CN112423295B - Lightweight security authentication method and system based on block chain technology - Google Patents

Lightweight security authentication method and system based on block chain technology Download PDF

Info

Publication number
CN112423295B
CN112423295B CN202011248305.6A CN202011248305A CN112423295B CN 112423295 B CN112423295 B CN 112423295B CN 202011248305 A CN202011248305 A CN 202011248305A CN 112423295 B CN112423295 B CN 112423295B
Authority
CN
China
Prior art keywords
intelligent mobile
mobile terminal
certificate
message
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011248305.6A
Other languages
Chinese (zh)
Other versions
CN112423295A (en
Inventor
李腾
张翔宇
陈波妃
蒋心烛
温子祺
谢凡
魏大卫
马卓
沈玉龙
马建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202011248305.6A priority Critical patent/CN112423295B/en
Publication of CN112423295A publication Critical patent/CN112423295A/en
Application granted granted Critical
Publication of CN112423295B publication Critical patent/CN112423295B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A lightweight security authentication method and system based on block chain technology, the authentication method includes storing certificates of intelligent mobile terminals in classification, so that certificates of the same organization information are stored in the same block chain; constructing an identity authentication message, signing the identity authentication message of the newly-accessed intelligent mobile terminal B by using an ECC algorithm, and sending the signed identity authentication message to the opposite intelligent mobile terminal; the intelligent mobile terminal A receives the message, detects the certificate of the intelligent mobile terminal B, judges whether the certificate is a legal certificate or not, if the certificate is successfully authenticated by a legal rule, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network; and broadcasting the certificate to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time update and safe transmission of the certificate. The invention also provides a system for realizing the method. The invention can realize higher security by safer certificate storage, shorter key length and smaller calculation amount.

Description

Lightweight security authentication method and system based on block chain technology
Technical Field
The invention belongs to the field of mobile internet, and relates to a lightweight security authentication method and system based on a block chain technology.
Background
In recent years, with the rapid development of mobile internet and the rapid growth of mobile applications, android devices have become the most common internet access tools for people. Under the background of the era of mobile internet, intelligent mobile terminals have been incorporated into people's daily lives. People utilize the intelligent mobile terminal to carry out mobile payment, online shopping, online meeting, movie and television shooting and the like. In modern smart cities, android devices interact remotely through base stations, with the devices under each base station communicating over a single wireless transmission channel, such as a cellular network. Due to the openness and the expandability of the Android intelligent mobile terminal, the Android equipment is vulnerable to attackers. A large number of manufacturers choose to develop their mobile devices by customizing the original Android system, which also results in a severe disruption of the Android ecosystem. In order to ensure the safety of the Android device, identity authentication of the Android device is an effective solution. The identity authentication can prevent unauthorized users from entering the system, and ensure that only the intelligent mobile terminal with legal identity can enter the block chain network. The identity authentication is to verify the identity of the intelligent mobile terminal by issuing a certificate and signing the certificate. Theoretically, the method can effectively prevent illegal intelligent mobile terminals from entering the network, and meanwhile, attackers are prevented from stealing authentication information.
Traditional authentication mechanisms can resist partial attacks, but still have many problems: first, a large amount of computing and storage resources are wasted. The traditional user authentication protocol based on the RSA public key system and the Diffie-Hellman key agreement consumes a lot of computing and storage resources, which requires higher hardware equipment requirements for the intelligent mobile terminal. Meanwhile, the operation efficiency of the Android device during the authentication of the intelligent mobile terminal is greatly reduced, and the intelligent mobile terminal cannot perform big data analysis or massive information processing. Second, the security is low. The traditional authentication mechanism can only resist some common attacks, but has no resistance to some more complex attacks or needs to consume huge resources. Third, it is easily tampered with. Due to the openness of the Android device, when the Android device sends a message to other devices, the message is easily tampered, and the Android device cannot verify the correctness of the message. If the information transmitted between the intelligent mobile terminals cannot be encrypted and protected, great potential safety hazards exist, and immeasurable loss is generated. In the current identity authentication mechanism, the problem that a secret key is easy to be tampered in the authentication process between Android devices is not solved, and meanwhile, the authentication security cannot be realized. Using only a resource-intensive authentication scheme is not sufficient to protect smart mobile terminal users from attacks.
Disclosure of Invention
The present invention provides a lightweight security authentication method and system based on a block chain technique, which can achieve higher security with safer certificate storage, shorter key length, and smaller calculation amount, aiming at the problems of higher storage resource consumption and lower security of the identity authentication mechanism in the prior art.
In order to achieve the purpose, the invention has the following technical scheme:
a lightweight security authentication method based on a block chain technology comprises the following steps:
step one, classified storage is carried out on intelligent mobile terminal certificates, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;
secondly, constructing an identity authentication message, signing the identity authentication message of the newly-accessed intelligent mobile terminal B by using an ECC algorithm, and sending the signed identity authentication message to the opposite intelligent mobile terminal A;
step three, the intelligent mobile terminal A receives the signed identity authentication message, detects the certificate of the intelligent mobile terminal B, judges whether the certificate is a legal certificate, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, adds the number of the intelligent mobile terminal B to the list of the intelligent mobile terminals which have accessed the network, and if the certificate is illegal, refuses to join the network;
and step four, broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time update and safe transmission of the certificate.
Preferably, in the authentication process, whether the intelligent mobile terminals of the two parties belong to a unified organization is judged, and if the intelligent mobile terminals of the two parties belong to the unified organization, the inquiry or the exchange of certificates is allowed; then distributing a certificate, and generating an X.509CA root certificate in a PEM format by an OpenSSL library according to a self-issuing function; and the CA issues the certificate request files of the intelligent mobile terminal A and the intelligent mobile terminal B to generate digital certificates.
Preferably, in the second step, the intelligent mobile terminal a first generates a random number r, and sends the random number r and the identity identifier ID A Time stamp T A Combining the identity authentication request messages; then, the public key encryption of the intelligent mobile terminal B and the private key signature of the intelligent mobile terminal A are utilized to generate a message m r
Preferably, the message m r Calculated according to the following formula:
m r ={E privA (E pubB (r||ID A ||T A ))}
where, | | represents a data connector, E privA (E pubB (r||ID A ||T A ) ID) an identity number representing the smart mobile terminal a A Time stamp T A And encrypting the random number r by a public key of the intelligent mobile terminal B and signing by a private key of the intelligent mobile terminal A.
Preferably, in the third step, the public key of the intelligent mobile terminal a is used to decrypt the authentication request message m sent by the intelligent mobile terminal B r The calculation formula is as follows:
D pubA ((r||ID A ||T A ))=(r||ID A ||T A )
where | | represents a data connector.
Preferably, the third step is to compare the timestamp T of the smart mobile terminal a first A Timestamp T with intelligent mobile terminal B B If T is B <T A If the difference value of the two is within a reasonable time delay range, verifying whether the random number r is used by the intelligent mobile terminal A; if the random number r is not used, the intelligent mobile terminal A adds the random number r to a random number list used by the intelligent mobile terminal A through verification, and adds the serial number I of the intelligent mobile terminal AD A And adding the calculation formula into the intelligent mobile terminal list as follows:
Figure BDA0002770794400000031
in the formula, U is an intelligent mobile terminal list, and R is a random number list used by the intelligent mobile terminal a.
Preferably, the third step authenticates the certificate of the smart mobile terminal a according to the following formula:
Ver k (A,S)=1→m r ={E privB (E pubA (r′||ID B ||T B ))}
authenticating the certificate A of the intelligent mobile terminal according to the prestored ECC digital certificate, if the Ver is k (a, S) =1, the verification is successful; the intelligent mobile terminal B sends an authentication request message m of the intelligent mobile terminal B to the intelligent mobile terminal A r ′;
Repeating the authentication process to realize bidirectional authentication between the intelligent mobile terminals;
the following calculation verifies whether the signature of the intelligent mobile terminal A is correct:
Figure BDA0002770794400000041
preferably, the step four of CTR mode encryption based on SM4 algorithm includes the steps of:
the intelligent mobile terminal A firstly cuts the plaintext data P into n plaintext variables P 1 ,P 2 ,...,P n Generating Key X of HMAC 0 =E k (T 0 ) Performing hash calculation on the counting sequence
Figure BDA0002770794400000042
Ciphertext variables are then generated for plaintext data i =1,2.
Figure BDA0002770794400000043
i =1,2,.. Ang.n-1, pairGenerating ciphertext variable for less than 128-bit plaintext block
Figure BDA0002770794400000044
Then, the ciphertext variable is intercepted according to the plaintext data to obtain a final ciphertext variable C n (ii) a Then HMAC is performed on the ciphertext message and the initial counter, resulting in H = HMAC (X) 0 ,C||T 0 ) (ii) a Finally, the cipher text variable, the counter and the message abstract variable are connected C 1 ||C 2 ||...C n ||T 0 And | H forms ciphertext data and sends the ciphertext data to the intelligent mobile terminal B.
Preferably, in the fourth step, the intelligent mobile terminal B first decomposes the received message into a ciphertext message C and an initial counter T 0 Generating a key X of the HMAC simultaneously with a message digest variable H 0 =E k (T 0 ) (ii) a Then generating a ciphertext message and a message abstract of the initial counter; judging whether the message digest is consistent with the received message digest, and if not, directly discarding the plaintext message; if so, decomposing the ciphertext data into ciphertext variables C 1 ,C 2 ,...,C n And encrypting the counting sequence
Figure BDA0002770794400000045
Generating plaintext variables for plaintext data
Figure BDA0002770794400000046
Intercepting plaintext variable to generate P n (ii) a Finally, P is added 1 ,P 2 ,...P n And forming plaintext data to complete the safe communication between the intelligent mobile terminal A and the intelligent mobile terminal B.
The invention also provides a lightweight security authentication system based on the block chain technology, which comprises the following steps:
the intelligent mobile terminal certificate classified storage module is used for storing the intelligent mobile terminal certificates in a classified manner, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;
the identity authentication message construction module is used for signing the identity authentication message of the newly-accessed intelligent mobile terminal B by utilizing an ECC algorithm and sending the signature to the opposite intelligent mobile terminal A;
the authentication module is used for detecting the certificate of the intelligent mobile terminal B after the intelligent mobile terminal A receives the signature, judging whether the certificate is a legal certificate or not, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, the number of the intelligent mobile terminal B is added to the list of the accessed intelligent mobile terminals, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network;
and the certificate updating and transmitting module is used for broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by utilizing the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.
Compared with the prior art, the invention at least has the following beneficial effects:
1) Has the characteristics of light weight and safety. The invention does not need to consume a large amount of computing resources, converts the long secret key and the RSA digital certificate with low safety of the traditional method into the ECC digital certificate on the whole thinking, has less computing resource consumption by using an identity authentication mechanism based on the ECC algorithm, and has the speed of generating the secret key about 10 times of that of the RSA algorithm. And the same security can be realized under the condition of shorter key length, and the authentication speed is greatly improved.
2) Has the characteristic of being not tampered. The invention stores the certificate in the block chain, classifies and stores the certificate according to different organization information, and effectively improves the access efficiency of the certificate by storing and inquiring the certificate through the block chain. In addition, the block chain has the characteristic of being not tampered, so that the certificate is prevented from being tampered in the authentication process.
3) A highly robust message broadcast. The invention can encrypt the broadcast message of the certificate which is successfully authenticated, can encrypt and decrypt in parallel by the communication encryption method based on the SM4-CTR mode, can improve the efficiency of encryption and decryption, and realizes the safe communication method which supports high real-time performance and tolerates disorder of ciphertext.
Drawings
FIG. 1 is an overall flow diagram of the security authentication method of the present invention;
FIG. 2 is a schematic diagram of the smart mobile terminal certificate store of the present invention;
FIG. 3 is a flowchart illustrating the identity authentication of an intelligent mobile terminal according to the present invention;
FIG. 4 is a time consuming diagram of the present invention for verifying a signature.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
The lightweight security authentication method based on the block chain technology mainly comprises three stages: pre-stored certificate information, identity authentication and broadcasting certificate encryption based on the CTR mode.
Firstly, storing certificates of two authentication parties to a block chain to realize high security of the certificates in the authentication process, then realizing lightweight security characteristics by using an authentication mechanism based on an ECC algorithm, completing the lightweight security authentication process by encrypting the cochain intelligent mobile terminal broadcasting the certificates to other nodes after the authentication is successful, and simultaneously giving a specific attack model.
In the embodiment of the invention, the ECC authentication scheme code developed by an OpenSSL development software package is adopted for realizing, and a certificate can be distributed to the intelligent mobile terminal.
Referring to fig. 1, the lightweight security authentication method based on the block chain technology of the present invention includes the following steps:
step one, storing a certificate;
(1a) Private keys of the authentication center CA and the intelligent mobile terminal A, B are generated by using an ECC key generation algorithm, and meanwhile, a CA root certificate is generated by using the function of self-issuing a certificate of an OpenSSL software library. A certificate request file is generated through a private key of the intelligent mobile terminal A, B, and then the request file of the intelligent mobile terminal A, B is issued by CA to generate an ECC digital certificate of the intelligent mobile terminal A, B.
(1b) And in the subsequent authentication process, only two parties with the same organization attribute can execute inquiry and exchange operations to find the storage block of the other party and acquire the certificate information.
Referring to fig. 2, an intelligent mobile terminal has a corresponding organization information, and the intelligent mobile terminals with different organization information are classified and stored in different block chains.
Step two, identity authentication;
(2a) Constructing an identity authentication request message according to the result of (1 b) the intelligent mobile terminal storing the certificate information, wherein the identity authentication request message comprises a random number r and an identity identifier ID A Time stamp T A And encrypting the identity authentication request message by using an ECC algorithm and sending the encrypted identity authentication request message to the intelligent mobile terminal B. After the intelligent mobile terminal B decrypts the message, whether the timestamp of the intelligent mobile terminal A is in the time delay range is judged, if the timestamp of the intelligent mobile terminal A meets the requirement, whether the random number is used or not is judged, and if not, the authentication fails. And if the random number is not used, judging the validity of the certificate of the intelligent mobile terminal A by using an ECDSA signature algorithm. And if the certificate is legal, performing identity authentication of the intelligent mobile terminal A, otherwise, failing to perform authentication.
Referring to fig. 3, the steps of performing identity authentication on the intelligent mobile terminal in the present invention are as follows:
(2a1) Encrypting the identity authentication request message:
m r ={E privA (E pubB (r||ID A ||T A ))} <1>
(2a2) Decrypting the identity authentication request message by using the public key of the intelligent mobile terminal A:
D pubA ((r||ID A ||T A ))=(r||ID A ||T A ) <2>
(2a3) Adding the intelligent mobile terminal number and the random number to a used list when the time stamp is in an experimental range and the random number is not used:
Figure BDA0002770794400000071
(2a4) Judging whether the certificate is legal:
Figure BDA0002770794400000072
(2b) And authenticating the certificate of the intelligent mobile terminal A according to the prestored ECC digital certificate. If Ver k (a, S) =1, the verification is successful. The intelligent mobile terminal B sends an authentication request message m of the intelligent mobile terminal B to the intelligent mobile terminal A r ' repeating the authentication process to realize the bidirectional authentication between the intelligent mobile terminals.
Step three, encrypting a broadcast certificate based on the CTR mode;
(3a) And (3) obtaining plaintext data of the intelligent mobile terminal A in the step (2 b), carrying out hash calculation on the counter sequence by utilizing a hash algorithm, and carrying out XOR on the counter sequence and the plaintext sequence to generate a ciphertext. And then intercepting the ciphertext variable according to the plaintext data to obtain a final ciphertext variable. And finally, carrying out HMAC on the ciphertext message and the initial counter to obtain a message digest variable H.
(3a1) Cutting plaintext data P into n plaintext variables P 1 ,P 2 ,P 3 ,...,P n
(3a2) Performing hash calculation on the counting sequence:
Figure BDA0002770794400000081
(3a3) Generating a ciphertext variable:
Figure BDA0002770794400000082
(3a4) Generating a message digest variable:
H=HMAC(X 0 ,C||T 0 ) <7>
and connecting the ciphertext data, the counter and the message abstract variable to form ciphertext data and sending the ciphertext data to the intelligent mobile terminal B.
(3b) And receiving the ciphertext data, decomposing the message, and generating the ciphertext message and the message digest of the initial counter. And judging whether the message digest is consistent with the received message digest. If so, the count sequence is encrypted. Otherwise, the ciphertext data is discarded. And generating a plaintext variable for the ciphertext data, and intercepting the plaintext variable.
(3b1) And (3) generating a message abstract:
H′=HMAC(X 0 ,C||T 0 ) <8>
(3b2) Encryption of the count sequence:
Figure BDA0002770794400000083
(3b3) Generating a plaintext variable:
Figure BDA0002770794400000084
finally, intercepting the plaintext variable P 1 ,P 2 ,P 3 ,...,P n And forming plaintext data to finish encryption of the broadcast certificates of the other intelligent mobile terminals of the intelligent mobile terminal A.
The invention also provides a lightweight security authentication system based on the block chain technology, which comprises the following steps:
the intelligent mobile terminal certificate classified storage module is used for storing the intelligent mobile terminal certificates in a classified manner, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;
the identity authentication message construction module is used for signing the identity authentication message of the newly-accessed intelligent mobile terminal B by utilizing an ECC algorithm and sending the signature to the opposite intelligent mobile terminal A;
the authentication module is used for detecting the certificate of the intelligent mobile terminal B after the intelligent mobile terminal A receives the signature, judging whether the certificate is a legal certificate or not, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, the number of the intelligent mobile terminal B is added to the list of the accessed intelligent mobile terminals, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network;
and the certificate updating and transmitting module is used for broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.
Referring to fig. 4, the length of the ECC key selected by the present invention is 256bits, and the length of the RSA key is 2048bits, and compared with the conventional RSA-based authentication method, the authentication method of the present invention can achieve faster authentication with a shorter key length, and when the number of experiments is larger, the average time consumed by the ECC authentication method is shorter.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the technical solution of the present invention, and it should be understood by those skilled in the art that the technical solution can be modified and replaced by a plurality of simple modifications and replacements without departing from the spirit and principle of the present invention, and the modifications and replacements also fall within the protection scope covered by the claims.

Claims (5)

1. A lightweight security authentication method based on a block chain technology is characterized by comprising the following steps:
step one, classified storage is carried out on intelligent mobile terminal certificates, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;
secondly, constructing an identity authentication message, signing the identity authentication message of the newly-accessed intelligent mobile terminal B by using an ECC algorithm, and sending the signed identity authentication message to the opposite intelligent mobile terminal A; the intelligent mobile terminal A firstly generates a random number r, and sends the random number r and an identity identifier ID A Time stamp T A Combining the identity authentication request messages; then, the message m is generated by using the public key encryption of the intelligent mobile terminal B and the private key signature of the intelligent mobile terminal A r
Step three, the intelligent mobile terminal A receives the signed identity authentication message, detects the certificate of the intelligent mobile terminal B, judges whether the certificate is a legal certificate, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, adds the number of the intelligent mobile terminal B to the list of the intelligent mobile terminals which have accessed the network, and if the certificate is illegal, refuses to join the network;
firstly, the methodComparing timestamps T of Intelligent Mobile terminal A A Timestamp T with intelligent mobile terminal B B If T is B <T A If the difference value of the two is within a reasonable time delay range, verifying whether the random number r is used by the intelligent mobile terminal A; if the random number r is not used, the intelligent mobile terminal A adds the random number r to a random number list used by the intelligent mobile terminal A through verification, and adds the serial number ID of the intelligent mobile terminal A A Adding the calculation formula into the intelligent mobile terminal list as follows:
Figure FDA0003894185870000011
in the formula, U is an intelligent mobile terminal list, and R is a random number list used by the intelligent mobile terminal A;
and step three, authenticating the certificate of the intelligent mobile terminal A according to the following formula:
Ver k (A,S)=1→m r ={E privB (E pubA (r′||ID B ||T B ))}
authenticating the certificate A of the intelligent mobile terminal according to the prestored ECC digital certificate if the Ver k (a, S) =1, the verification is successful; the intelligent mobile terminal B sends an authentication request message m of the intelligent mobile terminal B to the intelligent mobile terminal A r ′;
Repeating the authentication process to realize bidirectional authentication between the intelligent mobile terminals;
the following calculation verifies whether the signature of the intelligent mobile terminal A is correct:
Figure FDA0003894185870000021
step four, broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time update and safe transmission of the certificate;
the step four of CTR mode encryption based on SM4 algorithm comprises the following steps:
the intelligent mobile terminal A firstly cuts the plaintext data P into n plaintext variables P 1 ,P 2 ,...,P n Generating Key X of HMAC 0 =E k (T 0 ) Performing hash calculation on the counting sequence
Figure FDA0003894185870000022
Ciphertext variables are then generated for plaintext data i =1,2, n-1:
Figure FDA0003894185870000023
generating ciphertext variables for less than 128-bit plaintext blocks
Figure FDA0003894185870000024
Then, the ciphertext variable is intercepted according to the plaintext data to obtain a final ciphertext variable C n (ii) a Then HMAC is performed on the ciphertext message and the initial counter, resulting in H = HMAC (X) 0 ,C||T 0 ) (ii) a Finally, the cipher text variable, the counter and the message abstract variable are connected C 1 ||C 2 ||...C n ||T 0 I H forms ciphertext data and sends the ciphertext data to the intelligent mobile terminal B;
in the fourth step, the intelligent mobile terminal B firstly decomposes the received message into a ciphertext message C and an initial counter T 0 Generating a key X of the HMAC simultaneously with a message digest variable H 0 =E k (T 0 ) (ii) a Then generating a ciphertext message and a message digest of the initial counter; judging whether the message digest is consistent with the received message digest, and if not, directly discarding the plaintext message; if so, decomposing the ciphertext data into ciphertext variables C 1 ,C 2 ,...,C n And encrypting the counting sequence
Figure FDA0003894185870000025
Generating plaintext variables for plaintext data
Figure FDA0003894185870000026
Intercepting plaintext variable to generate P n (ii) a Finally, P is added 1 ,P 2 ,...P n And forming plaintext data to complete the safe communication between the intelligent mobile terminal A and the intelligent mobile terminal B.
2. The lightweight security authentication method based on the block chain technology as claimed in claim 1, wherein: judging whether the intelligent mobile terminals of the two parties belong to a unified organization or not in the authentication process, and if so, allowing the inquiry or exchange of certificates; then distributing the certificate, and generating an X.509CA root certificate in a PEM format by the OpenSSL according to the self-issuing function; and the CA issues the certificate request files of the intelligent mobile terminal A and the intelligent mobile terminal B to generate digital certificates.
3. The lightweight security authentication method based on blockchain technology as claimed in claim 1, wherein the message m is r Calculated according to the following formula:
m r ={E privA (E pubB (r||ID A ||T A ))}
where, | | represents a data connector, E privA (E pubB (r||ID A ||T A ) ID) an identity number representing the smart mobile terminal a A Time stamp T A And encrypting the random number r by a public key of the intelligent mobile terminal B and signing by a private key of the intelligent mobile terminal A.
4. The lightweight security authentication method based on the blockchain technology as claimed in claim 1, wherein the third step decrypts the authentication request message m sent by the smart mobile terminal B by using the public key of the smart mobile terminal a r The calculation formula is as follows:
D pubA ((r||ID A ||T A ))=(r||ID A ||T A )
where | represents a data connector.
5. A lightweight security authentication system based on a blockchain technology is used for realizing the lightweight security authentication method based on the blockchain technology, which requires any one of 1-4, and comprises the following steps:
the intelligent mobile terminal certificate classified storage module is used for storing the intelligent mobile terminal certificates in a classified manner, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;
the identity authentication message construction module is used for signing the identity authentication message of the newly-accessed intelligent mobile terminal B by utilizing an ECC algorithm and sending the signature to the opposite intelligent mobile terminal A;
the authentication module is used for detecting the certificate of the intelligent mobile terminal B after the intelligent mobile terminal A receives the signature, judging whether the certificate is a legal certificate or not, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, the number of the intelligent mobile terminal B is added to the list of the accessed intelligent mobile terminals, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network;
and the certificate updating and transmitting module is used for broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by utilizing the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.
CN202011248305.6A 2020-11-10 2020-11-10 Lightweight security authentication method and system based on block chain technology Active CN112423295B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011248305.6A CN112423295B (en) 2020-11-10 2020-11-10 Lightweight security authentication method and system based on block chain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011248305.6A CN112423295B (en) 2020-11-10 2020-11-10 Lightweight security authentication method and system based on block chain technology

Publications (2)

Publication Number Publication Date
CN112423295A CN112423295A (en) 2021-02-26
CN112423295B true CN112423295B (en) 2022-11-22

Family

ID=74781368

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011248305.6A Active CN112423295B (en) 2020-11-10 2020-11-10 Lightweight security authentication method and system based on block chain technology

Country Status (1)

Country Link
CN (1) CN112423295B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595744B (en) * 2021-09-29 2021-12-31 北京卓建智菡科技有限公司 Network access method, device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110598422A (en) * 2019-08-01 2019-12-20 浙江葫芦娃网络集团有限公司 Trusted identity authentication system and method based on mobile digital certificate

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200111080A1 (en) * 2018-10-08 2020-04-09 BitGo Holdings, Inc. Security Secret Interface and Token Wrap Structure Apparatuses, Methods and Systems
CN111222989B (en) * 2019-12-31 2023-07-07 远光软件股份有限公司 Transaction method of multi-channel blockchain, electronic equipment and storage medium
CN111222174A (en) * 2019-12-31 2020-06-02 远光软件股份有限公司 Joining method, verification method, device and storage medium of block chain node
CN111262872B (en) * 2020-01-20 2022-01-11 新晨科技股份有限公司 Enterprise block chain service platform

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110598422A (en) * 2019-08-01 2019-12-20 浙江葫芦娃网络集团有限公司 Trusted identity authentication system and method based on mobile digital certificate

Also Published As

Publication number Publication date
CN112423295A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN112491846B (en) Cross-chain block chain communication method and device
CN108810895B (en) Wireless Mesh network identity authentication method based on block chain
EP2416524B1 (en) System and method for secure transaction of data between wireless communication device and server
CN105049401B (en) A kind of safety communicating method based on intelligent vehicle
CN112565230B (en) Software-defined Internet of things network topology data transmission safety management method and system
CN109559122A (en) Block chain data transmission method and block chain data transmission system
CN113301022B (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
CN112311537B (en) Block chain-based equipment access authentication system and method
CN111614621B (en) Internet of things communication method and system
CN113630248B (en) Session key negotiation method
CN113612610B (en) Session key negotiation method
CN114826656A (en) Trusted data link transmission method and system
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
CN111049738B (en) E-mail data security protection method based on hybrid encryption
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN117828673B (en) Block chain-based data circulation and privacy protection method and device
CN111490874A (en) Distribution network safety protection method, system, device and storage medium
CN112423295B (en) Lightweight security authentication method and system based on block chain technology
Chen et al. Provable secure group key establishment scheme for fog computing
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
CN113938275B (en) Quantum homomorphic signature method based on d-dimension Bell state
CN112054905B (en) Secure communication method and system of mobile terminal
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
CN114866244A (en) Controllable anonymous authentication method, system and device based on ciphertext block chaining encryption
CN114070570A (en) Safe communication method of power Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant