CN110519765B - Cooperative physical layer authentication method and system based on received signal power - Google Patents
Cooperative physical layer authentication method and system based on received signal power Download PDFInfo
- Publication number
- CN110519765B CN110519765B CN201910624746.2A CN201910624746A CN110519765B CN 110519765 B CN110519765 B CN 110519765B CN 201910624746 A CN201910624746 A CN 201910624746A CN 110519765 B CN110519765 B CN 110519765B
- Authority
- CN
- China
- Prior art keywords
- representing
- function value
- user terminal
- signal
- ith
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000005540 biological transmission Effects 0.000 claims abstract description 54
- 238000005070 sampling Methods 0.000 claims abstract description 11
- 230000000644 propagated effect Effects 0.000 claims description 19
- 238000010606 normalization Methods 0.000 claims description 12
- 238000009827 uniform distribution Methods 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 73
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000001902 propagating effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a cooperative physical layer authentication method and a system based on received signal power, which comprises the following steps: acquiring a receiving signal received by a user terminal from a transmitting source to be authenticated, sampling the receiving signal, and calculating the signal power of the receiving signal by using the sampled signal; deducing the existence state of a fake attacker by using the signal power, calculating a local function value according to the existence state of the fake attacker, and calculating a compatibility function value between adjacent users; determining a transmission message between the user terminals by using the local function value and the compatibility function value, and transmitting and updating the transmission message to determine the final reliability of the transmission message; and comparing and judging the final reliability to determine the identity state of the sending source to be authenticated. The authentication system is a distributed identity authentication system, the transmission information is transmitted and updated among user terminals to obtain the final reliability, and the identity state of a transmitting source is authenticated according to the final reliability, so that the reliability of detecting the position forgery attack state is improved.
Description
Technical Field
The invention relates to the field of wireless sensor network communication, in particular to a cooperative physical layer authentication method and system based on received signal power.
Background
The user wireless access system based on the position information is widely applied to the Internet of things (IoMCT), and has the advantages of being convenient and efficient to access. The system has the advantages of meeting the application in the aspects of environmental safety and the like, such as battlefield communication monitoring, frontier patrol monitoring, search and rescue monitoring.
However, due to the broadcast nature of wireless networks, which results in the lack of physical boundaries for the transmission and reception of wireless signals, a subscriber wireless access system based on location information is vulnerable to location-spoofing subscribers. The location-falsified user may illegally access the network by mimicking the location information of the legitimate user, thereby launching a series of malicious attacks, such as denial of service attack (DoS), man-in-the-middle attack (MITM), etc., to the network user.
The physical layer authentication system can authenticate the identity of a sending source by utilizing the spatial irrelevance of a wireless channel, and realizes the identity authentication of the sending source by distinguishing the physical signal characteristics of a legal sending source and an illegal sending source. Common wireless channel uncorrelated information includes: received Signal Strength (RSS), channel State Information (CSI), etc.
Disclosure of Invention
The application provides a cooperative physical layer authentication method and system based on received signal power, which can solve the technical problem that a forged user imitates legal user information to access a network and attack a user terminal due to the lack of a physical layer authentication boundary in the prior art.
The first aspect of the present invention provides a cooperative physical layer authentication method based on received signal power, wherein the authentication method comprises the following steps:
acquiring a received signal received by a user terminal from a transmission source to be authenticated, sampling the received signal, and calculating the signal power of the received signal by using the sampled signal;
deducing the existence state of a fake attacker by utilizing the signal power, calculating a local function value according to the existence state of the fake attacker, and calculating a compatible function value between adjacent user terminals;
determining a propagation message between the user terminals by using the local function value and the compatibility function value, and propagating and updating the propagation message to determine the final reliability of the propagation message;
and comparing and judging the final reliability to determine the identity state of the sending source to be authenticated.
Optionally, the received signal is calculated as follows:
wherein p is b Indicating the transmission energy of the legitimate transmission source, p si Transmission energy h indicating a forged transmission source bi Indicating the channel between the legitimate transmission source and the ith user,
indicating the channel between the forged transmission source and the ith user, phi indicating the state of existence of the forged attack, and n indicating white gaussian noise.
Optionally, the step of sampling the received signal to calculate the signal power of the received signal includes:
performing a plurality of samples on the received signal to determine a received signal vector to calculate a signal power of the received signal;
the signal power adopts the following calculation mode:
wherein,
is representative of the power of the signal or signals,
representing the received signal vector and E representing the mathematical expectation.
Optionally, the step of inferring a fake attacker state using the received signal power comprises:
comparing the signal power with a preset signal threshold value to deduce whether a counterfeit attack state exists or not;
when the power of the received signal is greater than or equal to a preset signal threshold value, determining that the received signal has a fake attack state;
and when the power of the received signal is smaller than a preset signal threshold value, determining that the received signal has no forged attack state.
Optionally, the step of calculating a local function value according to the fake attacker state, and calculating a compatibility function value between adjacent user terminals includes:
modeling a topological structure of the user terminal into a Markov random field model, calculating a local function value according to the forged attacker state, and calculating a compatibility function value between adjacent user terminals;
the formula for calculating the local function value is as follows:
wherein phi is i Representing said local function, S i,t Representing the presence of a fake attacker inferred at time t of the ith user terminal, Λ i,t Representing likelihood ratio, b i,t-1 Representing the final confidence level at time t-1 for the ith user terminal,
representing a uniform distribution function, δ (O) i,t = 1) impulse function, ζ denotes normalization factor, κ denotes forgetting factor,
representing reliability prediction of the ith user terminal at the time t;
the formula for calculating the compatibility function value is as follows:
wherein,
indicating the compatibility function of adjacent ith and jth user terminals, S i ,S j Respectively representing the states, Λ, of adjacent ith and jth user terminals i ,Λ j Indicating the likelihood ratio, θ, of adjacent ith and jth user terminals ij A compatibility function value indicating that the states of adjacent ith and jth user terminals are the same,
indicating a compatibility function value when the status of the ith user terminal is not the same as the status of the jth user terminal,
representing a uniform distribution function.
Optionally, the step of determining a propagated message between the user terminals by using the local function value and the compatibility function value, and propagating and updating the propagated message to determine the final reliability of the propagated message includes:
determining a propagation message by using the local function value and the compatibility function value, and the user terminal acquires the propagation message and propagates the propagation message to an adjacent user;
the adjacent users update the propagation messages by adopting the following updating modes:
wherein,
representing the propagated message updated at jth of said user terminals, C j Denotes a normalization factor, phi j (S j |Λ j ) Said local function value representing the j-th user terminal,
representing the compatibility function value;
the propagation message is propagated and updated for multiple times to determine the final credibility of the propagation message;
the formula for calculating the final confidence is as follows:
wherein, b i (S i ) Representing the final confidence level of said propagated message at the ith subscriber terminal, c i Denotes a normalization factor, phi i (S i |Λ i ) Said local function value representing the i-th user terminal,
representing said propagated message over n propagations and updates.
Optionally, the step of comparing and judging the final reliability to authenticate the identity state of the transmission source includes:
comparing and judging the final reliability according to a preset reliability threshold;
when the final reliability of the transmission message is larger than the reliability threshold value, determining that the identity state of the transmission source has a forgery attack and the authentication fails;
and when the final credibility of the propagation message is smaller than the credibility threshold, determining that the identity state of the sending source is a legal user, and passing authentication.
A second aspect of the present invention provides a cooperative physical layer authentication system based on received signal power, the authentication system comprising: the system comprises a plurality of user terminals, a signal power module, a local function module, a compatible function module, a final reliability module and an identity judgment module;
the system comprises a signal power module, a receiving module and a processing module, wherein the signal power module is used for acquiring a receiving signal received by the user terminal from a transmitting source to be authenticated, sampling the receiving signal and calculating the signal power of the receiving signal by using a signal obtained by sampling the signal;
the local function module is used for deducing the existence state of a fake attacker by utilizing the signal power and calculating a local function value according to the existence state of the fake attacker;
a compatible function module for calculating a compatible function value between adjacent user terminals according to the existence state of the false attacker;
a final reliability module, configured to determine a propagation message between the user terminals by using the local function value and the compatibility function value, and propagate and update the propagation message to determine a final reliability of the propagation message;
and the identity judgment module is used for comparing and judging the final credibility so as to authenticate the identity state of the sending source.
Optionally, the authentication system propagates and updates the propagated message based on the user terminal in a distributed manner, so as to generate a final reliability of the propagated message.
Optionally, the identity decision module is disposed in the user terminal, and the user terminal may independently perform identity authentication on the transmission source to be authenticated.
Compared with the prior art, the invention has the beneficial effects that: the authentication system belongs to a distributed identity authentication system, uses user terminals in a network as a cooperative authentication physical layer, propagates and updates a propagation message through a plurality of user terminals to obtain final reliability, authenticates a to-be-authenticated transmission source according to the final reliability to determine the identity state of the to-be-authenticated transmission source, and has higher reliability compared with the existing single-user terminal authentication system; meanwhile, in the calculation process of the final reliability of the transmitted message, the authentication system combines the state change possibly existing in the counterfeiting attack in the time dimension and the space dimension, improves the robustness of the identity authentication of the transmitting source, and effectively prevents the attack of the illegal transmitting source to the network user terminal.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a diagram illustrating steps of a cooperative physical layer authentication method based on received signal power according to the present invention;
fig. 2 is a block diagram of a cooperative physical layer authentication system based on received signal power according to the present invention;
fig. 3 is a diagram of a cooperative physical layer authentication system architecture according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Because of lack of physical layer authentication boundary in the prior art, the technical problem that a forged user imitates legal user information to access a network and attack a user terminal is caused.
In order to solve the above technical problem, the present invention provides a cooperative physical layer authentication method based on received signal power, please refer to fig. 1, where fig. 1 is a step diagram of a cooperative physical layer authentication method based on received signal power provided by the present invention, and the authentication method includes the following steps:
s101, acquiring a receiving signal received by a user terminal from a transmitting source to be authenticated, sampling the receiving signal, and calculating the signal power of the receiving signal by using the sampled signal;
s102, deducing the existence state of a fake attacker by using the signal power, calculating a local function value according to the existence state of the fake attacker, and calculating a compatibility function value between adjacent user terminals;
s103, determining the transmission information between the user terminals by using the local function value and the compatibility function value, and transmitting and updating the transmission information to determine the final reliability of the transmission information;
and S104, comparing and judging the final reliability to determine the identity state of the sending source to be authenticated.
In the embodiment of the invention, a network user terminal is in a state of receiving signals, when a sending source to be authenticated sends signals to a target user terminal, since the identity of the sending source may contain the uncertainty of a legal user and an illegal user, in order to protect the safety of each user terminal in a network, the identity of the sending source needs to be authenticated and identified; firstly, the power of the signal sent by the sending source is calculated, the state of a fake attacker possibly existing in the signal of the sending source is deduced according to the signal power, then a compatible function between a local function and a user terminal is calculated, and a message transmitted by the user terminal is determined.
In the embodiment of the present invention, the step of acquiring the received signal of the user terminal includes:
a sending source to be authenticated sends a signal to a user terminal to obtain a receiving signal of the user terminal;
the received signal is calculated as follows:
wherein p is b Indicating the transmission energy of the legitimate transmission source, p si Transmission energy h indicating a forged transmission source bi Indicating the channel between the legitimate transmission source and the ith user,
the channel between a forged transmission source and the ith user is shown, phi represents the state of existence of forged attack, and n represents Gaussian white noise; further, the state of existence of the forgery attack is estimated by a binary estimation method for a signal, where Φ has a value range of 0 or 1, where Φ =0 indicates a signal transmitted by a transmission source of a legitimate user, and Φ =1 indicates a received signalThe signal transmitted by the transmitting source of the illegal user, the two receiving signal cases are two results of whether the received signal may have a fake attack state, at this time, because of the unknown signal state, the identity of the transmitting source to be authenticated can not be deduced according to the received signal.
In an embodiment of the present invention, the step of sampling the received signal to calculate the signal power of the received signal comprises:
performing a plurality of samples on the received signal, determining a received signal vector to calculate the signal power of the received signal;
the signal power is calculated in the following way:
wherein,
which is indicative of the power of the signal,
which represents the vector of the received signal and,
representing the received signal vector transpose, E representing the mathematical expectation;
in this embodiment, it is noted that the received signal is a continuous signal, the amplitude of the continuous signal is continuous, and the received signal is sampled by: performing N discrete samples on the received signal to obtain a received signal vector, wherein the vector of the received signal
C represents a complex field, N represents a constant, typically N is greater than 1;
further, determining a received signal vector according to the signal value of the signal value obtained by sampling the received signal, wherein the received signal vector is as follows:
the received signal vector is then switched to:
the mathematical expectation calculation formula for the received signal vector and the received signal vector transpose is as follows:
the mathematical expectation of the received signal vector and the received signal vector obtained by calculation is the signal power of the received signal.
In the embodiment of the invention, the step of deducing the state of the fake attacker by using the power of the received signal comprises the following steps:
comparing the signal power with a preset signal threshold value to deduce whether a counterfeit attack state exists or not;
when the power of the received signal is greater than or equal to a preset signal threshold value, determining that the received signal has a fake attack state;
when the power of the received signal is smaller than a preset signal threshold value, determining that the received signal does not have a fake attack state;
in the embodiment, the existence of the counterfeit attack state is inferred by utilizing the signal power, the counterfeit attack state of the signal power is inferred by a binary inference method, and when the signal is in the existence of the counterfeit attack state, the power of the signal is greater than that of a signal sent between legal users; setting a signal threshold between the power of a legal user signal and the power of a fake attack state signal in advance, and when the signal power is greater than or equal to the signal threshold, regarding the signal as a signal with a fake attack state and sending the signal by an illegal sending source; when the signal power is less than the signal threshold, the signal is considered to be transmitted by a legal transmission source.
In the embodiment of the present invention, the step of calculating the local function value according to the counterfeit attacker state and the step of calculating the compatibility function value between the adjacent user terminals include:
modeling a topological structure of the user terminal into a Markov random field model, calculating a local function value according to a forged attacker state, and calculating a compatibility function value between adjacent user terminals;
the formula for calculating the local function value is as follows:
wherein phi is i Representing a local function, S i,t Representing the presence of a fake attacker inferred at time t of the ith user terminal, Λ i,t Representing likelihood ratio, b i,t-1 Representing the final confidence level at time t-1 for the ith user terminal,
representing a uniform distribution function, δ (O) i,t = 1) impulse function, ζ denotes normalization factor,
kappa denotes the forgetting factor, kappa. Epsilon. (0,1),
and representing the reliability prediction of the ith user terminal at the time t, wherein the calculation method of the reliability prediction is as follows:
the formula for calculating the compatibility function value is as follows:
wherein,
indicating the compatibility function of the adjacent ith and jth user terminals, S i ,S j Respectively representing the states, Λ, of adjacent ith and jth user terminals i ,Λ j Indicating the likelihood ratio, θ, of adjacent ith and jth user terminals ij A compatibility function value indicating that the states of adjacent ith and jth user terminals are the same,
indicating a compatibility function value when the status of the ith user terminal is not the same as the status of the jth user terminal,
representing a uniform distribution function; wherein,
when the false attack existence states of the ith and jth adjacent user terminals are the same, the larger the compatibility function value is, the compatibility function value is theta ij (ii) a When the existence states of the forgery attacks of the ith and jth adjacent user terminals are different, the smaller the compatibility function value is, the compatibility function value is
In the embodiment of the present invention, the step of determining the propagation message between the user terminals by using the local function value and the compatibility function value, and propagating and updating the propagation message to determine the final reliability of the propagation message includes:
determining a transmission message by using the local function value and the compatibility function value, acquiring the transmission message by the user terminal, and transmitting the transmission message to an adjacent user;
the adjacent users update the propagation messages by adopting the following updating modes:
wherein,
indicating the updated broadcast message at the jth user terminal, C j Denotes a normalization factor phi j (S j |Λ j ) A local function value representing the jth user terminal,
expressing a compatibility function value;
the transmission message is transmitted and updated for a plurality of times to determine the final credibility of the transmission message;
the formula for calculating the final confidence is as follows:
wherein, b i (S i ) Indicating the final confidence of the propagated message at the ith subscriber terminal, c i Denotes a normalization factor, phi i (S i |Λ i ) A local function value representing the ith user terminal,
representing the propagated message over n propagations and updates.
In the embodiment of the invention, the step of comparing and judging the final reliability to authenticate the identity state of the sending source comprises the following steps:
setting a reliability threshold value, and comparing and judging the final reliability according to the preset reliability threshold value so as to authenticate the identity state of the sending source;
when the final reliability of the transmitted message is greater than a reliability threshold value, determining that the identity state of the transmitting source has a forgery attack and the authentication fails;
when the final credibility of the transmission message is smaller than a credibility threshold, determining that the identity state of the transmission source is a legal user, and passing authentication;
in this embodiment, a confidence threshold is set, denoted b T Final degree of confidence is b i (S i ),
b i (S i )≤b T ,H 0 ,
b i (S i )>b T ,H 1 ,
The method comprises the steps that after a transmission message is transmitted and updated through a user terminal, final reliability comparison judgment is carried out, when the final reliability is larger than a reliability threshold value, identity authentication of a transmission source to be authenticated does not pass, and the judgment is represented as H 1 Further, when the final reliability is less than or equal to the reliability threshold, the identity authentication of the transmission source to be authenticated is passed, which is denoted as H 0 。
A second aspect of the present invention provides a cooperative physical layer authentication system based on received signal power, please refer to fig. 2, fig. 2 is a structural diagram of a cooperative physical layer authentication system based on received signal power according to the present invention, and the authentication system 200 includes: the system comprises a plurality of user terminals, a signal power module 201, a local function module 202, a compatible function module 203, a final reliability module 204 and an identity judgment module 205;
a signal power module 201, configured to obtain a received signal received by a user terminal from a transmission source to be authenticated, sample the received signal, and calculate a signal power of the received signal by using the sampled signal;
the local function module 202 is configured to infer an existence state of a counterfeit attacker by using the signal power, and calculate a local function value according to the existence state of the counterfeit attacker;
a compatible function module 203, configured to calculate a compatible function value between adjacent user terminals according to the existence status of the counterfeit attacker;
a final reliability module 204, configured to determine a propagation message between the user terminals by using the local function value and the compatibility function value, and propagate and update the propagation message to determine a final reliability of the propagation message;
and the identity judgment module 205 is used for comparing and judging the final reliability so as to authenticate the identity state of the sending source.
In the embodiment of the invention, a cooperative physical layer authentication system based on received signal power belongs to a distributed identity authentication system, the physical layer authentication system has no authentication center, and the identity of a sending source to be authenticated is authenticated by combining a user terminal, a signal power module 201, a local function module 202, a compatible function module 203, a final reliability module 204 and an identity judgment module 205 to form the cooperative physical layer authentication system 200.
Referring to fig. 3, fig. 3 is an architecture diagram of a cooperative physical layer authentication system according to an embodiment of the present invention; the method comprises the steps that a Markov Random Field (MRF) is constructed in a plurality of user terminals in a network, when a sending source to be authenticated is a legal user, the legal user is positioned in the range of the MRF, network wireless channel connection with the user terminals can be realized, and information intersection between the user terminals is realized; if the sending source to be authenticated is a fake user imitating the position information of the legal user, and the fake user is out of the range of the random field, the access to the network fails, the information intersection with the user terminal in the random field cannot be realized, and the fake user can be effectively prevented from attacking the user terminal in the network. In the embodiment of the invention, the cooperative physical layer authentication system based on the received signal power mainly comprises a transmission source to be authenticated and a plurality of network user terminals, wherein the cooperative physical layer has no authentication center, a model is built through the user terminals, and corresponding function values are calculated by utilizing signals transmitted to the user terminals by the transmission source so as to acquire the reliability and authenticate the identity of the transmission source.
In the embodiment of the invention, the authentication system spreads and updates the propagation message based on the user terminal in a distributed mode so as to generate the final credibility of the propagation message.
In the implementation of the invention, the identity judgment module is arranged at the user terminal, and the user terminal can independently carry out identity authentication on the sending source to be authenticated.
Compared with the prior art, the invention has the beneficial effects that: the authentication system belongs to a distributed identity authentication system, uses user terminals in a network as a cooperative authentication physical layer, propagates and updates a propagation message through a plurality of user terminals to obtain final reliability, authenticates a to-be-authenticated transmission source according to the final reliability to determine the identity state of the to-be-authenticated transmission source, and has higher reliability compared with the existing single-user terminal authentication system; meanwhile, in the calculation process of the final reliability of the transmitted message, the authentication system combines the state change possibly existing in the counterfeiting attack in the time dimension and the space dimension, improves the robustness of the identity authentication of the transmitting source, and effectively prevents the attack of the illegal transmitting source to the network user terminal.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and in actual implementation, there may be other divisions, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that, for the sake of simplicity, the above-mentioned method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no acts or modules are necessarily required of the invention.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In view of the above description of the cooperative physical layer authentication method and system based on received signal power provided by the present invention, those skilled in the art will appreciate that the concepts according to the embodiments of the present invention may be modified in the specific implementation manners and application ranges.
Claims (7)
1. A cooperative physical layer authentication method based on received signal power, the authentication method comprising the steps of:
acquiring a receiving signal received by a user terminal from a transmitting source to be authenticated, sampling the receiving signal, and calculating the signal power of the receiving signal by using the sampled signal;
comparing the signal power with a preset signal threshold value, and deducing whether the received signal is in a fake attacker existence state;
when the signal power is greater than or equal to a preset signal threshold value, determining that the received signal is a forged attacker existing state;
when the signal power is smaller than a preset signal threshold value, determining that the received signal is not in a fake attacker existing state;
modeling the topological structure of the user terminal into a Markov random field model, calculating a local function value according to the existence state of the counterfeit attacker, and calculating a compatibility function value between adjacent user terminals;
the formula for calculating the local function value is as follows:
wherein phi is i Representing said local function, S i,t Representing the presence of a fake attacker inferred at time t of the ith user terminal, Λ i,t Representing likelihood ratio, b i,t-1 Representing the final confidence level at time t-1 for the ith user terminal,
representing a uniform distribution function, δ (O) i,t = 1) is an impulse function,
denotes a normalization factor, κ denotes a forgetting factor,
representing reliability prediction of the ith user terminal at the time t;
the formula for calculating the compatibility function value is as follows:
wherein,
indicating the compatibility function of adjacent ith and jth user terminals, S i ,S j Respectively representing the states, Λ, of adjacent ith and jth user terminals i ,Λ j Indicating the likelihood ratio, θ, of the adjacent ith and jth user terminals ij A compatibility function value indicating that the states of adjacent ith and jth user terminals are the same,
indicating a compatibility function value when the status of the ith user terminal is not the same as the status of the jth user terminal,
representing a uniform distribution function;
determining a propagation message by using the local function value and the compatibility function value, and the user terminal acquires the propagation message and propagates the propagation message to an adjacent user;
the adjacent users update the propagation messages, and the following updating modes are adopted:
wherein,
representing the propagated message updated at jth of said user terminals, C j Denotes a normalization factor phi j (S j |Λ j ) Said local function value representing the j-th user terminal,
representing the compatibility function value;
carrying out multiple times of propagation and updating on the propagation message to determine the final credibility of the propagation message;
the formula for calculating the final confidence is as follows:
wherein, b i (S i ) Representing the final confidence level of said propagated message at the ith subscriber terminal, c i Denotes a normalization factor, phi i (S i |Λ i ) Said local function value representing the i-th user terminal,
representing the propagated message after n number of propagations and updates;
and comparing and judging the final reliability to determine the identity state of the sending source to be authenticated.
2. The method of claim 1, wherein the received signal power-based cooperative physical layer authentication is calculated as follows:
wherein p is b Indicating the transmission energy of the legitimate source, p si To indicate a falseTransmission energy of the transmission source, h bi Indicating the channel between the legitimate transmission source and the ith user,
indicating the channel between the forged transmission source and the ith user, phi indicating the state of existence of the forged attack, and n indicating white gaussian noise.
3. The method of claim 1, wherein the step of sampling the received signal to calculate the signal power of the received signal comprises:
performing a plurality of samples on the received signal to determine a received signal vector to calculate a signal power of the received signal;
the signal power adopts the following calculation mode:
wherein,
is representative of the power of the signal or signals,
representing the received signal vector and E representing the mathematical expectation.
4. The method as claimed in claim 1, wherein the step of comparing and determining the final reliability to authenticate the identity status of the transmitting source comprises:
comparing and judging the final reliability according to a preset reliability threshold;
when the final reliability of the transmission message is larger than the reliability threshold value, determining that the identity state of the transmission source has a forgery attack and the authentication fails;
and when the final reliability of the transmission message is smaller than the reliability threshold value, determining that the identity state of the transmission source is a legal user, and passing authentication.
5. A cooperative physical layer authentication system based on received signal power, the authentication system comprising: the system comprises a plurality of user terminals, a signal power module, a local function module, a compatible function module, a final reliability module and an identity judgment module;
the system comprises a signal power module, a receiving module and a processing module, wherein the signal power module is used for acquiring a receiving signal received by the user terminal from a transmitting source to be authenticated, sampling the receiving signal and calculating the signal power of the receiving signal by using the sampled signal;
the local function module is used for comparing the signal power with a preset signal threshold value and deducing whether the received signal is in a forged attacker existing state;
when the signal power is greater than or equal to a preset signal threshold value, determining that the received signal is in a fake attacker existing state;
when the signal power is smaller than a preset signal threshold value, determining that the received signal is not in a fake attacker existence state;
modeling a topological structure of the user terminal into a Markov random field model, and calculating a local function value according to the counterfeit attacker state;
the formula for calculating the local function value is as follows:
wherein phi is i Representing said local function, S i,t Representing the presence of a fake attacker inferred at time t of the ith user terminal, Λ i,t Representing likelihood ratio, b i,t-1 Representing the final confidence level at time t-1 for the ith user terminal,
representing a uniform distribution function, δ (O) i,t = 1) is an impulse function,
denotes a normalization factor, κ denotes a forgetting factor,
representing reliability prediction of the ith user terminal at the time t;
a compatible function module, which is used for calculating a compatible function value between adjacent user terminals according to the existence state of the counterfeit attacker;
the formula for calculating the compatibility function value is as follows:
wherein,
indicating the compatibility function of adjacent ith and jth user terminals, S i ,S j Representing the states of adjacent ith and jth user terminals, respectively i ,Λ j Indicating the likelihood ratio, θ, of the adjacent ith and jth user terminals ij A compatibility function value indicating that the states of adjacent ith and jth user terminals are the same,
indicating a compatibility function value when the status of the ith user terminal is not the same as the status of the jth user terminal,
representing a uniform distribution function;
a final reliability module, configured to determine a propagation message by using the local function value and the compatibility function value, where the user terminal obtains the propagation message and propagates the propagation message to an adjacent user;
the adjacent users update the propagation messages by adopting the following updating modes:
wherein,
representing the propagated message updated at jth of said user terminals, C j Denotes a normalization factor, phi j (S j |Λ j ) Said local function value representing the j-th user terminal,
representing the compatibility function value;
carrying out multiple times of propagation and updating on the propagation message to determine the final credibility of the propagation message;
the formula for calculating the final confidence is as follows:
wherein, b i (S i ) Representing the final confidence level of said propagated message at the ith subscriber terminal, c i Denotes a normalization factor, phi i (S i |Λ i ) Said local function value representing the i-th user terminal,
representing the propagated message after n number of propagations and updates;
and the identity judgment module is used for comparing and judging the final credibility so as to authenticate the identity state of the sending source.
6. The system of claim 5, wherein the authentication system propagates and updates the propagated message based on the user terminal in a distributed manner to generate a final confidence level for the propagated message.
7. The system of claim 5, wherein the identity decision module is disposed in the ue, and the ue can independently authenticate the identity of the transmission source to be authenticated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910624746.2A CN110519765B (en) | 2019-07-11 | 2019-07-11 | Cooperative physical layer authentication method and system based on received signal power |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910624746.2A CN110519765B (en) | 2019-07-11 | 2019-07-11 | Cooperative physical layer authentication method and system based on received signal power |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110519765A CN110519765A (en) | 2019-11-29 |
| CN110519765B true CN110519765B (en) | 2022-10-28 |
Family
ID=68622968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910624746.2A Expired - Fee Related CN110519765B (en) | 2019-07-11 | 2019-07-11 | Cooperative physical layer authentication method and system based on received signal power |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110519765B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115296831B (en) * | 2022-05-30 | 2023-08-04 | 苏州大学 | Distributed authentication system, method and processor readable storage medium |
| CN117081867B (en) * | 2023-10-17 | 2024-01-23 | 北京交通大学 | Cooperative physical layer authentication method based on impression weighting and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140052768A (en) * | 2012-10-25 | 2014-05-07 | 삼성전자주식회사 | Method and apparatus for handling security key of a mobile station for cooperating with multiple base stations in a radio communication system |
| CN104093145A (en) * | 2014-08-07 | 2014-10-08 | 厦门大学 | Authentication method between users of two adjacent mobile terminals |
| CN105743594A (en) * | 2016-04-18 | 2016-07-06 | 西安交通大学 | PUEA detection method based on inter-user cooperation in cognitive radio system |
| CN107077545A (en) * | 2014-05-30 | 2017-08-18 | Pcms控股公司 | System and method for active certification |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2545534B (en) * | 2016-08-03 | 2019-11-06 | Cirrus Logic Int Semiconductor Ltd | Methods and apparatus for authentication in an electronic device |
-
2019
- 2019-07-11 CN CN201910624746.2A patent/CN110519765B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140052768A (en) * | 2012-10-25 | 2014-05-07 | 삼성전자주식회사 | Method and apparatus for handling security key of a mobile station for cooperating with multiple base stations in a radio communication system |
| CN107077545A (en) * | 2014-05-30 | 2017-08-18 | Pcms控股公司 | System and method for active certification |
| CN104093145A (en) * | 2014-08-07 | 2014-10-08 | 厦门大学 | Authentication method between users of two adjacent mobile terminals |
| CN105743594A (en) * | 2016-04-18 | 2016-07-06 | 西安交通大学 | PUEA detection method based on inter-user cooperation in cognitive radio system |
Non-Patent Citations (2)
| Title |
|---|
| "基于网络接入认证对终端设备的管控研究";叶水勇;《电力信息与通信技术》;20180515;第16卷(第5期);全文 * |
| 物联网中移动终端的协同身份检测机制研究;陈洁等;《通信技术》;20171210(第12期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110519765A (en) | 2019-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Singh et al. | Machine-learning-assisted security and privacy provisioning for edge computing: A survey | |
| Liao et al. | Security enhancement for mobile edge computing through physical layer authentication | |
| Esposito et al. | Robust decentralised trust management for the internet of things by using game theory | |
| Pawlick et al. | Modeling and analysis of leaky deception using signaling games with evidence | |
| WO2021003738A1 (en) | Collaborative physical layer authentication method and system based on received signal power | |
| Xiao et al. | Secure mobile crowdsensing based on deep learning | |
| KR20210077703A (en) | Collaborative Risk Awareness Certification | |
| CN109168166B (en) | Safety detection method of physical layer authentication system | |
| CN110519765B (en) | Cooperative physical layer authentication method and system based on received signal power | |
| CN106792685A (en) | A kind of joint qualification method based on carrier frequency and received signal strength | |
| CN109511116A (en) | Consider the safety detecting method of the physical layer Verification System of hostile end computing capability | |
| CN108206795B (en) | Blind authentication method and system of frequency selective fading channel based on confidence transfer | |
| Ling et al. | Trust and reputation management in cognitive radio networks: a survey | |
| Khalid et al. | Physical layer authentication in line-of-sight underwater acoustic sensor networks | |
| Wu et al. | Game-theoretic physical layer authentication for spoofing detection in internet of things | |
| Jing et al. | A Stackelberg game based physical layer authentication strategy with reinforcement learning | |
| Vuppula et al. | Blockchain‐oriented location privacy preserving for cooperative spectrum sensing in 6G wireless networks | |
| Shawky et al. | Reconfigurable intelligent surface-assisted cross-layer authentication for secure and efficient vehicular communications | |
| Feng et al. | Securing cooperative spectrum sensing against rational SSDF attack in cognitive radio networks | |
| Yin et al. | Detecting CAN overlapped voltage attacks with an improved voltage-based in-vehicle intrusion detection system | |
| CN109348477A (en) | Wireless internet of things physical layer authentication method based on service network | |
| CN108199991B (en) | Physical layer blind authentication method and system of time-varying fading channel based on confidence transfer | |
| CN110086779B (en) | Communication safety discrimination method for multi-domain optical network crosstalk attack | |
| Ye et al. | Easy peasy: A new handy method for pairing multiple cots IoT devices | |
| CN116248308A (en) | Internet of things continuous authentication method based on zero trust and edge intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20221028 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |