of the mobile sink node generates a 128-bit random number flow Q, a 32-bit message integrity identification code of the random number is generated by a CRC-32 algorithm and is attached to the Q, the random number is refilled to 256 bits to form a plaintext, and then a master key K is usedisAnd as a secret key, encrypting a plaintext by adopting an AES algorithm and then sending the encrypted plaintext to the fixed sensor node i.
e. The mobile sink node performs bitwise XOR calculation on P and Q to obtain a receiving session key
Figure BDA0002123586940000031
f. After the fixed sensor node i receives the authentication result message sent by the mobile sink node, if the sink successfully authenticates i, the fixed sensor node uses the master key KisDecrypting the ciphertext, performing CRC-32 calculation on the decrypted 128-bit random number, and checking whether the calculation result is consistent with the received decrypted 32-bit identification code: if the identity authentication of the node i to the sink is successful, continuing to execute the step g; if the identity authentication is inconsistent with the identity authentication of the node i to the sink, the session is ended; and if the authentication result message shows that the sink fails to authenticate the node i, the node i finishes the session.
g. Fixed sensor node i pair P and Q bitwise XORCalculating to obtain a sending session key
Figure BDA0002123586940000032
h. Adding a message integrity identification code to high-level data to be transmitted by a fixed sensor node i, filling the message integrity identification code to form a plaintext, and using a sending session key Ki,sinkAnd encrypting the plaintext and then sending the encrypted plaintext to the sink of the mobile sink node.
i. The mobile sink node uses the same receiving session key Ksink,iDecrypting the ciphertext, checking the integrity of the data by using the message integrity identification code, namely, after decrypting the high-level data and the message integrity identification code, calculating the identification code of the decrypted high-level data by using a message integrity algorithm, and comparing the identification code with the decrypted identification code: if the data is consistent with the data, the received high-level data is complete and is delivered to the upper layer; if not, discarding.
j. And the mobile sink node stops receiving the last message of the transmitted data after receiving the last message of the transmitted data, and the session is ended.
The invention provides a secure communication method of a fixed sensor node and a mobile sink node in underwater acoustic communication, which has less interaction times for finishing mutual authentication and negotiating a session key, can finish bidirectional identity authentication and negotiating the session key with the mobile sink node only by two times of handshaking after the fixed sensor node receives a broadcast packet of the mobile sink node, and is suitable for underwater acoustic environments. In the invention, the encryption algorithm and the data integrity algorithm can be selected according to the specific underwater acoustic environment, the node resource limitation condition and the requirements on confidentiality and data integrity, and have better flexibility and expandability. In the invention, the session keys used by each session are different, and the master keys used when the session keys are established are different, so the invention has better performance of resisting statistical analysis.
Drawings
Fig. 1 is a schematic diagram of the location of a security sublayer in a protocol stack;
FIG. 2 is a schematic diagram of stages of secure communications;
FIG. 3 is a message format of the security sublayer;
FIG. 4 is a diagram illustrating the filling manner in Data fields;
FIG. 5 is a schematic diagram of the interaction process of the method of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
A secure communication method of a fixed sensor node and a mobile sink node in an underwater acoustic environment forms a secure communication protocol located in a secure sub-layer. Fig. 1 is a schematic diagram of the position of the security sublayer in the protocol stack, where the security sublayer uses the data unit transmitted from the upper layer as the service data unit of the current layer, and the message header of the current layer forms the protocol data unit of the current layer and then transmits the protocol data unit to the mac layer. The main functions of the safety sub-layer protocol designed by the invention are as follows:
(1) defining an interactive handshake logic for carrying out secure communication between a fixed sensor node and a mobile sink node;
(2) the mutual authentication of the data source identities is realized, and the receiving node is prevented from receiving the false information transmitted to the receiving node by the fraud source and the sending node is prevented from sending a message to the fraud source;
(3) and encrypting the data of the upper layer and verifying the integrity of the message to ensure the confidentiality and the integrity of the data.
The invention provides a secure communication method of a fixed sensor node and a mobile sink node in underwater acoustic communication, and FIG. 2 is a schematic diagram of each stage of secure communication between a fixed sensor node i and a mobile sink node sink: in the broadcasting stage, the node sink sends a broadcasting control packet to the node i; in the authentication stage, the node i and the sink realize mutual identity authentication and negotiate a session key through two handshakes; in the data transmission stage, the node i sends the collected data to the sink, and the sink receives and checks the integrity of the message.
Fig. 3 is a message format of the security sublayer, and the meaning of each field is as follows:
(1) type field (Type): and characterizing the type of the segment of the message.
001 indicates that the message is sent to the mobile sink node by the fixed sensor node during authentication;
010 shows that the message is a message sent by the mobile sink node to the fixed sensor node during authentication, and the mobile sink node successfully authenticates the fixed sensor node;
011 indicates that the message is a message sent by the mobile sink node to the fixed sensor node during authentication, the mobile sink node fails to authenticate the fixed sensor node, and when the Type is 011, the Data field is null;
100 represents that the message is a data transmission message sent by the fixed sensor node to the mobile sink node;
101, this message is the last message sent by the fixed sensor node to the mobile sink node, and the data transmission is finished.
Other values are reserved for expansion.
(2) Encryption algorithm select field (EncryptAlgo): in the message with the Type of 001, the fixed sensor node selects the message for transmitting data in the data transmission stage through the field, namely the encryption algorithm used in the messages with the types of 100 and 101. When the EncryptAlgo field is 001, the 3DES algorithm is used; 010 denotes using AES algorithm; other values are reserved for other encryption algorithms.
(3) The "message integrity Algorithm select" field (CheckAlgo): in the Type 001 message, the fixed sensor node selects an algorithm for ensuring data integrity in the data-bearing message through a CheckAlgo field. When CheckAlgo is 001, CRC-16 algorithm is used; 010 denotes using CRC-32 algorithm; 011 denotes using the MD5 algorithm; 100 denotes the use of the SHA-1 algorithm. The fixed sensor node may select a data integrity algorithm of an appropriate length according to the amount of data of the high-level data to be transmitted. Other values are reserved for other message integrity algorithms.
(4) "total length" field (totalen): the total length of the message is represented and occupies 8 bits, so that the total length of the message cannot exceed 28256 bytes, i.e. 2048 bits.
(5) "fill length" field (PaddingLen): the length of filling bits in the Data field in the message is represented, and occupies 7 bits, so that the maximum filling length is 27128 bit. Because of the two functions of 3DES and AESThe block length of the plaintext/ciphertext in the encryption mode is 64 bits and 128 bits respectively, and the length of the higher-layer data added with the message integrity identification code is not necessarily a multiple of 64 or 128, so the plaintext/ciphertext needs to be filled.
The filling method is as shown in fig. 4, after the tail of the higher layer data to be transmitted is connected with the message integrity identification code, the higher layer data to be transmitted is filled to the multiple of the packet length of the encryption algorithm, and then encrypted. After decryption, all the decrypted plaintext blocks are spliced, and filling is removed according to the filling length field to obtain high-level data and a message integrity identification code.
(6) "Data" field (Data): the total length of the message is not more than 2048 bits, and the length of the message header is 24 bits, so the longest length of the Data field is 2024 bits. In the messages with the types of 001 and 010, encrypted random number streams, message integrity identification codes and filling bits are arranged in Data fields; in the message with the Type of 011, the Data field is null because the mobile aggregation node fails to authenticate the fixed node; in messages with the types of 100 and 101, Data is encrypted high-level Data, a message integrity identification code and filling bits.
The method establishes a master key through a binary symmetric t-degree polynomial, and the master key is used for identity authentication of nodes and generation of a session key.
And selecting a binary symmetric t-degree polynomial for each fixed sensor node, substituting the node ID into the polynomial to obtain a unary t-degree polynomial, and storing the unary t-degree polynomial in the node. That is, for a fixed sensor node i, a polynomial f (x, y) is selected, and f (ID) is obtained by substituting the ID of the fixed sensor node i into f (x, y)iY), stored in node i.
And for the sink of the mobile sink node, substituting the node ID into a polynomial selected by all fixed sensors communicated with the sink, and storing the polynomial into the mobile sink node. That is, for the mobile sink node sink, the node ID is substituted into the polynomial f (x, y) selected by the fixed sensor node i to obtain f (ID)sinkAnd y), storing into the node sink.
The method introduces the number N of times that two nodes successfully carry out conversation before the communication, wherein N is added by 1 after key establishment and authentication are successfully carried out each time and the communication is successful.
After receiving the broadcast control packet of the mobile sink node, the fixed sensor node can directly generate a master key by using the shared polynomial, the ID and the N of the mobile sink node. When the mobile sink node receives the first message, namely the authentication request message, sent by the fixed sensor node, the same master key can be generated by using the shared polynomial and the ID and N of the fixed sensor node. By the method, communication overhead required for generating the master key among the nodes is low, and the master keys used in each session key establishment are different, so that the performance of countermeasure statistical analysis is improved.
Fig. 5 illustrates an interaction process of a fixed sensor node i and a mobile sink node, where the two nodes implement secure communication. As shown in fig. 5, the process of secure communication between the fixed sensor node i and the mobile sink node sink is as follows:
the mobile sink node periodically broadcasts a control packet when moving underwater to inform a fixed sensor node in a data collection range to send data to the mobile sink node, and the broadcast packet comprises an ID (identity)sink
If the fixed sensor node i has no data to transmit to the mobile sink node, the node keeps an idle state; if the fixed sensor node i has data to be transmitted, before transmitting the data, the node i needs to realize mutual identity authentication with the mobile sink node and establish a session key. The method comprises the following specific steps:
a. after the fixed sensor node i receives the broadcast packet of the mobile sink node sink, substituting the ID of the sink node into f (ID)iY) finding f (ID)i,IDsink) If f (ID)i,IDsink) A value of greater than 2128Then it is paired with 2128Modulo, i.e. the result of the calculation takes only f (ID)i,IDsink) Low 128 bits in binary representation;
then through Kis=f(IDi,IDsink) + N calculation of the master key Kis,KisOnly the lower 128 bits of the calculation result are taken. Defining N as the times of successfully carrying out conversation between the fixed sensor node i and the mobile sink node before the communication, and successfully carrying out key establishment and identity authentication each timeAfter successful communication is confirmed, the nodes i and the sink add 1 to N, and when the value of N exceeds 216At this time, the count is started again from 0. By changing the value of N, the master key K used by nodes i and sink each time a session key is establishedisAll are different, improving the performance of the confrontational statistical analysis.
b. A fixed sensor node i generates a 128-bit random number stream P, a 32-bit message integrity identification code of the random number generated by a CRC-32 algorithm is attached to the random number stream P, the random number is filled to 256 bits to form a plaintext, and a master key K is usedisAnd as a secret key, encrypting a plaintext by adopting an AES algorithm, adding a header to generate an authentication request message, and sending the message to the sink of the mobile sink node. The Type field of the message is 001, and in the message, the node i also selects the encryption and message integrity algorithms used in the data transmission stage by setting the values of the "encryption algorithm selection" field and the "message integrity algorithm selection" field.
c. After the mobile sink node receives the authentication request message of the fixed sensor node i, the ID of the node i is determined, and the IDi is substituted into f (ID)sinkY) obtaining f (ID)sink,IDi) If f (ID)sink,IDi) A value of greater than 2128If the calculation result is f (ID) onlysink,IDi) Low 128 bits in binary representation; then through KisCalculating the master key K ═ f (ID sink, IDi) + Nis,KisOnly the lower 128 bits of the calculation result are taken. Using KisDecrypting the received ciphertext, P 'and CRC32 (P)' being the decrypted random number and its CRC-32 check code, respectively, performing CRC-32 calculation on P 'to obtain CRC32 (P'), checking whether CRC32(P ') and CRC32 (P)' are consistent: if yes, the sink successfully authenticates the identity of the i, and the step d is continuously executed; if the identity authentication of the node sink to the i is not consistent, the node sink fails to authenticate the identity of the i, and the session is ended after the authentication result message is sent to the i.
d. The sink of the mobile sink node generates a 128-bit random number flow Q, and adds a 32-bit message integrity identifier CRC32(Q) which generates the random number by using a CRC-32 algorithm to the Q, and refills the Q to 256 bits to form a plaintext, and a master key K is used forisAs a key, adopting AES algorithm to process plaintextAnd after encryption, adding a header and sending the header to the fixed sensing node i, wherein the Type field of the message is 010.
e. The mobile sink node performs bitwise XOR calculation on P and Q to obtain a receiving session key
Figure BDA0002123586940000071
f. After the fixed sensor node i receives the authentication result message sent by the mobile sink, if the sink successfully authenticates i (the Type field of the authentication result message is 010), the fixed sensor node i uses the master key KisDecrypting the ciphertext, performing CRC-32 calculation on the decrypted 128-bit random number to obtain Q 'and CRC32 (Q)', performing CRC-32 calculation on Q 'to obtain CRC32 (Q'), and checking whether the calculation result CRC32(Q) 'is consistent with the received decrypted 32-bit identification code CRC32 (Q'): if the identity authentication of the node i to the sink is successful, continuing to execute the step g; if the identity authentication is inconsistent with the identity authentication of the node i to the sink, the session is ended; and if the authentication result message shows that the sink fails to authenticate the node i, the node i finishes the session.
g. The fixed sensor node i carries out bitwise XOR calculation on the P and the Q to obtain a sending session key
Figure BDA0002123586940000072
And at this point, the mutual identity authentication and session key agreement process between the fixed sensor node i and the mobile sink node sink is completed.
The fixed sensor node and the mobile sink node can realize mutual identity authentication between the nodes and generate a session key only by two handshaking, and the communication overhead is low.
In two handshaking for realizing mutual identity authentication, the method respectively encrypts and transmits two 128-bit random number streams P and Q, and performs bitwise exclusive OR on the P and Q to obtain a session key for encrypting data to be transmitted.
After finishing mutual authentication and generating a session key, the fixed sensor node i can transmit collected data to the mobile sink node sink, and the process is as follows:
h. adding a message integrity identification code to high-level data to be transmitted by a fixed sensor node i, filling the message integrity identification code to form a plaintext, and using a sending session key Ki,sinkAnd encrypting the plaintext and then sending the encrypted plaintext to the sink of the mobile sink node. In the data transmission stage, the Type field of the message transmitted to the sink by the node i is 100, and for the last message of the transmission data, the Type field is set to be 101, which is used for notifying the sink that the message is the last message of the session.
i. The mobile sink node uses the same receiving session key Ksink,iDecrypting the ciphertext, checking the integrity of the data by using the message integrity identification code, namely, after decrypting the high-level data and the message integrity identification code, calculating the identification code of the decrypted high-level data by using a message integrity algorithm, and comparing the identification code with the decrypted identification code: if the data is consistent with the data, the received high-level data is complete and is delivered to the upper layer; if not, discarding.
j. The mobile sink node stops receiving the last message (message with Type of 101) of the transmitted data after receiving the last message,
the session is ended.

Claims (2)

1. A safe communication method between a fixed sensor node and a mobile sink node in underwater acoustic communication is characterized in that,
firstly, selecting a binary symmetric t-degree polynomial for each fixed sensor node, substituting node ID into the polynomial to obtain a unitary t-degree polynomial, and storing the unitary t-degree polynomial in the node; that is, for a fixed sensor node i, a polynomial f (x, y) is selected, and f (ID) is obtained by substituting the ID of the fixed sensor node i into f (x, y)iY), storing into the node i;
for a mobile sink node sin k, substituting the node ID into a polynomial selected by all fixed sensors communicating with the node ID, and storing the polynomial into the mobile sink node; that is, for the mobile sink node sin k, the node ID is substituted into the polynomial f (x, y) selected by the stationary sensor node i to obtain f (ID)sinkY), stored in node sin k;
the process of the secure communication between the fixed sensor node i and the mobile sink node sin k is as follows:
a. after receiving the broadcast packet of the mobile sink node sin k, the fixed sensor node i substitutes the ID of the node sin k into f (ID)iY) finding f (ID)i,IDsink) If f (ID)i,IDsink) A value of greater than 2128Then it is paired with 2128Modulo, i.e. the result of the calculation takes only f (ID)i,IDsink) Low 128 bits in binary representation;
then through Kis=f(IDi,IDsink) + N calculation of the master key Kis,KisOnly the low 128 bits of the calculation result are taken; n is the number of times that the fixed sensor node i and the mobile sink node sin k successfully carry out conversation before the communication, and after key establishment and identity authentication are successfully carried out each time and the communication is successful, the nodes i and sin k add 1 to N;
b. a fixed sensor node i generates a 128-bit random number stream P, a 32-bit message integrity identification code of the random number generated by a CRC-32 algorithm is attached to the random number stream P, the random number is filled to 256 bits to form a plaintext, and a master key K is usedisAs a secret key, encrypting a plaintext by adopting an AES algorithm, adding a header to generate an authentication request message, and sending the message to a mobile sink node sin k;
c. after receiving the authentication request message of the fixed sensor node i, the mobile sink node sin k determines the ID of the node i and sends the IDiSubstitution of f (ID)sinkY) obtaining f (ID)sink,IDi) If f (ID)sink,IDi) A value of greater than 2128If the calculation result is f (ID) onlysink,IDi) Low 128 bits in binary representation;
then through Kis=f(ID sin k,IDi) + N calculation of the master key Kis,KisOnly the low 128 bits of the calculation result are taken; using KisDecrypting the received ciphertext, performing CRC-32 calculation on the decrypted 128-bit random number, and checking whether the calculation result is consistent with the received 32-bit message integrity identification code after decryption: if yes, the identity authentication of sin k to i is successful, and the step d is continuously executed; if the identity authentication of the node sin k to the i is not consistent, the identity authentication of the node sin k to the i fails, and the authentication result message is sent to the i and then the authentication is finishedConversation;
d. a 128-bit random number flow Q is generated by the mobile sink node sin K, a 32-bit message integrity identification code of the random number is generated by a CRC-32 algorithm and is attached to Q, then the random number is refilled to 256 bits to form a plaintext, and then a master key K is usedisAs a secret key, encrypting a plaintext by adopting an AES algorithm and then sending the encrypted plaintext to a fixed sensor node i;
e. the mobile sink node sin k carries out bitwise XOR calculation on P and Q to obtain a receiving session key
Figure FDA0002439268560000021
f. After a fixed sensor node i receives an authentication result message sent by a mobile sink node sin K, if sin K successfully authenticates i, a master key K is usedisDecrypting the ciphertext, performing CRC-32 calculation on the decrypted 128-bit random number, and checking whether the calculation result is consistent with the received decrypted 32-bit identification code: if the identity of the node i is consistent with the identity of the node sin k, the node i successfully authenticates the identity of the node sin k, and the step g is continuously executed; if the identity authentication is inconsistent, the identity authentication of the node i to the sin k fails, and the session is ended; if the authentication result message shows that the authentication of the sin k to the node i fails, the node i ends the session;
g. the fixed sensor node i carries out bitwise XOR calculation on the P and the Q to obtain a sending session key
Figure FDA0002439268560000022
h. Adding a message integrity identification code to high-level data to be transmitted by a fixed sensor node i, filling the message integrity identification code to form a plaintext, and using a sending session key Ki,sinkEncrypting a plaintext and then sending the encrypted plaintext to a mobile sink node sin k;
i. mobile sink node sin K uses the same received session key Ksink,iDecrypting the ciphertext, checking the integrity of the data by using the message integrity identification code, namely, after decrypting the high-level data and the message integrity identification code, calculating the identification code of the decrypted high-level data by using a message integrity algorithm, and comparing the identification code with the decrypted identification code: if the data is consistent with the data, the received high-level data is complete and is handed overApplying a layer; if not, discarding;
j. and the mobile sink node sin k stops receiving the last message of the transmission data after receiving the last message of the transmission data, and the session is ended.
2. The method for secure communication between a fixed sensor node and a mobile sink node in underwater acoustic communication according to claim 1, wherein: the value of N exceeds 216At this time, the count is started again from 0.
CN201910614825.5A 2019-07-09 2019-07-09 Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication Active CN110380848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910614825.5A CN110380848B (en) 2019-07-09 2019-07-09 Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910614825.5A CN110380848B (en) 2019-07-09 2019-07-09 Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication

Publications (2)

Publication Number Publication Date
CN110380848A CN110380848A (en) 2019-10-25
CN110380848B true CN110380848B (en) 2020-06-16

Family

ID=68252578

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910614825.5A Active CN110380848B (en) 2019-07-09 2019-07-09 Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication

Country Status (1)

Country Link
CN (1) CN110380848B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112566108B (en) * 2020-11-26 2022-07-01 厦门大学 Underwater acoustic communication network data secret transmission method with virus-like latency
CN112672347B (en) * 2021-01-13 2023-12-08 海南大学 Design method of underwater wireless sensor network data transmission security defense framework

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553572A (en) * 2015-12-14 2016-05-04 中国海洋大学 Underwater communication system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102123392B (en) * 2011-03-08 2013-05-01 东南大学 Secret key management method for distributed wireless sensor network
CN106131829B (en) * 2016-07-18 2019-03-05 黑龙江大学 Modified method for distributing key in a kind of large size layer-stepping wireless sensor network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553572A (en) * 2015-12-14 2016-05-04 中国海洋大学 Underwater communication system

Also Published As

Publication number Publication date
CN110380848A (en) 2019-10-25

Similar Documents

Publication Publication Date Title
Cao et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network
Luk et al. MiniSec: a secure sensor network communication architecture
CN101103586B (en) Apparatus and method for ciphering/deciphering a signal in a communication system
US20100293379A1 (en) method for secure data transmission in wireless sensor network
WO2008145059A1 (en) A method for secure data transmission in wireless sensor network
CN111416706B (en) Quantum secret communication system based on secret sharing and communication method thereof
WO2011028565A1 (en) Galois/counter mode encryption in a wireless network
CN102118387A (en) System and method for secure transaction of data between wireless communication device and server
WO2007059558A1 (en) Wireless protocol for privacy and authentication
CN106533656B (en) A kind of key multilayer mixing method for encryption/decryption based on WSN
CN101707767B (en) Data transmission method and devices
CN106899970B (en) Wireless communication encryption method based on angular momentum
CN112073115B (en) Lora-based low-orbit satellite Internet of things registration security verification method, Internet of things terminal, network server and user server
KR101452124B1 (en) Method for Device Authentication and Session Key Generation Based on Encryption in Internet of Things
CN102469173A (en) IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm
WO2011044351A2 (en) Wireless security protocol
CN100594691C (en) Data transmission encryption method of MANET network
CN110380848B (en) Method for safely communicating fixed sensor node and mobile sink node in underwater acoustic communication
Yüksel et al. Zigbee-2007 security essentials
CN107666491B (en) Data transmission method of air-ground integrated network based on symmetric encryption
Yu et al. Quantum-resistance authentication and data transmission scheme for NB-IoT in 3GPP 5G networks
Yu et al. A secure communication protocol between sensor nodes and sink node in underwater acoustic sensor networks
WO2005117334A1 (en) State based secure transmission for a wireless system
Lim et al. Dragon-MAC: Securing wireless sensor networks with authenticated encryption
Hartl et al. Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant