CN112291783B - Text authentication method and system, transmitting end and receiving end - Google Patents
Text authentication method and system, transmitting end and receiving end Download PDFInfo
- Publication number
- CN112291783B CN112291783B CN202011175694.4A CN202011175694A CN112291783B CN 112291783 B CN112291783 B CN 112291783B CN 202011175694 A CN202011175694 A CN 202011175694A CN 112291783 B CN112291783 B CN 112291783B
- Authority
- CN
- China
- Prior art keywords
- authentication
- authentication period
- message
- current
- period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004364 calculation method Methods 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 10
- 230000003139 buffering effect Effects 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 3
- 230000003111 delayed effect Effects 0.000 claims 2
- 238000010586 diagram Methods 0.000 description 8
- 230000003416 augmentation Effects 0.000 description 7
- 238000007906 compression Methods 0.000 description 5
- 230000006835 compression Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18513—Transmission in a satellite or space-based system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18515—Transmission equipment in satellites or space-based relays
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18517—Transmission equipment in earth stations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a message authentication method and system, a transmitting end and a receiving end, which are applied to the technical field of satellite navigation, wherein a message transmitted in each authentication period comprises an authentication MAC value of a current authentication period, a key of a previous authentication period and an enhanced message, the receiving end calculates a to-be-authenticated MAC value of the previous authentication period according to the key of the previous authentication period and the enhanced message, then acquires the authentication MAC value of the previous authentication period cached in the receiving end, the receiving end judges the authenticity of the received key of the previous authentication period and the enhanced message in the current authentication period, if the received to-be-authenticated MAC value is true, the to-be-authenticated MAC value obtained by calculation of the key of the previous authentication period and the enhanced message is identical with the authentication MAC value of the previous authentication period cached in the receiving end, and if the received to-be-authenticated MAC value is not true, malicious attack of the receiving end by other people can be prevented, and the receiving end is prevented from being influenced by the forged message.
Description
Technical Field
The application relates to the technical field of satellite navigation, in particular to a text authentication method and system, a transmitting end and a receiving end.
Background
A Satellite-based augmentation system (SBAS, satellite-Based Augmentation System) is a wide-area augmentation system that utilizes geostationary orbit (GEO) satellites as a communication medium to provide differential corrections and integrity information to users. The satellite-based augmentation system processes satellite signals of the ground station, calculates various correction parameters and integrity information, and broadcasts the information to users through geostationary orbit satellites. The most important function is to provide integrity information to ensure the safety of the aviation user.
The aim of the star-based enhancement system is to meet the requirements of the navigation system from the course flight stage to the vertical guiding precise approach stage of civil aviation, and the navigation system relates to the field of life safety, so that the accuracy of information sources broadcast by the star-based enhancement system is particularly important. The broadcast signal of the SBAS system adopts a public signal format, so that the risk of deception attack exists; meanwhile, the SBAS provides differential and integrity service-dependent SBAS navigation messages, and the SBAS navigation message is tampered aiming at the SBAS user deception mode, so that a great challenge is provided for enhancing the security of the SBAS navigation.
Disclosure of Invention
The application mainly aims to provide a message authentication method and system, a sending end and a receiving end, which can resist spoofing attacks.
In order to achieve the above object, a first aspect of the present application provides a message authentication method, applied to a transmitting end, where the transmitting end stores a key and an enhanced message of a previous authentication period, including:
and in each authentication period, sending an SBAS message to a receiving end, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a last authentication period and an enhanced message, so that the receiving end calculates an MAC value to be authenticated of the last authentication period according to the key of the last authentication period and the enhanced message, acquires the authentication MAC value of the last authentication period, judges whether the MAC value to be authenticated of the last authentication period is consistent with the authentication MAC value of the last authentication period, and if so, the authentication is successful.
Optionally, before sending the SBAS message to the receiving end, the method includes:
in the current authentication period, receiving and processing differential positioning data and integrity information broadcasted by a navigation satellite;
Calculating the differential positioning data and the integrity information to generate an enhanced message of the current authentication period;
Acquiring a current secret key;
Performing SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period;
Taking the current secret key as the secret key of the previous authentication period, and acquiring the secret key and the enhanced message of the previous authentication period;
And generating the SBAS message of the current authentication period according to the authentication MAC value of the previous authentication period, the key of the previous authentication period and the enhanced message.
Optionally, after the sending the SBAS message to the receiving end, the method includes:
And storing the enhanced message and the secret key of the current authentication period to generate the SBAS message of the previous authentication period according to the enhanced message and the secret key of the current authentication period when the current authentication period is the same.
A second aspect of the embodiment of the present application provides an authentication MAC value applied to a receiving end, where the receiving end stores an authentication MAC value of a previous authentication period, and the method includes:
Receiving an SBAS message, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a last authentication period and an enhanced message;
Calculating the MAC value to be authenticated in the previous authentication period according to the key and the enhanced message in the previous authentication period;
acquiring an authentication MAC value of the last authentication period;
and judging whether the MAC value to be authenticated in the last authentication period is consistent with the authentication MAC value in the last authentication period, and if so, successful authentication is achieved.
Optionally, the calculating the MAC value to be authenticated in the previous authentication period according to the key and the enhanced message in the previous authentication period includes:
And calculating the MAC value to be authenticated in the last authentication period according to the key and the enhanced message of the last authentication period included in the SBAS message by using an SM3 hash algorithm.
Optionally, after receiving the SBAS message, the method includes:
And storing the authentication MAC value of the current authentication period to judge whether the MAC value to be authenticated of the current authentication period is consistent with the authentication MAC value of the current authentication period or not when the current authentication period is the last authentication period.
Optionally, after calculating the MAC value to be authenticated in the previous authentication period according to the key and the enhanced message in the previous authentication period, the method includes:
and the key of the last authentication period is revoked.
A third aspect of an embodiment of the present application provides a transmitting end, including:
The first storage module is used for storing the secret key and the enhanced text of the last authentication period;
The first sending module is configured to send an SBAS message to a receiving end in each authentication period, where the SBAS message includes an authentication MAC value of a current authentication period, a key of a previous authentication period, and an enhanced message, so that the receiving end calculates a MAC value to be authenticated of the previous authentication period according to the key of the previous authentication period and the enhanced message, obtains the authentication MAC value of the previous authentication period, and determines whether the authentication MAC value to be authenticated of the previous authentication period is consistent with the authentication MAC value of the previous authentication period, if so, authentication is successful.
A fourth aspect of an embodiment of the present application provides a receiving end, including:
the second storage module is used for storing the authentication MAC value of the last authentication period;
The second receiving module is used for receiving an SBAS message, wherein the SBAS message comprises an authentication MAC value of the current authentication period, a key of the last authentication period and an enhanced message;
The third calculation module is used for calculating the MAC value to be authenticated in the last authentication period according to the key and the enhanced message in the last authentication period;
a third obtaining module, configured to obtain an authentication MAC value of the previous authentication period;
And the judging module is used for judging whether the MAC value to be authenticated in the last authentication period is consistent with the MAC value to be authenticated in the last authentication period, and if so, the authentication is successful.
A fourth aspect of the embodiment of the present application provides a text authentication system, including a transmitting end provided in the third aspect of the embodiment of the present application, a GEO satellite, and a receiving end provided in the fourth aspect of the embodiment of the present application;
the transmitting end is used for transmitting SBAS message to the GEO satellite
The GEO satellite forwards the SBAS message to the receiving end;
the receiving end is used for receiving the SBAS message sent by the GEO satellite.
As can be seen from the above embodiments of the present application, in the method, system, sending end, and receiving end for message authentication provided in the present application, the message sent in each authentication period includes the authentication MAC value of the current authentication period, the key of the previous authentication period, and the enhanced message, the receiving end calculates the MAC value to be authenticated of the previous authentication period according to the key of the previous authentication period and the enhanced message, and then obtains the authentication MAC value of the previous authentication period cached in the receiving end, and the receiving end determines the authenticity of the received key of the previous authentication period and the enhanced message in the current authentication period, if the received authentication MAC value is true, the calculated MAC value to be authenticated of the previous authentication period and the received authentication MAC value of the previous authentication period cached in the receiving end are inconsistent, so as to prevent malicious attacks on the receiving end by others, and prevent others from attempting to affect the receiving end by using forged messages.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are necessary for the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application and that other drawings may be obtained from them without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a method for sender text authentication according to an embodiment of the present application;
fig. 2 is a flow chart of a method for receiving-end text authentication according to an embodiment of the present application;
Fig. 3 is a schematic structural diagram of a transmitting end according to an embodiment of the present application;
Fig. 4 is a schematic structural diagram of a receiving end according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a message authentication system according to an embodiment of the present application;
FIG. 6 is a schematic diagram of an SBAS message according to one embodiment of the present application;
Fig. 7 is a schematic diagram of SBAS message generation, distribution and authentication sequence according to an embodiment of the present application.
Detailed Description
In order to make the application object, feature and advantage of the present application more obvious and understandable, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, fig. 1 is a flowchart of a message authentication method for a transmitting end, which is provided in an embodiment of the present application, and the method can be applied to a transmitting end, wherein the transmitting end is a Satellite based augmentation system (SBAS, satellite-Based Augmentation System) information transmitting end, and the transmitting end stores a key and an augmentation message of a previous authentication period, and the method mainly includes the following steps:
S101, in each authentication period, sending an SBAS message to a receiving end, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a last authentication period and an enhanced message, so that the receiving end calculates an MAC value to be authenticated of the last authentication period according to the key of the last authentication period and the enhanced message, acquires the authentication MAC value of the last authentication period, judges whether the MAC value to be authenticated of the last authentication period is consistent with the authentication MAC value of the last authentication period, and if so, the authentication is successful.
The SBAS text also comprises an OTAR part, wherein the OTAR part comprises the contents of a current key chain root key, a digital certificate, a key expiration description and the like.
In one embodiment of the present disclosure, before step S101, the method includes: in the current authentication period, receiving and processing differential positioning data and integrity information broadcasted by a navigation satellite; calculating the differential positioning data and the integrity information to generate an enhanced message of the current authentication period; acquiring a current secret key; carrying out SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period; taking the current secret key as the secret key of the previous authentication period, and acquiring the secret key and the enhanced message of the previous authentication period; and generating the SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message.
In one embodiment of the present disclosure, after step S101, it includes:
And storing the enhanced message and the secret key of the current authentication period to generate the SBAS message of the previous authentication period according to the enhanced message and the secret key of the current authentication period when the current authentication period is the same.
In the present disclosure, the message sent in each authentication period includes an authentication MAC value of the current authentication period, a key of the previous authentication period, and an enhanced message, so that the receiving end can calculate a MAC value to be authenticated of the previous authentication period according to the key of the previous authentication period and the enhanced message, and then acquire the authentication MAC value of the previous authentication period cached in the receiving end, so that the receiving end determines the authenticity of the received key of the previous authentication period and the enhanced message in the current authentication period, if the received MAC value is true, the calculated MAC value to be authenticated of the key of the previous authentication period and the enhanced message is consistent with the authentication MAC value of the previous authentication period cached in the receiving end, if the calculated MAC value is not true, the calculated MAC value is inconsistent, thereby preventing malicious attack on the receiving end by others, and avoiding others from attempting to affect the receiving end by using the forged message.
Referring to fig. 2, fig. 2 is a flowchart of a method for receiving-end message authentication according to an embodiment of the present application, the method can be applied to a receiving end, the receiving end is a receiver of a user end, the receiving end stores an authentication MAC value of a previous authentication period, and the method mainly includes the following steps:
S201, receiving an SBAS message, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a last authentication period and an enhanced message;
S202, calculating the MAC value to be authenticated in the last authentication period according to the key and the enhanced message in the last authentication period;
s203, acquiring an authentication MAC value of the last authentication period;
S204, judging whether the MAC value to be authenticated in the last authentication period is consistent with the MAC value to be authenticated in the last authentication period, and if so, successful authentication is achieved.
More, if the received SBAS message is inconsistent, the authentication is failed, the receiving end may be fake message, the received SBAS message can be stopped, and alarm information is sent.
More, in step S202, the SM3 hash algorithm is used to calculate the MAC value to be authenticated in the last authentication period according to the key and the enhanced message in the last authentication period included in the SBAS message.
In one embodiment of the present disclosure, after step S201, it includes:
And storing the authentication MAC value of the current authentication period to judge whether the to-be-authenticated MAC value of the current authentication period is consistent with the authentication MAC value of the current authentication period when the current authentication period is the last authentication period.
In one embodiment of the present disclosure, after step S202, it includes: the key of the last authentication period is revoked. The key is revoked, and the key is disabled and cannot be used to generate the MAC value to be authenticated. The situation that an attacker uses the secret key to forge the SBAS message to be sent to a receiving end is avoided.
In the disclosure, an SBAS message is received, where the SBAS message includes an authentication MAC value of a current authentication period, a key of a previous authentication period, and an enhanced message, according to the key of the previous authentication period and the enhanced message included in the SBAS message, a to-be-authenticated MAC value of the previous authentication period is calculated, an authentication MAC value of the previous authentication period is obtained, whether the to-be-authenticated MAC value of the previous authentication period is consistent with the authentication MAC value of the previous authentication period is judged, if so, authentication is successful, it is indicated that the received SBAS message is sent by a sender, if not, authentication is failed, it is indicated that the SBAS message is not sent by the sender, and possibly is a counterfeit message, so that malicious attack of a receiver by others can be prevented, and the receiver is prevented from being attempted to be affected by using the counterfeit message.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a transmitting end provided by an embodiment of the present application, where the transmitting end is a transmitting end of satellite-based enhanced system information, and the transmitting end includes:
A first storage module 301, configured to store a key and an enhanced text of a previous authentication period;
And the first sending module 302 is configured to send, in each authentication period, an SBAS message to the receiving end, where the SBAS message includes an authentication MAC value of a current authentication period, a key of a previous authentication period, and an enhanced message, so that the receiving end calculates, according to the key and the enhanced message of the previous authentication period, a MAC value to be authenticated of the previous authentication period, obtains an authentication MAC value of the previous authentication period, and determines whether the MAC value to be authenticated of the previous authentication period is consistent with the authentication MAC value of the previous authentication period, and if so, the authentication is successful.
In one embodiment of the present disclosure, the transmitting end further includes:
The first receiving module is used for receiving and processing the differential positioning data and the integrity information broadcasted by the navigation satellite in the current authentication period; the first calculation module is used for calculating the differential positioning data and the integrity information and generating an enhanced message of the current authentication period; the first acquisition module is used for acquiring the current secret key; the second calculation module is used for carrying out SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period; the second acquisition module is used for taking the current secret key as the secret key of the previous authentication period to acquire the enhanced message of the previous authentication period; and the generation module is used for generating the SBAS message of the current authentication period according to the authentication MAC value of the current authentication period and the enhanced message of the previous authentication period.
In one embodiment of the present disclosure, the storage module 301 is specifically configured to store the enhanced message and the key of the current authentication period, so as to generate the SBAS of the previous authentication period according to the enhanced message of the current authentication period when the current authentication period is performed.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a receiving end provided in an embodiment of the present application, where the receiving end is a receiver of a user end, and the receiving end includes:
a second storage module 401, configured to store an authentication MAC value of a previous authentication period;
A second receiving module 402, configured to receive an SBAS message, where the SBAS message includes an authentication MAC value of a current authentication period, a key of a previous authentication period, and an enhanced message;
A third calculation module 403, configured to calculate a MAC value to be authenticated in the previous authentication period according to the key and the enhanced message in the previous authentication period;
a third obtaining module 404, configured to obtain an authentication MAC value of the previous authentication period;
and the judging module 405 is configured to judge whether the MAC value to be authenticated in the previous authentication period is consistent with the MAC value to be authenticated in the previous authentication period, and if so, the authentication is successful.
In one embodiment of the present disclosure, the third calculation module 403 is specifically configured to calculate, using the SM3 hash algorithm, the MAC value to be authenticated in the last authentication period according to the key and the enhanced message of the last authentication period included in the SBAS message.
In one embodiment of the present disclosure, the second storage module is further configured to store an authentication MAC value of the current authentication period, so as to determine, when the current authentication period is the last authentication period, whether the MAC value to be authenticated of the current authentication period and the authentication MAC value of the current authentication period are consistent.
In one embodiment of the present disclosure, the receiving end further includes: and the revocation module is used for revoke the key of the last authentication period after calculating the MAC value to be authenticated of the last authentication period.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a message authentication system according to an embodiment of the present application, where the message authentication system includes a transmitting end 501, a GEO satellite 502, and a receiving end 503. Specifically, the transmitting end 501 is configured to transmit an SBAS message to the GEO satellite 502. The GEO satellite 502 forwards the SBAS message to the receiving terminal 503; and a receiving end 503, configured to receive the SBAS message sent by the GEO satellite 502.
The GEO satellite is a geostationary orbit satellite.
Specifically, in the present disclosure, the generation flow of the authentication MAC value is:
Packet processing: the SM3 hash algorithm processes messages with the length not exceeding 264 bits according to 512bit groups, and finally compresses the messages into a 256-bit digest value.
Message extension: each message block of length 512 bits is divided into 16 words 16 Word message/>, according to algorithm definitionExpanded into 132 words: /(I)
And a compression module: the words generated in the expansion module are fed into the compression module, which is also the core module of the overall algorithm. The module uses 8 32bit register variables A, B, C, D, E, F, G, H, whose initial values areEach compression module goes through the iterative compression process of the round as follows:
wherein,
Intermediate quantity after 64 iterations of the messageThe calculation is as follows:
The SM3 algorithm continuously repeats the iterative compression process of the 512bit block until the last message block Processing completion output/>The final encrypted hash value (MAC) of the entire plaintext is:
As shown in fig. 6, B represents an enhanced message, MAC represents a MAC value calculated by the key and the enhanced message, K represents a key, and OTAR represents an over-the-air key update bit.
In this disclosure, the authentication period is taken as an example of 6 seconds, each 6s is a group of SBAS messages, each time slice is 1s, each group of SBAS messages includes 6 data blocks, the 6 data blocks include 5 enhanced message data blocks and 1 authentication message data block, and each 5 enhanced message data blocks generate 1 MAC value. The principle of asymmetric authentication is ensured, and the secret key is broadcast by one authentication period (6S). Each MAC value contains two parts: the current authentication period authenticates the MAC value, the key of the last authentication period and the enhanced message, and the generation process is as follows: the current key is used to calculate the MAC values of the current authentication period and the last authentication period respectively, more, two groups of MAC values can be combined as new MAC values.
As shown in fig. 7, P represents a set of authentication messages, each authentication period is 6s, and the key is issued with a delay of one authentication period. Each group of messages is broadcast after an authentication period is temporarily stored at an information sending end, the authentication message block of each group of messages contains the MAC values of the current authentication period and the last authentication period and is generated by the current secret key, when a user receiver receives one group of messages, the current secret key stored in the SBAS can be used for verifying the source accuracy of the two groups of messages in the current period and the last period, so that the last group of messages can pass verification immediately without buffering, and the buffering pressure of the receiver is reduced.
It should be noted that, each functional module in each embodiment of the present disclosure may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The integrated modules may be implemented in hardware or in software functional modules.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such an understanding, the technical solution of the invention may be embodied essentially or partly in the form of a software product or in part in addition to the prior art.
It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present invention is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all required for the present invention.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The foregoing describes a method and system for authenticating a message, a transmitting end, and a receiving end provided by the present invention, and those skilled in the art should not understand the present invention to limit the scope of the present invention in view of the foregoing description of the embodiment of the present invention.
Claims (7)
1. The message authentication method is applied to a transmitting end, and is characterized in that the transmitting end stores a key and an enhanced message in a previous authentication period, the key is delayed for one authentication period to be broadcast, each group of SBAS messages are broadcast after being temporarily stored in the transmitting end for one authentication period, and an authentication message block of each group of SBAS messages comprises an authentication MAC value of a current authentication period and a previous authentication period generated by a current key, and the message authentication method comprises the following steps:
In each authentication period, sending an SBAS message to a receiving end, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a previous authentication period and an enhanced message, so that the receiving end calculates an MAC value to be authenticated of the previous authentication period according to the key of the previous authentication period and the enhanced message, acquires the authentication MAC value of the previous authentication period, judges whether the MAC value to be authenticated of the previous authentication period is consistent with the authentication MAC value of the previous authentication period, and if so, the authentication is successful; before the sending end sends the SBAS message to the receiving end, the sending end comprises:
in the current authentication period, receiving and processing differential positioning data and integrity information broadcasted by a navigation satellite;
calculating the differential positioning data and the integrity information to generate an enhanced message of the current authentication period;
Acquiring a current secret key;
Performing SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period;
Taking the current secret key as the secret key of the previous authentication period, and acquiring the secret key and the enhanced message of the previous authentication period;
Generating an SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message;
after the SBAS message is sent to the receiving end, the method comprises the following steps:
And storing the enhanced message and the secret key of the current authentication period, so that when the current authentication period is the last authentication period, the SBAS message of the current authentication period is generated according to the enhanced message and the secret key of the current authentication period, and after the receiving end receives one group of SBAS messages, the source accuracy of the two groups of SBAS messages of the current period and the last period is verified by utilizing the current secret key stored in the SBAS message.
2. A message authentication method applied to a receiving end, wherein the receiving end stores an authentication MAC value of a previous authentication period, the method comprising:
Receiving an SBAS message, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a last authentication period and an enhanced message; the key is broadcast by a sending end in a delay of one authentication period, each group of SBAS messages are broadcast after being temporarily stored in the sending end in one authentication period, and an authentication message block of each group of SBAS messages comprises an authentication MAC value of a current authentication period and a last authentication period generated by a current key; after receiving the SBAS message, the receiving end verifies the source accuracy of the current and last two groups of SBAS messages by using the current key stored in the SBAS message, so that the last group of SBAS messages can pass verification immediately without buffering;
Calculating the MAC value to be authenticated in the previous authentication period according to the key and the enhanced message in the previous authentication period;
acquiring an authentication MAC value of the last authentication period;
Judging whether the MAC value to be authenticated in the last authentication period is consistent with the authentication MAC value in the last authentication period, if so, successful authentication is achieved;
Before the receiving end receives the SBAS message, the method comprises the following steps:
The sending end generates an SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message; the method specifically comprises the following steps:
in the current authentication period, receiving and processing differential positioning data and integrity information broadcasted by a navigation satellite;
calculating the differential positioning data and the integrity information to generate an enhanced message of the current authentication period;
Acquiring a current secret key;
Performing SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period;
Taking the current secret key as the secret key of the previous authentication period, and acquiring the secret key and the enhanced message of the previous authentication period;
Generating an SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message;
After receiving the SBAS message, the method comprises the following steps:
And storing the authentication MAC value of the current authentication period to judge whether the MAC value to be authenticated of the current authentication period is consistent with the authentication MAC value of the current authentication period or not when the current authentication period is the last authentication period.
3. The message authentication method according to claim 2, wherein calculating the MAC value to be authenticated for the previous authentication period based on the key and the enhanced message for the previous authentication period comprises:
And calculating the MAC value to be authenticated in the last authentication period according to the key and the enhanced message of the last authentication period included in the SBAS message by using an SM3 hash algorithm.
4. The message authentication method according to claim 2, wherein after calculating the MAC value to be authenticated in the previous authentication period according to the key and the enhanced message in the previous authentication period, the method comprises:
and the key of the last authentication period is revoked.
5. A transmitting terminal, comprising:
The first storage module is used for storing a key and an enhanced message of a previous authentication period, the key is delayed for one authentication period to be broadcast, each group of SBAS messages are broadcast after one authentication period is temporarily stored at the sending end, and an authentication message block of each group of SBAS messages comprises an authentication MAC value of a current authentication period and a previous authentication period generated by a current key;
The first sending module is used for sending an SBAS message to a receiving end in each authentication period, wherein the SBAS message comprises an authentication MAC value of a current authentication period, a key of a previous authentication period and an enhanced message, so that the receiving end calculates an MAC value to be authenticated of the previous authentication period according to the key of the previous authentication period and the enhanced message, acquires the authentication MAC value of the previous authentication period, and judges whether the MAC value to be authenticated of the previous authentication period is consistent with the authentication MAC value of the previous authentication period or not, if so, the authentication is successful;
before the sending end sends the SBAS message to the receiving end, the sending end comprises:
In the current authentication period, receiving and processing differential positioning data and integrity information broadcasted by a navigation satellite; calculating the differential positioning data and the integrity information to generate an enhanced message of the current authentication period; acquiring a current secret key; performing SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period; taking the current secret key as the secret key of the previous authentication period, and acquiring the secret key and the enhanced message of the previous authentication period; generating an SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message;
after the SBAS message is sent to the receiving end, the method comprises the following steps:
And storing the enhanced message and the secret key of the current authentication period, so that when the current authentication period is the last authentication period, the SBAS message of the current authentication period is generated according to the enhanced message and the secret key of the current authentication period, and after the receiving end receives one group of SBAS messages, the source accuracy of the two groups of SBAS messages of the current period and the last period is verified by utilizing the current secret key stored in the SBAS message.
6. A receiving terminal, comprising:
the second storage module is used for storing the authentication MAC value of the last authentication period;
the second receiving module is used for receiving an SBAS message, wherein the SBAS message comprises an authentication MAC value of the current authentication period, a key of the last authentication period and an enhanced message; the key is broadcast by a sending end in a delay of one authentication period, each group of SBAS messages are broadcast after being temporarily stored in the sending end in one authentication period, and an authentication message block of each group of SBAS messages comprises an authentication MAC value of a current authentication period and a last authentication period generated by a current key; after receiving the SBAS message, the receiving end verifies the source accuracy of the current and last two groups of SBAS messages by using the current key stored in the SBAS message, so that the last group of SBAS messages can pass verification immediately without buffering;
The third calculation module is used for calculating the MAC value to be authenticated in the last authentication period according to the key and the enhanced message in the last authentication period;
a third obtaining module, configured to obtain an authentication MAC value of the previous authentication period;
the judging module is used for judging whether the MAC value to be authenticated in the last authentication period is consistent with the MAC value to be authenticated in the last authentication period, and if so, the authentication is successful;
Before the receiving end receives the SBAS message, the method comprises the following steps:
The sending end generates an SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message; the method specifically comprises the following steps:
in the current authentication period, receiving and processing differential positioning data and integrity information broadcasted by a navigation satellite;
calculating the differential positioning data and the integrity information to generate an enhanced message of the current authentication period;
Acquiring a current secret key;
Performing SM3 hash algorithm calculation on the enhanced message of the current authentication period and the current secret key to obtain an authentication MAC value of the current authentication period;
Taking the current secret key as the secret key of the previous authentication period, and acquiring the secret key and the enhanced message of the previous authentication period;
Generating an SBAS message of the current authentication period according to the authentication MAC value of the current authentication period, the key of the last authentication period and the enhanced message;
After receiving the SBAS message, the method comprises the following steps:
And storing the authentication MAC value of the current authentication period to judge whether the MAC value to be authenticated of the current authentication period is consistent with the authentication MAC value of the current authentication period or not when the current authentication period is the last authentication period.
7. A message authentication system, comprising the transmitting end according to claim 5, a GEO satellite, and the receiving end according to claim 6;
the sending end is used for sending an SBAS message to the GEO satellite;
the GEO satellite forwards the SBAS message to the receiving end;
the receiving end is used for receiving the SBAS message sent by the GEO satellite.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011175694.4A CN112291783B (en) | 2020-10-28 | 2020-10-28 | Text authentication method and system, transmitting end and receiving end |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011175694.4A CN112291783B (en) | 2020-10-28 | 2020-10-28 | Text authentication method and system, transmitting end and receiving end |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112291783A CN112291783A (en) | 2021-01-29 |
| CN112291783B true CN112291783B (en) | 2024-05-31 |
Family
ID=74373790
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011175694.4A Active CN112291783B (en) | 2020-10-28 | 2020-10-28 | Text authentication method and system, transmitting end and receiving end |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112291783B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2397868A1 (en) * | 2010-06-15 | 2011-12-21 | The European Union, represented by the European Commission | Method of providing an authenticable time-and-location indication |
| KR101181558B1 (en) * | 2011-12-29 | 2012-09-10 | 경일대학교산학협력단 | Anonymous Authentication Method For Mobile Satellite Communication Systems |
| KR101256114B1 (en) * | 2011-11-07 | 2013-04-23 | 고려대학교 산학협력단 | Message authentication code test method and system of many mac testserver |
| EP2930535A1 (en) * | 2014-04-08 | 2015-10-14 | The European Union, represented by the European Commission | Method and system to optimise the authentication of radionavigation signals |
| CN108008420A (en) * | 2017-11-30 | 2018-05-08 | 北京卫星信息工程研究所 | Beidou navigation text authentication method based on Big Dipper short message |
| CN108566240A (en) * | 2018-03-28 | 2018-09-21 | 西安电子科技大学 | Networking Verification System and method between a kind of star suitable for double layer minipellet |
| CN109639431A (en) * | 2018-11-19 | 2019-04-16 | 中国科学院光电研究院 | A kind of text authentication method, equipment, system and medium |
| CN109995531A (en) * | 2018-12-18 | 2019-07-09 | 中国民航大学 | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information |
| CN110167023A (en) * | 2019-05-23 | 2019-08-23 | 中国人民解放军陆军工程大学 | Navigation signal encryption authentication method |
| CN110488324A (en) * | 2019-09-03 | 2019-11-22 | 中国民航大学 | The anti-deception measures of Beidou II civil signal based on authentification of message |
| CN111431586A (en) * | 2020-04-17 | 2020-07-17 | 中国电子科技集团公司第三十八研究所 | Satellite network safety communication method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399661A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Legal neighbor authentication method and device in group key management |
-
2020
- 2020-10-28 CN CN202011175694.4A patent/CN112291783B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2397868A1 (en) * | 2010-06-15 | 2011-12-21 | The European Union, represented by the European Commission | Method of providing an authenticable time-and-location indication |
| KR101256114B1 (en) * | 2011-11-07 | 2013-04-23 | 고려대학교 산학협력단 | Message authentication code test method and system of many mac testserver |
| KR101181558B1 (en) * | 2011-12-29 | 2012-09-10 | 경일대학교산학협력단 | Anonymous Authentication Method For Mobile Satellite Communication Systems |
| EP2930535A1 (en) * | 2014-04-08 | 2015-10-14 | The European Union, represented by the European Commission | Method and system to optimise the authentication of radionavigation signals |
| CN106170716A (en) * | 2014-04-08 | 2016-11-30 | 欧洲联盟·由欧洲委员会代表 | The method and system that the certification of radio navigation signal is optimized |
| CN108008420A (en) * | 2017-11-30 | 2018-05-08 | 北京卫星信息工程研究所 | Beidou navigation text authentication method based on Big Dipper short message |
| CN108566240A (en) * | 2018-03-28 | 2018-09-21 | 西安电子科技大学 | Networking Verification System and method between a kind of star suitable for double layer minipellet |
| CN109639431A (en) * | 2018-11-19 | 2019-04-16 | 中国科学院光电研究院 | A kind of text authentication method, equipment, system and medium |
| CN109995531A (en) * | 2018-12-18 | 2019-07-09 | 中国民航大学 | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information |
| CN110167023A (en) * | 2019-05-23 | 2019-08-23 | 中国人民解放军陆军工程大学 | Navigation signal encryption authentication method |
| CN110488324A (en) * | 2019-09-03 | 2019-11-22 | 中国民航大学 | The anti-deception measures of Beidou II civil signal based on authentification of message |
| CN111431586A (en) * | 2020-04-17 | 2020-07-17 | 中国电子科技集团公司第三十八研究所 | Satellite network safety communication method |
Non-Patent Citations (9)
| Title |
|---|
| 《卫星导航信号电文防伪设计》;袁木子;《中国优秀硕士学位论文全文数据库 信息科技辑》;全文 * |
| 《星基增强系统导航电文及完好性信息研究》;梁曦,陶晓霞,周昀,范瑞俊,马文龙;《空间电子技术》;第13卷(第5期);全文 * |
| Design and analysis of a public key infrastructure for SBAS data authentication;Andrew Neish, Todd Walter, J.David Powell;《NAVIGATION-JOURNAL OF THE INSTITUTE OF NAVIGATION》;20200124;第66卷(第4期);831-844 * |
| ECDSA-Based Message Authentication Scheme for BeiDou-II Navigation Satellite System;Zhijun Wu; Rusen Liu; Haijuan Cao;IEEE;第55卷(第4期);全文 * |
| GNSS民用导航电文加密认证技术研究;唐超;孙希延;纪元法;张衡;;计算机仿真;20150915(09);全文 * |
| Ignacio Fernández-Hernández * |
| Sherman C. Lo ; Per K. Enge.Authenticating aviation augmentation system broadcasts.IEEE.2010,全文. * |
| Tomer Ashur ; Vincent Rijmen.Analysis and Recommendations for MAC and Key Lengths in Delayed Disclosure GNSS Authentication Protocols.《IEEE》.2021,827 - 1839. * |
| 一种具有强匿名性的无线传感器网络访问控制方案;陈婷;卢建朱;江俊晖;;计算机工程;20150115(01);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112291783A (en) | 2021-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lo et al. | Authenticating aviation augmentation system broadcasts | |
| US8391488B2 (en) | Method and apparatus for using navigation signal information for geoencryption to enhance security | |
| CN106170716B (en) | Method and system for optimizing authentication of radio navigation signals | |
| US8209536B2 (en) | Message authentication system, message transmission apparatus and message reception apparatus | |
| CN108400872B (en) | Block chain information transmission method and system based on satellite-ground cooperation | |
| Wu et al. | BD-II NMA&SSI: An scheme of anti-spoofing and open BeiDou II D2 navigation message authentication | |
| EP1714420B1 (en) | One way authentication | |
| US20110208971A1 (en) | Method of Using ECDSA with Winternitz One Time Signature | |
| CN108008420A (en) | Beidou navigation text authentication method based on Big Dipper short message | |
| CN109714370B (en) | HTTP (hyper text transport protocol) -based cloud security communication implementation method | |
| Wullems et al. | Signal authentication and integrity schemes for next generation global navigation satellite systems | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| Hernández et al. | Toward an operational navigation message authentication service: Proposal and justification of additional OSNMA protocol features | |
| CN109617693A (en) | The anti-deception measures of Beidou II system based on elliptic curve | |
| WO2004073183A3 (en) | Security methods for use in a wireless communications system | |
| CN109995531A (en) | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information | |
| US7975142B2 (en) | Ring authentication method for concurrency environment | |
| CN112291783B (en) | Text authentication method and system, transmitting end and receiving end | |
| CN112162300A (en) | Satellite-based enhancement system and text authentication method based on same | |
| Ogundoyin | An Efficient, Secure and Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad-hoc Networks. | |
| US20230209352A1 (en) | Authentication methods for a satellite-based navigation system, devices for authenticating messages and authentication system | |
| Wang et al. | On the security of an anonymous batch authenticated and key agreement scheme for value-added services in VANETs | |
| CN112671544B (en) | System and method for managing message authentication key | |
| CN116033414A (en) | VANETs privacy protection method and equipment | |
| JP5664104B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND PROGRAM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |