CN110730067B - Key generation method and device, computer readable storage medium and terminal equipment - Google Patents
Key generation method and device, computer readable storage medium and terminal equipment Download PDFInfo
- Publication number
- CN110730067B CN110730067B CN201910844021.4A CN201910844021A CN110730067B CN 110730067 B CN110730067 B CN 110730067B CN 201910844021 A CN201910844021 A CN 201910844021A CN 110730067 B CN110730067 B CN 110730067B
- Authority
- CN
- China
- Prior art keywords
- bit sequence
- bit
- sequence
- node
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The present invention belongs to the field of computer technologies, and in particular, to a method and an apparatus for generating a secret key, a computer-readable storage medium, and a terminal device. The method is applied to a first node in a preset controller area network, wherein the first node is any one node in the controller area network, and the method comprises the following steps: generating a first bit sequence; transmitting the first bit sequence in a bus of the controller area network; receiving a superimposed bit sequence in a bus of the controller area network, where the superimposed bit sequence is a bit sequence formed by superimposing the first bit sequence and a second bit sequence, the second bit sequence is a bit sequence generated by a second node, the second bit sequence and the second bit sequence have the same length, and the second bit sequence and the first bit sequence are simultaneously sent in the bus of the controller area network; and generating a key according to the superposed bit sequence.
Description
Technical Field
The present invention belongs to the field of computer technologies, and in particular, to a method and an apparatus for generating a secret key, a computer-readable storage medium, and a terminal device.
Background
In automotive and industrial applications, safety is an important topic that is rapidly increasing. This is due to the current trend of universally connected systems, higher degrees of automation and increasingly open systems, and the numerous interfaces that attackers may use for malicious purposes. In today's systems, communication over a Controller Area Network (CAN) is typically insecure. Without proper counter measures, a hacker may easily take over the remote control of the car, eavesdrop on production related data or manipulate the building automation system. This is not merely a purely theoretical threat, but rather a real and serious threat, reflected in the various prominent attacks that have been recently made and published. Protecting the integrity of information and ensuring the authenticity of its sender should generally be the most important security objective in CAN-based networks, since CAN is widely used to control physical systems or other processes, directly affecting security. Therefore, unauthorized operations must be prevented, or at least they should be detected.
In principle, all these security objectives CAN be achieved in exactly the same way as in the traditional IT world (e.g. using digital signatures, message authentication codes, etc.), but to achieve optimal performance IT is better to design based on the characteristics of the CAN network. This includes limited data rates and message sizes, as well as limited computing power and memory of many CAN devices. In this regard, symmetric cryptographic schemes are the basis of most proposed schemes due to their limited computational complexity and bandwidth requirements. Although basically suitable concepts and encryption algorithms can be used, the distribution of the required encryption keys between the involved nodes is still challenging, and the complexity and cost of generating the keys is often high.
Disclosure of Invention
In view of this, embodiments of the present invention provide a key generation method, an apparatus, a computer-readable storage medium, and a terminal device, so as to solve the problem that the complexity and the cost of the existing key generation method are often high.
A first aspect of an embodiment of the present invention provides a key generation method, which is applied to a first node in a preset controller area network, where the first node is any one node in the controller area network, and the method may include:
generating a first bit sequence;
transmitting the first bit sequence in a bus of the controller area network;
receiving a superimposed bit sequence in a bus of the controller area network, where the superimposed bit sequence is a bit sequence formed by superimposing the first bit sequence and a second bit sequence, the second bit sequence is a bit sequence generated by a second node, the second node is any one node except the first node in the controller area network, the second bit sequence and the second bit sequence have the same length, and the second bit sequence and the first bit sequence are simultaneously sent in the bus of the controller area network;
and generating a key according to the superposed bit sequence.
In one specific implementation, the generating the first bit sequence may include:
randomly generating a first original sequence, wherein the first original sequence comprises N bits, N is more than or equal to 1 and less than or equal to N, and N is a positive integer;
and generating the first bit sequence according to the first original sequence, wherein the first bit sequence comprises 2N bits, the 2N-1 th bit of the first bit sequence is the nth bit of the first original sequence, and the 2N-1 th bit of the first bit sequence is opposite to the 2 nth bit.
In another specific implementation, the generating the first bit sequence may include:
randomly generating a first original sequence, wherein the first original sequence comprises N bits, N is more than or equal to 1 and less than or equal to N, and N is a positive integer;
and generating the first bit sequence according to the first original sequence, wherein the first bit sequence comprises 2N bits, the 2 nth bit of the first bit sequence is the nth bit of the first original sequence, and the 2N-1 st bit of the first bit sequence is opposite to the 2 nth bit.
Further, the generating a key according to the superimposed bit sequence may include:
dividing the superposition bit sequence into N tuples, wherein the nth tuple comprises the 2N-1 th bit and the 2 nth bit of the superposition bit sequence;
selecting each first tuple, wherein the first tuple is a tuple comprising a bit '1';
deleting each bit corresponding to each first tuple in the first original sequence from the first original sequence to obtain a third bit sequence;
generating the key from the third bit sequence.
Further, the generating the key according to the third bit sequence may include:
determining the third bit sequence as the key;
or
And bitwise negating the third bit sequence, and determining the bitwise negated third bit sequence as the key.
A second aspect of the embodiments of the present invention provides a key generation apparatus, which is applied to a first node in a preset controller area network, where the first node is any one node in the controller area network, and the apparatus may include:
the first bit sequence generating module is used for generating a first bit sequence;
a first bit sequence sending module, configured to send the first bit sequence in a bus of the controller area network;
a superimposed bit sequence receiving module, configured to receive a superimposed bit sequence in a bus of the controller area network, where the superimposed bit sequence is a bit sequence formed by superimposing the first bit sequence and a second bit sequence, the second bit sequence is a bit sequence generated by a second node, the second node is any node except the first node in the controller area network, the second bit sequence and the second bit sequence have the same length, and the second bit sequence and the first bit sequence are simultaneously sent in the bus of the controller area network;
and the key generation module is used for generating a key according to the superposed bit sequence.
In one specific implementation, the first bit sequence generating module may include:
a first original sequence generating unit, configured to randomly generate a first original sequence, where the first original sequence includes N bits, N is greater than or equal to 1 and less than or equal to N, and N is a positive integer;
a first bit sequence generating unit, configured to generate the first bit sequence according to the first original sequence, where the first bit sequence includes 2N bits, a 2N-1 th bit of the first bit sequence is an nth bit of the first original sequence, and the 2N-1 th bit of the first bit sequence is opposite to the 2 nth bit.
In another specific implementation, the first bit sequence generating module may include:
a first original sequence generating unit, configured to randomly generate a first original sequence, where the first original sequence includes N bits, N is greater than or equal to 1 and less than or equal to N, and N is a positive integer;
a first bit sequence generating unit, configured to generate the first bit sequence according to the first original sequence, where the first bit sequence includes 2N bits, a 2 nth bit of the first bit sequence is an nth bit of the first original sequence, and a 2N-1 th bit of the first bit sequence is opposite to the 2 nth bit.
Further, the key generation module may include:
a tuple dividing unit, configured to divide the superposition bit sequence into N tuples, where an nth tuple includes a 2N-1 th bit and a 2 nth bit of the superposition bit sequence;
the tuple selecting unit is used for selecting each first tuple, and the first tuple is a tuple comprising bits of '1';
a bit deleting unit, configured to delete each bit in the first original sequence corresponding to each first tuple from the first original sequence, so as to obtain a third bit sequence;
a key generation unit configured to generate the key according to the third bit sequence.
Further, the key generation unit is specifically configured to determine the third bit sequence as the key;
or
And bitwise negating the third bit sequence, and determining the bitwise negated third bit sequence as the key.
A third aspect of embodiments of the present invention provides a computer-readable storage medium storing computer-readable instructions, which, when executed by a processor, implement the steps of any one of the key generation methods described above.
A fourth aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor implements the steps of any one of the key generation methods when executing the computer readable instructions.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: in this method, two nodes (i.e., the first node and the second node) in a controller area network that need to communicate can respectively generate bit sequences (i.e., the first bit sequence and the second bit sequence) with equal lengths, and simultaneously transmit the bit sequences on a bus of the controller area network. Since the two bit sequences are transmitted simultaneously, a new bit sequence, i.e., the superimposed bit sequence, is superimposed on the bus of the controller area network. The third party can only see this superimposed bit sequence without knowing the exact content of each bit sequence, but the content transmitted by the first node and the second node is known, and after receiving the superimposed bit sequence, the content transmitted by the other party can be easily derived and a key can be generated on the basis of the content. The method has the advantages of simplicity, low complexity, low cost and the like, and CAN be easily realized without any modification of a standard CAN controller.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a flow chart of an embodiment of a method for key generation according to an embodiment of the present invention;
FIG. 2 is a schematic flow diagram of the generation of a key from a superimposed bit sequence;
FIG. 3 is a block diagram of an embodiment of a key generation apparatus according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a terminal device in an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In addition, in the description of the present application, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
The key generation method provided in the embodiment of the present invention may be applied to a first node in a preset controller area network, where the first node is any one node in the controller area network. The method may comprise the steps as shown in fig. 1:
and step S101, generating a first bit sequence.
Specifically, a first original sequence may be first randomly generated, where the first original sequence includes N bits, N is greater than or equal to 1 and less than or equal to N, and N is a positive integer. The first bit sequence is then generated from the first original sequence, the length of the first bit sequence being twice the length of the first original sequence, i.e. the first bit sequence comprises 2N bits.
In a specific implementation of this embodiment, the 2n-1 th bit of the first bit sequence is the nth bit of the first original sequence, and the 2n-1 th bit of the first bit sequence is opposite to the 2 nth bit, if the 2n-1 th bit is "0", the 2 nth bit is "1", and if the 2n-1 th bit is "1", the 2 nth bit is "0". In another specific implementation of this embodiment, the 2 nth bit of the first bit sequence is the nth bit of the first original sequence, and the 2n-1 th bit of the first bit sequence is opposite to the 2 nth bit.
And step S102, sending the first bit sequence in a bus of the controller area network.
It is particularly noted that the first bit sequence and the second bit sequence are transmitted simultaneously in the bus of the controller area network.
The second bit sequence is a bit sequence generated by a second node, the second node is any one node except the first node in the controller area network, and the second bit sequence is equal to the first bit sequence in length and is 2N. The second bit sequence is generated in a similar manner to the first bit sequence, i.e., a second original sequence is first randomly generated, the second original sequence including N bits, and then the second bit sequence is generated according to the second original sequence.
In a specific implementation of this embodiment, the 2n-1 th bit of the second bit sequence is the nth bit of the second original sequence, and the 2n-1 th bit of the second bit sequence is opposite to the 2 nth bit. In another specific implementation of this embodiment, the 2 nth bit of the second bit sequence is the nth bit of the second original sequence, and the 2n-1 th bit of the second bit sequence is opposite to the 2 nth bit.
It should be noted that, the first bit sequence and the second bit sequence should be generated in the same manner, that is, if the 2n-1 th bit of the first bit sequence is the nth bit of the first original sequence, the 2n-1 th bit of the second bit sequence should also be the nth bit of the second original sequence, and if the 2n th bit of the first bit sequence is the nth bit of the first original sequence, the 2n th bit of the second bit sequence should also be the nth bit of the second original sequence.
And step S103, receiving a superposition bit sequence in a bus of the controller area network.
The superposition bit sequence is formed by superposing the first bit sequence and the second bit sequence, and both the first node and the second node can receive the superposition bit sequence in a bus of the controller area network.
In the CAN bus, the characteristics are that a bit "0" is a dominant bit and a bit "1" is a recessive bit, which is also the basis of classical bus arbitration. In fact, if two nodes send a bit at the same time, four different situations may occur in total after the superposition, as shown in the following table:
it can be seen that if any one of the two nodes sends the dominant bit, the superimposed result is also the dominant bit, and if both the two nodes send the recessive bit, the superimposed result is also the recessive bit. Thus, the CAN bus CAN be considered as a logical and (&) function of the separately transmitted bits.
And step S104, generating a key according to the superposed bit sequence.
Specifically, step S104 may include the process as shown in fig. 2:
step S1041, dividing the superposition bit sequence into N tuples.
The tuple is a set of two bits, wherein the nth tuple includes the 2n-1 th bit and the 2 nth bit of the superposition bit sequence.
Step S1042, selecting each first tuple.
The first tuple is a tuple including bit "1", namely three tuples "01", "10" and "11".
Step S1043, deleting each bit corresponding to each first tuple in the first original sequence from the first original sequence, respectively, to obtain a third bit sequence.
For example, if the nth tuple in the superimposed bit sequence is the first tuple, the bit (i.e., nth bit) corresponding to the nth tuple in the first original sequence may be deleted from the first original sequence.
And step S1044 of generating the key according to the third bit sequence.
In a specific implementation of this embodiment, the third bit sequence may be determined as the key. In another specific implementation of this embodiment, the third bit sequence may be bit-wise inverted, and the bit-wise inverted third bit sequence may be determined as the key.
After the second node receives the superposed bit sequence, the process of generating the key is similar to that of the first node, namely, the superposed bit sequence is firstly divided into N tuples, each first tuple is selected, then each bit corresponding to each first tuple in the second original sequence is deleted from the second original sequence respectively to obtain a fourth bit sequence, and finally, the key is generated according to the fourth bit sequence. However, it should be noted that the third bit sequence and the fourth bit sequence are just the result of bitwise negation, and therefore, in order to ensure that the first node and the second node can generate the same key, if the first node directly determines the third bit sequence as the key, the second node may bitwise negate the fourth bit sequence, and determine the bitwise negated fourth bit sequence as the key; if the first node bit-wise inverts the third bit sequence and determines the bit-wise inverted third bit sequence as a key, the second node may directly determine the fourth bit sequence as the key.
The key generation method is described below with a specific example:
(1) the first node and the second node generate, independently of each other, a random bit sequence of a predetermined length N-10:
Ra=0 1 1 0 1 0 0 1 0 1
Rb=1 0 1 1 0 1 0 1 1 0
wherein Ra is the first original sequence, and Rb is the second original sequence.
(2) Inserting corresponding inverse proportion bits after each bit of Ra by the first node to generate a first bit sequence as shown in the following:
Sa=01 10 10 01 10 01 01 10 01 10
the second node inserts a corresponding inverse bit after each bit of Rb to generate a second bit sequence as shown below:
Sb=10 01 10 10 01 10 01 10 10 01
wherein Sa is the first bit sequence, and Sb is the second bit sequence.
(3) The first node and the second node simultaneously transmit bit sequences Sa and Sb, and the two are superposed to form a superposed bit sequence shown as follows:
Sab=Sa&Sb=00 00 10 00 00 00 01 10 00 00
wherein Sab is the superposition bit sequence.
(4) And the first node and the second node respectively receive the superposed bit sequences and respectively select each first tuple.
If the tuples are numbered from left to right starting with 1, the tuples numbered 3, 7, 8 are the first tuple.
(5) The first node deletes the 3 rd, 7 th and 8 th bits in Ra to obtain a third bit sequence as shown below:
Ka=0 1 0 1 0 0 1
the second node deletes the 3 rd, 7 th and 8 th bits in Rb to obtain a fourth bit sequence as shown below:
Kb=1 0 1 0 1 1 0
where Ka is the third bit sequence, Kb is the fourth bit sequence, and the two are bit-wise negations of each other.
(6) And selecting Ka or Kb as a key used when the first node and the second node communicate.
In summary, the embodiments of the present invention provide a novel key generation method, in which two nodes (i.e., the first node and the second node) in a controller area network that need to communicate can respectively generate bit sequences (i.e., the first bit sequence and the second bit sequence) with equal lengths, and simultaneously transmit the bit sequences on a bus of the controller area network. Since the two bit sequences are transmitted simultaneously, a new bit sequence, i.e., the superimposed bit sequence, is superimposed on the bus of the controller area network. The third party can only see this superimposed bit sequence without knowing the exact content of each bit sequence, but the content transmitted by the first node and the second node is known, and after receiving the superimposed bit sequence, the content transmitted by the other party can be easily derived and a key can be generated on the basis of the content. The method has the advantages of simplicity, low complexity, low cost and the like, and CAN be easily realized without any modification of a standard CAN controller.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 shows a structure diagram of an embodiment of a key generation apparatus provided in an embodiment of the present invention, where the apparatus is applied to a first node in a preset controller area network, where the first node is any one node in the controller area network, and the apparatus may include:
a first bit sequence generating module 301, configured to generate a first bit sequence;
a first bit sequence sending module 302, configured to send the first bit sequence in a bus of the controller area network;
a superimposed bit sequence receiving module 303, configured to receive a superimposed bit sequence in a bus of the controller area network, where the superimposed bit sequence is a bit sequence formed by superimposing the first bit sequence and a second bit sequence, the second bit sequence is a bit sequence generated by a second node, the second node is any node except the first node in the controller area network, the second bit sequence and the second bit sequence have the same length, and the second bit sequence and the first bit sequence are sent in the bus of the controller area network at the same time;
a key generating module 304, configured to generate a key according to the superposition bit sequence.
In a specific implementation of this embodiment, the first bit sequence generating module may include:
a first original sequence generating unit, configured to randomly generate a first original sequence, where the first original sequence includes N bits, N is greater than or equal to 1 and less than or equal to N, and N is a positive integer;
a first bit sequence generating unit, configured to generate the first bit sequence according to the first original sequence, where the first bit sequence includes 2N bits, a 2N-1 th bit of the first bit sequence is an nth bit of the first original sequence, and the 2N-1 th bit of the first bit sequence is opposite to the 2 nth bit.
In another specific implementation of this embodiment, the first bit sequence generating module may include:
a first original sequence generating unit, configured to randomly generate a first original sequence, where the first original sequence includes N bits, N is greater than or equal to 1 and less than or equal to N, and N is a positive integer;
a first bit sequence generating unit, configured to generate the first bit sequence according to the first original sequence, where the first bit sequence includes 2N bits, a 2 nth bit of the first bit sequence is an nth bit of the first original sequence, and a 2N-1 th bit of the first bit sequence is opposite to the 2 nth bit.
Further, the key generation module may include:
a tuple dividing unit, configured to divide the superposition bit sequence into N tuples, where an nth tuple includes a 2N-1 th bit and a 2 nth bit of the superposition bit sequence;
the tuple selecting unit is used for selecting each first tuple, and the first tuple is a tuple comprising bits of '1';
a bit deleting unit, configured to delete each bit in the first original sequence corresponding to each first tuple from the first original sequence, so as to obtain a third bit sequence;
a key generation unit configured to generate the key according to the third bit sequence.
Further, the key generation unit is specifically configured to determine the third bit sequence as the key;
or
And bitwise negating the third bit sequence, and determining the bitwise negated third bit sequence as the key.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, modules and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Fig. 4 shows a schematic block diagram of a terminal device according to an embodiment of the present invention, and for convenience of description, only the parts related to the embodiment of the present invention are shown.
As shown in fig. 4, the terminal device 4 of this embodiment includes: a processor 40, a memory 41 and a computer program 42 stored in said memory 41 and executable on said processor 40. The processor 40 implements the steps in the above-described embodiments of the key generation method, such as the steps S101 to S104 shown in fig. 1, when executing the computer program 42. Alternatively, the processor 40, when executing the computer program 42, implements the functions of each module/unit in the above-mentioned device embodiments, such as the functions of the modules 301 to 304 shown in fig. 3.
Illustratively, the computer program 42 may be partitioned into one or more modules/units that are stored in the memory 41 and executed by the processor 40 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 42 in the terminal device 4.
It will be understood by those skilled in the art that fig. 4 is only an example of the terminal device 4, and does not constitute a limitation to the terminal device 4, and may include more or less components than those shown, or combine some components, or different components, for example, the terminal device 4 may further include an input-output device, a network access device, a bus, etc.
The Processor 40 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4. The memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the terminal device 4. The memory 41 is used for storing the computer program and other programs and data required by the terminal device 4. The memory 41 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (8)
1. A key generation method is applied to a first node in a preset controller area network, wherein the first node is any one node in the controller area network, and the method comprises the following steps:
generating a first bit sequence comprising: randomly generating a first original sequence, wherein the first original sequence comprises N bits, N is more than or equal to 1 and less than or equal to N, N is a positive integer, generating a first bit sequence according to the first original sequence, the first bit sequence comprises 2N bits, and the 2N-1 th bit of the first bit sequence is opposite to the 2N th bit;
transmitting the first bit sequence in a bus of the controller area network;
receiving a superimposed bit sequence in a bus of the controller area network, where the superimposed bit sequence is a bit sequence formed by superimposing the first bit sequence and a second bit sequence, the second bit sequence is a bit sequence generated by a second node, the second node is any one node except the first node in the controller area network, the first bit sequence and the second bit sequence have the same length, and the second bit sequence and the first bit sequence are simultaneously sent in the bus of the controller area network;
generating a key according to the superimposed bit sequence, specifically including: the first node receives the superposition bit sequence and divides the superposition bit sequence into N tuples, wherein the nth tuple comprises the 2N-1 th bit and the 2 nth bit of the superposition bit sequence;
selecting each first tuple, wherein the first tuple is a tuple comprising a bit '1';
deleting each bit corresponding to each first tuple in the first original sequence from the first original sequence to obtain a third bit sequence;
generating the key from the third bit sequence.
2. The key generation method of claim 1, wherein generating the first sequence of bits further comprises: the 2n-1 th bit of the first bit sequence is the nth bit of the first original sequence.
3. The key generation method of claim 1, wherein generating the first sequence of bits further comprises:
the 2 nth bit of the first bit sequence is the nth bit of the first original sequence.
4. The key generation method of claim 1, wherein the generating the key according to the third bit sequence comprises:
determining the third bit sequence as the key;
or
And bitwise negating the third bit sequence, and determining the bitwise negated third bit sequence as the key.
5. A key generation apparatus, applied to a first node in a preset controller area network, where the first node is any one node in the controller area network, the apparatus comprising:
the first bit sequence generating module is used for generating a first bit sequence;
a first bit sequence sending module, configured to send the first bit sequence in a bus of the controller area network;
a superimposed bit sequence receiving module, configured to receive a superimposed bit sequence in a bus of the controller area network, where the superimposed bit sequence is a bit sequence formed by superimposing the first bit sequence and a second bit sequence, the second bit sequence is a bit sequence generated by a second node, the second node is any node except the first node in the controller area network, the first bit sequence and the second bit sequence have the same length, and the second bit sequence and the first bit sequence are simultaneously sent in the bus of the controller area network;
a key generation module, configured to generate a key according to the superposition bit sequence, specifically: the first node receives the superposed bit sequence, and processes a first original sequence according to the superposed bit sequence to generate the secret key;
the first bit sequence generation module comprises: a first original sequence generating unit, configured to randomly generate a first original sequence, where the first original sequence includes N bits, N is greater than or equal to 1 and less than or equal to N, and N is a positive integer;
a first bit sequence generating unit, configured to generate the first bit sequence according to the first original sequence, where the first bit sequence includes 2N bits, and the 2N-1 th bit of the first bit sequence is opposite to the 2N-th bit;
the key generation module includes:
a tuple dividing unit, configured to divide the superposition bit sequence into N tuples, where an nth tuple includes a 2N-1 th bit and a 2 nth bit of the superposition bit sequence;
the tuple selecting unit is used for selecting each first tuple, and the first tuple is a tuple comprising bits of '1';
a bit deleting unit, configured to delete each bit in the first original sequence corresponding to each first tuple from the first original sequence, so as to obtain a third bit sequence;
a key generation unit configured to generate the key according to the third bit sequence.
6. The key generation apparatus of claim 5, wherein the first bit sequence generation module comprises:
the 2n-1 th bit of the first bit sequence is the nth bit of the first original sequence.
7. A computer-readable storage medium storing computer-readable instructions, which, when executed by a processor, implement the steps of the key generation method of any one of claims 1 to 4.
8. Terminal device for generating a key, comprising a memory, a processor and the memory storing computer readable instructions executable on the processor, characterized in that the processor, when executing the computer readable instructions, implements the steps of the key generation method according to any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910844021.4A CN110730067B (en) | 2019-09-06 | 2019-09-06 | Key generation method and device, computer readable storage medium and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910844021.4A CN110730067B (en) | 2019-09-06 | 2019-09-06 | Key generation method and device, computer readable storage medium and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110730067A CN110730067A (en) | 2020-01-24 |
| CN110730067B true CN110730067B (en) | 2021-10-19 |
Family
ID=69217975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910844021.4A Active CN110730067B (en) | 2019-09-06 | 2019-09-06 | Key generation method and device, computer readable storage medium and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110730067B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11637685B2 (en) | 2021-08-31 | 2023-04-25 | Samsung Display Co., Ltd. | System and method for transition encoding with flexible word-size |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106233661A (en) * | 2014-04-28 | 2016-12-14 | 罗伯特·博世有限公司 | For the method generating secret or key in a network |
| CN107624229A (en) * | 2015-05-22 | 2018-01-23 | 罗伯特·博世有限公司 | Method for producing secret or key in a network |
| CN107836095A (en) * | 2015-05-22 | 2018-03-23 | 罗伯特·博世有限公司 | Method for producing secret or key in a network |
| CN108429617A (en) * | 2017-02-13 | 2018-08-21 | 罗伯特·博世有限公司 | Arrange the method and apparatus of shared key between first node and second node |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234466A (en) * | 2017-12-26 | 2018-06-29 | 中国移动通信集团江苏有限公司 | Information encryption communication method, device, computing device and storage medium |
| CN109787754B (en) * | 2018-12-14 | 2023-04-18 | 平安科技(深圳)有限公司 | Data encryption and decryption method, computer readable storage medium and server |
| CN109873700B (en) * | 2019-01-16 | 2023-10-10 | 内蒙古惠强科技有限公司 | Key generation method, device, computer readable storage medium and terminal equipment |
-
2019
- 2019-09-06 CN CN201910844021.4A patent/CN110730067B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106233661A (en) * | 2014-04-28 | 2016-12-14 | 罗伯特·博世有限公司 | For the method generating secret or key in a network |
| CN107624229A (en) * | 2015-05-22 | 2018-01-23 | 罗伯特·博世有限公司 | Method for producing secret or key in a network |
| CN107836095A (en) * | 2015-05-22 | 2018-03-23 | 罗伯特·博世有限公司 | Method for producing secret or key in a network |
| CN108429617A (en) * | 2017-02-13 | 2018-08-21 | 罗伯特·博世有限公司 | Arrange the method and apparatus of shared key between first node and second node |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110730067A (en) | 2020-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Abroshan | A hybrid encryption solution to improve cloud computing security using symmetric and asymmetric cryptography algorithms | |
| Woo et al. | Can id shuffling technique (cist): Moving target defense strategy for protecting in-vehicle can | |
| Groza et al. | LiBrA-CAN: Lightweight broadcast authentication for controller area networks | |
| WO2016153602A1 (en) | Systems, methods, and apparatus to provide private information retrieval | |
| CN108696411A (en) | Device for being used in CAN system | |
| Dhany et al. | Encryption and decryption using password based encryption, MD5, and DES | |
| WO2019081919A1 (en) | Data storage and verification | |
| CN110611568B (en) | Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms | |
| US10699031B2 (en) | Secure transactions in a memory fabric | |
| King | Investigating and securing communications in the Controller Area Network (CAN) | |
| CN1592190B (en) | Hardware cryptographic engine and encryption method | |
| CN111901109B (en) | White-box-based communication method, device, equipment and storage medium | |
| CN112734423A (en) | Transaction method based on block chain and terminal equipment | |
| EP2960891B1 (en) | Method for introducing dependence of white-box implementationon a set of strings | |
| CN110730067B (en) | Key generation method and device, computer readable storage medium and terminal equipment | |
| US11165758B2 (en) | Keystream generation using media data | |
| CN114154200A (en) | Privacy set merging method and system based on exchangeable weak pseudorandom function | |
| CN115277064B (en) | Data encryption and data decryption methods and devices, electronic equipment and medium | |
| EP4084484B1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| WO2020069431A1 (en) | Oblivious filtering of data streams | |
| Armour et al. | Algorithm substitution attacks against receivers | |
| CN115603980A (en) | Data packet aggregation method and device and electronic equipment | |
| CN111031075B (en) | Network service security access method, terminal, system and readable storage medium | |
| Shannon et al. | Blockchain based distributed key provisioning and secure communication over CAN FD | |
| CN117221878B (en) | Information security control method and device based on wireless network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230925 Address after: Unit KL, 6th floor, block B, building 7, Baoneng Science Park, Qinghu Industrial Park, Qingxiang Road, Longhua street, Longhua District, Shenzhen, Guangdong 518000 Patentee after: SECZONE TECHNOLOGY Co.,Ltd. Patentee after: Jiangsu Sichuang Internet Co.,Ltd. Address before: Unit KL, 6th floor, block B, building 7, Baoneng Science Park, Qinghu Industrial Park, Qingxiang Road, Longhua street, Longhua District, Shenzhen, Guangdong 518000 Patentee before: SECZONE TECHNOLOGY Co.,Ltd. Patentee before: Open source network security Internet of things technology (Wuhan) Co.,Ltd. |
|
| TR01 | Transfer of patent right |