CN113038468B - Method for distributing and negotiating quantum key of wireless terminal of Internet of things - Google Patents

Method for distributing and negotiating quantum key of wireless terminal of Internet of things Download PDF

Info

Publication number
CN113038468B
CN113038468B CN202110373128.2A CN202110373128A CN113038468B CN 113038468 B CN113038468 B CN 113038468B CN 202110373128 A CN202110373128 A CN 202110373128A CN 113038468 B CN113038468 B CN 113038468B
Authority
CN
China
Prior art keywords
key
session
terminal
information
quantum
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110373128.2A
Other languages
Chinese (zh)
Other versions
CN113038468A (en
Inventor
陈立全
赵梦楠
屠天扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN202110373128.2A priority Critical patent/CN113038468B/en
Publication of CN113038468A publication Critical patent/CN113038468A/en
Priority to PCT/CN2021/123062 priority patent/WO2022213564A1/en
Application granted granted Critical
Publication of CN113038468B publication Critical patent/CN113038468B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a quantum key distribution and negotiation method for a wireless terminal of the Internet of things, which comprises the steps of firstly generating a wireless channel key between an edge gateway and the wireless terminal of the Internet of things; the edge gateway encrypts session information such as a quantum key and the like by using a channel key and then sends the session information to both wireless terminal communication parties; the wireless terminal of the Internet of things decrypts by using the channel key to obtain a quantum key for secret communication; after both the Internet of things session application terminal and the session target terminal receive the quantum keys, the consistency of the quantum keys at the two ends is ensured by protocol interaction key information and comparison and verification, so that the subsequent confidential session is ensured to be carried out smoothly, and the overall security of the Internet of things is improved powerfully.

Description

Method for distributing and negotiating quantum key of wireless terminal of Internet of things
Field of the invention
The invention belongs to the technical field of information security, discloses application of quantum key distribution in a new field, and particularly relates to a method for distributing and negotiating quantum keys of an internet of things wireless terminal.
Background
Quantum key distribution utilizes quantum states to carry out quantum coding and transmission on information, so that a theoretically unconditionally safe shared key is provided for two communication parties, and the method is called one of the most subversive frontier technologies in the field of information security. Its safety relies on the fundamental principles of quantum mechanics: the method has the advantages that a single photon cannot be subdivided, the Heisenberg uncertainty principle, the measurement collapse principle, the quantum unclonable theorem and the like can be found out certainly once a person steals a key. The quantum key distribution technology can establish secure communication of information theory security for two communication parties, so that the secure communication strength is increased from being based on computational security to being based on quantum physical feature security.
At present, a part of internet of things terminals still adopt a plaintext protocol to directly expose transmission contents, so that an eavesdropper can easily acquire all contents of communication without any safety guarantee. In addition, the internet of things terminal terminals adopting encryption transmission can be classified into three types according to different encryption strengths: one-for-one-pad, and one-for-one-pad. However, whether it is one-type one-secret or one-machine one-secret, the possibility of being broken by an eavesdropper is still high due to the fixed key, and it is difficult to ensure the security of information transmission. The one-time pad can adopt an asymmetric encryption mode to carry out session key negotiation, a reliable third-party public key authentication center is needed, or once the authentication center is broken, the transmitted ciphertext can be completely cracked; symmetric encryption can also be used, but the negotiation process of the symmetric key is vulnerable to man-in-the-middle attacks. Therefore, potential safety hazards existing in the traditional key scheme are increasingly highlighted, and the quantum key is inevitably applied to the internet of things terminal.
The terminals of the internet of things are mostly mobile wireless terminals, so the distribution of the quantum keys must be carried through a wireless channel. At present, the wireless channel key generation technology is mature day by day, and can ensure that a quantum key is distributed to an internet of things wireless terminal safely, however, after receiving the quantum key, both parties of session communication cannot ensure that the keys are consistent, which is a problem to be solved urgently.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method for distributing and negotiating the quantum key of the wireless terminal of the internet of things for realizing the key consistency negotiation between the quantum key safely distributed to the wireless terminal of the internet of things and the session terminal equipment.
In order to achieve the purpose, the invention adopts the technical scheme that: a quantum key distribution and negotiation method of an Internet of things wireless terminal comprises the following steps:
s1, generation of channel key: generating a wireless channel key between the edge gateway and the wireless terminal of the Internet of things based on a wireless channel characteristic technology;
s2, information transmission: the edge gateway encrypts the session information by using the generated channel key and sends the session information to the wireless terminal to realize the communication between the two parties; the session information at least comprises a quantum key, a session identifier and a key reading identifier; the quantum key is an encryption key required by both communication parties of the session terminal of the Internet of things for quantum secret communication; the session identifier is used for identifying a specific session established by both communication parties of the wireless terminal, namely a subsequent session for carrying out secret communication by applying the quantum key; the key reading identification is the only identification of the quantum key used in single secret communication and is used for comparing the key consistency of both subsequent communication parties;
s3, decryption: the wireless terminal of the internet of things decrypts the received session information by using the channel key generated in the step S1 to obtain a symmetric quantum key, a session identifier and a key reading identifier;
s4, checking: the communication parties of the session terminal of the Internet of things carry out key consistency check on the received quantum keys, and if the results are consistent, the keys are used in the subsequent steps; as long as one check is inconsistent, the quantum key is invalid in the communication;
s5, feedback processing: and the target terminal of the session terminal of the internet of things takes the verification result obtained in the step S4 as feedback information, generates a key verification response and sends the key verification response to the session application terminal, and the session application terminal performs corresponding processing according to the received feedback result.
As a modification of the present invention, the step S1 further includes:
s11, the edge gateway G and the wireless terminal T respectively transmit pilot sequences to each other;
s12, the edge gateway G and the wireless terminal T respectively measure the channel characteristics of each other;
s13, the edge gateway G and the wireless terminal T quantize the wireless channel characteristics measured in step S12, and generate a channel key including at least identification information for encrypting the quantum key.
As a modification of the present invention, in step S2, the key reading identifier is a unique identifier of the quantum key in single communication; the edge gateway G performs channel error correction coding after preprocessing the quantum key, the session identifier, and the key read identifier to be transmitted, generates a bit sequence after the channel error correction coding, encrypts the bit sequence by using the channel key generated in step S1, and then transmits the encrypted data stream to the wireless terminal T through a public channel.
As another improvement of the present invention, the step S3 further includes:
s31, the wireless terminal T decrypts the data stream received from the edge gateway G by the channel key generated in step S1, and recovers the quantum key, the session identifier, and the key reading identifier sent by the edge gateway G;
s32, the wireless terminal T uses the channel coding and decoding algorithm to carry out channel error correction coding and decoding on the data stream decrypted in the step S31, and generates a bit sequence after channel decoding;
and S33, the wireless terminal T processes the bit sequence obtained in the step S32 to obtain the session information transmitted to the wireless terminal T by the edge gateway G, and the processing process and the preprocessing process in the step S2 are in inverse processing.
As still another improvement of the present invention, the step S4 further includes:
s41, application terminal T of session terminal of Internet of things 1 To the session target terminal T 2 Sending a key verification request, wherein the identity verification information of the key verification request comprises a sending end (a session application terminal T) 1 ) Identity identification and receiving terminal (conversation target terminal T) 2 ) Identity identification, session identification, key reading identification and quantum key hash value; the identity mark of the sending end is used for indicating the source of the message, and the receiving end judges the legality of the message sending end according to the identity mark; the identity information of the session target terminal is used for indicating target equipment which performs message interaction with the equipment; the session identifier is used for indicating a specific session applying the current quantum key and is generated when the session application terminal applies for the session; the key reading identification is label information of the quantum key in the session, and has uniqueness in a single session; besides the above information, the check request also contains the information digest encrypted by the private key of the sending end, and the receiving end uses the information digest to authenticate the identity of the sending end and can determine that the message is transmittedWhether the program is tampered;
s42, conversation target terminal T 2 Terminal T for receiving session application 1 After the transmitted check request, identity check information in the check request is compared with corresponding information of the local terminal in a consistency manner, and if all the identity check information is completely consistent, the quantum key received by both communication parties belongs to the session and is consistent; if any one of the identity verification information fails to be compared, the quantum key received by the two parties is invalid in the communication, and cannot be applied to subsequent secret sessions; the key consistency comparison comprises the processing of a plurality of information in the verification request: the identity mark of the sending end is compared with the consistency of the session mark, and the sending end of the request is determined to be the wireless terminal which establishes a legal session with the sending end and is consistent with the session mark in the request; the identity identification of the receiving end in the request is compared with the identity identification of the receiving terminal, and the target communication terminal of the sending end is determined to be the receiving terminal; the consistency comparison of the session identification and the key reading identification, according to the session identification, the key reading identification in the request is compared with the key reading identification obtained by the receiving end from the edge gateway relay, and the key reading identification received by the two communication parties is determined to be consistent in the session; and comparing the quantum key hash value transmitted by the transmitting end with the quantum key hash value of the receiving end, and further ensuring the consistency of the quantum key.
As a further improvement of the present invention, the step S5 further includes:
s51, conversation target terminal T 2 After the consistency comparison of the keys is completed, the terminal T is applied to the session according to the verification result 1 Sending a key verification response; the check corresponding request comprises a session target terminal T 2 Identity mark, conversation application terminal T 1 Identity identification, session identification, key reading identification and key verification result, and simultaneously, the identity authentication and tamper-proofing operation are carried out on the information loaded by the key verification response, and the session target terminal T is utilized 2 Encrypts the hash value of the request information and sends the hash value and the request information to the session application terminal T 1
S52, conversation application terminal T 1 Processing the received key verification response, processing the three information of the sending end identity identification, the receiving end identity identification and the session identification, aiming at verifying the validity of the message and the message sending end and indicating the specific session corresponding to the key verification response, taking the key reading identification information as the unique identification of the quantum key corresponding to the key verification in the session, and applying the terminal T for the session according to the information 1 The specific key corresponding to the verification result can be exactly positioned;
s53, after finishing processing each identification information in the request information, the conversation application terminal T 1 And (3) processing according to different conditions of the verification result: when the verification is successful, i.e. the session target terminal T 2 Determining self-received quantum key and session application terminal T 1 If the two parties are consistent, the two parties store the quantum key negotiated at this time, and then the quantum key is used for secret communication; if the verification fails, the negotiated quantum key is invalid, and the session target terminal T 2 Neglecting the key, not storing and recording the key, and simultaneously applying for the terminal T by conversation 1 And a key application needs to be initiated again, and the upper-layer quantum key management center is responsible for redistributing the quantum keys.
Compared with the prior art, the quantum key distribution and negotiation method of the wireless terminal of the Internet of things is provided, based on the quantum state inaccurate measurement principle and the quantum unclonable principle, the negotiation process of the quantum key is high in safety, and if an eavesdropping behavior exists, both communication parties can instantly find the quantum key, so that the quantum key is combined with the Internet of things based on the safety advantage of the quantum key and applied to the communication of the terminal of the Internet of things, the absolute safety of data transmission of the wireless terminal of the Internet of things can be guaranteed, and the overall safety of the Internet of things is powerfully improved; in addition, after the quantum key transmission from the edge gateway to the terminal of the internet of things is completed by utilizing the wireless channel key generation technology, the key consistency check between the two communication parties is added before the two communication parties receive the quantum key and start to transmit data, the quantum key of a certain session can be ensured to be consistent, and the operation is the key for the two communication parties to carry out the secret session smoothly.
Drawings
FIG. 1 is a flow chart of the method steps of the present invention;
FIG. 2 is a working frame diagram of the present invention;
fig. 3 is a protocol flow diagram of the present invention.
Detailed Description
The invention will be explained in more detail below with reference to the drawings and examples.
Example 1
The symbols and their definitions in this scheme are shown in table 1:
TABLE 1
(symbol) Definition of
T 1 Conversation application terminal
T 2 Conversation target terminal
G 1 Corresponding edge gateway
G 2 Corresponding edge gateway
K t1 End generated channel key
K g1 End generated channel key
K t2 End generated channel key
K g2 End generated channel key
Ctag Secure session identification
Ktag Key reading identification
K q1 Terminal quantum key
K q2 Terminal quantum key
ID 1 Identity label
ID 2 Identity label
KC Request Key verification request
KC Response Key check response
KC Rsult Result of key verification
ECDSA(PR,*) Elliptic curve private key signature algorithm
D_ECDSA(PU,*) Elliptic curve public key authentication algorithm
AES(K,*) AES encryption algorithm
D_AES(K,*) AES decryption algorithm
H(*) Hash operation
As shown in fig. 1, a quantum key distribution and negotiation method for a wireless terminal of the internet of things includes the following steps:
(1) the method comprises the steps that a channel key is generated between an edge gateway and an internet of things wireless terminal based on wireless channel characteristic quantization, the edge gateway encrypts information such as a quantum key and the like by using the channel key, and the internet of things wireless terminal decrypts the information sent by the edge gateway by using the channel key;
it is assumed that both communication parties in the scheme are session application terminals T respectively 1 And a session target terminal T 2 The edge gateways corresponding to them are edge gateways G 1 And G 2
First, a session application terminal T 1 And edge gateway G 1 Respectively sending channel detection pilot signals P; subsequently, the terminal T is applied for conversation according to the channel detection pilot signal P 1 And edge gateway G 1 Obtaining channel characteristics of a channel between the two; finally, the session applies for the terminal T 1 Channel characteristics to be acquiredCharacterizing quantization as a channel key K t1 Edge gateway G 1 Quantizing the obtained channel characteristics into a channel key K g1 . Conversation target terminal T 2 And edge gateway G 2 The channel key generation process is consistent with the above description, and the session target terminal T 2 The generated channel key is K t2 Edge gateway G 2 The generated channel key is K g2 . Wherein K t1 And K g1 Having consistency, in the same way, K t2 And K g2 The consistency is achieved, and the method can be used as a symmetric key for encrypted transmission between the wireless terminal and the edge gateway.
(2) The edge gateway encrypts a quantum key, a session identifier and a key reading identifier in an edge gateway key pool by using the generated channel key;
edge gateway G 1 And G 2 Has a consistent quantum key pair K q1 And K q2 And the pair of quantum keys is obtained by the upper-layer nodes through distribution of a quantum key network. Edge gateway G 1 And G 2 Not only need to wireless terminal T 1 And T 2 And transmitting the quantum key, namely transmitting the session identifier Ctag established by the two terminals and the key reading identifier Ktag of the quantum key in the session.
Wherein the session identifier Ctag is applied by the session by the terminal T 1 Target terminal T of application and conversation 2 Is generated at the time of a secure session, and T 1 And T 2 When the session is successfully established, the session identifier Ctag is recorded and stored, and is valid and unique only before the session is ended, so that the two communication parties can determine which specific session the received message belongs to and the sender of the message through the identifier. The key reading identifier Ktag is identification information of the quantum key in the session, and has uniqueness in a single session, and in subsequent key comparison, consistency check is performed on the information.
The step (2) comprises the following substeps:
(2.1) edge gateway G 1 Applying for a terminal T to a session 1 The transmitted information is I 1 =(K q1 ,Ctag 1 ,Ktag 1 ) Including a quantum key K q1 And a session identifier Ctag 1 And a key reading identification Ktag 1 . Edge gateway G 1 Using the channel key K generated in step (1) g1 To I 1 Performing encryption processing, wherein an AES symmetric encryption algorithm is adopted to generate a ciphertext E i1 =AES(K g1 ,I 1 ) And E is i1 Sending to the session application terminal T 1
(2.2) similarly, edge gateway G 2 To the session target terminal T 2 The transmitted information is
I 2 =(K q2 ,Ctag 2 ,Ktag 2 ) Including a quantum key K q2 And a session identifier Ctag 2 And a key reading identification Ktag 2 . Edge gateway G 2 Utilizing the channel key K generated in step (1) g2 To I 2 Performing encryption processing to generate ciphertext E i2 =AES(K g2 ,I 2 ) And E is i2 Sending to the session application terminal T 2
It should be noted that the symbolic representations of the session identifier and the key reading identifier in step (2.1) and step (2.2) are not consistent, so as to distinguish the information transmitted between the two ends. When the session is normally in progress, the edge gateway G 1 And G 2 Respectively to the wireless terminal T 1 And T 2 The transmitted session identity and the key read identity should be identical.
(3): and the wireless terminal of the Internet of things decrypts the encrypted information sent by the edge gateway by using the generated channel key to obtain a corresponding quantum key, a session identifier and a key reading identifier.
Step (3) is to perform decryption operation on the information encrypted by the edge gateway in step (2), and includes the following substeps:
(3.1) Session application terminal T 1 Receiving edge gateway G 1 Secret information E to be transmitted i1 Using the channel key K generated in step (1) t1 To E i1 Decrypting to recover information I 'carried by edge gateway' 1 =D_AES(K t1 ,E i1 )=(K q1 ,Ctag 1 ,Ktag 1 ) Also comprising a quantum key K q1 Session identification Ctag 1 And a key reading identification Ktag 1
(3.2) similarly, the conversation target terminal T 2 Receiving edge gateway G 2 Secret information E transmitted i2 Using the channel key K generated in step (1) t2 To E i2 Decrypting to recover information I 'carried by edge gateway' 2 =D_AES(K t2 ,E i2 )=(K q2 ,Ctag 2 ,Ktag 2 ) Also comprising a quantum key K q2 Session identification Ctag 2 And a key reading identification Ktag 2
(4): the method comprises the following steps that a session wireless terminal communication party carries out key consistency check on a received quantum key, and a session application terminal sends an identity mark of the session wireless terminal, an identity mark of a session target terminal, a session mark, a key reading mark, a quantum key hash value and an information abstract generated by encrypting the information by using a private key of the session application terminal to the session target terminal; and then, the session target terminal performs key consistency comparison and verification according to the received key verification request, and finally obtains a key verification result.
Wherein, the terminal T is applied by the session 1 To the session target terminal T 2 The specific meaning of each information carried in the sent key verification request is as follows:
session application terminal identification ID 1 For forwarding to a session target terminal T 2 The specific identity information of the message sender is indicated, and the validity of the message source is proved; session target terminal identification ID 2 That is, the receiver of the key verification request, in this specific embodiment, the session target terminal T 2 The identity information of (a); session identification Ctag 1 And a key reading identification Ktag 1 In accordance with the meaning described in step (2), are used here to indicate T 1 Want to interact with T 2 The specific session to which the quantum key belongs and the unique identification information of the quantum key in the session are subjected to key consistency check; measurement ofSubkey hash value H (K) q1 ) Is composed of
T 1 For self-obtained quantum key K q1 The result of the hash operation is T 1 And T 2 The received quantum keys are consistent, the Hash results of the quantum keys are also consistent, and meanwhile, the Hash value does not leak effective information of any key, so that the safety in the key inspection process can be ensured; by T 1 Private key PR of 1 Encrypting the information M 1 =(ID 1 ,ID 2 ,Ctag 1 ,Ktag 1 ,H(K q1 ) And generates a message digest H (M) 1 ) This message digest is used for T 2 For T 1 Identity authentication is performed and whether the message is tampered.
The conversation application terminal T in the step (4) 1 Generating and forwarding session target terminal T 2 Sending a key check request includes the sub-steps of:
(4.1) Session application terminal T 1 For received quantum key K q1 Carrying out Hash operation to generate quantum key Hash value H (K) q1 );
(4.2) Session application terminal T 1 Identify the identity ID of the user 1 Conversation target terminal T 2 ID of 2 Session identification Ctag 1 Key reading identification Ktag 1 And a quantum key hash value H (K) q1 ) Packing into information body M in key checking request 1 =(ID 1 ,ID 2 ,Ctag 1 ,Ktag 1 ,H(K q1 ));
(4.3) Session application terminal T 1 To M is aligned with 1 Hash operation is carried out to generate a message abstract H (M) 1 ) And applying for the terminal T by using the conversation 1 Private key PR of 1 To message digest H (M) 1 ) Performing encryption processing to generate ciphertext e 1 =ECDSA(PR 1 ,H(M 1 ));
In the step, the encryption algorithm adopts an Elliptic Curve Digital Signature Algorithm (ECDSA), and the requirement of the internet of things wireless terminal on lightweight characteristic is relatively met.
(4.4) Session application terminal T 1 The information body M generated in the step (4.2) is processed 1 And the information summary ciphertext e generated in the step (4.3) 1 Generating final key check request KC Request =M 1 +e 1 Finally, this request information is sent to the session target terminal T 2
In the step (4), the conversation target terminal T 2 Receiving and processing session application terminal T 1 The transmitted key check request includes the following sub-steps:
(4.5) Session target terminal T 2 From the received key check request KC Request Get the information subject M 1 And information digest cipher text e 1 . First, for the information main body M 1 Performing Hash operation to obtain
H′(M 1 ) Then applies for the terminal T by using the session 1 Public key PU 1 For information summary ciphertext e 1 Carrying out decryption operation to obtain the information abstract H (M) 1 )=D_ECDSA(PU 1 ,e 1 )。
By comparing H (M) 1 ) And H (M) 1 ) Whether the messages are equal or not can be verified whether the messages are falsified or not, and whether the sender of the messages comes from the session application terminal T or not can be determined 1 . If the two are equal, the comparison work of the subsequent information can be continued; if the two are not equal, the information transmitted by the key verification request is invalid, and the session target terminal T 2 Will inform the session application terminal T 1 The key check request is reinitiated.
(4.6) after the identity authentication of the sender and the information tampering check are finished, the target terminal T of the session 2 Obtaining information main body M in key verification request 1 =(ID 1 ,ID 2 ,Ctag 1 ,Ktag 1 ,H(K q1 ) Initializing the check result flag bit KC) result The specific process of information comparison is as follows:
a) conversation target terminal T 2 Message body M 1 Identity ID in 2 And comparing with the identity of the user.
b) Conversation target terminal T 2 According to the session application terminal identification ID 1 Obtaining the session identification Ctag of self storage backup 2 It is combined with the information main body M 1 Session identification Ctag in (1) 1 Carrying out comparison;
c) conversation target terminal T 2 Message body M 1 Key reading identification Ktag in 1 Key reading identification Ktag with itself 2 Carrying out comparison;
d) conversation target terminal T 2 For self-received quantum key K q2 Carrying out Hash operation to obtain quantum key Hash value H (K) q2 ) And sends the information main body M 1 Quantum key hash value H (K) of (1) q1 ) And H (K) q2 ) Carrying out comparison;
in the four steps from a) to d), if any one of the steps is inconsistent in comparison, the key consistency check is failed, and the session target terminal T is judged to be failed 2 Will change the flag bit KC of the check result result And ending the verification processing in advance, and jumping to the step (4.7). If the comparison results of the four steps are consistent, the session application terminal T is indicated 1 With session target terminal T 2 The received quantum keys are consistent, and the identification bit KC of the verification result is kept result =True。
(4.7) Session target terminal T 2 According to the key verification result obtained in the step (4.6), applying for the terminal T for the session 1 A key check response is made. Similar to the key verification request, the session target terminal T is included in the key verification response 2 Identity mark, conversation application terminal T 1 The system comprises an identity mark, a session mark, a key reading mark and an information abstract generated by encrypting the information by using a private key of a session application terminal.
(5) And the session target terminal takes the comparison and verification result as feedback information, generates a key verification response and sends the key verification response to the session application terminal, and finally, the session application terminal performs corresponding processing according to the received feedback result.
Wherein, the conversation target terminal T 2 The sent key verification response comprises a session target terminal T 2 IdentityIdentification and conversation application terminal T 1 Identity mark, session mark, key reading mark, key checking result zone bit and target terminal T using session 2 The private key of (2) encrypts the message digest generated by the message. The flag bit of the key verification result is the target terminal T of the conversation in the step (4.6) 2 And (4) generating a key verification result after information comparison and verification, wherein the specific meanings and functions of other identification information are consistent with the description in the step (4).
In step (5), the target terminal T of conversation 2 Generating and applying for terminal T to conversation 1 Sending a key check response includes the sub-steps of:
(5.1) Session target terminal T 2 Identify the identity ID of the user 2 Conversation application terminal T 1 ID of 1 And a session identifier Ctag 2 Key reading identification Ktag 1 And key check result flag bit KC rssult Packing into message main body M in key check response 2 =(ID 2 ,ID 1 ,Ctag 2 ,Ktag 2 ,KC result );
(5.2) Session target terminal T 2 To M 2 Hash operation is carried out to generate a message abstract H (M) 2 ) And using the session target terminal T 2 Private key PR of 2 To message digest H (M) 2 ) Performing encryption processing to generate ciphertext e 2 =ECDSA(PR 2 ,H(M 2 ));
(5.3) Session target terminal T 2 The information body M generated in the step (5.1) is processed 2 And the information summary ciphertext e generated in the step (5.2) 2 Generating final key check response KC in combination Response =M 2 +e 2 Finally, the response information is sent to the session application terminal T 1
The conversation application terminal T in the step (5) 1 The corresponding processing according to the received key verification response comprises the following sub-steps:
(5.4) Session application terminal T 1 From the received key check response KC Response Get the information subject M 2 And information abstractTo be encrypted e 2 . First, for the information main body M 2 Hash operation is carried out to obtain H (M) 2 ) Then using the session target terminal T 2 Public key PU 2 For information summary ciphertext e 2 Carrying out decryption operation to obtain the information abstract H (M) 2 )=D_ECDSA(PU 2 ,e 2 ). For H (M) 2 ) And H (M) 2 ) The comparison work and result processing in step (4.5) are consistent.
(5.5) Session application terminal T 1 For information main body M 2 The processing of the respective identification information in (4) is identical to that in (6). If the identification information comparison fails, the session application terminal T 1 Resending the key verification request; if the identification information is successfully compared, the main body M is determined according to the information 2 KC in (C) result And (3) performing corresponding treatment according to the situation:
if KC result And (6) successfully checking the consistency of the key, namely the session target terminal T 2 Determining received quantum key and session application terminal T 1 If the two parties are consistent, the two parties of communication store the quantum key negotiated at this time, and then the quantum key is used for secret communication;
if KC result If the key consistency check fails, T 1 And T 2 For received quantum key K q1 And K q2 Performing invalidation processing, not storing and recording the invalidation processing, and simultaneously applying for the terminal T for conversation 1 And a key application needs to be initiated again, and the upper-layer quantum key management center is responsible for redistributing the quantum keys.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (5)

1. A quantum key distribution and negotiation method of an Internet of things wireless terminal is characterized by comprising the following steps:
s1, generation of channel key: generating a wireless channel key between an edge gateway and a wireless terminal of the Internet of things based on a wireless channel characteristic technology;
s2, information transmission: the edge gateway encrypts the session information by using the generated channel key and sends the session information to the wireless terminal to realize the communication between the two parties; the session information at least comprises a quantum key, a session identifier and a key reading identifier;
s3, decryption: the wireless terminal of the internet of things decrypts the received session information by using the channel key generated in the step S1 to obtain a symmetric quantum key, a session identifier and a key reading identifier;
s4, checking: the communication parties of the session terminal of the Internet of things carry out key consistency check on the received quantum keys, and if the results are consistent, the keys are used for the subsequent steps; if one check is inconsistent, the quantum key is invalid in the communication; the steps specifically include:
s41, application terminal T of session terminal of Internet of things 1 To the session target terminal T 2 Sending a key verification request, wherein the identity verification information of the key verification request comprises a session application terminal T 1 Identity label, conversation target terminal T 2 Identity identification, session identification, key reading identification, quantum key hash value and terminal T containing application by using session 1 A private key encrypted message digest;
s42, conversation target terminal T 2 Terminal T for receiving session application 1 After the transmitted check request, identity check information in the check request is compared with corresponding information of the local terminal in a consistency manner, and if all the identity check information is completely consistent, the quantum key received by both communication parties belongs to the session and is consistent; if any identity verification information fails to be compared, the quantum key received by the two parties is invalid in the communication, and cannot be applied to subsequent secret sessions;
s5, feedback processing: and the target terminal of the session terminal of the internet of things takes the verification result obtained in the step S4 as feedback information, generates a key verification response and sends the key verification response to the session application terminal, and the session application terminal performs corresponding processing according to the received feedback result.
2. The method of claim 1, wherein the step S1 further comprises:
s11, the edge gateway G and the wireless terminal T respectively transmit pilot sequences to each other;
s12, the edge gateway G and the wireless terminal T respectively measure the channel characteristics of the edge gateway G and the wireless terminal T to each other;
s13, the edge gateway G and the wireless terminal T quantize the wireless channel characteristics measured in step S12, and generate a channel key including at least identification information for encrypting the quantum key.
3. The quantum key distribution and negotiation method of the wireless terminal of the internet of things of claim 2, wherein the key reading identifier in step S2 is a unique identifier of the quantum key in single communication; the edge gateway G performs channel error correction coding after preprocessing the quantum key, the session identifier, and the key read identifier to be transmitted, generates a bit sequence after the channel error correction coding, encrypts the bit sequence by using the channel key generated in step S1, and then transmits the encrypted data stream to the wireless terminal T through a public channel.
4. The method for quantum key distribution and negotiation of the wireless terminal of the internet of things of claim 3, wherein the step S3 further comprises:
s31, the wireless terminal T decrypts the data stream received from the edge gateway G by the channel key generated in step S1, and recovers the quantum key, the session identifier, and the key reading identifier sent by the edge gateway G;
s32, the wireless terminal T performs channel error correction coding and decoding on the data stream decrypted in step S31 by using a channel coding and decoding algorithm, and generates a channel decoded bit sequence;
and S33, the wireless terminal T processes the bit sequence obtained in the step S32 to obtain the session information transmitted to the wireless terminal T by the edge gateway G, and the processing process and the preprocessing process in the step S2 are in inverse processing.
5. The method for quantum key distribution and negotiation of the wireless terminal of the internet of things of claim 4, wherein the step S5 further comprises:
s51, conversation target terminal T 2 After the consistency comparison of the keys is completed, the terminal T is applied to the session according to the verification result 1 Sending a key verification response; the verification response comprises a session target terminal T 2 Identity mark, conversation application terminal T 1 Identity identification, session identification, key reading identification and key verification result, and simultaneously, identity authentication and tamper-proof operation are carried out on the information loaded by the key verification response, and a session target terminal T is utilized 2 The private key encrypts the hash value of the check response and sends the hash value and the check response to the session application terminal T 1
S52, session application terminal T 1 Processing the received key verification response, and exactly positioning to a specific key corresponding to a verification result;
s53, after finishing processing each identification information in the request information, the conversation application terminal T 1 And (3) processing according to different conditions of the verification result: when the verification is successful, i.e. the session target terminal T 2 Determining self-received quantum key and session application terminal T 1 If the two communication parties are consistent, the quantum key negotiated at this time is stored by the two communication parties, and then secret communication is carried out by using the quantum key; if the verification fails, the negotiated quantum key is invalid, and the session target terminal T 2 Neglecting the key, not storing and recording the key, and simultaneously, the session applies for the terminal T 1 And a key application needs to be initiated again, and the upper quantum key management center is responsible for redistributing the quantum keys.
CN202110373128.2A 2021-04-07 2021-04-07 Method for distributing and negotiating quantum key of wireless terminal of Internet of things Active CN113038468B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110373128.2A CN113038468B (en) 2021-04-07 2021-04-07 Method for distributing and negotiating quantum key of wireless terminal of Internet of things
PCT/CN2021/123062 WO2022213564A1 (en) 2021-04-07 2021-10-11 Quantum key distribution and negotiation method for internet-of-things wireless terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110373128.2A CN113038468B (en) 2021-04-07 2021-04-07 Method for distributing and negotiating quantum key of wireless terminal of Internet of things

Publications (2)

Publication Number Publication Date
CN113038468A CN113038468A (en) 2021-06-25
CN113038468B true CN113038468B (en) 2022-09-09

Family

ID=76454430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110373128.2A Active CN113038468B (en) 2021-04-07 2021-04-07 Method for distributing and negotiating quantum key of wireless terminal of Internet of things

Country Status (2)

Country Link
CN (1) CN113038468B (en)
WO (1) WO2022213564A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113038468B (en) * 2021-04-07 2022-09-09 东南大学 Method for distributing and negotiating quantum key of wireless terminal of Internet of things
CN113630407B (en) * 2021-08-02 2022-12-27 中电信量子科技有限公司 Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology
CN113708929B (en) * 2021-08-26 2022-07-01 东南大学 Method for regularly pushing quantum key by edge gateway of Internet of things
CN114915417A (en) * 2022-06-14 2022-08-16 东南大学 Method for safely distributing quantum keys at edge side of Internet of things
CN115694816B (en) * 2023-01-04 2023-03-17 南京中科齐信科技有限公司 Quantum key pair filling method based on UDS protocol
CN116471587B (en) * 2023-04-19 2023-10-20 合肥工业大学 Method for generating and updating intra-train communication key under V2V communication
CN116170232B (en) * 2023-04-21 2023-06-23 安徽中科锟铻量子工业互联网有限公司 Quantum gateway data display management system
CN116366206B (en) * 2023-06-01 2023-08-25 三未信安科技股份有限公司 Method and system for enhancing reliability of password card
CN116743380B (en) * 2023-08-14 2023-10-31 中电信量子科技有限公司 OTN encryption communication method and system based on quantum key distribution
CN117241267B (en) * 2023-11-15 2024-01-12 合肥工业大学 Quantum group key distribution method applicable to V2I scene based on blockchain
CN117527228A (en) * 2023-12-06 2024-02-06 安徽省气象信息中心 Quantum security tunnel-based ground meteorological observation data transmission key negotiation method and system
CN117579276B (en) * 2024-01-16 2024-03-29 浙江国盾量子电力科技有限公司 Quantum encryption method for feeder terminal and quantum board card module

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991285A (en) * 2015-02-16 2016-10-05 阿里巴巴集团控股有限公司 Identity authentication methods, devices and system applied to quantum key distribution process
CN109347628A (en) * 2018-09-29 2019-02-15 中国人民解放军国防科技大学 Lightweight dynamic security encryption method based on physical layer channel characteristics
CN111132153A (en) * 2019-12-19 2020-05-08 中山大学 Endogenous safety communication method based on wireless channel characteristics

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104660602B (en) * 2015-02-14 2017-05-31 山东量子科学技术研究院有限公司 A kind of quantum key transfer control method and system
CN107896148A (en) * 2017-12-25 2018-04-10 北京天融信网络安全技术有限公司 A kind of method and system of encryption and decryption data
CN111049645A (en) * 2019-11-20 2020-04-21 北京邮电大学 Internet of things system and quantum key distribution method and device thereof
CN111970696B (en) * 2020-08-27 2022-08-23 东南大学 Multi-user efficient key generation method based on power distribution and beam scheduling
CN113038468B (en) * 2021-04-07 2022-09-09 东南大学 Method for distributing and negotiating quantum key of wireless terminal of Internet of things

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991285A (en) * 2015-02-16 2016-10-05 阿里巴巴集团控股有限公司 Identity authentication methods, devices and system applied to quantum key distribution process
CN109347628A (en) * 2018-09-29 2019-02-15 中国人民解放军国防科技大学 Lightweight dynamic security encryption method based on physical layer channel characteristics
CN111132153A (en) * 2019-12-19 2020-05-08 中山大学 Endogenous safety communication method based on wireless channel characteristics

Also Published As

Publication number Publication date
CN113038468A (en) 2021-06-25
WO2022213564A1 (en) 2022-10-13

Similar Documents

Publication Publication Date Title
CN113038468B (en) Method for distributing and negotiating quantum key of wireless terminal of Internet of things
US10887094B2 (en) Authentication apparatus and method for quantum cryptography communication
CN106411521B (en) Identity authentication method, device and system for quantum key distribution process
US6535980B1 (en) Keyless encryption of messages using challenge response
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
US8433066B2 (en) Method for generating an encryption/decryption key
CN110048849B (en) Multi-layer protection session key negotiation method
CN109495274A (en) A kind of decentralization smart lock electron key distribution method and system
KR101978774B1 (en) Quantum direct communication method based on user authentication and apparatus using the same
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN104243494B (en) A kind of data processing method
CN113572743B (en) Data encryption and decryption methods and devices, computer equipment and storage medium
WO2022142307A1 (en) Secure relay-based quantum communication method and communication network
CN114900304B (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN112165386B (en) Data encryption method and system based on ECDSA
TWI487308B (en) Method for quantum communication
KR101162333B1 (en) Method and apparatus for checking RTT based on challenge response, and computer readable medium thereof
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption
CN109587149A (en) A kind of safety communicating method and device of data
CN114760046A (en) Identity authentication method and device
CN114696999A (en) Identity authentication method and device
CN114928503B (en) Method for realizing secure channel and data transmission method
CN114760035A (en) Identity authentication method and device
KR20150135717A (en) Apparatus and method for sharing initial secret key in mobile multi-hop network
CN117459325B (en) Three-party data communication method combining quantum communication and conventional communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant