CN110838910A - Subway comprehensive monitoring system based on SM3 and SM4 communication encryption - Google Patents

Subway comprehensive monitoring system based on SM3 and SM4 communication encryption Download PDF

Info

Publication number
CN110838910A
CN110838910A CN201910981969.4A CN201910981969A CN110838910A CN 110838910 A CN110838910 A CN 110838910A CN 201910981969 A CN201910981969 A CN 201910981969A CN 110838910 A CN110838910 A CN 110838910A
Authority
CN
China
Prior art keywords
workstation
server
fep
ukey
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910981969.4A
Other languages
Chinese (zh)
Other versions
CN110838910B (en
Inventor
赵晗
何治达
郑继平
温鑫
李明
郑博胜
李建峰
杨永峰
刘中峰
周天鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Brilliant City Rail Technology Co Ltd
Zhengzhou Metro Group Co Ltd
Original Assignee
Henan Brilliant City Rail Technology Co Ltd
Zhengzhou Metro Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Brilliant City Rail Technology Co Ltd, Zhengzhou Metro Group Co Ltd filed Critical Henan Brilliant City Rail Technology Co Ltd
Priority to CN201910981969.4A priority Critical patent/CN110838910B/en
Publication of CN110838910A publication Critical patent/CN110838910A/en
Application granted granted Critical
Publication of CN110838910B publication Critical patent/CN110838910B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Abstract

The invention relates to a subway comprehensive monitoring system based on SM3 and SM4 communication encryption, and belongs to the technical field of subway monitoring. The invention comprises a key management center and a plurality of monitoring centers; all the monitoring centers are connected through a backbone network of the comprehensive monitoring system; each monitoring center comprises a workstation, an FEP and a server which are connected through a network bus; the workstation, the FEP and the server are respectively provided with a workstation end UKey, an FEP end UKey and a server end UKey; and the workstation, the FEP and the server are all provided with a safety middleware module. When the monitoring program needs to be started, the invention firstly carries out self-authentication of the equipment through the workstation, the FEP and the UKey and the safety middleware module corresponding to the server, and meanwhile, the server end also needs to pass user authentication aiming at an operator, and can start the corresponding monitoring program after the user authentication passes, and then carries out key agreement and data encryption communication. The invention can efficiently avoid illegal invasion and improve the safety of the subway comprehensive monitoring system.

Description

Subway comprehensive monitoring system based on SM3 and SM4 communication encryption
Technical Field
The invention relates to a subway comprehensive monitoring system based on SM3 and SM4 communication encryption, and belongs to the technical field of subway monitoring.
Background
The main functions of the integrated subway monitoring system (ISCS) include a real-time centralized monitoring function for electromechanical equipment and a coordination linkage function among all systems. On one hand, the subway comprehensive monitoring system can realize the basic functions of real-time centralized monitoring and control of broadcasting information, clock information and the like of power equipment, fire alarm information and equipment thereof, station environmental control equipment, interval environmental control equipment, environmental parameters, shielded door equipment, flood gate prevention equipment, escalator equipment, lighting equipment, access control equipment, automatic ticket selling and checking equipment, broadcasting and closed-circuit television equipment, a passenger information display system and the like; on the other hand, by the subway comprehensive monitoring system, high-level functions such as coordination and interaction among related system equipment under the night non-operation condition, the day normal operation condition, the emergency condition and the important equipment failure condition can be realized. Therefore, the subway comprehensive monitoring system is very important for comprehensive operation of subway lines.
At present, a non-cloud subway comprehensive monitoring system is a distributed multi-layer application, and is mainly characterized in that each station is provided with a node server and a plurality of workstations, and computer equipment dispersed in different environments is connected with a monitoring center host computer room through a dual-ring redundant network to form a network application system spanning the whole line. Therefore, the subway comprehensive monitoring system has the risks of illegal access and illegal operation of a host, further causes potential dangers such as system failure caused by illegal starting and stopping of system services, reduction of system performance caused by illegal starting of a large amount of services, illegal control of subsystem equipment, illegal modification of configuration data, illegal connection requests or counterfeiting of communication data and the like, and finally endangers the operation safety of the whole subway line.
Therefore, how to improve the safety performance of the subway comprehensive monitoring system to avoid the occurrence of system illegal invasion is a technical problem which needs to be solved urgently.
Disclosure of Invention
The invention aims to provide a subway comprehensive monitoring system based on SM3 and SM4 communication encryption, so as to solve the problem that the conventional subway comprehensive monitoring system is easy to illegally intrude.
The invention provides a subway comprehensive monitoring system based on SM3 and SM4 communication encryption for solving the technical problems, which is characterized by comprising a key management center and a plurality of monitoring centers; all the monitoring centers are connected through a backbone network of the comprehensive monitoring system; each monitoring center comprises a workstation, an FEP and a server which are connected through a network bus;
each workstation, the FEP and the server are respectively provided with a workstation end UKey, an FEP end UKey and a server end UKey; each workstation, the FEP and the server are provided with a safety middleware module;
the security middleware module comprises a bottom equipment layer, a middle password service layer and an upper API (application program interface) layer; the equipment layer is used for connecting a user end UKey, a workstation end UKey, an FEP end UKey and/or a server end UKey; the cipher service layer is used for providing cipher operation functions of a symmetric cipher algorithm and an asymmetric cipher algorithm; the API interface layer is used for being called by a workstation, an EFP and/or a server;
a user account identification and corresponding private key information are stored in a user end UKey; the workstation end UKey stores the equipment characteristic information of the workstation and the corresponding private key information; the FEP end UKey stores the equipment characteristic information of FEP and the corresponding private key information; the server-side UKey stores equipment characteristic information of the server and corresponding private key information;
the key management center comprises an SM9 identification password management system and an SM9 identification password machine, wherein the SM9 identification password management system is connected with the SM9 identification password machine and is used for calculating and generating private key information in a user-side UKey, a workstation-side UKey, an FEP-side UKey and a server-side UKey and writing the private key information into a corresponding UKey;
when any two parties of the workstation, the FEP and the server communicate, one party is a communication initiator, and the other party is a communication provider;
the communication initiator and the communication provider can communicate only through the following steps:
s11: the communication initiator and the communication provider respectively start respective monitoring programs;
s12: the communication initiator and the communication provider use the private key information stored in the corresponding UKey to carry out key agreement, and derive an encryption key for SM4 encrypted communication and an authentication key for SM3 authentication signature according to the agreement result;
s13: the communication initiator and the communication provider carry out encrypted communication by using an encryption key SKey and an authentication key AKey;
wherein, only after the equipment authentication and the user authentication of the workstation are completed, the monitoring program on the workstation can be started; only after the authentication of the FEP equipment is completed, the monitoring program on the FEP can be started; the monitoring program on the FEP can only be started after the server device authentication is completed.
Further, the workstation device authentication comprises the steps of:
s21: a monitoring program on a workstation sends a workstation terminal challenge value to a corresponding workstation terminal security middleware module;
s22: the workstation end security middleware module encrypts the workstation end challenge value according to private key information stored on a corresponding workstation end UKey to generate a signature corresponding to the workstation and transmits the signature to a monitoring program on the workstation;
s23: and when the monitoring program on the workstation uses the equipment characteristic information of the workstation to complete signature verification on the signature corresponding to the workstation, the equipment authentication of the workstation is completed.
Further, the server device authentication includes the steps of:
s31: the monitoring program on the FEP sends an FEP end challenge value to the corresponding FEP end safety middleware module;
s32: the FEP end security middleware module encrypts the FEP end challenge value according to private key information stored on the corresponding FEP end UKey to generate a signature corresponding to the FEP and transmits the signature to a monitoring program on the FEP;
s33: when the monitoring program on the FEP uses the FEP's device feature information to complete signature verification on the FEP's corresponding signature, FEP device authentication is completed.
Further, the server device authentication includes the steps of:
s41: a monitoring program on a server sends a server-side challenge value to a corresponding server-side security middleware module;
s42: the server side security middleware module encrypts the server side challenge value according to the private key information stored on the corresponding server side UKey to generate a signature corresponding to the server, and transmits the signature to the monitoring program on the server;
s43: and when the monitoring program on the server uses the device characteristic information of the server to verify the signature of the signature corresponding to the server, the authentication of the server device is completed.
Further, the user authentication includes the steps of:
s51: the workstation terminal initiates a user authentication request to the server terminal, and the server terminal returns a server terminal challenge value;
s52: the workstation end security middleware module signs equipment characteristic information of a workstation and a challenge value of a server end by using private key information of a user end UKey to generate a workstation end signature;
s53: the workstation side sends user authentication request information containing the workstation side signature, the equipment characteristic information of the workstation, the private key information of a user side UKey, the server side challenge value and the workstation side challenge value to the server side;
s54: the server side verifies the user authentication request information according to the data in the monitoring system database, and generates a state code when the corresponding relation between the equipment characteristic information of the workstation and the private key information of the UKey of the user side is valid;
s55: the server side security middleware module uses the user account identification to sign and verify the workstation side signature, and then uses the private key information of the server side UKey to sign the state code and the workstation side challenge value to generate a server side signature;
s56: the server side sends user authentication request information containing server side signature, equipment characteristic information of the server, a state code and a workstation side challenge value to the server side;
s57: the workstation side security middleware module uses the equipment characteristic information of the server to carry out signature verification on the server side signature, and if the signature passes the equipment characteristic information, user authentication is completed;
the monitoring system database stores the effective corresponding relation between the private key information of the UKey of the user side and the equipment characteristic information of the workstation.
Further, the key agreement comprises the steps of:
s61: the method comprises the steps that a safety middleware module corresponding to a communication initiator generates a random number Mkey, and the random number Mkey is encrypted by using equipment characteristic information ID _ T corresponding to a communication provider to obtain a ciphertext Cip 1;
s62: the security middleware module corresponding to the communication initiator signs the ciphertext Cip1 and the current system timestamp TS by using the private key information corresponding to the communication initiator to obtain a signature Sig 3;
s63: the safety middleware module corresponding to the communication initiator returns the calculation result to the communication initiator, and the communication initiator sends a key negotiation request comprising equipment characteristic information ID _ F corresponding to the communication initiator, equipment characteristic information ID _ T corresponding to the communication provider, a current system timestamp TS, a ciphertext Cip1 and a signature Sig3 to the communication provider;
s64: the safety middleware module corresponding to the communication provider uses the device characteristic information ID _ F corresponding to the communication sender to perform signature verification on the signature Sig3, decrypts the ciphertext Cip1 by using the device characteristic information ID _ T corresponding to the communication provider after the signature Sig3 passes the verification, so as to obtain a decryption result, and returns a response state code in the decryption result to the communication provider;
s65: and the security middleware module corresponding to the communication provider and the security middleware module corresponding to the communication initiator negotiate to generate an encryption key SKey and an authentication key AKey.
Further, the encrypted communication includes the steps of:
s71: the communication initiator uses an encryption key SKey as an SM4 symmetric encryption algorithm key to encrypt transmission data, and uses an authentication key AKey to calculate an HMAC based on an SM3 algorithm;
s72: and the communication provider decrypts and verifies the transmission data by using the encryption key SKey and the authentication key AKey.
Further, the monitoring center is a central level monitoring center or a station level monitoring center.
The invention has the beneficial effects that:
the invention analyzes and calculates the intrusion type, intrusion damage, potential reason, consequence and intrusion probability of each node in the subway integrated monitoring system to obtain the damage grade and risk grade of illegal intrusion of each node in the subway integrated monitoring system, and comprehensively considers the upgrading cost and workload.
When any two parties of the workstation, the FEP and the server are in communication, the method respectively starts the monitoring program, negotiates the key and carries out data encryption communication.
The invention respectively equips each workstation, server and FEP in the subway integrated monitoring system with a device UKey, and installs a safety middleware module SDK therein, when the monitoring program needs to be started, the self-authentication of each device needs to be carried out through the respective device UKey and safety middleware module, and meanwhile, the server end needs to pass the user authentication aiming at the operator, and then the corresponding monitoring program can be started.
In the key agreement process, SM9 encryption and decryption are used for ensuring data security, SM9 signature verification is used for data identity authentication, TS is a current system timestamp and is used for preventing replay attack, and after the key agreement, the two communication parties derive the same working key through the same key material and perform encryption and decryption work of secure data transmission.
By adopting the measures, the invention can efficiently avoid illegal invasion and improve the safety of the subway comprehensive monitoring system.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a subway integrated monitoring system according to the present invention;
FIG. 2 is a flow chart of workstation equipment authentication in an embodiment of a comprehensive subway monitoring system according to the present invention;
FIG. 3 is a flow chart of FEP equipment authentication in an embodiment of the integrated monitoring system for a subway of the present invention;
FIG. 4 is a flowchart of server device authentication in an embodiment of a metro integrated monitoring system of the present invention;
FIG. 5 is a flow chart of user authentication in an embodiment of a comprehensive subway monitoring system according to the present invention;
FIG. 6 is a flowchart of key agreement in an embodiment of a metro integrated monitoring system of the present invention;
fig. 7 is a flow chart of encrypted communication in an embodiment of the integrated monitoring system for a subway of the present invention.
Detailed Description
The following describes embodiments of the present invention in detail with reference to the accompanying drawings.
The subway comprehensive monitoring system and the related system and equipment thereof are divided into four layers in physical structure: a central level control center, a station level control layer, a professional subsystem and an equipment layer; from the management logic point of view, 3-level control is managed for 2 levels: central level comprehensive monitoring, station level comprehensive monitoring and local control of subsystems and equipment layers. The redundant double-ring network structure is adopted, wherein part of the specialties are accessed in a central-level control center, and other specialties are accessed in a station level. The software and hardware system of the subway integrated monitoring system covers the central local area network and the station local area network through a main layer network, so that the communication of the subway integrated monitoring system is divided into 2 parts: the internal communication communicates with the external communication. The internal communication refers to network communication between the central monitoring center and the station monitoring center, and the external communication refers to network communication or serial communication between the subway comprehensive monitoring system and each professional subsystem.
Connection structure of the present embodiment
Fig. 1 is a schematic diagram of the present embodiment, which includes a key management center and a plurality of monitoring centers; all the monitoring centers are connected through a backbone network of the comprehensive monitoring system; the monitoring center is a central level monitoring center or a station level monitoring center; each monitoring center comprises a workstation, an FEP and a server connected by a network bus.
The specific central monitoring center comprises an electric adjusting workstation, a ring adjusting workstation, a driving auxiliary workstation, a general adjusting workstation, a real-time server, a history server, FEP (fluorinated ethylene propylene) and other equipment, and the station level monitoring center comprises an operator workstation, a real-time server, FEP and other equipment.
In this embodiment, each workstation, FEP, and server in the central monitoring center or the station level monitoring center is respectively equipped with a workstation-side UKey, an FEP-side UKey, and a server-side UKey; and each workstation, the FEP and the server are provided with a safety middleware module.
The safety middleware module belongs to an SDK software development kit and comprises a bottom device layer, a middle password service layer and an upper API (application program interface) layer; the equipment layer is used for connecting a user end Ukey, a workstation end Ukey, an FEP end Ukey and/or a server end Ukey; the cipher service layer is used for providing cipher operation functions of a symmetric cipher algorithm and an asymmetric cipher algorithm; the API interface layer is used to be called by the workstation, the EFP, and/or the server.
A user account identifier and corresponding private key information are stored in a user end UKey, wherein the user account identifier is a public key; the UKey of the workstation end stores equipment characteristic information of the workstation and corresponding private key information thereof, wherein the equipment characteristic information of the workstation is a public key, and a serial number, an MAC number, an IMEI number and the like of equipment are generally used; the FEP end UKey stores the equipment characteristic information of FEP and the corresponding private key information thereof, wherein the equipment characteristic information of FEP is a public key, and the serial number, MAC number, IMEI number and the like of equipment are generally used; the server-side UKey stores equipment characteristic information of the server and corresponding private key information, wherein the equipment characteristic information of the server is a public key, and generally, a serial number, an MAC number, an IMEI number and the like of the equipment are used.
The information signed by the private key can be verified by using the public key, and the verification passes, so that the identity of the communication receiver is proved to have no problem.
The key management center comprises an SM9 identification password management system and an SM9 identification password machine, wherein the SM9 identification password management system is connected with the SM9 identification password machine and is used for calculating and generating private key information in a user-side UKey, a workstation-side UKey, an FEP-side UKey and a server-side UKey and writing the private key information into a corresponding UKey.
In this example. The key management center adopts an off-line manufacturing mode, so that the security is higher, and the server side needs to manually update the user information and the key information from time to time.
When any two parties of the workstation, the FEP and the server communicate, the embodiment respectively performs the startup of the monitoring program, the key agreement and the data encryption communication, and includes the following steps:
s11: the communication initiator and the communication provider respectively start respective monitoring programs;
s12: the communication initiator and the communication provider use the private key information stored in the corresponding UKey to carry out key agreement, and derive an encryption key for SM4 encrypted communication and an authentication key for SM3 authentication signature according to the agreement result;
s13: the communication initiator and the communication provider carry out encrypted communication by using an encryption key SKey and an authentication key AKey;
the embodiment is responsible for monitoring the specific starting condition of the monitoring program of the communication
Since the internal communication is mainly two links:
local communication: workstation → real time server → FEP → real time server → workstation;
and (3) internetwork communication: central workstation → central real time server → station FEP → central real time server → central workstation.
In this embodiment, only after the workstation device authentication and the user authentication are completed, the monitoring program on the workstation can be started; only after the authentication of the FEP equipment is completed, the monitoring program on the FEP can be started; the monitoring program on the FEP can only be started after the server device authentication is completed.
Thus, an operator who does not use the workstation authority or has the workstation authority but does not connect with a certain server authority cannot pass user authentication by using the corresponding user end UKey, so that a monitoring program cannot be started; of course, the server and the FEP cannot start the monitoring program if they cannot be authenticated by the respective devices.
Therefore, illegal network intrusion on the workstation, the FEP and the server node is avoided, and the overall safety is improved.
Workstation device authentication
In this embodiment, a challenge value is generated by a monitoring program on a workstation, then the challenge value is encrypted by using private key information stored on a workstation end UKey, and finally the monitoring program on the workstation decrypts and verifies the encrypted challenge value by using device characteristic information (i.e. public key information) of the workstation, and if a correct challenge value is decrypted, it indicates that the workstation device is not hijacked, and the authentication is successful.
As shown in fig. 2, the workstation device authentication includes the steps of:
s21: a monitoring program on a workstation sends a workstation terminal challenge value to a corresponding workstation terminal security middleware module;
s22: the workstation end security middleware module encrypts the workstation end challenge value according to private key information stored on a corresponding workstation end UKey to generate a signature corresponding to the workstation and transmits the signature to a monitoring program on the workstation;
s23: and when the monitoring program on the workstation uses the equipment characteristic information of the workstation to complete signature verification on the signature corresponding to the workstation, the equipment authentication of the workstation is completed.
Device authentication
In this embodiment, a challenge value is generated by a monitoring program on the FEP, then the challenge value is encrypted by using private key information stored on the FEP end UKey, and finally the monitoring program on the FEP decrypts and verifies the encrypted challenge value by using device feature information (i.e., public key information) of the FEP, and if a correct challenge value is decrypted, it indicates that the FEP device is not hijacked, and the authentication is successful.
As shown in fig. 3, the FEP equipment authentication includes the following steps:
s31: the monitoring program on the FEP sends an FEP end challenge value to the corresponding FEP end safety middleware module;
s32: the FEP end security middleware module encrypts the FEP end challenge value according to private key information stored on the corresponding FEP end UKey to generate a signature corresponding to the FEP and transmits the signature to a monitoring program on the FEP;
s33: when the monitoring program on the FEP uses the FEP's device feature information to complete signature verification on the FEP's corresponding signature, FEP device authentication is completed.
Server device authentication
In this embodiment, a challenge value is generated by a monitoring program on a server, then the challenge value is encrypted by using private key information stored on a server-side UKey, and finally the monitoring program on the server decrypts and verifies the encrypted challenge value by using device characteristic information (i.e., public key information) of the server, and if a correct challenge value is decrypted, it indicates that the server device is not hijacked, and the authentication is successful.
As shown in fig. 4, the server device authentication includes the steps of:
s41: a monitoring program on a server sends a server-side challenge value to a corresponding server-side security middleware module;
s42: the server side security middleware module encrypts the server side challenge value according to the private key information stored on the corresponding server side UKey to generate a signature corresponding to the server, and transmits the signature to the monitoring program on the server;
s43: and when the monitoring program on the server uses the device characteristic information of the server to verify the signature of the signature corresponding to the server, the authentication of the server device is completed.
User authentication
In the embodiment, the private key information of the UKey of the user side and the private key information of the UKey of the server side are used for carrying out encryption signature on related information in sequence, the legal identities of the user side and the server side are verified through the effective corresponding relation between the private key information of the UKey of the user side stored in the database of the monitoring system and the equipment characteristic information of the workstation, and then the secret signature is verified through the cross use of the public key by the user side and the server side, so that the authentication of the user identity is finally completed, and the condition that the user side is hijacked is avoided.
As shown in fig. 5, the user authentication includes the steps of:
s51: the workstation terminal initiates a user authentication request to the server terminal, and the server terminal returns a server terminal challenge value;
s52: the workstation end security middleware module signs equipment characteristic information of a workstation and a challenge value of a server end by using private key information of a user end UKey to generate a workstation end signature;
s53: the workstation side sends user authentication request information containing the workstation side signature, the equipment characteristic information of the workstation, the private key information of a user side UKey, the server side challenge value and the workstation side challenge value to the server side;
s54: the server side verifies the user authentication request information according to the data in the monitoring system database, and generates a state code when the corresponding relation between the equipment characteristic information of the workstation and the private key information of the UKey of the user side is valid;
s55: the server side security middleware module uses the user account identification to sign and verify the workstation side signature, and then uses the private key information of the server side UKey to sign the state code and the workstation side challenge value to generate a server side signature;
s56: the server side sends user authentication request information containing server side signature, equipment characteristic information of the server, a state code and a workstation side challenge value to the server side;
s57: the workstation side security middleware module uses the equipment characteristic information of the server to carry out signature verification on the server side signature, and if the signature passes the equipment characteristic information, user authentication is completed;
the monitoring system database stores the effective corresponding relation between the private key information of the UKey of the user side and the equipment characteristic information of the workstation, and the private key information and the equipment characteristic information need to be manually updated into the server.
Key agreement
As shown in fig. 6, the key agreement in this embodiment includes the following steps:
s61: the method comprises the steps that a safety middleware module corresponding to a communication initiator generates a random number Mkey, and the random number Mkey is encrypted by using equipment characteristic information ID _ T corresponding to a communication provider to obtain a ciphertext Cip 1;
s62: the security middleware module corresponding to the communication initiator signs the ciphertext Cip1 and the current system timestamp TS by using the private key information corresponding to the communication initiator to obtain a signature Sig 3;
s63: the safety middleware module corresponding to the communication initiator returns the calculation result to the communication initiator, and the communication initiator sends a key negotiation request comprising equipment characteristic information ID _ F corresponding to the communication initiator, equipment characteristic information ID _ T corresponding to the communication provider, a current system timestamp TS, a ciphertext Cip1 and a signature Sig3 to the communication provider;
s64: the safety middleware module corresponding to the communication provider uses the device characteristic information ID _ F corresponding to the communication sender to perform signature verification on the signature Sig3, decrypts the ciphertext Cip1 by using the device characteristic information ID _ T corresponding to the communication provider after the signature Sig3 passes the verification, so as to obtain a decryption result, and returns a response state code in the decryption result to the communication provider;
s65: and the security middleware module corresponding to the communication provider and the security middleware module corresponding to the communication initiator negotiate to generate an encryption key SKey and an authentication key AKey.
Encrypted communication
As shown in fig. 7, the specific encrypted communication in this embodiment includes the following steps:
s71: the communication initiator uses an encryption key SKey as an SM4 symmetric encryption algorithm key to encrypt transmission data, and uses an authentication key AKey to calculate an HMAC based on an SM3 algorithm;
s72: and the communication provider decrypts and verifies the transmission data by using the encryption key SKey and the authentication key AKey.
In this embodiment, a central server in a system test stage is configured by using the requirement parameters of the zhengzhou subway number 14, an SDK security middleware module is specially developed, and a test script is written to test the usability and performance indexes of the API using the SM3 and SM4 cryptographic algorithms respectively. The test environment of the embodiment is a general development environment, and the hardware configuration: hp Z240 i7-7700CPU3.6Ghz 16G RAM; software environment: windows 1064 bit.
The table 1 is a test record table of the SM3 hash algorithm, the table 2 is a summary table of SM4 data encryption and decryption test records, and the table 3 is a system test environment configuration table, and test results show that the usability of api completely meets the requirements, but the performance of performance indexes on small data packets is obviously not as good as that of large data amount. Encryption and decryption measures are avoided for small and high communication frequency scenes in data communication applications. The control instruction of the integrated monitoring system generally needs 160 bytes of data packets, and the time length of single encryption and decryption is estimated according to 256 bytes and is about 26 us; for data encryption of a small amount of 6-9 bytes used by partial data, the encryption and decryption time length is approximately equal to 14us when the data encryption is estimated by 32 bytes. The time length x 2 is the time length required from encryption to decryption for a complete communication, namely 52us (512 bytes) or 28us (32 bytes), and the difference between the standard requirement and the index under the actual production environment is generally more than 100ms, so that the tested object can meet the requirement on time delay in scheme design and related subway standards regardless of function or performance.
TABLE 1
Figure 799069DEST_PATH_IMAGE002
TABLE 2
Figure DEST_PATH_IMAGE003
TABLE 3
Figure 355690DEST_PATH_IMAGE004
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention and not to limit it; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.

Claims (8)

1. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption is characterized by comprising a key management center and a plurality of monitoring centers; all the monitoring centers are connected through a backbone network of the comprehensive monitoring system; each monitoring center comprises a workstation, an FEP and a server which are connected through a network bus;
each workstation, the FEP and the server are respectively provided with a workstation end UKey, an FEP end UKey and a server end UKey;
each workstation, the FEP and the server are provided with a safety middleware module;
the security middleware module comprises a bottom equipment layer, a middle password service layer and an upper API (application program interface) layer; the equipment layer is used for connecting a user end UKey, a workstation end UKey, an FEP end UKey and/or a server end UKey; the cipher service layer is used for providing cipher operation functions of a symmetric cipher algorithm and an asymmetric cipher algorithm; the API interface layer is used for being called by a workstation, an EFP and/or a server;
a user account identification and corresponding private key information are stored in a user end UKey; the workstation end UKey stores the equipment characteristic information of the workstation and the corresponding private key information; the FEP end UKey stores the equipment characteristic information of FEP and the corresponding private key information; the server-side UKey stores equipment characteristic information of the server and corresponding private key information;
the key management center comprises an SM9 identification password management system and an SM9 identification password machine, wherein the SM9 identification password management system is connected with the SM9 identification password machine and is used for calculating and generating private key information in a user-side UKey, a workstation-side UKey, an FEP-side UKey and a server-side UKey and writing the private key information into a corresponding UKey;
when any two parties of the workstation, the FEP and the server communicate, one party is a communication initiator, and the other party is a communication provider;
the communication initiator and the communication provider can communicate only through the following steps:
s11: the communication initiator and the communication provider respectively start respective monitoring programs;
s12: the communication initiator and the communication provider use the private key information stored in the corresponding UKey to carry out key agreement, and derive an encryption key SKey for SM4 encrypted communication and an authentication key AKey for SM3 authentication signature according to the agreement result;
s13: the communication initiator and the communication provider carry out encrypted communication by using an encryption key SKey and an authentication key AKey;
wherein, only after the equipment authentication and the user authentication of the workstation are completed, the monitoring program on the workstation can be started; only after the authentication of the FEP equipment is completed, the monitoring program on the FEP can be started; the monitoring program on the FEP can only be started after the server device authentication is completed.
2. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption according to claim 1, characterized in that the workstation equipment authentication comprises the steps of:
s21: a monitoring program on a workstation sends a workstation terminal challenge value to a corresponding workstation terminal security middleware module;
s22: the workstation end security middleware module encrypts the workstation end challenge value according to private key information stored on a corresponding workstation end UKey to generate a signature corresponding to the workstation and transmits the signature to a monitoring program on the workstation;
s23: and when the monitoring program on the workstation uses the equipment characteristic information of the workstation to complete signature verification on the signature corresponding to the workstation, the equipment authentication of the workstation is completed.
3. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption according to claim 1, characterized in that the server device authentication comprises the steps of:
s31: the monitoring program on the FEP sends an FEP end challenge value to the corresponding FEP end safety middleware module;
s32: the FEP end security middleware module encrypts the FEP end challenge value according to private key information stored on the corresponding FEP end UKey to generate a signature corresponding to the FEP and transmits the signature to a monitoring program on the FEP;
s33: when the monitoring program on the FEP uses the FEP's device feature information to complete signature verification on the FEP's corresponding signature, FEP device authentication is completed.
4. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption according to claim 1, characterized in that the server device authentication comprises the steps of:
s41: a monitoring program on a server sends a server-side challenge value to a corresponding server-side security middleware module;
s42: the server side security middleware module encrypts the server side challenge value according to the private key information stored on the corresponding server side UKey to generate a signature corresponding to the server, and transmits the signature to the monitoring program on the server;
s43: and when the monitoring program on the server uses the device characteristic information of the server to verify the signature of the signature corresponding to the server, the authentication of the server device is completed.
5. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption according to claim 1, characterized in that, the user authentication comprises the steps of:
s51: the workstation terminal initiates a user authentication request to the server terminal, and the server terminal returns a server terminal challenge value;
s52: the workstation end security middleware module signs equipment characteristic information of a workstation and a challenge value of a server end by using private key information of a user end UKey to generate a workstation end signature;
s53: the workstation side sends user authentication request information containing the workstation side signature, the equipment characteristic information of the workstation, the private key information of a user side UKey, the server side challenge value and the workstation side challenge value to the server side;
s54: the server side verifies the user authentication request information according to the data in the monitoring system database, and generates a state code when the corresponding relation between the equipment characteristic information of the workstation and the private key information of the UKey of the user side is valid;
s55: the server side security middleware module uses the user account identification to sign and verify the workstation side signature, and then uses the private key information of the server side UKey to sign the state code and the workstation side challenge value to generate a server side signature;
s56: the server side sends user authentication request information containing server side signature, equipment characteristic information of the server, a state code and a workstation side challenge value to the server side;
s57: the workstation side security middleware module uses the equipment characteristic information of the server to carry out signature verification on the server side signature, and if the signature passes the equipment characteristic information, user authentication is completed;
the monitoring system database stores the effective corresponding relation between the private key information of the UKey of the user side and the equipment characteristic information of the workstation.
6. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption according to claim 1, characterized in that the key agreement comprises the following steps:
s61: the method comprises the steps that a safety middleware module corresponding to a communication initiator generates a random number Mkey, and the random number Mkey is encrypted by using equipment characteristic information ID _ T corresponding to a communication provider to obtain a ciphertext Cip 1;
s62: the security middleware module corresponding to the communication initiator signs the ciphertext Cip1 and the current system timestamp TS by using the private key information corresponding to the communication initiator to obtain a signature Sig 3;
s63: the safety middleware module corresponding to the communication initiator returns the calculation result to the communication initiator, and the communication initiator sends a key negotiation request comprising equipment characteristic information ID _ F corresponding to the communication initiator, equipment characteristic information ID _ T corresponding to the communication provider, a current system timestamp TS, a ciphertext Cip1 and a signature Sig3 to the communication provider;
s64: the safety middleware module corresponding to the communication provider uses the device characteristic information ID _ F corresponding to the communication sender to perform signature verification on the signature Sig3, decrypts the ciphertext Cip1 by using the device characteristic information ID _ T corresponding to the communication provider after the signature Sig3 passes the verification, so as to obtain a decryption result, and returns a response state code in the decryption result to the communication provider;
s65: and the security middleware module corresponding to the communication provider and the security middleware module corresponding to the communication initiator negotiate to generate an encryption key SKey and an authentication key AKey.
7. A subway comprehensive monitoring system based on SM3 and SM4 communication encryption according to claim 1, characterized in that the encrypted communication comprises the following steps:
s71: the communication initiator uses an encryption key SKey as an SM4 symmetric encryption algorithm key to encrypt transmission data, and uses an authentication key AKey to calculate an HMAC based on an SM3 algorithm;
s72: and the communication provider decrypts and verifies the transmission data by using the encryption key SKey and the authentication key AKey.
8. A comprehensive subway monitoring system based on SM3 and SM4 communication encryption as claimed in claim 1, wherein said monitoring center is a central level monitoring center or a station level monitoring center.
CN201910981969.4A 2019-10-16 2019-10-16 Subway comprehensive monitoring system based on SM3 and SM4 communication encryption Active CN110838910B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910981969.4A CN110838910B (en) 2019-10-16 2019-10-16 Subway comprehensive monitoring system based on SM3 and SM4 communication encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910981969.4A CN110838910B (en) 2019-10-16 2019-10-16 Subway comprehensive monitoring system based on SM3 and SM4 communication encryption

Publications (2)

Publication Number Publication Date
CN110838910A true CN110838910A (en) 2020-02-25
CN110838910B CN110838910B (en) 2022-04-05

Family

ID=69575327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910981969.4A Active CN110838910B (en) 2019-10-16 2019-10-16 Subway comprehensive monitoring system based on SM3 and SM4 communication encryption

Country Status (1)

Country Link
CN (1) CN110838910B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114050897A (en) * 2021-08-20 2022-02-15 北卡科技有限公司 Asynchronous key negotiation method and device based on SM9
CN116366369A (en) * 2023-05-15 2023-06-30 成都工业职业技术学院 Data communication method, communication device and communication terminal in rail transit

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130307972A1 (en) * 2012-05-20 2013-11-21 Transportation Security Enterprises, Inc. (Tse) System and method for providing a sensor and video protocol for a real time security data acquisition and integration system
US20150145962A1 (en) * 2012-07-03 2015-05-28 Smartec Corporation Railway installation synchronization monitoring system
CN106060073A (en) * 2016-07-07 2016-10-26 北京信长城技术研究院 Channel key negotiation method
CN106080675A (en) * 2016-07-12 2016-11-09 浙江众合科技股份有限公司 A kind of urban railway transit train automatic monitored control system
CN108040058A (en) * 2017-12-18 2018-05-15 湖南中车时代通信信号有限公司 The security protection system and method that a kind of locomotive monitoring equipment data wirelessly change the outfit
CN108040081A (en) * 2017-11-02 2018-05-15 同济大学 A kind of twin monitoring operational system of subway station numeral
CN109688585A (en) * 2018-12-28 2019-04-26 卡斯柯信号有限公司 Vehicle-ground wireless communication encryption method and device applied to train monitoring system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130307972A1 (en) * 2012-05-20 2013-11-21 Transportation Security Enterprises, Inc. (Tse) System and method for providing a sensor and video protocol for a real time security data acquisition and integration system
US20150145962A1 (en) * 2012-07-03 2015-05-28 Smartec Corporation Railway installation synchronization monitoring system
CN106060073A (en) * 2016-07-07 2016-10-26 北京信长城技术研究院 Channel key negotiation method
CN106080675A (en) * 2016-07-12 2016-11-09 浙江众合科技股份有限公司 A kind of urban railway transit train automatic monitored control system
CN108040081A (en) * 2017-11-02 2018-05-15 同济大学 A kind of twin monitoring operational system of subway station numeral
CN108040058A (en) * 2017-12-18 2018-05-15 湖南中车时代通信信号有限公司 The security protection system and method that a kind of locomotive monitoring equipment data wirelessly change the outfit
CN109688585A (en) * 2018-12-28 2019-04-26 卡斯柯信号有限公司 Vehicle-ground wireless communication encryption method and device applied to train monitoring system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
ZUO CHENG ET AL.: ""Study on safety evaluation of urban rail transit station"", 《PROCEEDINGS OF THE 33RD CHINESE CONTROL CONFERENCE》 *
朱波: ""重庆市轨道交通1号线综合监控系统设计与实现"", 《中国优秀硕士学位论文全文数据库 (工程科技Ⅱ辑)》 *
毛宇丰 等: ""基于综合监控系统软件平台的综合安防系统研究"", 《城市轨道交通研究》 *
魏晓东: ""地铁综合监控系统建设的关键问题分析"", 《自动化博览》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114050897A (en) * 2021-08-20 2022-02-15 北卡科技有限公司 Asynchronous key negotiation method and device based on SM9
CN114050897B (en) * 2021-08-20 2023-10-03 北卡科技有限公司 SM 9-based asynchronous key negotiation method and device
CN116366369A (en) * 2023-05-15 2023-06-30 成都工业职业技术学院 Data communication method, communication device and communication terminal in rail transit
CN116366369B (en) * 2023-05-15 2023-07-25 成都工业职业技术学院 Data communication method, communication device and communication terminal in rail transit

Also Published As

Publication number Publication date
CN110838910B (en) 2022-04-05

Similar Documents

Publication Publication Date Title
CN108390851B (en) Safe remote control system and method for industrial equipment
US8171527B2 (en) Method and apparatus for securing unlock password generation and distribution
US6839841B1 (en) Self-generation of certificates using secure microprocessor in a device for transferring digital information
EP0645912A2 (en) Communication network access method and system
KR20010103756A (en) Self-generation of certificates using a secure microprocessor in a device for transferring digital information
CN111159684B (en) Safety protection system and method based on browser
CN115051813B (en) New energy platform control instruction protection method and system
CN112328271B (en) Vehicle-mounted equipment software upgrading method and system
CN110838910B (en) Subway comprehensive monitoring system based on SM3 and SM4 communication encryption
EP1678683B1 (en) A lock system and a method of configuring a lock system.
CN112270020B (en) Terminal equipment safety encryption device based on safety chip
CN111540093A (en) Access control system and control method thereof
CN107635227A (en) A kind of group message encryption method and device
CN111918284A (en) Safe communication method and system based on safe communication module
CN110445782B (en) Multimedia safe broadcast control system and method
CN110266485B (en) Internet of things safety communication control method based on NB-IoT
CN109981271B (en) Network multimedia safety protection encryption method
CN111614684B (en) Industrial equipment safety terminal authentication system and authentication method
CN110798447B (en) Intelligent terminal local authorization method, device and system based on network communication
CN112020037A (en) Domestic communication encryption method suitable for rail transit
CN115473655B (en) Terminal authentication method, device and storage medium for access network
US10251061B2 (en) Cellular out of band management as a cloud service
CN108270601B (en) Mobile terminal, alarm information acquisition method and device and alarm information sending method and device
CN112054905B (en) Secure communication method and system of mobile terminal
CN110838917B (en) Subway comprehensive monitoring system based on SM9 password authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant