CN111541677B - A Secure Hybrid Encryption Method Based on Narrowband Internet of Things - Google Patents

A Secure Hybrid Encryption Method Based on Narrowband Internet of Things Download PDF

Info

Publication number
CN111541677B
CN111541677B CN202010307202.6A CN202010307202A CN111541677B CN 111541677 B CN111541677 B CN 111541677B CN 202010307202 A CN202010307202 A CN 202010307202A CN 111541677 B CN111541677 B CN 111541677B
Authority
CN
China
Prior art keywords
terminal
key
vector
initial
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010307202.6A
Other languages
Chinese (zh)
Other versions
CN111541677A (en
Inventor
田宇涵
王浩文
王勇
桂云松
谢建国
刘韡烨
孙平山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Institute of Microsystem and Information Technology of CAS
Original Assignee
Shanghai Institute of Microsystem and Information Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Institute of Microsystem and Information Technology of CAS filed Critical Shanghai Institute of Microsystem and Information Technology of CAS
Priority to CN202010307202.6A priority Critical patent/CN111541677B/en
Publication of CN111541677A publication Critical patent/CN111541677A/en
Application granted granted Critical
Publication of CN111541677B publication Critical patent/CN111541677B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a safe mixed encryption method based on a narrowband Internet of things, which comprises the following steps: carrying out lightweight identity authentication on each terminal and the server, wherein the lightweight identity authentication realizes the identity authentication of the terminal and the transmission of an initial key and an initial IV vector by using unidirectional asymmetric encryption; after the identity authentication of the terminal is successful, the encryption communication is carried out between the terminal and the server by adopting a dynamic symmetric encryption and decryption algorithm, so that the symmetric encryption and decryption algorithm uses different symmetric keys and different structural parameters when each terminal carries out encryption communication. The invention adopts light-weight identity identification, greatly reduces authentication time and calculation consumption on the basis of ensuring safety, adopts dynamic symmetric encryption and decryption algorithm, ensures one-time symmetric key and one-time group of structural parameters, changes the structural parameters of the algorithm in a nonlinear mode under the condition of large structural invariance, and improves the capability of the algorithm for resisting side channel attacks such as energy analysis and the like.

Description

Safe hybrid encryption method based on narrowband Internet of things
Technical Field
The invention relates to the technical field of information security in a narrow-band Internet of things, in particular to a secure hybrid encryption method based on the narrow-band Internet of things.
Background
The narrowband Internet of Things (NB-IoT) can be classified into four broad categories, the first category is coverage: the NB-IoT only consumes about 180kHz of bandwidth, and under the same frequency band, the NB-IoT can gain about 20dB of the existing network, so that the coverage rate is improved by 100 times; the second type is strong connection capacity: one sector can support 10 tens of thousands of connections; the third category is low power consumption: NB-IoT terminal modules are typically required to be standby for more than 10 years; the fourth category is low cost: lower cost can be realized after industrialization. Because the NB-IoT has the advantages, the NB-IoT is more suitable for remote meter reading, asset tracking, intelligent parking, intelligent agriculture and the like.
The information security technology meeting the requirement of the NB-IoT is designed according to the characteristics of the NB-IoT. The information security technology needs to realize the characteristics of high operation speed, low power consumption, low redundancy and the like on the basis of ensuring the security. The encryption and decryption algorithm is generally divided into a symmetrical type and an asymmetrical type, the same key is used by both receiving parties of the symmetrical encryption and decryption algorithm, the symmetric encryption and decryption algorithm is characterized by high operation speed, and how to safely obtain the key by both receiving parties is a big problem; the asymmetric algorithm can transmit information in a public and private key mode, and a receiving party can transmit information without possessing the same key, so that the speed of information transmission is slowed down on the basis of ensuring the security of key transmission.
The hybrid encryption mode generally mixes a symmetric encryption and decryption algorithm and an asymmetric encryption and decryption algorithm, uses the asymmetric encryption and decryption algorithm in the processes of identity authentication and key transmission, but still uses the symmetric encryption and decryption algorithm in normal communication, so that the speed of information transmission is guaranteed in most of time on the basis of guaranteeing the safe transmission of the key. However, this approach presents three challenges in practical applications, especially NB-IoT applications:
1) the mode that the receiving parties confirm the identity of the other party is as follows: the traditional method is that two parties issue digital certificates respectively by a reliable organization, which is applicable to a small-range internet of things, but if the method is applied to NB-IoT, the cost is huge, generally the number of terminals of the NB-IoT is tens of thousands or millions of terminals, if the reliable organization is requested to issue the digital certificates to the terminals one by one, not only is huge time and energy spent, but also much cost is increased, and in the communication process, a large amount of chip computing power and electric power consumption are consumed by using the digital certificates for asymmetric communication.
2) Risk of manual key infusion: many NB-IoT security chips require manual key-filling for the first-step initialization, which defaults to replace the identity authentication of the server and the terminal with the manual key-filling, and the transfer of the initial key. However, the danger of this method is that the initial key is directly exposed, even if the algorithm uses the initial key, the hash algorithm or several other mathematical algorithms are operated for a thousand times to perform the recombination of the initial key, because the initial source is very vulnerable to the risk of manual exposure, even if the hash algorithm is an irreversible algorithm, the security of the algorithm is not increased, and the security of the security algorithm is not guaranteed based on the method of avoiding the exposure of the algorithm, but is guaranteed based on the method of mathematical difficulty, so if the manual filling method is adopted, many risks are added to the whole security mechanism at the source.
3) Challenges facing side channel attacks: the NB-IoT information transfer often uses the case of transferring short messages and the same state information, and the side channel attack is most often faced with the energy consumption information that a large number of collection terminals send the same plaintext and use the same key, and then performs statistical analysis, which is quite dangerous for the NB-IoT information transfer.
In order to solve the above problems, researchers have proposed several possible implementations.
Jia Rong Yuan, Wang Yihuai et al propose a lightweight encryption scheme of a narrow-band Internet of things, see [ Jia Rong, Wang Yihuai, Wang Xiaoning ] lightweight encryption scheme of the narrow-band Internet of things [ J ] computer engineering and design, 2018,39(10):3040 + 3044 ], it is a lightweight symmetric encryption algorithm based on AES and chaotic sequence, it improves the operating efficiency by reducing AES encryption round number and combining round function, it constructs the chaotic key generation system by setting up key parameters and provides different seed keys for each plaintext block to improve the security, it is mainly to the AES can't keep the optimization on the basis of good characteristic in two aspects of time consumption and security in the application of the Internet of things. But the method still essentially avoids the risk brought by key transmission, is a solution mainly aiming at the application optimization of the AES in the Internet of things and does not contain the identification problem, and is more unfavorable for key transmission because the key parameters for constructing the chaotic setting are too complex.
Liuhao has proposed a high-security big data privacy protection model, see [ Liuhao ] a high-security medical big data privacy protection model [ J ]. software guide, 2019,18(8): 201-. Although the model is suitable for large data, the key transfer of the algorithm needs to use RSA (asymmetric encryption algorithm) to encrypt a symmetric key every time, otherwise, the key still does not change regardless of how to perform zigzag replacement, so if the algorithm realizes the situation of one-time pad, the algorithm needs to always use the asymmetric encryption algorithm to transfer the key, which greatly wastes operation time, and the asymmetric encryption algorithm has a large operation amount, which also increases power consumption of the terminal, and is a great disadvantage for the application of NB-IoT.
Yiran Lin; kaige Kang; yue Shi et al propose a radio frequency Based Encryption Model for AES and ECC, see [ Yiran Lin, Kaige Kang, Yue Shi. research on Encryption Model Based on AES and ECC in RFID [ J ].2013International Conference on Computer Sciences and Applications,2013.10:9-13 ], which takes advantage of symmetric and asymmetric Encryption algorithms, encrypts the AES key using the ECC, and authorizes the client to encrypt the system's ECC public key using the ECC private key. This scheme, if applied to NB-IoT, is very vulnerable to energy analysis attacks facing side-channel attacks, and its key delivery still entails time and computational energy consumption if ECC (asymmetric encryption algorithm) is used each time, and if applied to NB-IoT, it will face digital certificate issue for a large number of devices.
Disclosure of Invention
The invention aims to provide a safe hybrid encryption method based on a narrow-band Internet of things, which is used for preventing energy analysis attack and has the advantages of high operation speed and high safety.
In order to achieve the above object, the present invention provides a secure hybrid encryption method based on a narrowband internet of things, including:
s1: carrying out lightweight identity authentication on each terminal and the server, wherein the lightweight identity authentication realizes the identity authentication of the terminal and the transmission of an initial key and an initial IV vector by using unidirectional asymmetric encryption;
s2: after the identity authentication of the terminals is successful, each terminal respectively takes the corresponding initial key and the corresponding initial IV vector as initial parameters, and then encryption communication is carried out between the terminal and the server by adopting a dynamic symmetric encryption and decryption algorithm for multiple times, so that the symmetric encryption and decryption algorithm uses different symmetric keys and different structural parameters during each encryption communication of each terminal.
In step S1, all terminals perform asymmetric encryption on their identity information, initial key, and initial IV vector and send them to the server, the server performs asymmetric decryption and determines whether the terminal identity is legal, and if so, stores the identity information, initial key, and initial IV vector into the database of the server, so that the identity authentication of the terminal is successful, and if not, performs exception handling and retransmission.
The step S1 includes:
s11: each terminal generates a HASH value of the identity information through a HASH algorithm to serve as an identity check code, and the server generates a pair of public keys and private keys of the server by using an asymmetric encryption and decryption algorithm; then, the identity check code is filled into a database of the server in a manual injection mode, and the public key is filled into the terminal;
s12: each terminal generates two groups of random numbers, one group is used as an initial secret key, the other group is used as an initial IV vector, then the terminal packs the identity information, the initial secret key and the initial IV vector into a first data packet, the first data packet generates a HASH value through a HASH algorithm and is used as a first data packet check code, the first data packet is asymmetrically encrypted by the public key to generate a first ciphertext, and the terminal sends the first ciphertext and the first data packet check code to the server;
s13: the server asymmetrically decrypts the first ciphertext by using the private key to obtain a first data packet, then generates a HASH value by using a HASH algorithm completely identical to that of the terminal, verifies the HASH value with the first data packet check code, confirms the integrity of the first data packet if the HASH value is identical to that of the first data packet check code, and retransmits the first data packet if the HASH value is not identical to that of the first data packet check code; after the first data packet is confirmed to be complete, generating a HASH value by the identity information in the first data packet through a HASH algorithm which is completely the same as that of the terminal, verifying the HASH value and the identity verification code, if the HASH value and the identity verification code are in one-to-one correspondence, successfully authenticating the identity of the terminal, and storing the corresponding identity information, the initial secret key and the initial IV vector into a database; and if the identity authentication is inconsistent, the identity authentication of the terminal fails, and exception handling and retransmission are carried out.
In step S13, when exception handling and retransmission are performed, if the authentication of the terminal fails more than three times continuously, the IP is blocked and added to the blacklist, and if the authentication of the terminal fails less than or equal to three times, the terminal enters a retransmission request state.
The symmetric encryption and decryption algorithm is an SM4 block encryption algorithm in a CBC mode, a CFB mode or an OFB mode, and the structural parameters comprise an IV vector and a CK seed matrix.
The structural parameters comprise an IV vector and a CK seed matrix, and the encryption communication is carried out between the terminal and the server by adopting a dynamic symmetric encryption and decryption algorithm, and the method comprises the following steps:
s21: generating a random number of at least 128BIT by a sender, and generating a new symmetric key, a new IV vector and a new CK seed matrix by the initial key, the initial IV vector and the random number; a sender defines unencrypted information to be sent as plaintext, generates a plaintext check code for the plaintext through a hash algorithm, and then generates a second ciphertext by passing the plaintext, the new symmetric key and the new IV vector through a symmetric encryption and decryption algorithm with a new CK seed matrix; packing the identity information of the terminal, the random number, the second ciphertext and the plaintext check code into a second data packet, and sending the second data packet to a receiver;
s22: a receiving party receives the second data packet, firstly, the identity information in the second data packet is used as an index to find a corresponding initial key and an initial IV vector in a database of the second data packet, and the initial key, the initial IV vector and the random number in the second data packet are used together to generate a new symmetric key, a new IV vector and a new CK seed matrix; decrypting the second ciphertext by using a new symmetric key and a new IV vector through a symmetric encryption and decryption algorithm with a new CK seed matrix to obtain the plaintext, generating a HASH value through the plaintext through a HASH algorithm, and verifying the HASH value with a plaintext check code in the second data packet; if the verification fails, exception handling and retransmission are carried out; and if the verification is successful, sending information of successful decryption to the terminal, and transmitting the plaintext to other positions or directly processing the plaintext.
In step S22, after receiving the second packet, the method further includes the steps of: comparing the random number in the second data packet with the random number stored in the previous encryption communication, and if the random number in the stored random number is the same as the random number in the second data packet and the stored corresponding plaintext check code is completely the same as the plaintext check code in the second data packet, finding replay attack and performing exception handling and retransmission; and when exception handling and retransmission are carried out, if the verification fails for more than three times continuously or replay attack is found, the IP is blocked and added into a blacklist, and if the verification fails for less than or equal to three times, a retransmission request state is entered.
The step S21 further includes: the sender destroys the new symmetric key and the new IV vector; and the step S22 further includes: and if the verification is successful, the receiving party destroys the new symmetric key, the new IV vector and the new CK seed matrix, and stores the random number and the corresponding plaintext verification code.
In the steps S21 and S22, the initial key, the initial IV vector and the random number are subjected to a salt parameter varying algorithm to generate a new symmetric key, a new IV vector and a new CK seed matrix, the salt parameter varying algorithm includes:
s1': respectively carrying out XOR on the initial secret key and the initial IV vector with the random number, and generating a new symmetric secret key and a new IV vector through a hash function;
s2': expanding the CK values into 64, arranging the 64 CK values into a matrix with the horizontal length of 16 x 4, and defining the matrix as an original CK matrix;
s3': generating 32 4-system numbers according to the first 64-bit binary number of the random number, and storing the 32 4-system numbers in a first one-dimensional matrix; then generating 32 16-system numbers according to the new IV vector and storing the numbers in a second one-dimensional matrix; and then, taking the first one-dimensional matrix as the abscissa of the original CK matrix and the second one-dimensional matrix as the ordinate thereof to generate a new CK seed matrix.
In step S1, the server sets a key update cycle to N days as needed, and stores a timestamp corresponding to the terminal into the database when the identity authentication of the terminal is first implemented; the safe mixed encryption method based on the narrow-band Internet of things further comprises the step S3: periodically updating the key, specifically including: s31: the server checks the corresponding time stamps of each terminal at idle time every day, and if the key period of a certain terminal exceeds the key updating period N, the time stamp of the terminal is taken as the remainder to obtain a countdown time stamp M; s32: the server sends a key update request to the terminal when the countdown timestamp M returns to zero, and the terminal repeats the step S1 according to the request to re-implement the identity authentication of the terminal and the transmission of the new initial key and the initial IV vector, thereby ensuring the security.
By adopting the technical scheme, compared with the prior art, the invention has the following advantages and positive effects: because the terminals of the narrowband Internet of things do not need to communicate with each other, only need to communicate with the server, and adopt lightweight identity recognition, on the basis of ensuring safety, authentication time and calculation consumption are greatly reduced; a dynamic symmetric encryption and decryption algorithm is adopted, a symmetric key is used for one time, a group of structural parameters are guaranteed for one time, the structural parameters of the algorithm are changed in a nonlinear mode under the condition that the structure of the encryption algorithm is not changed, and the capability of the algorithm for resisting side channel attacks such as energy analysis and the like is improved. In addition, the invention optimizes the key manual key filling, and changes the key manual key filling into the filling of a public key and an identity check code, and the information is all public information and irreversible, thereby greatly reducing the safety risk of manual key filling. The invention enables the novel safe mixed encryption scheme based on the narrow-band Internet of things to be more suitable for low-occupancy under the narrow-band bandwidth, terminal groups with large number of users and low-power consumption and safe continuous guarantee of ultra-long standby time.
Drawings
Fig. 1 is a general flow chart of the secure hybrid encryption method based on the narrowband internet of things of the present invention.
Fig. 2 is a flowchart of lightweight identity authentication in the secure hybrid encryption method based on the narrowband internet of things of the present invention.
Fig. 3 is a flowchart of a dynamic symmetric encryption and decryption algorithm applied after identity authentication in the secure hybrid encryption method based on the narrowband internet of things of the present invention.
Fig. 4 is a detailed diagram of the principle of the salt-type parameter-changing algorithm in the dynamic symmetric encryption/decryption algorithm of the present invention.
Fig. 5 is a flow chart of key update for the dynamic symmetric encryption/decryption algorithm of the present invention.
Detailed Description
The invention will be further illustrated with reference to the following specific examples. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and such equivalents may fall within the scope of the present invention as defined in the appended claims.
As shown in fig. 1, a narrowband internet of things-based secure hybrid encryption method according to an embodiment of the present invention adopts lightweight identity authentication and a dynamic symmetric encryption/decryption algorithm based on a salt parameter-changing algorithm, and includes the following steps:
step S1: and carrying out lightweight identity authentication on each terminal and the server, wherein the lightweight identity authentication realizes the identity authentication of the terminal and the transmission of the initial key and the initial IV vector by using unidirectional asymmetric encryption. The IV vector refers to an initialization vector. Therefore, the multi-terminal only carries out asymmetric encryption forever, the server only carries out asymmetric decryption forever, and the multi-terminal and the server do not carry out asymmetric encryption and decryption simultaneously, so that the operation burden of the terminal and the server is reduced under the condition of ensuring the safety of the multi-terminal and the server.
In step S1, all terminals perform asymmetric encryption on their identity information, initial key, and initial IV vector and send them to the server, the server performs asymmetric decryption and determines whether the terminal identity is legal, and if so, stores the identity information, initial key, and initial IV vector into the database of the server, so that the identity authentication of the terminal is successful, and if not, performs exception handling and retransmission.
As shown in fig. 2, the step S1 specifically includes the following steps:
step S11: each terminal generates a HASH value of the identity information through a HASH algorithm to serve as an identity check code; the server generates a pair of public key and private key of the server by using an asymmetric encryption and decryption algorithm; the identity check code is then filled into the database of the server using manual injection (i.e., by manually filling a secrecy clerk), and the public key of the server is filled into the terminal.
This approach is different from conventional manual injection because the exposed information (public key and id code) is both public and irreversible, which greatly reduces the safety risk of manual injection. Because the private key is owned by the server only and the public key is generated by mathematics difficulty, the public key of the known server cannot be used for obtaining the private key of the server in a reverse pushing mode, and the original information encrypted by the public key cannot be obtained without the private key, so that only the server can unlock the encrypted information generated by multiple terminals, and the public key is completely public information. The identity check code using HASH algorithm is characterized by openness and non-reversibility, so that the original text information is extremely difficult to obtain from the HASH value, i.e. even if the HASH value for obtaining the terminal identity information cannot be obtained by reverse deduction, and the algorithm with the longer HASH value algorithm length is more difficult to realize collision, the more the safety of the algorithm can be ensured. In the known public information: on the basis of the identity check code and the public key, the non-public information is obtained under the condition that the public information is not known: the probability of the identity information and the private key is consistent.
The identity information comprises a user unique identification code and terminal unique hardware information; the hash algorithm can select SHA256, SHA512 and other algorithms; the asymmetric encryption and decryption algorithm is an asymmetric encryption and decryption algorithm which is subjected to international security certification, such as an asymmetric encryption and decryption algorithm like RSA or ECC.
Step S12: each terminal generates two groups of random numbers, one group is used as an initial secret key, the other group is used as an initial IV vector, then the terminal packs the identity information, the initial secret key and the initial IV vector into a first data packet, the first data packet generates a HASH value through a HASH algorithm and is used as a first data packet check code, the first data packet is asymmetrically encrypted by a public key to generate a first ciphertext, and the terminal sends the first ciphertext and the first data packet check code to the server together.
Because the two pairs of random numbers (the initial secret key and the initial IV vector) are subjected to a hash function together with the user unique identification code and the terminal unique hardware information to generate a first data packet check code for integrity check, and are encrypted by the public key to generate a first ciphertext which is transmitted to the server together, the communication times between the terminal and the server are reduced, and the power consumption is saved aiming at the characteristic of the narrow-band Internet of things.
The first data packet comprises { user unique identification code + terminal unique hardware information + initial key + initial IV vector }, and the initial key and the initial IV vector are used for carrying out a symmetric encryption and decryption algorithm subsequently.
The bit number selection of the initial key and the initial IV vector is related to the key length selected by the used symmetric encryption algorithm under the condition of ensuring security and the packet length of the packet encryption algorithm, for example, the symmetric encryption and decryption algorithm of the present invention is the SM4 packet encryption algorithm of CBC mode, the packet length and the key length of the packet encryption algorithm are 128 bits, and then the lengths of two groups of random numbers generated by the terminal self-operation should also be 128 bits, and respectively used as the initial key and the initial IV vector. The packet encryption modes of the SM4 commonly used packet encryption algorithm further include an ECB mode (Electronic Code Book mode), a CBC (Cipher Block Chaining Cipher text packet Chaining mode), a CFB mode (Cipher Feedback mode), and an OFB mode (Output Feedback mode), wherein, in addition to the ECB mode, all of the other three packet encryption modes require IV vector values, so the symmetric encryption and decryption algorithm of the present invention can be replaced by SM4 packet encryption algorithm of the CFB mode or OFB mode, such as SM4-CFB and SM4-OFB packet encryption algorithms, if the three packet encryption algorithms are used, the length of the IV vector changes according to the packet size of the selected packet encryption algorithm; or deleting the information related to the IV vector to replace CBC mode with ECB mode, SM4-ECB packet encryption algorithm, but ECB mode replacement is not recommended because it seriously degrades security.
Step S13: the server asymmetrically decrypts the first ciphertext by using the private key to obtain a first data packet, then generates a HASH value by using a HASH algorithm completely identical to that of the terminal, verifies the HASH value with the first data packet check code, confirms the integrity of the first data packet if the HASH value is identical to that of the first data packet check code, and retransmits the first data packet if the HASH value is not identical to that of the first data packet check code; after the first data packet is confirmed to be complete, generating a HASH value by the identity information in the first data packet through a HASH algorithm which is completely the same as that of the terminal, verifying the value and the identity verification code, if the value and the identity verification code are in one-to-one correspondence, successfully authenticating the identity of the terminal, and storing the corresponding identity information, the initial secret key and the initial IV vector into a database; and if the identity authentication is inconsistent, the identity authentication of the terminal fails, and exception processing and retransmission are carried out.
In step S13, when exception handling and retransmission are performed, if the authentication of the terminal fails more than three times continuously, the IP is blocked and added to the blacklist, and if the authentication of the terminal fails less than or equal to three times, the terminal enters a retransmission request state.
As described above, the identity information includes the user unique identification code and the terminal unique hardware information, which are located in the first data packet; the identity check code refers to an identity check code stored in a database of the server. When the corresponding identity information, the initial key and the initial IV vector are stored in the database, the unique user identification code is used as an index, and query is facilitated.
The lightweight identity authentication of the multi-terminal and server based on the safe mixed encryption method of the narrowband Internet of things simplifies the traditional digital certificate type authentication mode, takes the core content of the authentication mode for identity identification, solves the safety problem of traditional key filling, simultaneously enables the calculation to be simpler on the basis, the terminal only needs to encrypt information by using encryption in an asymmetric algorithm once, and the server only needs to decrypt each terminal once to confirm whether the identity of the terminal is legal or not, thereby greatly saving the operation overhead of the terminal and the server.
Step S2: after the identity authentication of the terminals is successful, each terminal respectively takes the corresponding initial key and the corresponding initial IV vector as initial parameters, and then encryption communication is carried out between the terminal and the server by adopting a dynamic symmetric encryption and decryption algorithm for multiple times, so that the symmetric encryption and decryption algorithm uses different symmetric keys and different structural parameters when each terminal carries out encryption communication, and defense of various attacks such as energy analysis attack, replay attack and the like is carried out.
Wherein, the symmetric encryption and decryption algorithm is an existing SM4 block encryption algorithm of CBC mode (i.e. SM4-CBC block encryption algorithm), and it can also be an SM4 block encryption algorithm of other modes, such as the above mentioned and commonly used CFB mode and OFB mode, but with relative changes, the structural parameters include IV vector and CK seed matrix. After the identity authentication of the terminal is successful, both the server and the terminal already possess the initial secret key and the initial IV vector of the terminal, so the problem of transferring the secret key and the corresponding structural parameters during the first encryption communication is solved. Based on the above, the encrypted communication can be realized by a bidirectional symmetric encryption and decryption algorithm.
Since the symmetric encryption algorithm used in step S2 may be a terminal as the sender and a server as the receiver, or a server as the sender and a terminal as the receiver, the flows and algorithms of the two are completely the same, and only the sender and the receiver are changed.
Fig. 3 is a flow chart of a dynamic symmetric encryption and decryption algorithm. Taking the example that a terminal is used as a sender to send encrypted information, and a server is used as a receiver to receive and decrypt the information, the method adopts a dynamic symmetric encryption and decryption algorithm to carry out encryption communication between the terminal and the server each time, and comprises the following steps:
step S21: the terminal is used as a sender, the sender generates a random number with at least 128BIT, and a new symmetric key, a new IV vector and a new CK seed matrix are generated by the initial key, the initial IV vector and the random number; a sender defines unencrypted information to be sent as plaintext, generates a plaintext check code for the plaintext through a hash algorithm, and then generates a second ciphertext by passing the plaintext, the new symmetric key and the new IV vector through a symmetric encryption and decryption algorithm with a new CK seed matrix; and packaging the identity information of the terminal, the random number, the second ciphertext and the plaintext check code into a second data packet, and sending the second data packet to a receiver (namely a server). Wherein the identity information and the random number in the second data packet constitute a TOKEN (TOKEN).
The identity information in the second data packet is only the user unique identification code, and the second data packet is { the user unique identification code + the random number + the second ciphertext + the plaintext check code }.
In the present embodiment, the symmetric encryption/decryption algorithm is an existing SM4 packet encryption algorithm. Since the symmetric encryption and decryption algorithm adopted by the invention is the SM4 block encryption algorithm, the CK seed matrix is a fixed parameter seed matrix determining the generation value of the round key in the SM4 block encryption algorithm, and can be applied to the SM4 block encryption algorithm to generate the round key. The round key is a different sub-key used in each iteration of 32 iterations and 1 reverse order iteration of each 128-bit group of data by using the SM4 block encryption algorithm, that is, the round key (32 bits, 32 groups in total), and a change in the CK seed matrix causes a change in the round key of 32 rounds, thereby causing a change in the entire encryption result.
The new IV vector is the IV vector for CBC mode, CFB mode or OFB mode. In the CBC mode, CFB mode or OFB mode of the SM4 block encryption algorithm, a feedback mechanism is added, so a new IV vector is required to provide an initial value for the first round of encryption, and the result of the first round of encryption affects the encryption results of all the following rounds, each group of data is divided into 128 bits during encryption and decryption, that is, the first round of encryption needs to use the new IV vector, a new key and 128 bits of plaintext data to complete encryption to generate 128 bits of ciphertext, the 128 bits of ciphertext is used as the next group of IV vector, until all encryption is completed, and the encryption and decryption processes of the SM4 block encryption mode are completely the same.
Further, the step S21 further includes: the sender destroys the new symmetric key and the new IV vector.
Step S22: a receiving party (namely, a server) receives the second data packet, firstly finds out a corresponding initial key and an initial IV vector in a database of the second data packet by taking the identity information in the second data packet as an index, and generates a new symmetric key, a new IV vector and a new CK seed matrix together with the initial key and the initial IV vector and the random number in the second data packet; decrypting the second ciphertext by using a new symmetric key and a new IV vector through a symmetric encryption and decryption algorithm with a new CK seed matrix to obtain the plaintext, generating a HASH value through the plaintext through a HASH algorithm, and verifying the HASH value with a plaintext check code in the second data packet; if the verification fails, exception handling and retransmission are carried out; and if the verification is successful, sending information of successful decryption to the terminal, and transmitting the plaintext to other positions or directly processing the plaintext.
Further, the step S22 further includes: and if the verification is successful, the receiving party destroys the new symmetric key, the new IV vector and the new CK seed matrix, and stores the random number and the corresponding plaintext verification code.
In step S22, after receiving the second packet, the method further includes the steps of: and comparing the random number in the second data packet with the random number stored in the previous encryption communication, and if the random number in the stored random number is the same as the random number in the second data packet and the stored corresponding plaintext check code is completely the same as the plaintext check code in the second data packet, finding replay attack and performing exception handling and retransmission.
Thus, if the verification fails or a replay attack or the like is found using the same random number, i.e., the verification is unsuccessful, exception handling and retransmission are performed. In step S22, when exception handling and retransmission are performed, if the check fails more than three times or a replay attack is found, the IP is blocked and added to the blacklist, and if the check fails less than or equal to three times, a retransmission request state is entered.
Therefore, for replay attack, if an attacker repeatedly sends intercepted information to a receiver, because the Token in the information contains a random number and a user unique identification code, the random number is at least 128-bit random number, the collision probability is extremely low, if the receiver finds that the attacker repeatedly receives the Token containing the same random number, the attacker can take replay attack, and the attacker can identify a terminal or a server in which the attacker steals the information according to the user unique identification code in the Token and prompt the attacker to stop information sending.
Therefore, the invention adopts the symmetric encryption and decryption algorithm to realize encryption communication, and is more suitable for the transmission of narrow-band Internet of things data because the symmetric encryption and decryption algorithm has high operation speed and low energy consumption. The invention dynamically changes the symmetric key and the structural parameters of the symmetric encryption and decryption algorithm from multiple aspects by dynamically changing the symmetric key and the structural parameters during each encryption communication, ensures the characteristics of no repetition and extremely low collision rate of the key and the algorithm which are changed each time, and thereby defends various attack modes such as energy analysis attack, replay attack and the like. For side channel attack for energy analysis, the basis is to collect a large amount of energy information generated by different plaintext in the encryption process of the same round of key, and then carry out statistical analysis so as to attack the key information; because the structural parameters of the invention comprise an initial IV vector and a CK seed matrix, different new symmetric keys, new IV vectors and new CK seed matrices are generated according to different random numbers in Token in each encryption, so that different round keys are generated.
The dynamic symmetric encryption and decryption algorithm is based on the salt type parameter changing algorithm which is originally invented by the invention, and the random number is used for the salt type parameter changing algorithm. Specifically, in the step S21 and the step S22, the initial key, the initial IV vector and the random number are subjected to a salt parameter changing algorithm to generate a new symmetric key, a new IV vector and a new CK seed matrix. Therefore, the symmetric key and the initial IV vector of the CBC encryption process in each encrypted communication are dynamically changed in a random number and salt adding mode.
The new CK seed matrix can be generated only by adopting an SM4 block encryption algorithm as a basic algorithm of the salt parameter changing algorithm, and other algorithms cannot be adopted to replace the basic algorithm of the salt parameter changing algorithm. But the new symmetric key and the new IV vector generation part can adopt the SM4 block encryption algorithm of the CBC mode as the basic algorithm of the salt parameter-changing algorithm, and can also adopt any other basic algorithm generated by the symmetric key and the IV vector instead of the basic algorithm of the salt parameter-changing algorithm. For example, instead of using the AES256-CFB algorithm, the key is 256 bits in length, the standard AES algorithm is 128 bits in packet length, so the IV vector is 128 bits in length, and the AES256-CFB algorithm can be used as part of the salt argument-changing algorithm to generate a new symmetric key of 256 bits and a new IV vector of 128 bits, but not used to calculate the CK seed matrix.
Fig. 4 is a detailed diagram of the salt parameter change algorithm according to an embodiment of the present invention.
The salt parameter changing algorithm specifically comprises the following steps:
step S1': and performing exclusive OR on the initial key and the initial IV vector with the random number respectively, and generating a new symmetric key and a new IV vector through a hash function respectively.
Because the main characteristics of the hash function are low collision and irreversible, which means that the probability of generating the same value by different plaintext through a hash algorithm is extremely low, and the operation of reversely deducing the plaintext from the hash value needs hundreds of billions of years, the security of regenerating the original secret key and the original IV vector into the hash function by respectively carrying out XOR on the original secret key and the original IV vector and the random number by adopting the salt variable parameter algorithm is extremely high, and the original secret key and the original IV vector are not easy to crack.
In this embodiment, since the SM4 packet encryption algorithm of the CBC mode is used as the basic algorithm of the salt-variant algorithm, that is, a 128-bit initial key is used and the packet length is 128 bits, a 128-bit HASH value generated by performing a HASH function after xoring the 128-bit initial key and a 128-bit random number is used as a new symmetric key; and XOR-ing the 128-bit initial IV vector with a random number and generating a new 128-bit HASH value as a new IV vector through a HASH function. If the strength of the algorithm needs to be improved, the AES256-CFB algorithm can be adopted to replace the basic algorithm of the salt parameter-changing algorithm, a key with a longer length is used, the hash function is changed, and if a 256-bit key is adopted, the hash function is used: SHA256, the generated new key length becomes 256 bits. The step needs flexible length change according to the selected encryption and decryption algorithm, and the patent only explains the condition that the SM4 block encryption algorithm of the CBC mode is used as the basic algorithm of the salt parameter-changing algorithm.
Step S2': the CK values are expanded into 64, and the 64 CK values are arranged into a matrix with the horizontal length of 16 x 4, and the original CK matrix CKA [16] [4] is defined.
Wherein each CK value comprises 4 bytes, the expansion of the CK value being according to an algorithm CKij(4 × i + j) × 7(mod 25), where ckijIs the ith CK value CKiI-0, 1, …, 64; j is 0,1,2, 3. I.e., the ith CK value CKi=(cki,0,cki,1,cki,2,cki,3)。
In this embodiment, the original CK matrix CKA [16] [4] is:
{0x00070e15,0x1c232a31,0x383f464d,0x545b6269,
0x70777e85,0x8c939aa1,0xa8afb6bd,0xc4cbd2d9,
0xe0e7eef5,0xfc030a11,0x181f262d,0x343b4249,
0x50575e65,0x6c737a81,0x888f969d,0xa4abb2b9,
0xc0c7ced5,0xdce3eaf1,0xf8ff060d,0x141b2229,
0x30373e45,0x4c535a61,0x686f767d,0x848b9299,
0xa0a7aeb5,0xbcc3cad1,0xd8dfe6ed,0xf4fb0209,
0x10171e25,0x2c333a41,0x484f565d,0x646b7279,
0x80878e95,0x9ca3aab1,0xb8bfc6cd,0xd4dbe2e9,
0xf0f7fe05,0x0c131a21,0x282f363d,0x444b5259,
0x60676e75,0x7c838a91,0x989fa6ad,0xb4bbc2c9,
0xd0d7dee5,0xecf3fa01,0x080f161d,0x242b3239,
0x40474e55,0x5c636a71,0x787f868d,0x949ba2a9,
0xb0b7bec5,0xccd3dae1,0xe8eff6fd,0x040b1219,
0x20272e35,0x3c434a51,0x585f666d,0x747b8289,
0x90979ea5,0xacb3bac1,0xc8cfd6dd,0xe4ebf2f9}。
step S3': since the random number is 128 bits, the first 64-bit binary number of the random number generates 32 4-ary numbers (i.e. each two bits of the first 64-bit binary number of the random number are converted into a 4-ary number to generate 32 4-ary numbers [ TM ]i]I is more than or equal to 0 and less than or equal to 31) and is stored in the first one-dimensional matrix A; then, 32 16-system numbers are generated according to the new IV vector (namely, the new IV vector is converted into a 2-system number, every four bits are converted into a 16-system number, and 32 16-system numbers [ VM ] are generatedi]I is more than or equal to 0 and less than or equal to 31) is stored in the second one-dimensional matrix B; the first one-dimensional matrix A is then used as the original CK matrix CKA [16]][4]And the second one-dimensional matrix B is used as its ordinate to generate a new CK seed matrix.
The new CK seed matrix contains 32 CK values, [ VM ]i]Is used to select CKA [16]][4]Abscissa of (1) [ TM ]i]The value of (A) is used to select the original CK matrix CKA [16]][4]Ordinate of (1), henceControl in the original CK matrix CKA [16] across the abscissa and the ordinate][4]One value is selected, and the operation is repeated for 32 times to generate a new CK seed matrix.
That is, the new CK seed matrix is formulated as:
CKi=CKA[VMi][TMi],0≤VMi≤15,0≤TMi≤3。
therefore, the CK matrix of the symmetric encryption algorithm is replaced by the new CK seed matrix, the new IV vector is used as the initial value of the symmetric encryption algorithm, the new symmetric key is used as the symmetric key of the symmetric encryption algorithm, the only variable except the plaintext is the random number when the terminal and the server carry out encryption communication each time, and the initial key and the initial IV vector are always in a secret state, so that the salt type variable parameter is realized, namely the parameter in the algorithm is changed by the random number in a salt adding mode, and the safety is improved. The random number is used for generating a new symmetric key (namely a round key) and a new IV vector and influencing the selection of the CK seeds in a linkage manner, so that the collision probability of a new CK seed matrix under the condition of not knowing an initial key and an initial IV vector is
Figure BDA0002456194200000151
The collision probability is extremely low; and the replacement mode is nonlinear replacement, so that the cracking difficulty of an attacker is greatly increased, and even if the same initial key is used, the round keys generated each time are different, so that the ciphertext of each time is different, and the side channel attack means such as energy analysis and the like cannot acquire information for energy analysis.
Further, the present invention may further include step S3: the key update is performed periodically.
Among them, the key update is very important for NB-IoT applications, and since the usage time of the terminal in the NB-IoT device exceeds 10 years on average, the key update should be performed periodically in order to improve the security of the key.
As shown in fig. 5, in the step S1, the server sets a key update period for N days as required, where the value of N is optionally 300-600, and stores the timestamp corresponding to the terminal into the database when the identity authentication of the terminal is first implemented.
And the step S3 specifically includes:
step S31: and the server checks the corresponding time stamps of all the terminals at idle time every day, and if the key period of a certain terminal exceeds the key updating period N, the time stamp of the terminal is taken as the remainder to obtain a countdown time stamp M.
In this embodiment, the timestamp is kept a remainder by mod9, so the resulting countdown timestamp M can only be a number from 0 to 9, which represents the server will perform a key update on day M when the terminal key is found to exceed the period. In addition, the specific value of mod is other than 9, and the value can be reasonably selected according to parameter factors such as the maximum amount of daily update of the server, the number of terminals, the update period and the like.
Step S32: the server sends a key update request to the terminal when the countdown timestamp M returns to zero, and the terminal repeats the step S1 according to the request to re-implement the identity authentication of the terminal and the transmission of the new initial key and the initial IV vector, thereby ensuring the security.
When the repeated specific flow of the step S1 is consistent with the specific flow of the step S1, the terminal performs authentication again according to the lightweight authentication of the above-mentioned step, and if the authentication of the terminal is successful, the corresponding identity information, the initial key and the initial IV vector are stored in the database, and the unique user identifier is used as an index to confirm that the authentication is successful with the terminal; and if the identity authentication of the terminal fails, performing exception handling and retransmission, and stopping the use of the initial key of the terminal.
The above embodiments are merely preferred embodiments of the present invention, which are not intended to limit the scope of the present invention, and various changes may be made in the above embodiments of the present invention. All simple and equivalent changes and modifications made according to the claims and the content of the specification of the present application fall within the scope of the claims of the present patent application. The invention has not been described in detail in order to avoid obscuring the invention.

Claims (6)

1.一种基于窄带物联网的安全混合加密方法,其特征在于,包括以下步骤:1. a security hybrid encryption method based on narrowband Internet of Things, is characterized in that, comprises the following steps: 步骤S1:对各个终端与服务器进行轻量级身份认证,所述轻量级身份认证通过使用单向非对称加密,来实现终端的身份认证以及初始密钥和初始IV向量的传输;Step S1: carry out lightweight identity authentication to each terminal and server, and the lightweight identity authentication realizes the identity authentication of the terminal and the transmission of the initial key and the initial IV vector by using one-way asymmetric encryption; 步骤S2:在终端的身份认证成功后,每个终端分别以各自对应的初始密钥和初始IV向量作为初始参数,多次采用动态的对称加解密算法在所述终端和服务器之间进行加密通信,使得所述对称加解密算法在每个终端的每次加密通信时使用不同的对称密钥和不同的结构参数;Step S2: After the identity authentication of the terminal is successful, each terminal uses the corresponding initial key and the initial IV vector as initial parameters, and uses a dynamic symmetric encryption and decryption algorithm for many times to encrypt communication between the terminal and the server. , so that the symmetric encryption and decryption algorithm uses different symmetric keys and different structural parameters in each encrypted communication of each terminal; 在所述步骤S1中,所有终端对其身份信息、初始密钥和初始IV向量进行非对称加密并发送至服务器,服务器进行非对称解密并确认终端身份是否合法,若合法则将所述身份信息、初始密钥和初始IV向量存入所述服务器的数据库,以使所述终端的身份认证成功,若不合法则进行异常处理与重传;In the step S1, all terminals perform asymmetric encryption on their identity information, initial key and initial IV vector and send them to the server, and the server performs asymmetric decryption and confirms whether the identity of the terminal is legal. , the initial key and the initial IV vector are stored in the database of the server, so that the identity authentication of the terminal is successful, and if it is illegal, abnormal processing and retransmission are carried out; 所述步骤S1包括:The step S1 includes: 步骤S11:每个终端将其身份信息经过散列算法,生成其HASH值,作为身份校验码,服务器使用非对称加解密算法生成服务器的一对公钥和私钥;随后使用人工注入的方式将所述身份校验码灌注到所述服务器的数据库中,并将所述公钥灌注到所述终端中;Step S11: Each terminal generates its HASH value by subjecting its identity information to a hash algorithm, which is used as an identity verification code. The server uses an asymmetric encryption and decryption algorithm to generate a pair of public and private keys of the server; then artificial injection is used. Filling the identity verification code into the database of the server, and filling the public key into the terminal; 步骤S12:每个终端生成两组随机数,一组作为初始密钥,另一组作为初始IV向量,然后终端将所述身份信息、所述初始密钥和所述初始IV向量打包为第一数据包,将该第一数据包经过散列算法生成HASH值并作为第一数据包校验码,并将该第一数据包用所述公钥进行非对称加密以生成第一密文,终端将所述第一密文与所述第一数据包校验码一起发送至所述服务器;Step S12: Each terminal generates two groups of random numbers, one group is used as an initial key, and the other group is used as an initial IV vector, and then the terminal packages the identity information, the initial key and the initial IV vector into a first data packet, the first data packet is subjected to a hash algorithm to generate a HASH value as the first data packet check code, and the first data packet is asymmetrically encrypted with the public key to generate the first ciphertext, the terminal sending the first ciphertext together with the first packet check code to the server; 步骤S13:所述服务器将所述第一密文用所述私钥进行非对称解密,得到第一数据包,然后将其经过与终端完全相同的散列算法生成HASH值,将其与所述第一数据包校验码进行校验,若全部一致则确认该第一数据包的完整性,否则进行重传;当确认第一数据包完整后,将所述第一数据包中的身份信息经过与终端完全相同的散列算法生成HASH值,将其与所述身份校验码进行校验,如果两者一一对应则所述终端的身份认证成功,将对应的身份信息、初始密钥和初始IV向量存入数据库;如果不一致则所述终端的身份认证失败,进行异常处理与重传;Step S13: the server asymmetrically decrypts the first ciphertext with the private key to obtain a first data packet, and then generates a HASH value through the exact same hash algorithm as the terminal, and compares it with the The first data packet check code is verified, and if all are consistent, the integrity of the first data packet is confirmed, otherwise, retransmission is performed; after confirming that the first data packet is complete, the identity information in the first data packet is confirmed. The HASH value is generated by the exact same hash algorithm as that of the terminal, and it is checked with the identity verification code. If the two are in one-to-one correspondence, the identity authentication of the terminal is successful, and the corresponding identity information, initial key and the initial IV vector is stored in the database; if inconsistent, the identity authentication of the terminal fails, and abnormal processing and retransmission are carried out; 所述对称加解密算法为CBC模式、CFB模式或OFB模式的SM4分组加密算法,所述结构参数包括IV向量和CK种子矩阵,采用动态的对称加解密算法在所述终端和服务器之间进行加密通信,包括:The symmetric encryption and decryption algorithm is the SM4 block encryption algorithm of CBC mode, CFB mode or OFB mode, and the structural parameters include an IV vector and a CK seed matrix, and a dynamic symmetric encryption and decryption algorithm is used to encrypt between the terminal and the server. communications, including: 步骤S21:由发送方生成一个至少128BIT的随机数,将所述初始密钥、初始IV向量与所述随机数一起生成新的对称密钥、新的IV向量以及新的CK种子矩阵;发送方将待发送的未加密信息定义为明文,对所述明文经过散列算法生成明文校验码,再将所述明文、所述新的对称密钥和所述新的IV向量经过带有新的CK种子矩阵的对称加解密算法,生成第二密文;将所述终端的身份信息、所述随机数、所述第二密文和所述明文校验码打包为第二数据包,发送至接收方;Step S21: a random number of at least 128BIT is generated by the sender, and a new symmetric key, a new IV vector and a new CK seed matrix are generated by the initial key, the initial IV vector and the random number; the sender Define the unencrypted information to be sent as plaintext, generate a plaintext check code for the plaintext through a hash algorithm, and then pass the plaintext, the new symmetric key and the new IV vector with a new The symmetric encryption and decryption algorithm of the CK seed matrix generates the second ciphertext; the identity information of the terminal, the random number, the second ciphertext and the plaintext check code are packaged into a second data packet, and sent to receiver; 步骤S22:接收方收到所述第二数据包,先以所述第二数据包中的身份信息为索引在其数据库中找到对应的初始密钥和初始IV向量,将所述初始密钥、初始IV向量与所述第二数据包中的随机数一起生成新的对称密钥、新的IV向量以及新的CK种子矩阵;将所述第二密文用新的对称密钥、新的IV向量经过带有新的CK种子矩阵的对称加解密算法进行解密以获得所述明文,再将所述明文经过散列算法生成HASH值,将其与所述第二数据包中的明文校验码进行校验;如果校验失败则进行异常处理与重传;如果校验成功,向终端发送解密成功的信息,将明文传至其他位置或者直接进行处理。Step S22: The receiver receives the second data packet, first uses the identity information in the second data packet as an index to find the corresponding initial key and initial IV vector in its database, and uses the initial key, The initial IV vector and the random number in the second data packet generate a new symmetric key, a new IV vector and a new CK seed matrix; use the new symmetric key, new IV for the second ciphertext The vector is decrypted by a symmetric encryption and decryption algorithm with a new CK seed matrix to obtain the plaintext, and then the plaintext is subjected to a hash algorithm to generate a HASH value, which is compared with the plaintext check code in the second data packet. Perform verification; if the verification fails, perform exception processing and retransmission; if the verification succeeds, send the decryption successful information to the terminal, and transmit the plaintext to another location or directly process it. 2.根据权利要求1所述的基于窄带物联网的安全混合加密方法,其特征在于,在所述步骤S13中,在进行异常处理与重传时,若所述终端的身份认证连续失败超过三次则封锁IP并加入黑名单,若所述终端的身份认证失败小于等于三次则进入请求重传状态。2. The security hybrid encryption method based on the narrowband Internet of Things according to claim 1, is characterized in that, in described step S13, when carrying out abnormal processing and retransmission, if the identity authentication of described terminal fails continuously more than three times The IP is blocked and added to the blacklist, and if the identity authentication failure of the terminal is less than or equal to three times, it enters the retransmission request state. 3.根据权利要求1所述的基于窄带物联网的安全混合加密方法,其特征在于,在所述步骤S22中,在收到所述第二数据包后,还包括步骤:将所述第二数据包中的随机数与之前加密通信时存储的随机数进行比对,若存储的随机数中存在随机数与第二数据包中的随机数相同,且存储的对应的明文校验码与所述第二数据包中的明文校验码完全相同,则发现重放攻击,进行异常处理与重传;且在进行异常处理与重传时,如校验连续失败超过三次或发现重放攻击,则封锁IP并加入黑名单,若校验失败小于等于三次则进入请求重传状态。3. The security hybrid encryption method based on the narrowband Internet of Things according to claim 1, characterized in that, in the step S22, after receiving the second data packet, further comprising the step of: encrypting the second data packet The random number in the data packet is compared with the random number stored in the previous encrypted communication. If the random number in the stored random number is the same as the random number in the second data packet, and the corresponding plaintext check code stored is the same as the one in the second data packet. If the plaintext verification codes in the second data packet are exactly the same, then a replay attack is found, and exception processing and retransmission are performed; and during exception processing and retransmission, if verification fails for more than three consecutive times or a replay attack is found, Then block the IP and add it to the blacklist. If the verification fails less than or equal to three times, it will enter the request retransmission state. 4.根据权利要求1所述的基于窄带物联网的安全混合加密方法,其特征在于,所述步骤S21还包括:发送方将新的对称密钥和新的IV向量销毁;4. The secure hybrid encryption method based on the narrowband Internet of Things according to claim 1, wherein the step S21 further comprises: the sender destroys the new symmetric key and the new IV vector; 且所述步骤S22还包括:如果校验成功,接收方销毁新的对称密钥,新的IV向量和新的CK种子矩阵,并将所述随机数和对应的明文校验码存储。And the step S22 further includes: if the verification is successful, the receiver destroys the new symmetric key, the new IV vector and the new CK seed matrix, and stores the random number and the corresponding plaintext verification code. 5.根据权利要求1所述的基于窄带物联网的安全混合加密方法,其特征在于,在所述步骤S21和所述步骤S22中,所述初始密钥、初始IV向量与所述随机数一起经过一盐式变参算法来生成新的对称密钥、新的IV向量以及新的CK种子矩阵,所述盐式变参算法包括:5. The secure hybrid encryption method based on the narrowband Internet of Things according to claim 1, characterized in that, in the step S21 and the step S22, the initial key, the initial IV vector and the random number together A new symmetric key, a new IV vector and a new CK seed matrix are generated through a salt variable parameter algorithm. The salt variable parameter algorithm includes: 步骤S1’:将初始密钥和初始IV向量分别与所述随机数进行异或,再分别经过散列函数,生成新的对称密钥与新的IV向量;Step S1': XOR the initial key and the initial IV vector with the random number respectively, and then pass through the hash function respectively to generate a new symmetric key and a new IV vector; 步骤S2’:将CK值扩充为64个,并将64个CK值排列为横纵 16*4 的矩阵,定义为原始CK矩阵;Step S2': expand the CK value to 64, and arrange the 64 CK values into a horizontal and vertical 16*4 matrix, which is defined as the original CK matrix; 步骤S3’:根据所述随机数的前64位二进制数生成32个4进制数,并存贮在第一一维矩阵中;然后根据所述新的IV向量生成32个16进制数,存贮在第二一维矩阵中;随后以所述第一一维矩阵作为所述原始CK矩阵的横坐标,所述第二一维矩阵作为其纵坐标,生成一个新的CK种子矩阵。Step S3': generate 32 hexadecimal numbers according to the first 64 binary digits of the random number, and store them in the first one-dimensional matrix; then generate 32 hexadecimal numbers according to the new IV vector, Stored in the second one-dimensional matrix; and then using the first one-dimensional matrix as the abscissa of the original CK matrix and the second one-dimensional matrix as its ordinate to generate a new CK seed matrix. 6.根据权利要求1所述的基于窄带物联网的安全混合加密方法,其特征在于,在所述步骤S1中,服务器按实际需要设定密钥更新周期为N天,并在第一次实现终端的身份认证时将该终端对应的时间戳存入至数据库中;6. The security hybrid encryption method based on narrowband Internet of Things according to claim 1, is characterized in that, in described step S1, the server sets the key update cycle as N days according to actual needs, and realizes for the first time When the terminal is authenticated, the timestamp corresponding to the terminal is stored in the database; 所述基于窄带物联网的安全混合加密方法还包括步骤S3:周期性地进行密钥更新,具体包括:The method for secure hybrid encryption based on the narrowband Internet of Things further includes step S3: periodically performing key update, specifically including: 步骤S31:服务器每天在空闲时间检查各个终端对应的时间戳,若发现某终端的密钥周期超过密钥更新周期N时,将该终端的时间戳取余数,得到倒计时时间戳M;Step S31: the server checks the time stamps corresponding to each terminal in idle time every day, and if it is found that the key period of a certain terminal exceeds the key update period N, the remainder of the time stamp of the terminal is taken to obtain a countdown time stamp M; 步骤S32:服务器在倒计时时间戳M归零时向该终端发送密钥更新请求,该终端根据该请求重复所述步骤S1,以重新实现终端的身份认证以及新的初始密钥和初始IV向量的传输,进而保障安全。Step S32: The server sends a key update request to the terminal when the countdown time stamp M returns to zero, and the terminal repeats the step S1 according to the request to re-implement the terminal's identity authentication and the new initial key and the initial IV vector. transmission to ensure security.
CN202010307202.6A 2020-04-17 2020-04-17 A Secure Hybrid Encryption Method Based on Narrowband Internet of Things Active CN111541677B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010307202.6A CN111541677B (en) 2020-04-17 2020-04-17 A Secure Hybrid Encryption Method Based on Narrowband Internet of Things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010307202.6A CN111541677B (en) 2020-04-17 2020-04-17 A Secure Hybrid Encryption Method Based on Narrowband Internet of Things

Publications (2)

Publication Number Publication Date
CN111541677A CN111541677A (en) 2020-08-14
CN111541677B true CN111541677B (en) 2021-08-13

Family

ID=71975043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010307202.6A Active CN111541677B (en) 2020-04-17 2020-04-17 A Secure Hybrid Encryption Method Based on Narrowband Internet of Things

Country Status (1)

Country Link
CN (1) CN111541677B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112053476A (en) * 2020-09-08 2020-12-08 四川铁集共联科技股份有限公司 Encryption method and system based on intelligent lock and mobile phone terminal
CN112487408B (en) * 2020-12-24 2022-08-23 潍柴动力股份有限公司 Safe access method and system for in-vehicle ECU and storage medium
CN113114654B (en) * 2021-04-06 2022-10-18 中科美络科技股份有限公司 Terminal equipment access security authentication method, device and system
CN113766499A (en) * 2021-08-17 2021-12-07 河北汉光重工有限责任公司 Underwater movable equipment wireless encryption communication method based on improved SM4 algorithm
CN113992361B (en) * 2021-10-09 2024-10-25 南京理工大学 Balance method for calculating power and resource consumption
CN114338431B (en) * 2021-12-29 2024-08-20 锐捷网络股份有限公司 Identity registration method, device and system
CN114553531A (en) * 2022-02-22 2022-05-27 深圳市明泰智能技术有限公司 Plug-in authorization method
CN114513786A (en) * 2022-04-19 2022-05-17 国网天津市电力公司电力科学研究院 5G feeder automation access control method, device and medium based on zero trust
CN115021982A (en) * 2022-05-19 2022-09-06 上海欧冶金融信息服务股份有限公司 Encryption and decryption method and medium based on quotient secret algorithm SM4
CN115102745B (en) * 2022-06-16 2023-10-27 慧之安信息技术股份有限公司 Lightweight-based terminal identity security authentication method for Internet of things
CN115001864B (en) * 2022-07-27 2023-03-10 深圳市西昊智能家具有限公司 Communication authentication method and device for intelligent furniture, computer equipment and storage medium
CN115277030B (en) * 2022-09-29 2022-12-30 国网江西省电力有限公司电力科学研究院 Key exchange method for light-weight security authentication of narrowband Internet of things
CN116321129B (en) * 2023-03-23 2024-03-29 广东电力交易中心有限责任公司 Lightweight dynamic key-based power transaction private network communication encryption method
CN117411727B (en) * 2023-12-14 2024-02-20 山东省大数据中心 Encryption method, device and storage medium for symmetric encryption of communication transmission

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107730669A (en) * 2017-09-12 2018-02-23 深圳市微开互联科技有限公司 Access control method, system and computer-readable recording medium
CN108696591A (en) * 2018-05-16 2018-10-23 成都甄识科技有限公司 Intelligent home gateway control system based on NB-IOT and its access method
CN108989318A (en) * 2018-07-26 2018-12-11 中国电子科技集团公司第三十研究所 A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things
CN108989309A (en) * 2018-07-16 2018-12-11 苏州大学张家港工业技术研究院 Encryption communication method and its encrypted communication device based on narrowband Internet of Things
CN109963279A (en) * 2019-03-08 2019-07-02 中国科学院上海微系统与信息技术研究所 A Hybrid Encryption Method Applied in Dynamic Ad Hoc Network
CN110012467A (en) * 2019-04-18 2019-07-12 苏州博联科技有限公司 The packet authentication method of narrowband Internet of Things
WO2019246206A1 (en) * 2018-06-20 2019-12-26 Iot And M2M Technologies, Llc An ecdhe key exchange for server authentication and a key server
CN110753344A (en) * 2019-11-04 2020-02-04 信联科技(南京)有限公司 NB-IoT-based smart meter secure access system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10779144B2 (en) * 2016-12-30 2020-09-15 Electronics And Telecommunications Research Institute Method and apparatus for transmitting downlink data and uplink data in NB-IoT system
US10972463B2 (en) * 2018-06-06 2021-04-06 Cisco Technology, Inc. Blockchain-based NB-IoT devices

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107730669A (en) * 2017-09-12 2018-02-23 深圳市微开互联科技有限公司 Access control method, system and computer-readable recording medium
CN108696591A (en) * 2018-05-16 2018-10-23 成都甄识科技有限公司 Intelligent home gateway control system based on NB-IOT and its access method
WO2019246206A1 (en) * 2018-06-20 2019-12-26 Iot And M2M Technologies, Llc An ecdhe key exchange for server authentication and a key server
CN108989309A (en) * 2018-07-16 2018-12-11 苏州大学张家港工业技术研究院 Encryption communication method and its encrypted communication device based on narrowband Internet of Things
CN108989318A (en) * 2018-07-26 2018-12-11 中国电子科技集团公司第三十研究所 A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things
CN109963279A (en) * 2019-03-08 2019-07-02 中国科学院上海微系统与信息技术研究所 A Hybrid Encryption Method Applied in Dynamic Ad Hoc Network
CN110012467A (en) * 2019-04-18 2019-07-12 苏州博联科技有限公司 The packet authentication method of narrowband Internet of Things
CN110753344A (en) * 2019-11-04 2020-02-04 信联科技(南京)有限公司 NB-IoT-based smart meter secure access system

Also Published As

Publication number Publication date
CN111541677A (en) 2020-08-14

Similar Documents

Publication Publication Date Title
CN111541677B (en) A Secure Hybrid Encryption Method Based on Narrowband Internet of Things
Buttyan et al. Security and cooperation in wireless networks: thwarting malicious and selfish behavior in the age of ubiquitous computing
US11552787B2 (en) Key exchange schemes with addressable elements
JP5307191B2 (en) System and method for secure transaction of data between a wireless communication device and a server
US7457411B2 (en) Information security via dynamic encryption with hash function
EP2361462B1 (en) Method for generating an encryption/decryption key
Saxena et al. Dynamic secrets and secret keys based scheme for securing last mile smart grid wireless communication
CN105939191A (en) Client secure deduplication method of ciphertext data in cloud storage
CN104023013A (en) Data transmission method, server side and client
CN112737764B (en) Lightweight multi-user multi-data all-homomorphic data encryption packaging method
CN110999202A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
CN112713995A (en) Dynamic communication key distribution method and device for terminal of Internet of things
CN117675285A (en) Identity verification method, chip and equipment
CN115242392B (en) Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN114844630B (en) An Internet of Things terminal authentication method and system based on random encryption
Jin et al. HMACCE: establishing authenticated and confidential channel from historical data for industrial internet of things
US20180287796A1 (en) Security key hopping
CN118214558B (en) Data circulation processing method, system, device and storage medium
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption
Luring et al. Analysis of security features in DLMS/COSEM: Vulnerabilities and countermeasures
CN114793167A (en) Network coding method, system and device based on block encryption and threshold sharing
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
CN113676448A (en) Off-line equipment bidirectional authentication method and system based on symmetric key
CN111800784A (en) Block chain cloud service system based on cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant