CN112714507B - Method for data security transmission between wireless ad hoc networks - Google Patents

Abstract

The invention discloses a method for safely transmitting data between wireless ad hoc networks, which comprises the following steps: the node constructs a node public key table; the transmitting node transmits a data message to the receiving node; after receiving the data message and checking the security, the receiving node sends a response message to the sending node; after receiving the response message and checking and comparing the data safely, the sending node sends a data confirmation message to the receiving node; the receiving node receives the data confirmation message and selects to reserve or discard the data according to the type of the data confirmation message. Based on the network architecture of the wireless ad hoc network, the method integrates a hash algorithm, a public key cryptographic algorithm and an encryption authentication technology, and designs a brand new data security transmission method, so that the data security interaction among the nodes in the wireless ad hoc network is realized. The method has wide application range, is easy to realize, is safe and reliable, and can be used in network environments with extremely high safety requirements.

Description

Method for data security transmission between wireless ad hoc networks

Technical Field

The invention relates to a method for safely transmitting data between wireless ad hoc networks, in particular to a method for safely transmitting sensitive data between wireless ad hoc networks, which belongs to the technical field of combination of wireless communication and cryptography.

Background

The wireless ad hoc network, also called Mesh network, is a wireless communication system supporting multi-hop relay, each node in the system can move freely, a route can be quickly reconstructed and a new network topology can be formed when the topology of the system changes, interconnection and intercommunication of all online nodes in the system are guaranteed in real time, and the wireless ad hoc network is particularly suitable for application occasions such as on-site emergency command, small-team quick networking and the like, and is widely applied to industries such as public safety, emergency, military and the like at present.

In view of the specificity of wireless ad hoc network applications, the data transmitted inside the wireless ad hoc network needs to be kept secret, and the security measures for the data in the traditional wireless communication are mainly divided into two types: security to the data itself and security to the data transmission channel. The method can be specifically divided into the following methods:

(1) MAC address filtering: a hardware-controlled mechanism is employed to identify validity of the access device. The network card of any network hardware equipment only has a unique MAC address, each node in the wireless ad hoc network can start an MAC address filtering mechanism, judge whether the MAC address of the access equipment is legal or not, and prevent illegal nodes from accessing the network.

(2) WEP/WPA 2 encryption: this is a series of systems for protecting wifi information security. Because the wireless ad hoc network supports the terminal device to access through wifi, the method can prohibit an unauthorized terminal from privately connecting with a network node.

(3) IPsec: the internet security protocol, which is a protocol packet, protects the network transport protocol family of the IP protocol by encrypting and authenticating the packets of the IP protocol. VPN technology based on IPsec protocol packet is mainly used for establishing a safe transmission channel between two subnets with data privacy transmission requirements.

(4) Algorithm encryption: the method comprises the steps of packaging and encrypting original data, transmitting the encrypted data to a receiving node through a wireless network, and decrypting the encrypted data packet by the receiving node, so that the safety and reliability of data transmission in the air are ensured. A commonly used encryption algorithm is AES.

The traditional two methods of MAC address filtering and WEP/WPA/WPA2 encryption adopt access protection measures, namely, unauthorized nodes or terminals are prevented from entering the network, but if legal node traitors exist, received data are discarded or forged into other data to be transmitted continuously, and then the two methods cannot solve the problems of legal node traitors and intentional tampering of the data; the IPsec also adopts encryption and authentication technology to ensure data security, and the premise of the IPsec is that a fixed VPN tunnel is established between a sending node and a receiving node before data is transmitted, and the receiving node and the sending node are required to support additional tunnel protocols, but the wireless self-organizing network has networking flexibility and mobility, the transmission path between the nodes is not fixed and is dynamically changed according to the field environment, so that the fixed VPN tunnel cannot be established, the IPsec VPN generally has the problems of high cost and high complexity, and the IPsec VPN is inapplicable in many scenes of needing to be implemented simply, not changing the existing network structure and low operation cost, and meanwhile, the IPsec VPN cannot solve the problem of data packet loss; the algorithm encryption is to encrypt the original data, and the method cannot solve the problem of source authentication, namely cannot determine whether the original data is transmitted by a transmitting node, namely cannot solve the problem of traitor of legal nodes, and cannot solve the problem of data packet loss.

Disclosure of Invention

The invention aims to: aiming at the problems in the background technology, the invention provides a method for safely transmitting data between wireless ad hoc networks, which combines a hash algorithm, a public key cryptographic algorithm and an encryption authentication technology on the basis of the network architecture of the wireless ad hoc networks, and designs a novel data safe transmission method so as to realize the safe interaction of the data between the nodes in the wireless ad hoc networks. The method has wide application range, is easy to realize, is safe and reliable, and can be used in network environments with extremely high safety requirements.

The technical scheme is as follows: the invention adopts the following technical scheme: the method for safely transmitting the data between the wireless ad hoc networks comprises the following specific steps:

step 1, each node in the wireless ad hoc network independently generates an RSA key pair, a private key in the key pair is independently and safely stored by each node, meanwhile, a public key in the key pair is broadcasted to other nodes, the nodes construct a node public key table according to the received public key, and if the node public key table of each node is successfully created, step 2 is entered;

step 2, the sending node encrypts the original data by using a hash algorithm, an asymmetric encryption algorithm and a digital signature to obtain a data ciphertext, the data ciphertext is constructed into a data message to be sent to the receiving node, and a timer is set to wait for a response message of the receiving node;

Step 3, the receiving node extracts the data ciphertext from the data message, then decrypts the data ciphertext, and then carries out security check on the decrypted data, so that whether the decrypted data are transmitted by the transmitting node or not and whether the original data contained in the data are not tampered are judged;

if the two determinations are yes, the security check is passed, the receiving node encrypts the original data hash value contained in the data by using a hash algorithm, an asymmetric encryption algorithm and a digital signature to obtain a complete response ciphertext of the data, the response ciphertext is constructed into an IP datagram which is used as a response message to be sent to the sending node, and a timer is set to wait for a data confirmation message returned by the sending node;

if one of the two judgments is no, the safety check is not passed, the receiving node constructs a response ciphertext of failure of the data safety check, constructs the response ciphertext into an IP datagram as a response message and sends the IP datagram to the sending node;

step 4, the sending node extracts the response ciphertext from the received response message, firstly clears the timer set in the step 2, then decrypts the response ciphertext, and then carries out security check on the decrypted response message, and whether the response message is sent by the receiving node or not and whether the response value carried in the response message is not tampered or not need to be judged successively;

If the two items of judgment are yes, the security check is passed, the type of the response information is continuously judged, if the response information is complete, the sending node compares the original data hash value carried in the response information with the original data hash value stored locally, if the comparison is consistent, the receiving node is informed of the fact that the receiving node has received the correct original data, and then the sending node sends a data confirmation message to the receiving node to inform the receiving node that the original data is correct; if the comparison is inconsistent, the receiving node does not receive the correct original data, the sending node sends a data confirmation message to the receiving node to inform the receiving node to discard the original data, and the step 2 of retransmitting the data message is returned again; if the response information is the response information of the failure of the data security check, returning to the step 2 again to resend the data message;

if one of the two judgments is no, the safety check is not passed, and the sending node sends a data confirmation message to the receiving node to inform the receiving node of retransmitting the response message;

step 5, the receiving node receives the data confirmation message, firstly clears the timer set in the step 3, then judges the type of the data confirmation message, and if the data confirmation message is the correct data confirmation message of the original data, the original data is reserved; discarding the original data if the original data is incorrect data confirmation message; if the data confirmation message is the data confirmation message which does not pass the security check in the step 4, returning to the step 3 to resend the response message.

The invention relates to a method for safely transmitting data between wireless ad hoc networks, wherein the step 2 further comprises the following steps:

step 201, a sending node encrypts original data by using a hash algorithm to obtain an original data hash value, and meanwhile, the original data hash value is stored locally;

step 202, a sending node uses a private key of the sending node to digitally sign two items of data, namely original data and an original data hash value, so as to obtain a signature value;

step 203, the sending node searches the public key of the receiving node in the local node public key table according to the IP information of the receiving node, and then performs asymmetric encryption on three data, namely, the original data hash value and the signature value, by using the public key of the receiving node to obtain a data ciphertext;

204, the sending node constructs a data message according to the standard IP datagram format, sends the data message to the receiving node through the wireless ad hoc network, and sets a timer to wait for the response message of the receiving node;

step 205, when the timer setting time arrives, if the sending node does not receive the response message of the receiving node, the sending node sends the data message to the receiving node again, and failure statistics is performed at the same time, if the response message of the receiving node is not received when the timer setting time arrives three times in succession, an alarm of network abnormality is generated and the timer is cleared;

If the response message is received, the step 4 response message analyzing process is entered, and the timer is cleared.

The invention relates to a method for safely transmitting data between wireless ad hoc networks, wherein the step 3 further comprises the following steps:

step 301, a receiving node extracts a data ciphertext from a received data message, and then decrypts the data ciphertext by using a private key of the receiving node to obtain original data, an original data hash value and a signature value;

step 302, the receiving node performs security check on the decrypted data, searches the public key of the sending node from the local node public key table according to the IP information of the sending node, uses three data of the public key of the sending node, a signature value, original data and an original data hash value to check the signature, and if the signature passes, the original data and the original data hash value in the data secret are really constructed and sent by the sending node, and then the step 303 is entered; if the signature verification does not pass, discarding the data message, and entering step 304 to send a response message that the signature verification does not pass to the sending node;

step 303, the receiving node encrypts the original data by using a hash algorithm to obtain an original data hash value, compares the hash value with the original data hash value decrypted from the data ciphertext, if the hash value is consistent with the original data hash value, the original data is not tampered or lost, the security check is passed, and the step 304 is entered to send a complete response message of the data to the sending node; if the comparison is inconsistent, indicating that the original data may be tampered or lost, and if the security check is failed, entering step 304 to send a response message with a non-matched hash value to the sending node;

Step 304, the receiving node constructs corresponding response information according to the security check result, if the decrypted data passes the security check, the receiving node encrypts the original data hash value by using a hash algorithm to obtain a hash value of the original data hash value, then digital signature is carried out on the original data hash value and the hash value of the original data hash value by using a private key of the receiving node to obtain a signature value, then the receiving node searches a public key of the sending node in a local node public key table, encrypts three items of data, namely the original data hash value, the hash value of the original data hash value and the signature value, by using the public key to obtain a response ciphertext, the receiving node constructs the response information according to a standard IP datagram format, transmits the response information to the sending node through a wireless ad hoc network, and sets a timer to wait for a data confirmation message of the sending node, if the data confirmation message sent by the sending node is not received when the timer setting time arrives, the response information is sent again to the sending node, if the data confirmation message of the sending node is not received when the timer setting time arrives three times continuously, and meanwhile, an alarm is generated, and the discarded data of the network is abnormal is decrypted;

If the decrypted data does not pass the security check, the receiving node constructs failure information, and encrypts the failure information by a hash algorithm to obtain a hash value of the failure information, then digitally signs the failure information and the hash value of the failure information by a private key of the receiving node to obtain a signature value, then searches a public key of a sending node in a local node public key table, encrypts three items of the failure information, the hash value of the failure information and the signature value by the public key to obtain a response ciphertext which fails the data security check, and the receiving node constructs the response ciphertext according to a standard IP datagram format and sends the response message to the sending node through a wireless ad hoc network.

The invention relates to a method for safely transmitting data between wireless ad hoc networks, wherein the step 4 further comprises the following steps:

step 401, after receiving the response message, the sending node firstly clears the timer set in step 2, then extracts the response ciphertext from the response message, and then decrypts the response ciphertext by using its private key to obtain decrypted response information;

step 402, the sending node performs security check on the response information, extracts a signature value and response data from the response information, searches a public key of the receiving node from a local node public key table according to the IP address information of the receiving node, performs signature verification on the response data by using the three items of the public key of the receiving node, the signature value and the response data, and if the signature verification passes, the step 403 is performed to show that the response data is really constructed and sent by the receiving node; if the signature passes, step 406 is entered, and a data confirmation message that the signature passes is sent to the receiving node, and the receiving node is informed to resend the response message;

Step 403, the sending node extracts the response value and the hash value of the response value from the response data, then recalculates the hash value of the response value by using a hash algorithm, compares the hash value with the hash value of the response value carried in the response data, if the comparison is consistent, the security check is passed, step 404 is entered, if the comparison is inconsistent, the security check is not passed, step 406 is entered, a data confirmation message that the hash value is not passed in a matching manner is sent to the receiving node, and the receiving node is notified to resend the response message;

step 404, the sending node judges the type of the response value, if the response value is the complete response value of the data, the step 405 is entered; if the response value is the response value of the failure of the data security check, returning to the step 2 again, and retransmitting the data message by the transmitting node;

step 405, the sending node compares the original data hash value carried by the response data with the original data hash value stored locally in step 2, if the comparison is consistent, it is indicated that the receiving node has received the correct original data, the security check is passed, and step 406 is entered to send a data confirmation message of the correct original data to the receiving node; if the comparison is inconsistent, indicating that the original data received by the receiving node is wrong or lost, entering step 406 to send a data confirmation message that the original data is wrong to the receiving node;

Step 406, the sending node constructs a corresponding data confirmation message according to the security check result, if the original data received by the receiving node is correct, the data confirmation mark position 1 in the data confirmation message is confirmed, if the original data received by the receiving node is wrong, the data confirmation mark position 0 is confirmed, and if the response message verification sign does not pass or the hash value of the response message does not pass, the data confirmation mark position 2 is confirmed; constructing data confirmation information by using the data confirmation zone bit and the original data hash value, then digitally signing the data confirmation information by using a private key of a sending node to obtain a signature value, searching a public key of a receiving node in a local node public key table, encrypting the data confirmation zone bit, the original data hash value and the signature value by using the public key of the receiving node to obtain a data confirmation ciphertext, finally constructing a data confirmation message by the sending node according to a standard IP datagram format, and sending the data confirmation message to the receiving node through a wireless ad hoc network.

The invention relates to a method for safely transmitting data between wireless ad hoc networks, wherein the step 5 further comprises the following steps:

step 501, receiving a data confirmation message by a receiving node, and canceling a timer set in the step 3;

Step 502, a receiving node extracts a data confirmation ciphertext from a data confirmation message, decrypts the data confirmation ciphertext by using a private key of the receiving node, extracts data confirmation information and a signature value from decrypted data, searches a public key of a transmitting node from a local node public key table according to IP address information of the transmitting node, uses the data confirmation information and the signature value, and combines the public key to perform three-party signature verification, if the signature verification passes, the data confirmation information is really constructed and transmitted by the transmitting node, then extracts a data confirmation flag bit and an original data hash value from the data confirmation information, and if the data confirmation flag bit 1 is located, finds corresponding original data locally according to the original data hash value, and the original data is correctly reserved; if the data confirm the mark position 0, find the correspondent primitive data locally according to primitive data hash value, this primitive data is incorrect to discard; if the data confirm mark position 2, returning to the step 3, the receiving node re-sends the response message to the sending node, and simultaneously sets a timer to wait for the data confirm message returned by the sending node; if the signature verification does not pass, returning to the step 3, and sending the response message to the sending node again by the receiving node.

The method for safely transmitting the data between the wireless ad hoc networks, disclosed by the invention, wherein the setting time of the timer in the step 2 can be adjusted according to actual conditions.

The invention discloses a method for safely transmitting data between wireless ad hoc networks, wherein the setting time of a timer in the step 3 can be adjusted according to actual conditions.

The beneficial effects are that: the invention has the following beneficial effects:

the invention uses a data security transmission method as a main means, fuses a hash algorithm, a public key cryptographic algorithm and an encryption authentication technology on the basis of the network architecture of the wireless ad hoc network, and can realize the security interaction of data between the nodes in the wireless ad hoc network. The invention has wide application range, easy realization, safety and reliability, does not need to increase the hardware resources of the wireless ad hoc network, namely does not need to change the existing IP network structure, does not need to support other protocols by network nodes, does not need to change the wireless ad hoc network communication protocol, only needs to encrypt and authenticate the original data per se at a software layer and encapsulate the original data per se into IP messages for transmission, ensures that the data is not lost and tampered in the transmission process, and simultaneously effectively prevents legal nodes from tampering with the data, and can be used in network environments with extremely high safety requirements.

Drawings

FIG. 1 is a topology of a wireless ad hoc network in accordance with the present invention;

FIG. 2 is a flow chart of a method for securely transmitting data according to the present invention;

FIG. 3 is a flow chart of the node public key table creation in the present invention;

FIG. 4 is a schematic diagram of a node public key table and node public key entry structure according to the present invention;

FIG. 5 is a flow chart of a data message construction process for a transmitting node in the present invention;

FIG. 6 is a flow chart of the method for receiving node to parse data message and construct response message in the present invention;

FIG. 7 is a flow chart of a sending node parsing response message and constructing a data acknowledgement message in the present invention;

fig. 8 is a flow chart of the receiving node parsing a data acknowledgment message in accordance with the present invention.

Detailed Description

The method for data security transmission between wireless ad hoc networks according to the present invention is described in further detail below with reference to the accompanying drawings and detailed description:

firstly, it should be noted that, the precondition of the method for data security transmission between wireless ad hoc networks in the invention is that the wireless ad hoc networks have been successfully networked, and all nodes in the wireless ad hoc networks have been interconnected.

As shown in fig. 1, five online nodes are in the wireless ad hoc network, and it is assumed that node a is a transmitting node, node D is a receiving node, the node a needs to transmit the collected data to node D, and according to the network topology diagram of the wireless ad hoc network, it can be seen that the data passes through node B and node C in sequence, and finally reaches node D. The data may be lost in the air due to signal interference or network congestion, and node B or node C may tamper with the data or deliberately discard the original data and send the fake data to node D.

As shown in fig. 2, the method for securely transmitting data between wireless ad hoc networks according to the present invention mainly comprises the following steps:

1. each node in the wireless ad hoc network independently constructs a node public key table, wherein the node public key table comprises public key information of all online nodes in the wireless ad hoc network;

2. the sending node encrypts the original data by using a hash algorithm, an asymmetric encryption algorithm and a digital signature technology, and constructs a data message to be sent to the receiving node;

3. after receiving the data message, the receiving node obtains the original data through decryption and signature verification, encrypts the response data by using a hash algorithm, an asymmetric encryption algorithm and a digital signature technology, and constructs a response message to be sent to the sending node;

4. after receiving the response message, the sending node obtains response data through decryption and signature verification, judges whether the receiving node receives correct original data according to the response data, encrypts the data confirmation information by using a hash algorithm, an asymmetric encryption algorithm and a digital signature technology, and constructs a data confirmation message to be sent to the receiving node;

5. after receiving the data confirmation message, the receiving node obtains the data confirmation information through decryption and signature verification, and judges whether the received original data is correct or not according to the data confirmation information.

As shown in fig. 3-8, the specific steps of the method for data security transmission between wireless ad hoc networks according to the present invention are as follows:

1. creation of node public key table

As shown in fig. 3, each node in the wireless ad hoc network independently generates an RSA key pair, where the RSA key pair includes a private key and a public key; each node independently and safely stores own private key, and simultaneously broadcasts the public key to other nodes; each node constructs a node public key table according to the received public key; the public Key table of the node comprises public Key information of all nodes in the wireless ad hoc network, the public Key table of the node consists of a plurality of public Key entries of the node, each node in the wireless ad hoc network corresponds to one public Key entry of the node, the structures of the public Key table of the node and the public Key entry of the node are shown in figure 4, the Key Value of the public Key entry of the node corresponds to node IP information, and the Value of the public Key entry of the node corresponds to public Key information generated by the IP node. The generation of the RSA key pair belongs to the prior art, and therefore the present invention is not described herein.

2. Transmitting node constructs data message

As shown in fig. 5, the sending node encrypts the original data by using a hash algorithm to obtain an original data hash value, and the hash algorithm ensures that the original data cannot be reversely calculated through the original data hash value, and meanwhile, the original data corresponds to the unique original data hash value, so that the original data can be effectively ensured to be safe, and the original data can be timely detected to be tampered. Assuming that the original data is data, the original data hash value is data_hash=hash (data), and the data_hash is saved locally. The hash () represents the hash algorithm encryption process, and the hash () used later in the present invention represents the definition and will not be described in detail.

The sending node uses the private key of the sending node to carry out digital signature on the two items of data, namely the original data and the hash value of the original data to obtain a signature value, the digital signature ensures that the signed data can only be successfully checked by the public key corresponding to the private key used by the signature, the public key and the private key belong to the same pair, one node belongs to the public key, the signed data is ensured to be really constructed and signed by the node, and other nodes cannot forge the node to send the data because the private key of the node is not available. Assuming that the private key is a private key, the signature value is sign_data=sign (data||data_hash, private key). Wherein, the I represents the data of the two sides which are spliced into a whole in sequence, and the I used later in the invention represents the definition and is not repeated; sign (a, b) represents a digital signature process, a represents data to be signed, b represents a private key required for digital signature, and sign (a, b) used later in the invention all represent the definition and are not described in detail.

The sending node searches a local node public key table according to the IP information of the receiving node, finds the public key of the receiving node, encrypts three data, namely the original data, the hash value of the original data and the signature value, by using the public key to obtain a data ciphertext, and the ciphertext encrypted by the public key can only be decrypted by the corresponding private key, so that the receiving node can only decrypt the ciphertext by using the private key of the receiving node, and other nodes cannot decrypt the ciphertext because the private key of the receiving node is not available. The original data, the original data hash value and the signature value are first composed into the data to be encrypted, i.e., msg=data_hash_sign_data, assuming publicKey as the receiving node public key, the data ciphertext is en_msg=secret (msg, public key), wherein encry (a, b) represents an encryption process in an asymmetric encryption algorithm, a represents data to be encrypted, b represents a public key used for encryption, and encry () used later in the present invention represents the definition, and will not be described again.

The sending node constructs a data message according to a standard IP datagram format by the data ciphertext en_msg, sends the data message to the receiving node, and simultaneously sets a timer to wait for the response message of the receiving node, wherein the setting time of the timer can be adjusted according to actual conditions; if the set time of the timer is not up, the response message is received, then the response message analysis process is entered, and the timer is cleared; if the timer setting time arrives, the sending node still does not receive the response message, then sends the data message to the receiving node again, and carries out failure statistics at the same time, if the response message is not received when the timer setting time arrives three times in succession, then generates an alarm of network abnormality and clears the timer.

3. Receiving node parses data message and constructs response message

As shown in fig. 6, the receiving node extracts the data ciphertext en_msg from the data message, then decrypts the data ciphertext with its private key, msg=decrypt (en_msg, private key), msg is the decrypted data, and extracts the original data, the original data hash value data_hash, and the signature value sign_data from msg, where decrypt (a, b) represents the decryption process in the asymmetric encryption algorithm, a represents the data to be decrypted, b represents the private key used for decryption, and decrypt (a, b) used later in the present invention all represent the definition, which will not be described again.

The receiving node carries out security check on the decrypted data msg, searches a public key publicKey of the sending node from a local node public key table according to IP information of the sending node, uses three data of the public key publicKey of the sending node, a signature value sign_data, original data and an original data hash value data_hash to check signature, isvalid=verify (publicKey, data data_hash, sign_data), if isValid is True, the signature checking passes, and the data data_hash in the data key is really constructed and sent by the sending node; if isValid is False, the signature is not passed, the data message is discarded, and the security check is not passed. The verify (a, b, c) is defined as a signing verification process in the digital signature, a is a public key corresponding to a private key used for the digital signature, b is data to be signed, c is a signature value obtained by the digital signature, and the verify (a, b, c) used later in the invention is all indicative of the definition and is not repeated.

For the data passing the verification, the data contains the original data and the original data hash value, namely data|data_hash, the receiving node recalculates the hash value of the original data, new_data_hash=hash (data), then the new_data_hash and the data_hash are compared, if the comparison is consistent, the original data is not tampered or lost, and if the comparison is inconsistent, the original data is possibly tampered or lost.

Aiming at the condition that the check signature passes and the original data hash values are consistent in comparison, meaning that the data is complete, a receiving node encrypts the original data hash values by using a hash algorithm to obtain hash values of the original data hash values, namely data_hash' =hash (data_hash), then a private key of the receiving node corresponds to an answer data reply_data=data_hash to carry out digital signature to obtain signature values, namely sign_data=sign (data_hash), then the receiving node searches a public key of a transmitting node in a local node public key table, and the public key encrypts a response ciphertext, namely en_hash=reply (data_hash) by using the public key, when the receiving node receives a message, the message is set up according to the actual time, the wireless message is set up by the key, and the receiving node can set up a timing and a wireless message according to the time of the message, and the message is sent by the receiving node, and the receiver can set up a timing and the timing of the wireless message by the wireless message; if the timer setting time arrives, the data confirmation message sent by the sending node is not received, the response message is sent to the sending node again, and if the data confirmation message of the sending node is not received when the timer setting time arrives three times in succession, the alarm of network abnormality is generated, and meanwhile, the decrypted data is discarded and the timer is cancelled.

Aiming at the condition that the verification sign does not pass or the verification sign passes but the original data hash value comparison is inconsistent, the receiving node creates failure information fail_data, which means that the data security check fails, the fail_data contains a failure flag bit, and the flag bit indicates the reason of the failure, such as the verification sign does not pass or the original data hash value matching is inconsistent; the receiving node encrypts the fail_data by using a hash algorithm to obtain a hash value of failure information, namely fail_hash=hash (fail_data), then digitally signs a private key of the receiving node corresponding to reply data reply_data=fail_hash to obtain a signature value, namely sign_data=sign (fail_data_hash, private key), then encrypts msg=fail_data_hash_sign_data by using a public key of the sending node to obtain a response ciphertext, namely en_msg=encry (fail_data_hash_hash_sign_data, public key), and then the receiving node constructs the response ciphertext according to a standard IP datagram format and sends the response ciphertext to the sending node through a wireless ad hoc network.

4. The sending node parses the reply message and constructs a data acknowledgement message

As shown in fig. 7, after receiving a response message, a sending node firstly clears a timer set by the sending node and waiting for the receiving node to reply to the response message, then extracts a response ciphertext en_msg from the response message, then decrypts the en_msg by using a private key of the sending node to obtain decrypted response message, namely msg=decryption pt (en_msg, private key), extracts a signature value sign_data and response data reply_data from the msg, wherein the response data consists of the response value reply_value and a hash value reply_hash corresponding to the response value reply_value, and the response data is either reply_data=data_hash|data_hash or reply_data|fail_hash according to the type of the response message.

The sending node performs security check on the response information msg, searches a public key of the receiving node from a local node public key table according to IP address information of the receiving node, then performs signature verification on response data, and if isvalid=verify (public key, reply_data, sign_data), the signature verification passes, the fact that reply_data is really constructed and sent by the receiving node is indicated; if the check mark does not pass, the response information is discarded, the security check does not pass, and a data confirmation message that the check mark does not pass is sent to the receiving node to inform the receiving node to resend the response message.

And for the condition that the verification sign passes, the sending node respectively extracts a reply value reply_value and a hash value reply_hash corresponding to the reply value reply_value from the reply_data, then recalculates the hash value of the reply_value, compares the hash value with the reply_hash, and if the hash value is consistent with the reply_hash, the reply_value is not tampered or lost, if the comparison is inconsistent, the security check is not passed, and sends a data confirmation message with the hash value matching not passed to the receiving node to inform the receiving node to resend the reply message.

And if the hash value comparison is consistent, the sending node judges the reply value reply_value type, and if the reply value reply_data is the reply value fail_data which fails the data security check, the sending node reassembles the original data into a data message and sends the data message to the receiving node.

For the case that the hash values are consistent in comparison, the sending node judges the reply_value type, if the reply value is the complete reply value data_hash of the data, the sending node compares the data_hash with the original data hash value data_hash stored locally, if the hash values are consistent in comparison, the receiving node is informed of receiving correct original data, and a data confirmation message of the correct original data is sent to the receiving node; if the comparison is inconsistent, the original data received by the receiving node is indicated to be incorrect or lost, a data confirmation message with the incorrect original data is sent to the receiving node, and the original data is assembled into a data message and sent to the receiving node again.

The sending node constructs a corresponding data confirmation message according to the signature verification result and the security check result, if the original data received by the receiving node is correct, the data confirmation mark position 1 in the data confirmation message is confirmed, if the original data received by the receiving node is wrong, the data confirmation mark position 0 is confirmed, and if the response message signature verification is failed or the hash value of the response message is matched and failed, the data confirmation mark position 2 is confirmed; constructing data confirmation information confirm_info by using the data confirmation zone bit and the original data hash value, namely, confirm_info=flag|data_hash, then digitally signing the data confirmation information by using a private key privateKey of a sending node, namely, sign_data=sign (confirm_info), then searching a public key publicKey of a receiving node in a local node public key table, encrypting the confirm_info and the sign_data by using publicKey, namely, en_msg=secret (flag|data_hash|sign_data, publicKey), obtaining data confirmation ciphertext en_msg, and finally constructing the data confirmation message by using the sending node according to a standard IP datagram format and sending the data confirmation message to the receiving node through a wireless ad hoc network.

5. Receiving node parses data acknowledgment messages

As shown in fig. 8, once the receiving node receives the data acknowledgement message, the timer set up to wait for the sending node to reply to the data acknowledgement message is cancelled first; next, the receiving node extracts the data confirmation ciphertext en_msg from the data confirmation message, the receiving node decrypts the en_msg by using its private key privateKey, namely msg=decrypt (en_msg, privateKey), extracts the signature value sign_data and the data confirmation information confirm_info from the msg, then uses the public key of the sending node to check the confirm_info, namely isvalid=verify (public key, confirm_info, sign_data), if isValid is True, the check is passed, and the confirmation is really constructed and sent by the sending node; if the check mark does not pass, the data confirmation information is discarded, and meanwhile, the response information is retransmitted to the sending node, and meanwhile, a timer is set to wait for the data confirmation information returned by the sending node.

For the condition that the tag verification passes, further explaining that the receiving node analyzes the data confirmation flag bit flag and the original data hash value data_hash from the confirm_info, then judging the value set by the flag, if the flag is 1, finding out corresponding original data locally according to the data_hash, and reserving the original data; if the flag is 0, the corresponding original data is found locally according to the data_hash, and the original data is discarded; if the flag is 2, the receiving node resends the response message to the sending node, and sets a timer at the same time, and waits for a data confirmation message returned by the sending node.

The above-described embodiments are merely illustrative of the preferred embodiments of the present invention and are not intended to limit the scope of the present invention, and various modifications and improvements made by those skilled in the art to the technical solution of the present invention should fall within the scope of protection defined by the claims of the present invention without departing from the spirit of the present invention.

Claims (5)

1. A method for safely transmitting data between wireless ad hoc networks is characterized by comprising the following specific steps:

step 1, each node in the wireless ad hoc network independently generates an RSA key pair, a private key in the key pair is independently and safely stored by each node, meanwhile, a public key in the key pair is broadcasted to other nodes, the nodes construct a node public key table according to the received public key, and if the node public key table of each node is successfully created, step 2 is entered;

step 2, the sending node encrypts the original data by using a hash algorithm, an asymmetric encryption algorithm and a digital signature to obtain a data ciphertext, the data ciphertext is constructed into a data message to be sent to the receiving node, and a timer is set to wait for a response message of the receiving node;

step 3, the receiving node extracts the data ciphertext from the data message, then decrypts the data ciphertext, and then carries out security check on the decrypted data, so that whether the decrypted data are transmitted by the transmitting node or not and whether the original data contained in the data are not tampered are judged;

If the two determinations are yes, the security check is passed, the receiving node encrypts the original data hash value contained in the data by using a hash algorithm, an asymmetric encryption algorithm and a digital signature to obtain a complete response ciphertext of the data, the response ciphertext is constructed into an IP datagram which is used as a response message to be sent to the sending node, and a timer is set to wait for a data confirmation message returned by the sending node;

if one of the two judgments is no, the safety check is not passed, the receiving node constructs a response ciphertext of failure of the data safety check, constructs the response ciphertext into an IP datagram as a response message and sends the IP datagram to the sending node;

step 4, the sending node extracts the response ciphertext from the received response message, firstly clears the timer set in the step 2, then decrypts the response ciphertext, and then carries out security check on the decrypted response message, and whether the response message is sent by the receiving node or not and whether the response value carried in the response message is not tampered or not need to be judged successively;

if the two items of judgment are yes, the security check is passed, the type of the response information is continuously judged, if the response information is complete, the sending node compares the original data hash value carried in the response information with the original data hash value stored locally, if the comparison is consistent, the receiving node is informed of the fact that the receiving node has received the correct original data, and then the sending node sends a data confirmation message to the receiving node to inform the receiving node that the original data is correct; if the comparison is inconsistent, the receiving node does not receive the correct original data, the sending node sends a data confirmation message to the receiving node to inform the receiving node to discard the original data, and the step 2 of retransmitting the data message is returned again; if the response information is the response information of the failure of the data security check, returning to the step 2 again to resend the data message;

If one of the two judgments is no, the safety check is not passed, and the sending node sends a data confirmation message to the receiving node to inform the receiving node of retransmitting the response message;

step 5, the receiving node receives the data confirmation message, firstly clears the timer set in the step 3, then judges the type of the data confirmation message, and if the data confirmation message is the correct data confirmation message of the original data, the original data is reserved; discarding the original data if the original data is incorrect data confirmation message; if the data confirmation message is the data confirmation message which does not pass the security check in the step 4, returning to the step 3 to resend the response message.

2. The method for secure transmission of data between wireless ad hoc networks according to claim 1, wherein said step 2 further comprises:

step 201, a sending node encrypts original data by using a hash algorithm to obtain an original data hash value, and meanwhile, the original data hash value is stored locally;

step 202, a sending node uses a private key of the sending node to digitally sign two items of data, namely original data and an original data hash value, so as to obtain a signature value;

step 203, the sending node searches the public key of the receiving node in the local node public key table according to the IP information of the receiving node, and then performs asymmetric encryption on three data, namely, the original data hash value and the signature value, by using the public key of the receiving node to obtain a data ciphertext;

204, the sending node constructs a data message according to the standard IP datagram format, sends the data message to the receiving node through the wireless ad hoc network, and sets a timer to wait for the response message of the receiving node;

step 205, when the timer setting time arrives, if the sending node does not receive the response message of the receiving node, the sending node sends the data message to the receiving node again, and failure statistics is performed at the same time, if the response message of the receiving node is not received when the timer setting time arrives three times in succession, an alarm of network abnormality is generated and the timer is cleared;

if the response message is received, the step 4 response message analyzing process is entered, and the timer is cleared.

3. The method for secure transmission of data between wireless ad hoc networks according to claim 1, wherein said step 3 further comprises:

step 301, a receiving node extracts a data ciphertext from a received data message, and then decrypts the data ciphertext by using a private key of the receiving node to obtain original data, an original data hash value and a signature value;

step 302, the receiving node performs security check on the decrypted data, searches the public key of the sending node from the local node public key table according to the IP information of the sending node, uses three data of the public key of the sending node, a signature value, original data and an original data hash value to check the signature, and if the signature passes, the original data and the original data hash value in the data secret are really constructed and sent by the sending node, and then the step 303 is entered; if the signature verification does not pass, discarding the data message, and entering step 304 to send a response message that the signature verification does not pass to the sending node;

Step 303, the receiving node encrypts the original data by using a hash algorithm to obtain an original data hash value, compares the hash value with the original data hash value decrypted from the data ciphertext, if the hash value is consistent with the original data hash value, the original data is not tampered or lost, the security check is passed, and the step 304 is entered to send a complete response message of the data to the sending node; if the comparison is inconsistent, indicating that the original data may be tampered or lost, and if the security check is failed, entering step 304 to send a response message with a non-matched hash value to the sending node;

step 304, the receiving node constructs corresponding response information according to the security check result, if the decrypted data passes the security check, the receiving node encrypts the original data hash value by using a hash algorithm to obtain a hash value of the original data hash value, then digital signature is carried out on the original data hash value and the hash value of the original data hash value by using a private key of the receiving node to obtain a signature value, then the receiving node searches a public key of the sending node in a local node public key table, encrypts three items of data, namely the original data hash value, the hash value of the original data hash value and the signature value, by using the public key to obtain a response ciphertext, the receiving node constructs the response information according to a standard IP datagram format, transmits the response information to the sending node through a wireless ad hoc network, and sets a timer to wait for a data confirmation message of the sending node, if the data confirmation message sent by the sending node is not received when the timer setting time arrives, the response information is sent again to the sending node, if the data confirmation message of the sending node is not received when the timer setting time arrives three times continuously, and meanwhile, an alarm is generated, and the discarded data of the network is abnormal is decrypted;

If the decrypted data does not pass the security check, the receiving node constructs failure information, and encrypts the failure information by a hash algorithm to obtain a hash value of the failure information, then digitally signs the failure information and the hash value of the failure information by a private key of the receiving node to obtain a signature value, then searches a public key of a sending node in a local node public key table, encrypts three items of the failure information, the hash value of the failure information and the signature value by the public key to obtain a response ciphertext which fails the data security check, and the receiving node constructs the response ciphertext according to a standard IP datagram format and sends the response message to the sending node through a wireless ad hoc network.

4. The method for secure transmission of data between wireless ad hoc networks according to claim 1, wherein said step 4 further comprises:

step 401, after receiving the response message, the sending node firstly clears the timer set in step 2, then extracts the response ciphertext from the response message, and then decrypts the response ciphertext by using its private key to obtain decrypted response information;

step 402, the sending node performs security check on the response information, extracts a signature value and response data from the response information, searches a public key of the receiving node from a local node public key table according to the IP address information of the receiving node, performs signature verification on the response data by using the three items of the public key of the receiving node, the signature value and the response data, and if the signature verification passes, the step 403 is performed to show that the response data is really constructed and sent by the receiving node; if the signature passes, step 406 is entered, and a data confirmation message that the signature passes is sent to the receiving node, and the receiving node is informed to resend the response message;

Step 403, the sending node extracts the response value and the hash value of the response value from the response data, then recalculates the hash value of the response value by using a hash algorithm, compares the hash value with the hash value of the response value carried in the response data, if the comparison is consistent, the security check is passed, step 404 is entered, if the comparison is inconsistent, the security check is not passed, step 406 is entered, a data confirmation message that the hash value is not passed in a matching manner is sent to the receiving node, and the receiving node is notified to resend the response message;

step 404, the sending node judges the type of the response value, if the response value is the complete response value of the data, the step 405 is entered; if the response value is the response value of the failure of the data security check, returning to the step 2 again, and retransmitting the data message by the transmitting node;

step 405, the sending node compares the original data hash value carried by the response data with the original data hash value stored locally in step 2, if the comparison is consistent, it is indicated that the receiving node has received the correct original data, the security check is passed, and step 406 is entered to send a data confirmation message of the correct original data to the receiving node; if the comparison is inconsistent, indicating that the original data received by the receiving node is wrong or lost, entering step 406 to send a data confirmation message that the original data is wrong to the receiving node;

Step 406, the sending node constructs a corresponding data confirmation message according to the security check result, if the original data received by the receiving node is correct, the data confirmation mark position 1 in the data confirmation message is confirmed, if the original data received by the receiving node is wrong, the data confirmation mark position 0 is confirmed, and if the response message verification sign does not pass or the hash value of the response message does not pass, the data confirmation mark position 2 is confirmed; constructing data confirmation information by using the data confirmation zone bit and the original data hash value, then digitally signing the data confirmation information by using a private key of a sending node to obtain a signature value, searching a public key of a receiving node in a local node public key table, encrypting the data confirmation zone bit, the original data hash value and the signature value by using the public key of the receiving node to obtain a data confirmation ciphertext, finally constructing a data confirmation message by the sending node according to a standard IP datagram format, and sending the data confirmation message to the receiving node through a wireless ad hoc network.

5. The method for secure transmission of data between wireless ad hoc networks according to claim 1, wherein said step 5 further comprises:

Step 501, receiving a data confirmation message by a receiving node, and canceling a timer set in the step 3;

step 502, a receiving node extracts a data confirmation ciphertext from a data confirmation message, decrypts the data confirmation ciphertext by using a private key of the receiving node, extracts data confirmation information and a signature value from decrypted data, searches a public key of a transmitting node from a local node public key table according to IP address information of the transmitting node, uses the data confirmation information and the signature value, and combines the public key to perform three-party signature verification, if the signature verification passes, the data confirmation information is really constructed and transmitted by the transmitting node, then extracts a data confirmation flag bit and an original data hash value from the data confirmation information, and if the data confirmation flag bit 1 is located, finds corresponding original data locally according to the original data hash value, and the original data is correctly reserved; if the data confirm the mark position 0, find the correspondent primitive data locally according to primitive data hash value, this primitive data is incorrect to discard; if the data confirm mark position 2, returning to the step 3, the receiving node re-sends the response message to the sending node, and simultaneously sets a timer to wait for the data confirm message returned by the sending node; if the signature verification does not pass, returning to the step 3, and sending the response message to the sending node again by the receiving node.