CN111027050A - Underwater equipment credibility authentication system and method for seabed observation network based on PUF - Google Patents
Underwater equipment credibility authentication system and method for seabed observation network based on PUF Download PDFInfo
- Publication number
- CN111027050A CN111027050A CN201911356314.4A CN201911356314A CN111027050A CN 111027050 A CN111027050 A CN 111027050A CN 201911356314 A CN201911356314 A CN 201911356314A CN 111027050 A CN111027050 A CN 111027050A
- Authority
- CN
- China
- Prior art keywords
- physical fingerprint
- excitation
- response
- physical
- underwater
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Abstract
The invention belongs to the technical field of identity authentication of a submarine observation network and underwater equipment, and particularly relates to a PUF-based submarine observation network underwater equipment credibility authentication system, which comprises: the system comprises an underwater credible authentication device and a shore-based equipment identity authentication subsystem; the underwater credible authentication device is embedded and installed on underwater equipment of a submarine observation network, data interaction is realized between the underwater equipment and a shore-based equipment identity authentication subsystem through a submarine observation network Ethernet communication link, and the identity authentication of the underwater equipment is completed by utilizing the shore-based equipment identity authentication subsystem on the shore.
Description
Technical Field
The invention belongs to the technical field of identity authentication of a submarine observation network and underwater equipment, and particularly relates to a PUF-based credible authentication system and method for the underwater equipment of the submarine observation network.
Background
The seabed observation network is a novel platform for human to observe the ocean, can realize all-weather, in-situ, long-term, continuous, real-time, high-resolution and high-precision observation of the ocean from the seabed to the sea surface, and plays an important supporting role in the scientific development of the ocean.
At present, underwater equipment (such as a main base station, a junction box, a scientific instrument socket module (SIIM)) of a submarine observation network is unattended, the underwater equipment and a link are in an 'unprotected' state, the identity of the equipment cannot be safely and credibly authenticated, and the safety problem of marine observation is increasingly prominent. The main problems are that the size, power consumption and reliability of underwater equipment related to the submarine observation network are severely limited due to severe working environment, the existing safe and credible authentication technology of a land system depends on a large-computation-amount and high-complexity authentication and authentication method, and the core processing module of the method is difficult to meet the application requirements of light weight, low power consumption and high reliability of the submarine observation network underwater equipment. The technical field of submarine observation networks lacks an identity credible authentication system and method applicable to underwater equipment.
Disclosure of Invention
The invention aims to solve the defects in the prior art, provides a credible authentication system and method for submarine observation network underwater equipment based on PUF (physical unclonable function, namely physical fingerprint), overcomes the defect that the traditional land security authentication scheme cannot be applied to a submarine observation network, realizes credible authentication of identities of various types of underwater equipment, solves the problems of low authenticity and poor credibility of observed data caused by the fact that the existing submarine observation network cannot identify the identities of various types of underwater equipment, fills the blank in the technical fields of underwater equipment identity security authentication and sampled data credibility authentication, and solves the security threat of access of the submarine equipment to the submarine observation network.
In order to achieve the above object, the present invention provides a PUF-based trusted authentication system for underwater equipment of a subsea observation network, comprising: the system comprises an underwater credible authentication device and a shore-based equipment identity authentication subsystem;
the underwater credible authentication device is embedded in the underwater equipment, data interaction is realized between the underwater equipment and the shore-based equipment identity authentication subsystem through a seabed observation network Ethernet communication link, and the identity authentication of the underwater equipment is completed by utilizing the shore-based equipment identity authentication subsystem on the shore.
As an improvement of the above technical solution, the underwater trusted authentication device specifically includes: the device comprises a power supply conversion module, a communication module, a control module and a physical fingerprint processing module;
the power supply conversion module is used for converting the input voltage of the underwater equipment and supplying power to each module in the underwater credible authentication device;
the communication module provides an external communication interface and is used for data exchange communication between the underwater equipment and the underwater credible authentication device;
the control module is used for extracting a physical fingerprint excitation signal in a physical fingerprint excitation message sent by the shore-based equipment identity authentication subsystem and received by the underwater equipment, sending the physical fingerprint excitation signal to the physical fingerprint processing module, receiving a physical fingerprint response signal returned by the physical fingerprint processing module, converting the physical fingerprint response signal into a physical fingerprint response message, and then returning the physical fingerprint response message to the shore-based equipment identity authentication subsystem through the underwater equipment, thereby finally completing identity authentication of the underwater equipment.
The physical fingerprint processing module is used for receiving the physical fingerprint excitation signal, generating a physical fingerprint response signal by extracting the physical fingerprint characteristics of the FPGA chip and returning the physical fingerprint response signal to the control module;
as an improvement of the above technical solution, the physical fingerprint processing module specifically includes: a receiving unit, a generating unit and a transmitting unit;
the receiving unit is used for receiving the physical fingerprint excitation signal sent by the control module;
the generating unit is used for extracting the physical fingerprint characteristics of the FPGA chip according to the obtained physical fingerprint excitation signal and generating a physical fingerprint response signal corresponding to the excitation signal;
and the sending unit is used for returning the generated physical fingerprint response signal to the control module.
As an improvement of the above technical solution, the generating unit specifically includes: a mapping subunit, a frequency count syndrome subunit, and a response subunit;
the mapping subunit is used for mapping and transforming the received physical fingerprint excitation signal, selecting different parts of RO to generate corresponding frequency counting pulses through RO selection logic in the FPGA chip, and sending the frequency counting pulses to different counting channels for respective counting to obtain respective frequency characteristic counting values;
the frequency counting corrector subunit is used for correcting respective frequency characteristic counting values according to the physical fingerprint characteristics of the FPGA chip extracted in advance to obtain respective corrected frequency characteristic counting values;
and the response subunit is used for forming a comparison pair by the corrected frequency characteristic count values to generate a direct response signal, generating a final physical fingerprint response signal by mapping and transforming the direct response signal, and outputting the final physical fingerprint response signal through the sending unit.
As an improvement of the above technical solution, the control module includes: the device comprises an excitation extraction unit, an excitation sending unit, a response receiving unit, a response extraction unit and a protocol processing unit;
the response receiving unit is used for receiving a physical fingerprint response signal returned by the physical fingerprint processing module;
the response extraction unit is used for extracting a physical fingerprint response signal and packaging the physical fingerprint response signal into a physical fingerprint response message;
the protocol processing unit is used for receiving a physical fingerprint excitation message sent by the shore-based equipment identity authentication subsystem; the system is also used for sending a physical fingerprint response message, and sending the physical fingerprint response message to the shore-based equipment identity authentication subsystem through the communication module and the underwater equipment in sequence;
the excitation extracting unit is used for extracting a physical fingerprint excitation signal in the physical fingerprint excitation message;
and the excitation sending unit is used for sending a physical fingerprint excitation signal to the physical fingerprint processing module.
As an improvement of the above technical solution, the shore-based equipment identity authentication subsystem includes: the second sending module, the second receiving module and the identity authentication module;
the second sending module is configured to read a group of random physical fingerprint excitation response pairs CRP from a pre-established physical fingerprint database, obtain physical fingerprint excitation data C2 and physical fingerprint response data R2, package the physical fingerprint excitation data C2 into a physical fingerprint excitation message, and send the physical fingerprint excitation message to the underwater device;
the second receiving module is used for receiving the physical fingerprint response message returned by the underwater equipment and extracting physical fingerprint response data R2';
the identity authentication module is used for comparing the received physical fingerprint response data R2' with physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database;
if the received physical fingerprint response data R2' is consistent with the physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, the identity of the underwater equipment is considered to be legal, the underwater equipment passes the authentication, and meanwhile, the corresponding excitation response pairs in the physical fingerprint database are deleted;
if the received physical fingerprint response data R2' is inconsistent with the physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from the pre-established physical fingerprint database, deleting the corresponding excitation response pairs in the physical fingerprint database, and repeating the comparison step;
and if the accumulated number of times of identity authentication failure is more than 3, the identity of the underwater equipment is considered to be illegal, and the identity authentication of the underwater equipment is stopped.
As an improvement of the above technical solution, the establishing of the physical fingerprint database specifically includes:
the underwater credible authentication device is positioned on the shore and establishes communication and connection with the shore-based physical fingerprint acquisition subsystem through the communication module;
the shore-based physical fingerprint acquisition subsystem generates a random physical fingerprint excitation message and sends the random physical fingerprint excitation message to the underwater credible authentication device;
the underwater credible authentication device generates a corresponding physical fingerprint response message according to the physical fingerprint characteristic of the FPGA chip, namely the PUF characteristic of the FPGA chip, and returns the physical fingerprint response message to the shore-based physical fingerprint acquisition subsystem;
the shore-based physical fingerprint acquisition subsystem receives and records a returned physical fingerprint response message;
the shore-based physical fingerprint acquisition subsystem records the randomly generated physical fingerprint excitation data C1 and the corresponding physical fingerprint response data R1 and obtains a group of physical fingerprint excitation response pairs;
repeating the above process for no less than 100000 times, storing the data to complete the establishment of the physical fingerprint database, and ensuring that the number of physical fingerprint excitation response pairs in the physical fingerprint database is no less than 100000.
As an improvement of the above technical solution, the shore-based physical fingerprint acquisition subsystem includes: the system comprises a first sending module, a first receiving module and a physical fingerprint database;
the first sending module is used for randomly generating physical fingerprint excitation data C1, converting the physical fingerprint excitation data into a physical fingerprint excitation message and sending the physical fingerprint excitation message to the underwater trusted authentication device;
the first receiving module is used for receiving a physical fingerprint response message correspondingly returned by the underwater trusted authentication device and extracting physical fingerprint response data R1;
the physical fingerprint database is used for storing not less than 100000 physical fingerprint excitation response pairs CRP consisting of random physical fingerprint excitation data and corresponding physical fingerprint response data so as to be read and used by the shore-based equipment identity authentication subsystem.
The invention also provides a credible authentication method of the underwater equipment of the seabed observation network based on the PUF, which is realized by the system, and the method comprises the following steps:
reading a group of random physical fingerprint excitation response pairs from a pre-established physical fingerprint database, acquiring physical fingerprint excitation data, packaging the physical fingerprint excitation data into a physical fingerprint excitation message, and sending the physical fingerprint excitation message to the underwater equipment;
receiving a physical fingerprint response message returned by the underwater equipment, and extracting physical fingerprint response data;
according to the received physical fingerprint response data, comparing the physical fingerprint response data with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database;
if the received physical fingerprint response data is consistent with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, the identity of the underwater equipment is considered to be legal, and the corresponding excitation response pairs in the physical fingerprint database are deleted while passing the authentication;
if the received physical fingerprint response data is inconsistent with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, deleting the corresponding excitation response pairs in the physical fingerprint database, and repeating the comparison step;
and if the accumulated number of times of identity authentication failure is more than 3, the identity of the underwater equipment is considered to be illegal, and the identity authentication of the underwater equipment is stopped.
As an improvement of the above technical solution, the obtaining of the physical fingerprint response packet returned by the underwater device specifically includes:
mapping and transforming the received physical fingerprint excitation signal, selecting different parts of RO through RO selection logic in the FPGA chip to generate corresponding frequency counting pulses, and sending the frequency counting pulses to different counting channels for respective counting to obtain respective frequency characteristic counting values;
correcting respective frequency feature count values according to the physical fingerprint characteristics of the FPGA chip extracted in advance to obtain respective corrected frequency feature count values;
forming a comparison pair by the corrected frequency characteristic count values to generate a direct response signal, and generating a final physical fingerprint response signal by mapping and transforming the direct response signal;
and converting the generated physical fingerprint response signal into a physical fingerprint response message.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a PUF (physical unclonable function) -based credible authentication device for underwater equipment, which is suitable for an underwater unattended environment, has no similar technical research and development and product application at home and abroad, and has technical innovation and practical value; the problems of identity leakage and illegal replacement of underwater equipment are avoided; the method solves the problems of low authenticity and poor credibility of the observation data of the submarine observation network; meanwhile, a method and a measure are provided for identity authentication of the underwater equipment, and the problem of identity safety of the underwater equipment is solved.
Drawings
Fig. 1 is a schematic diagram of connection relations between an underwater trusted authentication device and underwater equipment, and between the underwater equipment and a shore-based equipment identity authentication subsystem in a PUF-based submarine observation network underwater equipment trusted authentication system of the present invention;
FIG. 2 is a schematic structural diagram of a PUF-based submarine observation network underwater equipment credibility authentication system of the invention;
FIG. 3 is a flow chart of the establishment of a physical fingerprint database of an underwater credible authentication device in the underwater equipment credible authentication system of the seabed observation network based on PUF of the invention;
fig. 4 is a flowchart of a method for authenticating the authenticity of underwater equipment of a seafloor observatory network based on a PUF.
Fig. 5 is a schematic structural diagram of an implementation of a physical fingerprint processing module supporting CRPs, which is implemented based on an FPGA in a trusted authentication system of subsea observation network subsea equipment based on a PUF.
Detailed Description
The invention will now be further described with reference to the accompanying drawings.
As shown in fig. 1 and 2, the invention provides a PUF-based trusted authentication system for underwater equipment of a submarine observation network, which provides an underwater equipment identity security and trusted authentication method and develops a related implementation device for the long-term unattended characteristic of the underwater equipment, thereby providing guarantee for the long-term safe operation of the submarine observation network.
The trusted authentication system comprises: the system comprises an underwater credible authentication device and a shore-based equipment identity authentication subsystem;
the underwater credible authentication device is embedded and installed on underwater equipment (underwater equipment for short) of a submarine observation network, data interaction is realized between the underwater equipment and a shore-based equipment identity authentication subsystem through a submarine observation network Ethernet communication link, and the identity authentication of the underwater equipment is completed by utilizing the shore-based equipment identity authentication subsystem on the shore; the underwater credible authentication device is connected with the underwater equipment through a communication interface.
The underwater equipment of the seabed observation network comprises a main base station, a junction box, a sensor and a SIIM which are positioned underwater. As shown in fig. 1, each underwater trusted authentication device is embedded in and installed on corresponding underwater equipment of the subsea observation network, such as a main base station, a docking box, a sensor, a scientific Instrument socket module siim (science Instrument Interface module); the underwater equipment realizes the identity authentication of the underwater equipment by integrating the underwater credible authentication device and performing data interaction with the shore-based equipment identity authentication subsystem.
The underwater equipment credibility authentication device is an independent working module, underwater equipment of a seabed observation network is called underwater equipment for short, and the underwater equipment only needs to provide 1 power supply (such as 12v) and 1 universal interface (such as RS232, RS485, RS422 and Ethernet), so that the credibility authentication function can be realized by using the embedded credibility authentication device. In addition, the underwater credible authentication device has small volume, low power consumption, rich interface forms and easy integration, and can be quickly integrated on the premise of not changing the design of the existing underwater equipment, thereby meeting the integration requirements of different types of underwater equipment.
The underwater credible authentication device specifically comprises: the device comprises a power supply conversion module, a physical fingerprint processing module, a communication module and a control module;
the power supply conversion module is used for converting the input voltage of the underwater equipment and supplying power to the underwater credible authentication device; for example, the input 12V voltage is converted into a 5V/3.3V power supply voltage to supply power to the credible authentication device;
the physical fingerprint processing module is used for receiving the physical fingerprint excitation signal, generating a physical fingerprint response signal by extracting the physical fingerprint characteristics of the FPGA chip and returning the physical fingerprint response signal to the control module;
specifically, as shown in fig. 3, the physical fingerprint processing module specifically includes: a receiving unit, a generating unit and a transmitting unit;
the receiving unit is used for receiving the physical fingerprint excitation signal sent by the control module;
the generating unit is used for extracting the physical fingerprint characteristics of the FPGA chip according to the obtained physical fingerprint excitation signal and generating a physical fingerprint response signal corresponding to the excitation signal;
specifically, as shown in fig. 5, the generating unit specifically includes: a mapping subunit, a frequency count syndrome subunit, and a response subunit;
the mapping subunit is used for mapping and transforming the received physical fingerprint excitation signal, selecting different parts of RO to generate corresponding frequency counting pulses through RO selection logic in the FPGA chip, and sending the frequency counting pulses to different counting channels for respective counting to obtain respective frequency characteristic counting values;
the frequency counting corrector subunit is used for correcting respective frequency characteristic counting values according to the physical fingerprint characteristics of the FPGA chip extracted in advance to obtain respective corrected frequency characteristic counting values;
and the response subunit is used for forming a comparison pair by the corrected frequency characteristic count values to generate a direct response signal, generating a final physical fingerprint response signal by mapping and transforming the direct response signal, and outputting the final physical fingerprint response signal through the sending unit.
And the sending unit is used for returning the generated physical fingerprint response signal to the control module.
The Physical fingerprint processing module utilizes a signal transmission path delay difference caused by a process difference of an integrated circuit chip (programmable gate array, FPGA) in a manufacturing process to construct a plurality of Ring Oscillators (RO) to generate different oscillation frequencies and compare the oscillation frequencies so as to realize a Physical Unclonable Function (PUF) Function. Different chips produce different responses to the same stimulus, and each available stimulus/response pair can be treated as a chip physical fingerprint.
The communication module provides an external communication interface and is used for data exchange communication between the underwater equipment and the underwater credible authentication device;
specifically, the communication module is configured to provide an external communication interface (such as RS232, RS485, RS422, and ethernet) and perform data exchange communication with the underwater equipment; specifically, on one hand, a physical fingerprint excitation message sent by a shore-based equipment identity authentication subsystem transmitted by the underwater equipment is received, on the other hand, a physical fingerprint response message sent by the control module is sent to the underwater equipment and transmitted to the shore-based equipment identity authentication subsystem through the underwater equipment for identity authentication.
The control module is used for extracting a physical fingerprint excitation signal in a physical fingerprint excitation message sent by the shore-based equipment identity authentication subsystem and received by the underwater equipment, sending the physical fingerprint excitation signal to the physical fingerprint processing module, receiving a physical fingerprint response signal returned by the physical fingerprint processing module, converting the physical fingerprint response signal into a physical fingerprint response message, and then returning the physical fingerprint response message to the shore-based equipment identity authentication subsystem through the underwater equipment, thereby finally completing identity authentication of the underwater equipment.
As shown in fig. 2, the control module includes: the device comprises an excitation extraction unit, an excitation sending unit, a response receiving unit, a response extraction unit and a protocol processing unit;
the response receiving unit is used for receiving a physical fingerprint response signal returned by the physical fingerprint processing module;
the response extraction unit is used for extracting a physical fingerprint response signal and packaging the physical fingerprint response signal into a physical fingerprint response message;
the protocol processing unit is used for receiving a physical fingerprint excitation message sent by the shore-based equipment identity authentication subsystem; the system is also used for sending a physical fingerprint response message, and sending the physical fingerprint response message to the shore-based equipment identity authentication subsystem through the communication module and the underwater equipment in sequence;
the excitation extracting unit is used for extracting a physical fingerprint excitation signal in the physical fingerprint excitation message;
and the excitation sending unit is used for sending a physical fingerprint excitation signal to the physical fingerprint processing module.
The shore-based equipment identity authentication subsystem comprises: the second sending module, the second receiving module and the identity authentication module;
the second sending module is configured to read a group of random physical fingerprint excitation response pairs CRP from a pre-established physical fingerprint database, obtain physical fingerprint excitation data C2 and physical fingerprint response data R2, package the physical fingerprint excitation data C2 into a physical fingerprint excitation message, and send the physical fingerprint excitation message to the underwater device;
the second receiving module is used for receiving the physical fingerprint response message returned by the underwater equipment and extracting physical fingerprint response data R2';
the identity authentication module is used for comparing the received physical fingerprint response data R2' with physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database;
if the received physical fingerprint response data R2' is consistent with the physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, the identity of the underwater equipment is considered to be legal, the underwater equipment passes the authentication, and meanwhile, the corresponding excitation response pairs in the physical fingerprint database are deleted;
if the received physical fingerprint response data R2' is inconsistent with the physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from the pre-established physical fingerprint database, deleting the corresponding excitation response pairs in the physical fingerprint database, and repeating the comparison step;
and if the accumulated number of times of identity authentication failure is more than 3, the identity of the underwater equipment is considered to be illegal, and the identity authentication of the underwater equipment is stopped.
And after the identity authentication of the underwater equipment is passed, restarting the identity authentication process of the underwater equipment at regular intervals of not more than 15 minutes.
The establishment of the physical fingerprint database specifically comprises the following steps:
the underwater credible authentication device is positioned on the shore and establishes communication and connection with the shore-based physical fingerprint acquisition subsystem through the communication module;
the shore-based physical fingerprint acquisition subsystem generates a random physical fingerprint excitation message and sends the random physical fingerprint excitation message to the underwater credible authentication device;
the underwater credible authentication device generates a corresponding physical fingerprint response message according to the physical fingerprint characteristics of the FPGA chip and returns the physical fingerprint response message to the shore-based physical fingerprint acquisition subsystem;
the shore-based physical fingerprint acquisition subsystem receives and records a returned physical fingerprint response message;
the shore-based physical fingerprint acquisition subsystem records the randomly generated physical fingerprint excitation data C1 and the corresponding physical fingerprint response data R1 and obtains a group of physical fingerprint excitation response pairs;
repeating the above process for no less than 100000 times, storing the data to complete the establishment of the physical fingerprint database, and ensuring that the number of physical fingerprint excitation response pairs in the physical fingerprint database is no less than 100000.
The shore-based physical fingerprint acquisition subsystem comprises: the system comprises a first sending module, a first receiving module and a physical fingerprint database;
the first sending module is used for randomly generating physical fingerprint excitation data C1, converting the physical fingerprint excitation data into a physical fingerprint excitation message and sending the physical fingerprint excitation message to the underwater trusted authentication device;
the first receiving module is used for receiving a physical fingerprint response message correspondingly returned by the underwater trusted authentication device and extracting physical fingerprint response data R1;
the physical fingerprint database is used for storing not less than 100000 physical fingerprint excitation response pairs CRP consisting of random physical fingerprint excitation data and corresponding physical fingerprint response data so as to be read and used by the shore-based equipment identity authentication subsystem.
The invention provides a credible authentication method of underwater equipment of a seabed observation network based on PUF, which is realized by the system, and comprises the following steps:
reading a group of random physical fingerprint excitation response pairs from a pre-established physical fingerprint database, acquiring physical fingerprint excitation data, packaging the physical fingerprint excitation data into a physical fingerprint excitation message, and sending the physical fingerprint excitation message to the underwater equipment;
receiving a physical fingerprint response message returned by the underwater equipment, and extracting physical fingerprint response data;
according to the received physical fingerprint response data, comparing the physical fingerprint response data with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database;
if the received physical fingerprint response data is consistent with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, the identity of the underwater equipment is considered to be legal, and the corresponding excitation response pairs in the physical fingerprint database are deleted while passing the authentication;
if the received physical fingerprint response data is inconsistent with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, deleting the corresponding excitation response pairs in the physical fingerprint database, and repeating the comparison step;
and if the accumulated number of times of identity authentication failure is more than 3, the identity of the underwater equipment is considered to be illegal, and the identity authentication of the underwater equipment is stopped.
The acquisition of the physical fingerprint response message returned by the underwater equipment specifically comprises the following steps:
mapping and transforming the received physical fingerprint excitation signal, selecting different parts of RO through RO selection logic in the FPGA chip to generate corresponding frequency counting pulses, and sending the frequency counting pulses to different counting channels for respective counting to obtain respective frequency characteristic counting values;
correcting respective frequency feature count values according to the physical fingerprint characteristics of the FPGA chip extracted in advance to obtain respective corrected frequency feature count values;
forming a comparison pair by the corrected frequency characteristic count values to generate a direct response signal, and generating a final physical fingerprint response signal by mapping and transforming the direct response signal;
and converting the generated physical fingerprint response signal into a physical fingerprint response message.
In the embodiment, as shown in fig. 3 and 4, C1 is a physical fingerprint excitation signal generated by a shore-based physical fingerprint acquisition subsystem, and R1 is a physical fingerprint response signal of an underwater trusted authentication device corresponding to C1 acquired on shore; c2 is a physical fingerprint excitation signal stored in a physical fingerprint database read by the shore-based equipment identity authentication subsystem, R2 is a physical fingerprint response signal of an underwater credible authentication device recorded in the physical fingerprint database corresponding to C2, and R2' is a physical fingerprint response signal corresponding to C2, which is returned by underwater equipment to be authenticated and received by the shore-based equipment identity authentication subsystem; the CRP is a pair of physical fingerprint excitation responses stored in a physical fingerprint database.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and are not limited. Although the present invention has been described in detail with reference to the embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (10)
1. A submarine observation network underwater equipment credibility authentication system based on PUF is characterized by comprising: the system comprises an underwater credible authentication device and a shore-based equipment identity authentication subsystem;
the underwater credible authentication device is embedded in the underwater equipment, data interaction is realized between the underwater equipment and the shore-based equipment identity authentication subsystem through a seabed observation network Ethernet communication link, and the identity authentication of the underwater equipment is completed by utilizing the shore-based equipment identity authentication subsystem on the shore.
2. The system according to claim 1, wherein the underwater trusted authentication device specifically comprises: the device comprises a power supply conversion module, a communication module, a control module and a physical fingerprint processing module;
the power supply conversion module is used for converting the input voltage of the underwater equipment and supplying power to each module in the underwater credible authentication device;
the communication module provides an external communication interface and is used for data exchange communication between the underwater equipment and the underwater credible authentication device;
the control module is used for extracting a physical fingerprint excitation signal in a physical fingerprint excitation message sent by the shore-based equipment identity authentication subsystem and received by the underwater equipment, sending the physical fingerprint excitation signal to the physical fingerprint processing module, receiving a physical fingerprint response signal returned by the physical fingerprint processing module, converting the physical fingerprint response signal into a physical fingerprint response message, and then returning the physical fingerprint response message to the shore-based equipment identity authentication subsystem through the underwater equipment, thereby finally completing identity authentication of the underwater equipment;
and the physical fingerprint processing module is used for receiving the physical fingerprint excitation signal, generating a physical fingerprint response signal by extracting the physical fingerprint characteristics of the FPGA chip and returning the physical fingerprint response signal to the control module.
3. The system of claim 2, wherein the physical fingerprint processing module specifically comprises: a receiving unit, a generating unit and a transmitting unit;
the receiving unit is used for receiving the physical fingerprint excitation signal sent by the control module;
the generating unit is used for extracting the physical fingerprint characteristics of the FPGA chip according to the obtained physical fingerprint excitation signal and generating a physical fingerprint response signal corresponding to the excitation signal;
and the sending unit is used for returning the generated physical fingerprint response signal to the control module.
4. The system according to claim 3, wherein the generating unit specifically comprises: a mapping subunit, a frequency count syndrome subunit, and a response subunit;
the mapping subunit is used for mapping and transforming the received physical fingerprint excitation signal, selecting different parts of RO to generate corresponding frequency counting pulses through RO selection logic in the FPGA chip, and sending the frequency counting pulses to different counting channels for respective counting to obtain respective frequency characteristic counting values;
the frequency counting corrector subunit is used for correcting respective frequency characteristic counting values according to the physical fingerprint characteristics of the FPGA chip extracted in advance to obtain respective corrected frequency characteristic counting values;
and the response subunit is used for forming a comparison pair by the corrected frequency characteristic count values to generate a direct response signal, generating a final physical fingerprint response signal by mapping and transforming the direct response signal, and outputting the final physical fingerprint response signal through the sending unit.
5. The system of claim 2, wherein the control module comprises: the device comprises an excitation extraction unit, an excitation sending unit, a response receiving unit, a response extraction unit and a protocol processing unit;
the response receiving unit is used for receiving a physical fingerprint response signal returned by the physical fingerprint processing module;
the response extraction unit is used for extracting a physical fingerprint response signal and packaging the physical fingerprint response signal into a physical fingerprint response message;
the protocol processing unit is used for receiving a physical fingerprint excitation message sent by the shore-based equipment identity authentication subsystem; the system is also used for sending a physical fingerprint response message, and sending the physical fingerprint response message to the shore-based equipment identity authentication subsystem through the communication module and the underwater equipment in sequence;
the excitation extracting unit is used for extracting a physical fingerprint excitation signal in the physical fingerprint excitation message;
and the excitation sending unit is used for sending a physical fingerprint excitation signal to the physical fingerprint processing module.
6. The system of claim 1, wherein the shore-based equipment identity authentication subsystem comprises: the second sending module, the second receiving module and the identity authentication module;
the second sending module is configured to read a group of random physical fingerprint excitation response pairs CRP from a pre-established physical fingerprint database, obtain physical fingerprint excitation data C2 and physical fingerprint response data R2, package the physical fingerprint excitation data C2 into a physical fingerprint excitation message, and send the physical fingerprint excitation message to the underwater device;
the second receiving module is used for receiving the physical fingerprint response message returned by the underwater equipment and extracting physical fingerprint response data R2';
the identity authentication module is used for comparing the received physical fingerprint response data R2' with physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database;
if the received physical fingerprint response data R2' is consistent with the physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, the identity of the underwater equipment is considered to be legal, the underwater equipment passes the authentication, and meanwhile, the corresponding excitation response pairs in the physical fingerprint database are deleted;
if the received physical fingerprint response data R2' is inconsistent with the physical fingerprint response data R2 in a group of random physical fingerprint excitation response pairs read from the pre-established physical fingerprint database, deleting the corresponding excitation response pairs in the physical fingerprint database, and repeating the comparison step;
and if the accumulated number of times of identity authentication failure is more than 3, the identity of the underwater equipment is considered to be illegal, and the identity authentication of the underwater equipment is stopped.
7. The system of claim 6, wherein the creating of the physical fingerprint database specifically comprises:
the underwater credible authentication device is positioned on the shore and establishes communication and connection with the shore-based physical fingerprint acquisition subsystem through the communication module;
the shore-based physical fingerprint acquisition subsystem generates a random physical fingerprint excitation message and sends the random physical fingerprint excitation message to the underwater credible authentication device;
the underwater credible authentication device generates a corresponding physical fingerprint response message according to the physical fingerprint characteristics of the FPGA chip and returns the physical fingerprint response message to the shore-based physical fingerprint acquisition subsystem;
the shore-based physical fingerprint acquisition subsystem receives and records a returned physical fingerprint response message;
the shore-based physical fingerprint acquisition subsystem records the randomly generated physical fingerprint excitation data C1 and the corresponding physical fingerprint response data R1 and obtains a group of physical fingerprint excitation response pairs;
repeating the above process for no less than 100000 times, storing the data to complete the establishment of the physical fingerprint database, and ensuring that the number of physical fingerprint excitation response pairs in the physical fingerprint database is no less than 100000.
8. The system of claim 7, wherein the shore-based physical fingerprinting subsystem comprises: the system comprises a first sending module, a first receiving module and a physical fingerprint database;
the first sending module is used for randomly generating physical fingerprint excitation data C1, converting the physical fingerprint excitation data into a physical fingerprint excitation message and sending the physical fingerprint excitation message to the underwater trusted authentication device;
the first receiving module is used for receiving a physical fingerprint response message correspondingly returned by the underwater trusted authentication device and extracting physical fingerprint response data R1;
the physical fingerprint database is used for storing not less than 100000 physical fingerprint excitation response pairs CRP consisting of random physical fingerprint excitation data and corresponding physical fingerprint response data so as to be read and used by the shore-based equipment identity authentication subsystem.
9. A PUF-based method for authenticating authenticity of underwater equipment in a subsea observation network, the method being implemented by the system of any one of claims 1 to 8, the method comprising:
reading a group of random physical fingerprint excitation response pairs from a pre-established physical fingerprint database, acquiring physical fingerprint excitation data, packaging the physical fingerprint excitation data into a physical fingerprint excitation message, and sending the physical fingerprint excitation message to the underwater equipment;
receiving a physical fingerprint response message returned by the underwater equipment, and extracting physical fingerprint response data;
according to the received physical fingerprint response data, comparing the physical fingerprint response data with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database;
if the received physical fingerprint response data is consistent with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, the identity of the underwater equipment is considered to be legal, and the corresponding excitation response pairs in the physical fingerprint database are deleted while passing the authentication;
if the received physical fingerprint response data is inconsistent with physical fingerprint response data in a group of random physical fingerprint excitation response pairs read from a pre-established physical fingerprint database, deleting the corresponding excitation response pairs in the physical fingerprint database, and repeating the comparison step;
and if the accumulated number of times of identity authentication failure is more than 3, the identity of the underwater equipment is considered to be illegal, and the identity authentication of the underwater equipment is stopped.
10. The method according to claim 9, wherein the obtaining of the physical fingerprint response message returned by the underwater device is specifically:
mapping and transforming the received physical fingerprint excitation signal, selecting different parts of RO through RO selection logic in the FPGA chip to generate corresponding frequency counting pulses, and sending the frequency counting pulses to different counting channels for respective counting to obtain respective frequency characteristic counting values;
correcting respective frequency feature count values according to the physical fingerprint characteristics of the FPGA chip extracted in advance to obtain respective corrected frequency feature count values;
forming a comparison pair by the corrected frequency characteristic count values to generate a direct response signal, and generating a final physical fingerprint response signal by mapping and transforming the direct response signal;
and converting the generated physical fingerprint response signal into a physical fingerprint response message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911356314.4A CN111027050A (en) | 2019-12-25 | 2019-12-25 | Underwater equipment credibility authentication system and method for seabed observation network based on PUF |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911356314.4A CN111027050A (en) | 2019-12-25 | 2019-12-25 | Underwater equipment credibility authentication system and method for seabed observation network based on PUF |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111027050A true CN111027050A (en) | 2020-04-17 |
Family
ID=70213251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911356314.4A Pending CN111027050A (en) | 2019-12-25 | 2019-12-25 | Underwater equipment credibility authentication system and method for seabed observation network based on PUF |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111027050A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111611629A (en) * | 2020-06-24 | 2020-09-01 | 中物院成都科学技术发展中心 | Physical fingerprint extraction system and method for chip |
| CN112115449A (en) * | 2020-09-25 | 2020-12-22 | 中物院成都科学技术发展中心 | Chip physical fingerprint reliability assessment method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102262599A (en) * | 2011-09-02 | 2011-11-30 | 南京博智软件科技有限公司 | Trusted root-based portable hard disk fingerprint identification method |
| WO2012139923A1 (en) * | 2011-04-12 | 2012-10-18 | Siemens Aktiengesellschaft | Method for testing tamper protection of a field device and field device having tamper protection |
| CN107222556A (en) * | 2017-06-28 | 2017-09-29 | 中天海洋系统有限公司 | Secure and trusted group network system is observed at a kind of deep-sea |
| CN108199845A (en) * | 2017-12-08 | 2018-06-22 | 中国电子科技集团公司第三十研究所 | A kind of light-weight authentication equipment and authentication method based on PUF |
-
2019
- 2019-12-25 CN CN201911356314.4A patent/CN111027050A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012139923A1 (en) * | 2011-04-12 | 2012-10-18 | Siemens Aktiengesellschaft | Method for testing tamper protection of a field device and field device having tamper protection |
| CN102262599A (en) * | 2011-09-02 | 2011-11-30 | 南京博智软件科技有限公司 | Trusted root-based portable hard disk fingerprint identification method |
| CN107222556A (en) * | 2017-06-28 | 2017-09-29 | 中天海洋系统有限公司 | Secure and trusted group network system is observed at a kind of deep-sea |
| CN108199845A (en) * | 2017-12-08 | 2018-06-22 | 中国电子科技集团公司第三十研究所 | A kind of light-weight authentication equipment and authentication method based on PUF |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111611629A (en) * | 2020-06-24 | 2020-09-01 | 中物院成都科学技术发展中心 | Physical fingerprint extraction system and method for chip |
| CN112115449A (en) * | 2020-09-25 | 2020-12-22 | 中物院成都科学技术发展中心 | Chip physical fingerprint reliability assessment method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111027050A (en) | Underwater equipment credibility authentication system and method for seabed observation network based on PUF | |
| CN109728898A (en) | Internet-of-things terminal safety communicating method based on block chain technology | |
| CN106656907A (en) | Authentication method, apparatus, terminal device and system | |
| CN105049425A (en) | Physical isolation transmission method based on two-dimension code | |
| CN205883299U (en) | Data storage system based on cloud computing | |
| CN112134834B (en) | Data lake system architecture based on block chain | |
| CN109347812A (en) | A kind of industry control bug excavation method and system | |
| CN106375118A (en) | Multi-view-angle traffic mixed playback method and device | |
| CN105577785B (en) | A kind of transregional network communicating system and its implementation | |
| CN111611629A (en) | Physical fingerprint extraction system and method for chip | |
| CN108173645B (en) | Security detection method and device for password chip | |
| CN103346878A (en) | Secret communication method based on FPGA high-speed serial IO | |
| CN208739118U (en) | A kind of device for detecting code error | |
| CN103442029A (en) | Method and system for heterogeneous real-time historical database synchronization | |
| CN116546011A (en) | Intelligent substation business data braiding method based on multi-access edge computing technology | |
| CN114785583B (en) | Encryption sending and checking method, device, equipment and medium of interface request | |
| CN106203047A (en) | A kind of movable storage device with identification verification function | |
| CN101727308A (en) | Generation method of true random number in integrated circuit | |
| CN104297626B (en) | Fault locator and method based on compression sensing technology | |
| CN113452523B (en) | Abnormal communication detection method for continuous variable quantum key distribution process | |
| CN109347638A (en) | A kind of big data quantity method that fast and safely data are transmitted | |
| CN114791909A (en) | Data acquisition and processing method and device based on Internet of things | |
| CN108924117B (en) | Power quality monitoring and inquiring method | |
| CN206481313U (en) | A kind of generation system of true random sequence | |
| CN112822096A (en) | Internet of things intelligent gateway of intelligent water affair internet of things system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200615 Address after: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District Applicant after: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES Applicant after: CHINA ELECTRONIC TECHNOLOGY CYBER SECURITY Co.,Ltd. Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District Applicant before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200417 |