CN112437055A - Electric power internet of things network terminal NTRU safe access method based on edge calculation - Google Patents

Electric power internet of things network terminal NTRU safe access method based on edge calculation Download PDF

Info

Publication number
CN112437055A
CN112437055A CN202011250137.4A CN202011250137A CN112437055A CN 112437055 A CN112437055 A CN 112437055A CN 202011250137 A CN202011250137 A CN 202011250137A CN 112437055 A CN112437055 A CN 112437055A
Authority
CN
China
Prior art keywords
mme
server
information
terminal equipment
electric power
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011250137.4A
Other languages
Chinese (zh)
Other versions
CN112437055B (en
Inventor
李兴华
李晓龙
王峰
闫振华
段文奇
朱东歌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd
Original Assignee
Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd filed Critical Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd
Priority to CN202011250137.4A priority Critical patent/CN112437055B/en
Publication of CN112437055A publication Critical patent/CN112437055A/en
Application granted granted Critical
Publication of CN112437055B publication Critical patent/CN112437055B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention relates to the field of communication, in particular to an NTRU (network terminal for remote control) safety access method based on edge calculation. Terminal equipment of power internet of things
Figure DEST_PATH_IMAGE001
And sending authentication information to the edge computing MME server when communication needs to be initiated. Electric power internet of things terminal equipment is judged through calculation comparison after information is received by edge calculation MME server
Figure 566235DEST_PATH_IMAGE001
And if the access is legal, returning authentication information. After receiving authentication information of edge computing MME server, electric power internet of things terminal equipment
Figure 849449DEST_PATH_IMAGE001
Comparing the local information with the local information, and if the comparison is successful, establishing the electric power internet of things terminal equipment
Figure 16119DEST_PATH_IMAGE001
And an encrypted secure channel with the edge computing MME server.

Description

Electric power internet of things network terminal NTRU safe access method based on edge calculation
Technical Field
The invention relates to the field of communication, in particular to an NTRU (network terminal unit) safe access method based on edge calculation.
Background
The essence of the power internet of things is the connection and interaction of information, and the power internet of things has the characteristics of data diversification, large data volume, complex data structure and the like. Due to the coexistence of multiple protocols in the power internet of things at present, the safety of the core system network layer of the power internet of things faces huge challenges due to the diversity of data sources and data types. And the elliptic Curve cipher ECC (elliptic Curve cryptography) algorithm commonly used for the authentication of the Internet of things has low dot product operation efficiency and poor quantum attack resistance and is easy to crack by the Shor algorithm. Therefore, the power internet of things needs to support the secure access of a large number of terminal devices under the condition that multiple technical standards coexist, and an access server is required to have strong data processing capacity.
Disclosure of Invention
In order to solve the defects in the prior art, the invention provides an NTRU (network transfer unit) secure access method of an electric power internet of things network terminal based on edge calculation, which improves the security of network access and reduces the calculation amount of a server.
In order to achieve the above purpose, the invention adopts the following technical scheme: an NTRU safe access method of an electric power internet of things terminal based on edge calculation comprises the following steps:
the method comprises the following steps: and (5) initializing. The main architecture of the system is as follows: electric power thing networking terminal equipment DiAn edge computing (MME) server is connected, and the edge computing (MME) server is connected with a system (HSS) (Home Subscriber Server). Initialization in protocolIn the formation stage, the system HSS server selects three integers (N, p, q) meeting an NTRU (number Theory Research number) algorithm, wherein N is a positive prime number, and p and q are mutually prime numbers; four sets of polynomials of degree N-1 (L) are selectedf,Lg,Lr,Lm) Wherein f, g, r and m represent the number of coefficients which is not 0 in the polynomial, and the polynomial satisfies the formula:
Figure BDA0002770149140000011
Figure BDA0002770149140000012
Figure BDA0002770149140000013
Figure BDA0002770149140000021
wherein a isiIs a coefficient, takes the value of 0 or 1, xiFor variables, the formula represents all a from 0 to N-1 for iixiAnd (6) summing.
The NTRU algorithm works on ring R:
R=Z[X]/(XN-1)
by multiplying on ring R, e.g. the polynomial H ═ F ×, G can be calculated as
Figure BDA0002770149140000022
Meanwhile, the HSS server of the system randomly selects a polynomial g to be in the LgAnd a single secure hash function
Figure BDA0002770149140000023
{1}*Represents a 01 sequence of arbitrary length, which is mapped to a modulo-q non-0 integer
Figure BDA0002770149140000024
System HSS server selects a polynomial f to edge calculation MME serverMME∈LfAs the private key, it is required that F is presentpE.g. R and FqE under the condition of RMMESatisfies the following conditions:
Fp*fMME≡1(mod p)
Fq*fMME≡1(mod q)
meaning that the left formula of "≡" modulo either p or q both result in 1, yielding FpAnd FqAre respectively fMMEMultiplicative inverse in the case of modulo p and modulo q. And calculates the public key h according to the following formulaMME:
hMME≡FP*g(mod q)
Public and private key pair through system HSS server
Figure BDA0002770149140000025
Sending to an edge computing MME server, wherein
Figure BDA0002770149140000026
Is fMMEThe inverse on ring R.
System HSS server publishing { H1,N,p,q,Lr,Lm,hMMEAs the whole system parameter, and take { g, L }f,LgKeep it as non-public information.
The HSS server of the system is each electric power internet of things terminal equipment DiAssigning a unique N-bit information PIDiAs identity information and randomly selecting a polynomial
Figure BDA0002770149140000027
Calculate its public key as follows
Figure BDA0002770149140000028
Wherein
Figure BDA0002770149140000029
Is that
Figure BDA00027701491400000210
Inverse on ring R:
Figure BDA00027701491400000211
public and private key pair
Figure BDA00027701491400000212
Terminal equipment D capable of being used in electric power internet of thingsiSetting before deployment or sending the data to the terminal equipment D of the power internet of things through the HSS server and the edge calculation MME serveri
Step two: electric power thing networking terminal equipment DiAnd (6) authenticating login. Electric power thing networking terminal equipment DiRandomly selecting a polynomial ri∈LrCalculating the encryption information ei
ei=phMME*ri+hDi(mod q)
Generating an identity verification code ICAi
Figure BDA00027701491400000213
Then generating an information group Mi=(PIDi||ei||ti) Wherein t isiIs the current timestamp; generating shared session key SKi=H1(PIDi||ICAi) (ii) a Generating authentication information Auth1=H1(Mi||SKi). Electric power thing networking terminal equipment DiSending information { M to edge computing MME Serveri,Auth1}。
Step three: edge computing MME server authentication. Edge computing MME server received power Internet of things terminal equipment DiAfter the information is sent, the { M } is obtainedi,Auth1}. From MiDirectly separating to obtain time information tiAnd encryption information eiWhen t isiIf the current time period is exceeded, the power internet of things terminal equipment D is directly refusediAnd authenticating the access. Edge computing MME server by resolving eiCan directly obtain the electric power internet of things terminal equipment DiIs given with public key information hMMEThe calculation process is as follows:
first, an intermediate quantity polynomial a is calculated, wherein the coefficients of a are selected to be within the interval [ -q/2, q/2 ]:
a≡fMME*ei(mod q)
decrypted information hMMEComprises the following steps:
hMME≡Fp*a(mod p)
and calculates the identity authentication code IAC by using the following formulaMME
Figure BDA0002770149140000031
Edge computing MME server computing shared session key information SKi=H1(PIDi||IACMME) And is combined with H1(Mi||SKi) With the received authentication information Auth1Comparing, if the values are consistent, the edge computing MME server considers that the electric power internet of things terminal equipment D isiThe access is legal.
Returning authentication information Auth obtained by calculation of edge calculation MME server2
Auth2=H1(PIDi||IACMME||SKi)
And sends the information to the terminal equipment D of the power internet of thingsi
Step four: electric power thing networking terminal equipment DiAnd (6) verifying. Authentication information Auth of MME server received by edge computing2Then, the electric power thing allies oneself with network terminal equipment DiFirst, the PID is verifiediIf they are consistent, then calculate the local information H1(PIDi||IACMME||SKi) And with Auth2And (6) carrying out comparison. If the numerical values are consistent, the edge computing MME server is considered to be a legal server which can be accessed, and the electric power internet of things terminal equipment D is establishediEncrypted secure channel with edge computing MME server and through SKiData encryption is performed as a shared session key. Otherwise, ending the access process and restarting the access authentication.
The protocol is applied to the terminal equipment D of the power internet of thingsiAnd a 2-step authentication mode is adopted between the edge computing MME server, so that the efficiency of the security authentication network is improved. Time stamp information t is added in NTRU security encryption algorithmiAnd quantum computing attack can be resisted. The safety information of the network system is managed by the HSS server of the system in a unified way, and the specific safety authentication is completed on the edge computing MME server, so that the isolation of the HSS server of the system and the edge computing MME server is realized, and the safety access performance of the network is further ensured.
The invention achieves the following beneficial effects: the invention relates to a network application layer security authentication method, which unifies different technical standard protocols of the Internet of things on an application layer and realizes the standardization of a terminal node access protocol of the Internet of things of electric power. By adopting the improved NTRU security authentication encryption algorithm, the rapid security verification work of the large-scale Internet of things terminal can be realized under a smaller calculation amount. Meanwhile, as application layer authentication and encryption are adopted, the method can be uniformly integrated on NB-IoT, eMTC, LoRa, Sigfox and other standards in the application layer, and realizes the uniform standard on the edge computing MME server.
Drawings
FIG. 1 is a power Internet of things system framework;
FIG. 2 shows a terminal device of an electric power Internet of things for secure access;
fig. 3 is an edge computing network security access protocol.
Detailed Description
The invention is further described below with reference to the accompanying drawings. It should be noted that these embodiments are not intended to limit the present invention, and those skilled in the art should be able to make functional, methodical, or structural equivalents and substitutions according to these embodiments within the scope of the present invention.
As shown in fig. 1, the power internet of things is a large-scale industrial internet of things, the architecture of the power internet of things comprises three typical network structures of an internet of things perception extension layer, a network transmission layer and a platform application layer, and the invention provides a method for solving the problem of a power internet of things network terminal device D by adopting an edge computing application layeriSecure access and edge computing. In an edge computing application layer, an edge computing server is adopted to carry out power internet of things terminal equipment D from standards such as NB-IoT, eMTC, LoRa and SigfoxiAnd carrying out safe access.
Fig. 2 is a process of safely accessing a specific body to a terminal device of an electric power internet of things. NB-IoT and eMTC equipment access to an MME server with an edge computing function through a mobile base station and LoRa and Sigfox equipment through special Internet of things gateway equipment. The edge computing MME server has access and edge computing capabilities, and can realize the security authentication and access of the electric power internet of things terminal equipment with different standards. And the data after the security authentication is transmitted to a system HSS server by the edge computing MME server. In the process of security authentication, a system HSS server stores information such as public keys, private keys and user identities required by security authentication, and updates the security authentication information of the power internet of things through an edge computing MME server.
Fig. 3 is a network security access protocol of the power internet of things using edge computing. In the protocol, a system HSS server uniformly manages the whole power Internet of things, and an edge computing MME server is responsible for a power Internet of things network terminal device DiManagement, security authentication, data decryption, and the like. The protocol shown in fig. 3 operates in several steps:
the method comprises the following steps: in the initialization phase of access, the system HSS server issues data information required for complete authentication.
Step two: electric power thing networking terminal equipment DiWhen the access is needed, only authentication with an edge computing MME server is needed, and the security access encryption algorithm adopts an NTRU security encryption algorithm. Firstly, the electric power thing networking terminal equipment DiInitiate authentication logon and compute to edgeThe MME server sends encrypted authentication information; the edge computing MME server compares the received authentication information, computes feedback authentication information and sends the feedback authentication information to the electric power Internet of things terminal equipment Di(ii) a Electric power thing networking terminal equipment DiAnd comparing the authentication information fed back by the MME server with the local authentication information to determine whether the access is legal or not, and finishing the security authentication.
Step three: electric power thing networking terminal equipment DiAnd encrypting the data information and sending the data information to the edge computing MME server, and sending the data information to the system HSS server in a plaintext form after decryption and authentication of the edge computing MME server.
The protocol is applied to the terminal equipment D of the power internet of thingsi2-step authentication mode is adopted between the edge computing MME server, so that the efficiency of the security authentication network is improved; timestamp information is added in the NTRU security encryption algorithm, and quantum computing attack can be resisted. The safety information of the network system is managed by the HSS server of the system in a unified way, and the specific safety authentication is completed on the edge computing MME server, so that the isolation of the HSS server of the system and the edge computing MME server is realized, and the safety access performance of the network is further ensured.
An NTRU safe access method of an electric power internet of things terminal based on edge calculation comprises the following steps:
the method comprises the following steps: and (5) initializing. The main architecture of the system is as follows: electric power thing networking terminal equipment DiAn edge computing (MME) server is connected, and the edge computing (MME) server is connected with a system (HSS) (Home Subscriber Server). In a protocol initialization stage, a system HSS server selects three integers (N, p, q) meeting an NTRU (number Theory Research number) algorithm, wherein N is a positive prime number, and p and q are mutually prime numbers; four sets of polynomials of degree N-1 (L) are selectedf,Lg,Lr,Lm) Wherein f, g, r and m represent the number of coefficients which is not 0 in the polynomial, and the polynomial satisfies the formula:
Figure BDA0002770149140000051
Figure BDA0002770149140000052
Figure BDA0002770149140000053
Figure BDA0002770149140000054
wherein a isiIs a coefficient, takes the value of 0 or 1, xiFor variables, the formula represents all a from 0 to N-1 for iixiAnd (6) summing.
The NTRU algorithm works on ring R:
R=Z[X]/(XN-1)
by multiplying on ring R, e.g. the polynomial H ═ F ×, G can be calculated as
Figure BDA0002770149140000055
Meanwhile, the HSS server of the system randomly selects a polynomial g to be in the LgAnd a single secure hash function
Figure BDA0002770149140000061
{1}*Represents a 01 sequence of arbitrary length, which is mapped to a modulo-q non-0 integer
Figure BDA0002770149140000062
System HSS server selects a polynomial f to edge calculation MME serverMME∈LfAs the private key, it is required that F is presentpE.g. R and FqE under the condition of RMMESatisfies the following conditions:
Fp*fMME≡1(mod p)
Fq*fMME≡1(mod q)
meaning that the left formula of "≡" modulo either p or q both result in 1, yielding FpAnd FqAre respectively fMMEMultiplicative inverse in the case of modulo p and modulo q. And calculates the public key h according to the following formulaMME:
hMME≡FP*g(mod q)
Public and private key pair through system HSS server
Figure BDA0002770149140000063
Sending to an edge computing MME server, wherein
Figure BDA0002770149140000064
Is fMMEThe inverse on ring R.
System HSS server publishing { H1,N,p,q,Lr,Lm,hMMEAs the whole system parameter, and take { g, L }f,LgKeep it as non-public information.
The HSS server of the system is each electric power internet of things terminal equipment DiAssigning a unique N-bit information PIDiAs identity information and randomly selecting a polynomial
Figure BDA0002770149140000065
Calculate its public key as follows
Figure BDA0002770149140000066
Wherein
Figure BDA0002770149140000067
Is that
Figure BDA0002770149140000068
Inverse on ring R:
Figure BDA0002770149140000069
public and private key pair
Figure BDA00027701491400000610
Terminal equipment D capable of being used in electric power internet of thingsiSetting before deployment or sending the data to the terminal equipment D of the power internet of things through the HSS server and the edge calculation MME serveri
Step two: electric power thing networking terminal equipment DiAnd (6) authenticating login. Electric power thing networking terminal equipment DiRandomly selecting a polynomial ri∈LrCalculating the encryption information ei
Figure BDA00027701491400000611
Generating an identity verification code ICAi
Figure BDA00027701491400000612
Then generating an information group Mi=(PIDi||ei||ti) Wherein t isiIs the current timestamp; generating shared session key SKi=H1(PIDi||ICAi) (ii) a Generating authentication information Auth1=H1(Mi||SKi). Electric power thing networking terminal equipment DiSending information { M to edge computing MME Serveri,Auth1}。
Step three: edge computing MME server authentication. Edge computing MME server received power Internet of things terminal equipment DiAfter the information is sent, the { M } is obtainedi,Auth1}. From MiDirectly separating to obtain time information tiAnd encryption information eiWhen t isiIf the current time period is exceeded, the power internet of things terminal equipment D is directly refusediAnd authenticating the access. Edge computing MME server by resolving eiCan directly obtain the electric power internet of things terminal equipment DiIs given with public key information hMMEThe calculation process is as follows:
first, an intermediate quantity polynomial a is calculated, wherein the coefficients of a are selected to be within the interval [ -q/2, q/2 ]:
a≡fMME*ei(mod q)
decrypted information hMMEComprises the following steps:
hMME≡Fp*a(mod p)
and calculates the identity authentication code IAC by using the following formulaMME
Figure BDA0002770149140000071
Edge computing MME server computing shared session key information SKi=H1(PIDi||IACMME) And is combined with H1(Mi||SKi) With the received authentication information Auth1Comparing, if the values are consistent, the edge computing MME server considers that the electric power internet of things terminal equipment D isiThe access is legal.
Returning authentication information Auth obtained by calculation of edge calculation MME server2
Auth2=H1(PIDi||IACMME||SKi)
And sends the information to the terminal equipment D of the power internet of thingsi
Step four: electric power thing networking terminal equipment DiAnd (6) verifying. Authentication information Auth of MME server received by edge computing2Then, the electric power thing allies oneself with network terminal equipment DiFirst, the PID is verifiediIf they are consistent, then calculate the local information H1(PIDi||IACMME||SKi) And with Auth2And (6) carrying out comparison. If the numerical values are consistent, the edge computing MME server is considered to be a legal server which can be accessed, and the electric power internet of things terminal equipment D is establishediEncrypted secure channel with edge computing MME server and through SKiData encryption is performed as a shared session key. Otherwise, ending the access process and restarting the access authentication.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (4)

1. An NTRU safe access method of an electric power internet of things terminal based on edge calculation is characterized by comprising the following steps:
the method comprises the following steps: initialization, electric power thing networking terminal equipment DiConnecting an edge calculation MME server, wherein the edge calculation MME server is connected with a system HSS server, and in a protocol initialization stage, the system HSS server selects three integers (N, p and q) meeting an NTRU algorithm, wherein N is a positive prime number, and p and q are mutually prime numbers; four sets of polynomials of degree N-1 (L) are selectedf,Lg,Lr,Lm) Wherein f, g, r and m represent the number of coefficients which is not 0 in the polynomial, and the polynomial satisfies the formula:
Figure FDA0002770149130000011
Figure FDA0002770149130000012
Figure FDA0002770149130000013
Figure FDA0002770149130000014
wherein a isiIs a coefficient, takes the value of 0 or 1, xiFor variables, the formula represents all a from 0 to N-1 for iixiThe sum is obtained by summing up the sum,
the NTRU algorithm works on ring R:
R=Z[X]/(XN-1)
by denoting the multiplication on ring R, the polynomial H ═ F × G can be calculated as
Figure FDA0002770149130000015
Meanwhile, the HSS server of the system randomly selects a polynomial g to be in the LgAnd a single secure hash function
Figure FDA0002770149130000016
{1}*Represents a 01 sequence of arbitrary length, which is mapped to a modulo-q non-0 integer
Figure FDA0002770149130000017
System HSS server selects a polynomial f to edge calculation MME serverMME∈LfAs the private key, it is required that when a polynomial F existspe.R and polynomial FqE under the condition of RMMESatisfies the following conditions:
Fp*fMME≡1(mod p)
Fq*fMME≡1(mod q)
meaning that the left formula of "≡" modulo either p or q both result in 1, yielding FpAnd FqAre respectively fMMEThe multiplicative inverse in the case of modulo p and modulo q, and the public key h is calculated according to the following equationMME:
hMME≡FP*g(mod q)
Public and private key pair through system HSS server
Figure FDA0002770149130000018
Sending to an edge computing MME server, wherein
Figure FDA0002770149130000019
Is fMMEThe inverse on ring R;
system HSS server publishing { H1,N,p,q,Lr,Lm,hMMEAs the whole system parameter, and take { g, L }f,LgStoring as non-public information;
the HSS server of the system is each electric power internet of things terminal equipment DiAssigning a unique N-bit information PIDiAs identity information and randomly selecting a polynomial
Figure FDA0002770149130000021
Calculate its public key as follows
Figure FDA0002770149130000022
Wherein
Figure FDA0002770149130000023
Is that
Figure FDA0002770149130000024
Inverse on ring R:
Figure FDA0002770149130000025
public and private key pair
Figure FDA0002770149130000026
Terminal equipment D capable of being used in electric power internet of thingsiSetting before deployment or sending the data to the terminal equipment D of the power internet of things through the HSS server and the edge calculation MME serveri
Step two: electric power thing networking terminal equipment DiAnd (6) authenticating login. Electric power thing networking terminal equipment DiRandomly selecting a polynomial ri∈LrCalculating the encryption information ei
Figure FDA0002770149130000027
Generating an identity verification code ICAi
Figure FDA0002770149130000028
Then generating an information group Mi=(PIDi||ei||ti) Wherein t isiIs the current timestamp; generating shared session key SKi=H1(PIDi||ICAi) (ii) a Generating authentication information Auth1=H1(Mi||SKi). Electric power thing networking terminal equipment DiSending information { M to edge computing MME Serveri,Auth1};
Step three: edge computing MME server authentication. Edge computing MME server received power Internet of things terminal equipment DiAfter the information is sent, the { M } is obtainedi,Auth1}. From MiDirectly separating to obtain time information tiAnd encryption information eiWhen t isiIf the current time period is exceeded, the power internet of things terminal equipment D is directly refusediAnd authenticating the access. Edge computing MME server by resolving eiCan directly obtain the electric power internet of things terminal equipment DiIs given with public key information hMMEThe calculation process is as follows:
first, an intermediate quantity polynomial a is calculated, wherein the coefficients of a are selected to be within the interval [ -q/2, q/2 ]:
a≡fMME*ei(mod q)
decrypted information hMMEComprises the following steps:
hMME≡Fp*a(mod p)
and calculates the identity authentication code IAC by using the following formulaMME
Figure FDA0002770149130000029
Edge computing MME server computing shared session key information SKi=H1(PIDi||IACMME),And reacting H1(Mi||SKi) With the received authentication information Auth1Comparing, if the values are consistent, the edge computing MME server considers that the electric power internet of things terminal equipment D isiThe access is legal;
returning authentication information Auth obtained by calculation of edge calculation MME server2
Auth2=H1(PIDi||IACMME||SKi)
And sends the information to the terminal equipment D of the power internet of thingsi
Step four: electric power thing networking terminal equipment DiVerification, authentication information Auth received from edge computing MME server2Then, the electric power thing allies oneself with network terminal equipment DiFirst, the PID is verifiediIf they are consistent, then calculate the local information H1(PIDi||IACMME||SKi) And with Auth2Comparing, if the values are consistent, considering that the edge computing MME server is a legal server and can be accessed, and establishing electric power internet of things terminal equipment DiEncrypted secure channel with edge computing MME server and through SKiData encryption is performed as a shared session key. Otherwise, ending the access process and restarting the access authentication.
2. The NTRU security access method based on edge computing of power internet of things terminal of claim 1, wherein: the access method is carried out on a terminal device D of the electric power internet of thingsiAnd a 2-step authentication mode is adopted between the edge computing MME server, so that the efficiency of the security authentication network is improved.
3. The NTRU security access method based on edge computing of power internet of things terminal of claim 1, wherein: time stamp information t is added in NTRU security encryption algorithmiAnd quantum computing attack can be resisted.
4. The NTRU security access method based on edge computing of power internet of things terminal of claim 1, wherein: the safety information of the network system is managed by the HSS server of the system in a unified way, and the specific safety authentication is completed on the edge computing MME server, so that the isolation of the HSS server of the system and the edge computing MME server is realized, and the safety access performance of the network is further ensured.
CN202011250137.4A 2020-11-10 2020-11-10 Electric power internet of things network terminal NTRU safe access method based on edge calculation Active CN112437055B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011250137.4A CN112437055B (en) 2020-11-10 2020-11-10 Electric power internet of things network terminal NTRU safe access method based on edge calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011250137.4A CN112437055B (en) 2020-11-10 2020-11-10 Electric power internet of things network terminal NTRU safe access method based on edge calculation

Publications (2)

Publication Number Publication Date
CN112437055A true CN112437055A (en) 2021-03-02
CN112437055B CN112437055B (en) 2022-05-31

Family

ID=74699631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011250137.4A Active CN112437055B (en) 2020-11-10 2020-11-10 Electric power internet of things network terminal NTRU safe access method based on edge calculation

Country Status (1)

Country Link
CN (1) CN112437055B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113395166A (en) * 2021-06-09 2021-09-14 浙江大学 Edge computing-based power terminal cloud edge terminal collaborative security access authentication method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333860A (en) * 2014-10-31 2015-02-04 成都卫士通信息产业股份有限公司 ZigBee security network with public key cryptography system NTRU (number theory research unit)
CN107733632A (en) * 2017-11-29 2018-02-23 四川大学 A kind of wireless network secure switching method of anti-quantum attack
US20190312728A1 (en) * 2018-04-09 2019-10-10 Infineon Technologies Ag Method and processing device for performing a lattice-based cryptographic operation
CN111083131A (en) * 2019-12-10 2020-04-28 南瑞集团有限公司 Lightweight identity authentication method for power Internet of things sensing terminal
CN111225375A (en) * 2019-12-31 2020-06-02 汉熵通信有限公司 Next-generation Internet of things system architecture design method and application system
CN111371730A (en) * 2018-12-26 2020-07-03 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333860A (en) * 2014-10-31 2015-02-04 成都卫士通信息产业股份有限公司 ZigBee security network with public key cryptography system NTRU (number theory research unit)
CN107733632A (en) * 2017-11-29 2018-02-23 四川大学 A kind of wireless network secure switching method of anti-quantum attack
US20190312728A1 (en) * 2018-04-09 2019-10-10 Infineon Technologies Ag Method and processing device for performing a lattice-based cryptographic operation
CN111371730A (en) * 2018-12-26 2020-07-03 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
CN111083131A (en) * 2019-12-10 2020-04-28 南瑞集团有限公司 Lightweight identity authentication method for power Internet of things sensing terminal
CN111225375A (en) * 2019-12-31 2020-06-02 汉熵通信有限公司 Next-generation Internet of things system architecture design method and application system
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113395166A (en) * 2021-06-09 2021-09-14 浙江大学 Edge computing-based power terminal cloud edge terminal collaborative security access authentication method
CN113395166B (en) * 2021-06-09 2022-06-14 浙江大学 Edge computing-based power terminal cloud edge terminal collaborative security access authentication method

Also Published As

Publication number Publication date
CN112437055B (en) 2022-05-31

Similar Documents

Publication Publication Date Title
CN102318258B (en) The subjective entropy of identity-based
CN101442522B (en) Identification authentication method for communication entity based on combined public key
CN104754581A (en) Public key password system based LTE wireless network security certification system
Singh et al. Secured user's authentication and private data storage-access scheme in cloud computing using Elliptic curve cryptography
Wang et al. Provably secure and efficient identification and key agreement protocol with user anonymity
CN106850584B (en) A kind of anonymous authentication method of curstomer-oriented/server network
CN101867477B (en) Sensor network session key establishing method
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
CN112601221B (en) Internet of things dynamic NTRU access authentication method based on time information
Castiglione et al. An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update
CN112437055B (en) Electric power internet of things network terminal NTRU safe access method based on edge calculation
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN111669275A (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
CN106487502B (en) Lightweight key negotiation method based on password
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
Boudguiga et al. An authentication scheme for IEEE 802.11 s mesh networks relying on Sakai-Kasahara ID-Based Cryptographic algorithms
Liu et al. pKAS: A secure password-based key agreement scheme for the edge cloud
Lei et al. A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks
CN114386020A (en) Quick secondary identity authentication method and system based on quantum security
Zhang et al. Verifier-based anonymous password-authenticated key exchange protocol in the standard model
Hsu et al. Password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map
CN114070570A (en) Safe communication method of power Internet of things
Jiaqing et al. A secure and efficient anonymous user authentication and key agreement scheme for global mobility networks based on bilinear pairing
Yussoff et al. IBE-Trust: A security framework for wireless sensor networks
CN114070549A (en) Key generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant