CN113329397A - Power terminal security access authentication method, device and system in 5G communication environment - Google Patents

Power terminal security access authentication method, device and system in 5G communication environment Download PDF

Info

Publication number
CN113329397A
CN113329397A CN202110765125.3A CN202110765125A CN113329397A CN 113329397 A CN113329397 A CN 113329397A CN 202110765125 A CN202110765125 A CN 202110765125A CN 113329397 A CN113329397 A CN 113329397A
Authority
CN
China
Prior art keywords
signcryption
aggregated
ciphertext
calculate
meter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110765125.3A
Other languages
Chinese (zh)
Inventor
王海翔
朱朝阳
周亮
李仲青
缪思薇
朱亚运
张晓娟
张晓�
姜琳
曹靖怡
蒋帅
王琼
张梦迪
沈冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
State Grid Shanghai Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
State Grid Shanghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI, State Grid Shanghai Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110765125.3A priority Critical patent/CN113329397A/en
Publication of CN113329397A publication Critical patent/CN113329397A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method, a device and a system for authenticating the safe access of an electric power terminal in a 5G communication environment, wherein the authentication method comprises the following steps: acquiring signed cipher texts of all meter encryption units about the message; calculating by adopting a polymerization signcryption method to obtain polymerization signcryption ciphertexts of all meter encryption units; and sending the aggregation signcryption text for verifying the validity of the aggregation signcryption. The method is a safe access authentication method of the power terminal in the 5G communication environment, so as to realize high-efficiency authentication, ensure the confidentiality and integrity of data, and can be widely applied to large-scale many-to-one and one-to-many communication.

Description

Power terminal security access authentication method, device and system in 5G communication environment
Technical Field
The invention relates to the technical field of security authentication, in particular to a method, a device and a system for authenticating the security access of a power terminal in a 5G communication environment.
Background
In various communication network environments, the danger that network information is monitored is greatly increased, meanwhile, a distributed network environment is formed by access of a large amount of terminal data and corresponding data processing equipment, the traditional user identity authentication and key distribution and management mechanism has a great safety loophole, and when a large amount of data are processed concurrently, an attacker can easily find and crack key modules of the key, so that key information is cracked, for example, the key modules are illegally invaded to access the network, and potential safety hazards are caused.
In the 5G era, a power terminal side, a user side and system nodes at all levels deploy massive terminals and 5G network interfaces, so that the attack surface of a malicious attacker on the physical layer of a power grid is rapidly expanded, and comprehensive and real-time monitoring is difficult. The comprehensive perceived service requirement promotes the generalization of the terminal, and generates greater impact on the existing terminal access protection strategy, and under such conditions, the performance of the boundary protection structure and the protection equipment aiming at wireless access at present cannot completely meet the requirements.
Therefore, in a 5G network environment, a large number of IoT devices access the network, and the issue of security authentication is an important issue to be considered in the 5G network. The access of a huge amount of IoT devices to the network not only brings high authentication cost, but also greatly affects authentication efficiency. At present, in an electric power information communication environment mainly based on communication technologies such as GPRS, CDMA, LTD and the like, the traditional authentication mode of signing first and then encrypting is low in efficiency, and cannot meet the communication safety requirements that the 5G technology is mature day by day and the electric power 5G is rapidly applied and popularized. And the traditional aggregation signcryption is based on a complex bilinear mapping structure, so that the consumption of computing resources is huge.
Disclosure of Invention
The invention provides a method, a device and a system for authenticating the safe access of a power terminal under a 5G communication environment, aiming at the problem of the communication safety of power 5G application in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a safety access authentication method for a power terminal in a 5G communication environment comprises the following steps:
acquiring signed cipher texts of all meter encryption units about the message;
calculating by adopting a polymerization signcryption method to obtain polymerization signcryption ciphertexts of all meter encryption units;
and sending the aggregation signcryption text for verifying the validity of the aggregation signcryption.
As a further improvement of the present invention, the table meter encryption unit obtains the signed cipher text of the message by calculating the system parameter and the secret key, and the specific calculation steps include:
the meter encryption unit participating in signing and encrypting selects a random number ai∈Z* q
Calculating Ti=aiP, P is a system parameter generator;
calculating Ci=Vi⊕miWherein V isi=H3(IDB,Ti,Qi),Qi=ai(XB+RB+PpubH1(IDB,XB,RB)),IDBAnd PKBThe identity and the public key of the aggregated signcryption recipient are respectively;
calculating Si=Di+hixi+h'iaiWherein the hash value hi=H2(Ti,Ci,IDi,Xi) Hash value h'i=H2(Ti,Ci,IDi,Ri);IDiTo meter the identity information of the encryption unit for participation in the signcryption,
get meter encryption unit on message miIs signed and encryptedi=(Ti,Si,Ci);1≤i≤n。
As a further improvement of the present invention, the generating step of the system parameter specifically includes:
acquiring a safety parameter k, generating two large prime numbers p and q, and meeting q | p-1;
constructing a Hash function H1:{0,1}*×G→Z* q,H2:{0,1}*→Z* q,H3:G→Z* q(ii) a G is a cyclic group on the elliptic curve, P is a generator with any order of G as q, and Z* qIs a key set;
randomly selecting master key Z belonging to Z* qAnd secretly stores and calculates the system public key PpubzP and the system parameter params is obtained (P, q, P)pub,H1,H2,H3)。
As a further improvement of the present invention, the key generating step specifically includes:
random selection of secret value x by meter encryption uniti∈Z* qCalculating the median value Xi=xiP, and then obtains a random private key (ID)i,Xi),IDiThe identity value of the encryption unit is counted for the meter;
random selection of ri∈Z* qCalculating Ri=riP、di=ri+zH1(IDi,Ri,Xi)+H3(zXi) Sending (R)i,di) A meter-giving encryption unit;
the meter encryption unit verifies the validity of the private key, i.e. verifies equation Ri+PpubH1(IDi,Ri,Xi)+PH3(xiPpub)=diIf P is true, then calculate part of private key Di=di-H3(xiPpub);
Obtaining the private key of the meter encryption unit as SKi=(Di,xi) The public key is PKi=(Ri,Xi) (ii) a The private key of the concentrator is SKB=(DB,xB) The public key is PKB=(RB,XB)。
As a further improvement of the present invention, the step of calculating the aggregate signcryption of all meter encryption units by using the aggregate signcryption method specifically includes:
according to signcryption character deltai=(Ti,Si,Ci) I is more than or equal to 1 and less than or equal to n, and calculating an accumulated value
Figure BDA0003150780990000031
δ=(T1,T2,…,Tn,C1,C2,…,CnAnd S) is an aggregate signcryption ciphertext.
As a further improvement of the present invention, verifying the validity of the aggregated signcryption specifically includes:
calculate hi=H2(Ti,Ci,IDi,Xi),h'i=H2(Ti,Ci,IDi,Ri);
Verify whether the following equation holds:
Figure BDA0003150780990000032
if the equation is true, the aggregate signcryption is valid and receipt is denied otherwise.
As a further improvement of the present invention, the step of decrypting the aggregate signcryption after the aggregate signcryption is received further comprises the step of decrypting the aggregate signcryption, wherein the step of decrypting the aggregate signcryption comprises:
calculating Q'i=Ti(xB+DB) And V'i=H3(IDB,Ti,Q′i);
Restore out message mi=Ci⊕V′i
The utility model provides a power terminal safety access authentication device under 5G communication environment, includes:
the acquisition module is used for acquiring signed cipher texts of all the meter encryption units about the message;
the aggregation signcryption module is used for calculating by adopting an aggregation signcryption method to obtain aggregation signcryption ciphertexts of all the meter encryption units;
and the sending module is used for sending the aggregation signcryption text for verifying the legality of the aggregation signcryption.
A power terminal security access authentication system in a 5G communication environment comprises a power terminal security access authentication device in the 5G communication environment.
A power terminal security access authentication system in a 5G communication environment comprises an aggregation signcryptor; the aggregation signcrypter performs the method.
The invention has the beneficial effects that:
according to the method for authenticating the safe access of the power terminal in the 5G communication environment, the certificateless aggregation signcryption technology without bilinear pairwise mapping is introduced between the terminal and the network, batch verification of the signature and the password of the power 5G terminal is realized by using the aggregation signcryption technology, the signcryption can realize signature and encryption of messages at the same time, confidentiality and integrity can be simultaneously ensured in a single logic step, and the method is more efficient compared with the traditional mode of firstly signing and then encrypting. The traditional aggregation signcryption is based on a complex bilinear pairmapping structure, and the consumption of computing resources is huge.
Drawings
Fig. 1 is a flowchart of a method for authenticating secure access of an electric power terminal in a 5G communication environment according to the present invention.
Fig. 2 is a block diagram of a secure access authentication module of an electric power terminal in a 5G communication environment according to the present invention.
FIG. 3 is a schematic diagram of an authentication process of the present invention;
fig. 4 is a safe access process of the power internet of things terminal.
Fig. 5 is a schematic diagram of a system for authenticating a secure access of an electric power terminal in a 5G communication environment according to the present invention.
Detailed Description
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The following detailed description is exemplary in nature and is intended to provide further details of the invention. Unless otherwise defined, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention.
In the scene of power utilization information acquisition, when the power utilization peak is in the peak, 1 front-end server generally needs to process the station area information of tens of thousands of concentrators at the same time, and the gathering signcryption technology can be utilized to carry out batch verification on signcryption information from a large number of concentrators in a short time. The invention provides a certificate-free aggregation signcryption scheme without bilinear pairs, and the implementation process of the scheme is described in detail by combining a power utilization information acquisition scene.
The related noun explanation is given based on the content of the invention:
IoT: the Internet of things;
GPRS, CDMA, LTD: key technologies for 2G, 3G, 4G;
5G: 5 th generation communication technologies;
electric power 5G terminal: an internet of things meter and a meter.
As shown in fig. 1, a first object of the present invention is to provide a method for authenticating secure access of a power terminal in a 5G communication environment, an application and an aggregator, including the following steps:
the aggregation signcryptor CYR passes through a meter encryption unit SMUiAcquiring signed cipher texts of all meter encryption units about the message;
the aggregation signcryption device CYR calculates to obtain aggregation signcryption ciphertexts of all meter encryption units by adopting an aggregation signcryption method;
and sending the aggregation signcryption ciphertext to an aggregation signcryption receiver (acquisition front-end server) UR, and verifying the validity of the aggregation signcryption by the aggregation signcryption receiver (acquisition front-end server) UR.
And the meter encryption unit calculates the signed cipher text of the message through system parameters and a secret key.
As a preferred embodiment, the meter encryption unit comprises a single-phase meter, a three-phase meter, an Internet of things meter and the like.
The method of the invention has the following advantages:
1. the traditional aggregation signcryption is based on a complex bilinear pairwise mapping structure, the consumption of computing resources is huge, the operation process of the scheme does not contain bilinear pairwise and exponential operation, the consumption of the computing resources is low, and the method is suitable for large-scale, many-to-one and one-to-many communication of an electric power electricity utilization information acquisition system acquisition terminal with limited computing resources.
2. The signcryption can realize message signing and encryption at the same time, and the aggregation signcryption can realize simultaneous authentication of multiple devices, so that the efficiency is higher.
3. And a safety channel is not needed for generating part of the private keys, so that the computing resources are saved, and the authentication efficiency is improved.
Specific examples are given below to illustrate the invention in detail:
as shown in FIG. 2, the legal participants of the scheme have a key service center CC, a meter encryption unit SMUiI is more than or equal to 1 and less than or equal to n, a gathering signcrypter CYR, a concentrator (special transformer acquisition terminal) ACUM and a gathering signcrypter receiver (acquisition front server) UR. The key generation stage integrates the selection of the key and the extraction of part of the private key.
The ACUM of the concentrator (dedicated transformer acquisition terminal) needs to design the CYR for receiving the aggregate signcryption ciphertext or expanding the existing communication module according to the concentrators of different models and different manufacturers and the dedicated transformer acquisition terminal. With a certain technical complexity and effort.
As shown in fig. 2 to 4, the specific implementation process is as follows:
1) system parameter generation
According to the input security parameter k, two large prime numbers p and q are generated, and q | p-1 is satisfied. G is a cyclic group on the elliptic curve, P is a generator with any order of G as q, and Z* qFor a set of keys, a hash function H1:{0,1}*×G→Z* q,H2:{0,1}*→Z* q,H3:G→Z* q. CC selects a master key Z ∈ Z randomly* qAnd secretly stores, and then calculates the system public key PpubzP and the system parameters params (P, q, P)pub,H1,H2,H3)。
2) Key generation phase
a. Meter encryption unit SMUiRandomly selecting a secret value xi∈Z* qCalculating the median value Xi=xiP, send (ID)i,Xi) To CC. Wherein, IDiEncrypting a unit SMU for a meteriThe identity value of (2).
CC random selection of ri∈Z* qCalculating the intermediate value Ri=riP、di=ri+zH1(IDi,Ri,Xi)+H3(zXi) Sending (R)i,di) For SMUi(transmission need not be by means of a secure channel).
c. To ensure (R)i,di) Effectiveness of, SMUiFirst, verify equation Ri+PpubH1(IDi,Ri,Xi)+PH3(xiPpub)=diIf P is true, then calculate part of private key Di=di-H3(xiPpub);
If necessary, CC can also calculate SMUiPart of the private key Di=ri+zH1(IDi,Ri,Xi)。
d. Thus, the SMUiHas a private key of SKi=(Di,xi) The public key is PKi=(Ri,Xi). Similarly, the private key of ACUM is SKB=(DB,xB) The public key is PKB=(RB,XB)。
In the key generation phase, the CC first calculates the SMUiA partial private key source d corresponding to the partial private key ofiAnd then sent to the SMU over the open channeliThen SMUiCalculating DiObtain own partial private key Di. If d isiThe attacker monitors and obtains D through two methodsi. Calculating Di=di-H3(xiPpub) But xiThe attacker cannot obtain the secret random value. ② calculating Di ═ ri+zH1(IDi,Ri,Xi) Also, the master key r cannot be obtainediAnd fails. So that no secure channel is required for this transmission.
3) Signcryption
Meter encryption unit SMU assuming participation in signcryptioniIs IDiThe identity and the public key of the aggregate signcryption recipient UR are ID's, respectivelyBAnd PKBThe message to be signed is mi(i is more than or equal to 1 and less than or equal to n). The method comprises the following specific steps:
a)SMUiselecting a random number ai∈Z* qSequentially calculating intermediate values Ti=aiP, median value Qi=ai(XB+RB+PpubH1(IDB,XB,RB) Middle value V)i=H3(IDB,Ti,Qi) Middle value Ci=Vi⊕mi
b) Calculate h sequentiallyi=H2(Ti,Ci,IDi,Xi),h'i=H2(Ti,Ci,IDi,Ri),Si=Di+hixi+h'iaiThen SMUiAbout message miThe signed cipher text is deltai=(Ti,Si,Ci)。
4) Polymeric signcryption
Reception of δ by the polymeric signcrypter CYRi=(Ti,Si,Ci) (i is more than or equal to 1 and less than or equal to n), calculating an accumulated value
Figure BDA0003150780990000071
δ=(T1,T2,…,Tn,C1,C2,…,CnAnd S) is the aggregated signcryption ciphertext, which is sent to the receiver UR.
5) Verifying aggregate signcryption
Given n SMUsiIdentity-public key pair (ID)i,PKi) And system disclosure parameter, UR verifies δ ═ T1,T2,…,Tn,C1,C2,…,CnAnd S) validity, comprising the following steps:
a) calculating a hash value hi=H2(Ti,Ci,IDi,Xi) Hash value h'i=H2(Ti,Ci,IDi,Ri);
b) Verify whether the following equation holds:
Figure BDA0003150780990000081
if the equation is true, the aggregate signcryption is validated, otherwise acceptance is denied.
6) Disaggregated signcryption
If the aggregate signcryption verification passes, UR utilizes its own private key SKBAnd decrypting the message, wherein i is more than or equal to 1 and less than or equal to n. The execution steps are as follows:
a) calculating an intermediate value Q'i=Ti(xB+DB) And V'i=H3(IDB,Ti,Q′i)
b) Restore out messagemi=Ci⊕V′i
The invention can realize signature and encryption of the message at the same time, can simultaneously ensure confidentiality and integrity in a single logic step, and is more efficient compared with the traditional mode of firstly signing and then encrypting. The certificateless aggregation signcryption technology is introduced between the terminal and the network, so that high-efficiency authentication can be realized, and the problems are effectively solved.
As shown in fig. 5, another object of the present invention is to provide an authentication apparatus for secure access of a power terminal in a 5G communication environment, including:
the acquisition module is used for acquiring signed cipher texts of all the meter encryption units about the message;
the aggregation signcryption module is used for obtaining an aggregation signcryption ciphertext through aggregation signcryption calculation;
and the sending module is used for sending the aggregation signcryption text for verifying the legality of the aggregation signcryption.
With reference to fig. 2 and fig. 4, the present invention further provides a system for authenticating a secure access of an electric power terminal in a 5G communication environment, including the apparatus for authenticating a secure access of an electric power terminal in a 5G communication environment.
With reference to fig. 1 and 4, an electric power terminal secure access authentication system in a 5G communication environment includes a key service center CC and a meter encryption unit SMUiI is more than or equal to 1 and less than or equal to n, a gathering signcrypter CYR, a concentrator (special transformer acquisition terminal) ACUM and a gathering signcrypter receiver (acquisition front server) UR. The ACUM of the concentrator (special transformer acquisition terminal) is connected with a plurality of meter encryption units SMUiAnd designing a gathering signcryption device CYR for concentrators of different models and different manufacturers and a special transformer acquisition terminal to receive the gathering signcryption ciphertext or expanding the existing communication module. The key service center CC is connected with a plurality of meter encryption units SMUiThe system parameter and the key are generated, the signcryption ciphertext of the meter encryption unit about the message is calculated, and the signcryption ciphertext is sent to the aggregation signcrypter CYR.
The aggregation signcrypter CYR performs the method, which comprises:
the aggregation signcryptor CYR passes through a meter encryption unit SMUiAcquiring signed cipher texts of all meter encryption units about the message;
the aggregation signcryption device CYR calculates to obtain aggregation signcryption ciphertexts of all meter encryption units by adopting an aggregation signcryption method;
and sending the aggregation signcryption ciphertext to an aggregation signcryption receiver (acquisition front-end server) UR, and verifying the validity of the aggregation signcryption by the aggregation signcryption receiver (acquisition front-end server) UR.
The certificateless aggregation signcryption technology is introduced between the terminal and the network, so that high-efficiency authentication can be realized, confidentiality and integrity can be simultaneously ensured in a single logic step, and the method is more efficient compared with the traditional mode of firstly signing and then encrypting.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (10)

1.一种5G通信环境下电力终端安全接入认证方法,其特征在于,包括以下步骤:1. a power terminal security access authentication method under a 5G communication environment, is characterized in that, comprises the following steps: 获取所有表计加密单元关于消息的签密密文;Obtain the signcrypted ciphertext of all metered encryption units about the message; 采用聚合签密方法计算得到所有表计加密单元的聚合签密密文;The aggregated signcryption ciphertext of all metered encryption units is calculated by the aggregated signcryption method; 发送聚合签密密文用于验证聚合签密的合法性。The ciphertext of the aggregated signcryption is sent to verify the legitimacy of the aggregated signcryption. 2.根据权利要求1所述的方法,其特征在于:2. method according to claim 1, is characterized in that: 所述表计加密单元关于消息的签密密文是通过系统参数和密钥计算得到,具体计算步骤包括:The signcrypted ciphertext of the message by the meter encryption unit is obtained by calculating the system parameters and the key, and the specific calculation steps include: 参与签密的表计加密单元选取随机数ai∈Z* qThe meter encryption unit participating in the signcryption selects a random number a i ∈ Z * q ; 计算Ti=aiP,P为系统参数生成元;Calculate T i =a i P, P is the system parameter generator; 计算
Figure FDA0003150780980000011
其中,Vi=H3(IDB,Ti,Qi),Qi=ai(XB+RB+PpubH1(IDB,XB,RB)),IDB和PKB分别为聚合签密接收者的身份和公钥;calculate
Figure FDA0003150780980000011
where Vi = H 3 (ID B , Ti , Qi ) , Qi = a i ( X B +R B +P pub H 1 (ID B , X B , R B )), ID B and PK B are the identity and public key of the aggregate signcryption receiver, respectively; 计算Si=Di+hixi+h′iai,其中,哈希值hi=H2(Ti,Ci,IDi,Xi),哈希值h′i=H2(Ti,Ci,IDi,Ri);IDi为参与签密的表计加密单元的身份信息,Calculate S i =D i +h i x i +h′ i a i , where the hash value hi =H 2 (T i ,C i ,ID i ,X i ), the hash value h′ i =H 2 (T i , C i , ID i , R i ); ID i is the identity information of the meter encryption unit participating in the signcryption, 得到表计加密单元关于消息mi的签密密文δi=(Ti,Si,Ci);1≤i≤n。Obtain the signcrypted ciphertext δ i =(T i , S i , C i ) of the meter encryption unit about the message mi ; 1≤i≤n. 3.根据权利要求2所述的方法,其特征在于:3. method according to claim 2, is characterized in that: 所述系统参数的生成步骤具体包括:The generating steps of the system parameters specifically include: 获取安全参数k,生成两个大素数p、q,且满足q|p-1;Obtain the security parameter k, generate two large prime numbers p, q, and satisfy q|p-1; 构建哈希函数H1:{0,1}*×G→Z* q,H2:{0,1}*→Z* q,H3:G→Z* q;G是椭圆曲线上的循环群,P为G中任意一个阶为q的生成元,Z* q为密钥集合;Build the hash function H 1 : {0, 1}*×G→Z * q , H2 :{0,1}*→Z * q , H3 :G→Z * q ; G is a cycle on the elliptic curve Group, P is any generator of order q in G, Z * q is the key set; 随机选取主密钥z∈Z* q并秘密保存,计算出系统公钥Ppub=zP,并得到系统参数params=(p,q,P,Ppub,H1,H2,H3)。Randomly select the master key z∈Z * q and keep it secretly, calculate the system public key P pub =zP, and obtain the system parameters params=(p, q, P, P pub , H 1 , H 2 , H 3 ). 4.根据权利要求1所述的方法,其特征在于:4. method according to claim 1, is characterized in that: 所述密钥生成步骤具体包括:The key generation step specifically includes: 表计加密单元随机选取秘密值xi∈Z* q,计算中间值Xi=xiP,进而得到随机私钥(IDi,Xi),IDi为表计加密单元的身份值;The meter encryption unit randomly selects the secret value x i ∈ Z * q , calculates the intermediate value X i = xi P, and then obtains a random private key (ID i , X i ), where ID i is the identity value of the meter encryption unit; 随机选择ri∈Z* q,计算Ri=riP、di=ri+zH1(IDi,Ri,Xi)+H3(zXi),发送(Ri,di)给表计加密单元;Randomly select r i ∈ Z * q , calculate R i =r i P, d i =r i +zH 1 (ID i ,R i ,X i )+H 3 (zX i ), send (R i ,d i ) ) to the meter encryption unit; 表计加密单元验证私钥的合法性,即验证等式Ri+PpubH1(IDi,Ri,Xi)+PH3(xiPpub)=diP是否成立,若成立,接着计算其部分私钥Di=di-H3(xiPpub);The meter encryption unit verifies the validity of the private key, that is, to verify whether the equation R i +P pub H 1 (ID i , R i , Xi ) +PH 3 ( xi P pub )=d i P holds, and if so , and then calculate its partial private key D i =d i -H 3 ( xi P pub ); 得到表计加密单元的私钥为SKi=(Di,xi),公钥为PKi=(Ri,Xi);集中器的私钥为SKB=(DB,xB),公钥为PKB=(RB,XB)。The private key of the meter encryption unit is SK i =(D i , x i ), the public key is PK i =(R i , Xi ) ; the private key of the concentrator is SK B =(D B , x B ) , the public key is PK B =(R B , X B ). 5.根据权利要求1所述的方法,其特征在于:5. method according to claim 1, is characterized in that: 采用聚合签密方法计算得到所有表计加密单元的聚合签密密文具体包括:The aggregated signcrypted ciphertext of all metered encryption units calculated by the aggregated signcryption method includes: 根据签密密文δi=(Ti,Si,Ci),1≤i≤n,计算累加值
Figure FDA0003150780980000021
δ=(T1,T2,…,Tn,C1,C2,…,Cn,S)为聚合签密密文。According to the signcrypted ciphertext δ i =(T i , S i , C i ), 1≤i≤n, calculate the accumulated value
Figure FDA0003150780980000021
δ=(T 1 , T 2 , . . . , T n , C 1 , C 2 , . . , C n , S) is the aggregated signcrypted ciphertext. 6.根据权利要求1所述的方法,其特征在于:6. The method according to claim 1, wherein: 验证聚合签密的合法性具体包括:Verifying the legitimacy of aggregated signcryption specifically includes: 计算hi=H2(Ti,Ci,IDi,Xi),h′i=H2(Ti,Ci,IDi,Ri);Calculate hi = H 2 (T i , Ci , ID i , Xi ), h′ i = H 2 (T i , Ci , ID i , Ri ) ; 验证下面等式是否成立:Verify that the following equation holds:
Figure FDA0003150780980000022
Figure FDA0003150780980000022
 如果等式成立,则聚合签密有效则接收,否则拒绝接收。If the equation is true, the aggregate signcryption is valid and then it is accepted, otherwise it is rejected. 7.根据权利要求1所述的方法,其特征在于:7. The method according to claim 1, wherein: 聚合签密有效则接收后还包括解密聚合签密步骤,所述解密聚合签密步骤包括:If the aggregated signcryption is valid, it also includes a step of decrypting aggregated signcryption after receiving, and the step of decrypting aggregated signcryption includes: 计算Q′i=Ti(xB+DB)和Vi′=H3(IDB,Ti,Q′i);Calculate Q' i = T i (x B + D B ) and Vi ' = H 3 (ID B , T i , Q' i ); 还原出消息
Figure FDA0003150780980000023
restore message
Figure FDA0003150780980000023
 8.一种5G通信环境下电力终端安全接入认证装置,其特征在于,包括:8. A power terminal security access authentication device in a 5G communication environment, characterized in that it comprises: 获取模块,用于获取所有表计加密单元关于消息的签密密文;The acquisition module is used to acquire the signcrypted ciphertext of the message of all meter encryption units; 聚合签密模块,用于采用聚合签密方法计算得到所有表计加密单元的聚合签密密文;The aggregated signcryption module is used to calculate the aggregated signcryption ciphertext of all metered encryption units by using the aggregated signcryption method; 发送模块,用于发送聚合签密密文用于验证聚合签密的合法性。The sending module is used to send the aggregated signcryption ciphertext to verify the legitimacy of the aggregated signcryption. 9.一种5G通信环境下电力终端安全接入认证系统,其特征在于,包括权利要求8所述的5G通信环境下电力终端安全接入认证装置。9 . A power terminal security access authentication system in a 5G communication environment, characterized by comprising the power terminal security access authentication device in a 5G communication environment according to claim 8 . 10.一种5G通信环境下电力终端安全接入认证系统,其特征在于,包括聚合签密器;所述聚合签密器执行权利要求1~7任一项所述的方法。10 . An authentication system for secure access of a power terminal in a 5G communication environment, characterized in that it comprises an aggregated signcryptor; the aggregated signcryptor executes the method according to any one of claims 1 to 7 .
CN202110765125.3A 2021-07-06 2021-07-06 Power terminal security access authentication method, device and system in 5G communication environment Pending CN113329397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110765125.3A CN113329397A (en) 2021-07-06 2021-07-06 Power terminal security access authentication method, device and system in 5G communication environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110765125.3A CN113329397A (en) 2021-07-06 2021-07-06 Power terminal security access authentication method, device and system in 5G communication environment

Publications (1)

Publication Number Publication Date
CN113329397A true CN113329397A (en) 2021-08-31

Family

ID=77425817

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110765125.3A Pending CN113329397A (en) 2021-07-06 2021-07-06 Power terminal security access authentication method, device and system in 5G communication environment

Country Status (1)

Country Link
CN (1) CN113329397A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116684870A (en) * 2023-08-03 2023-09-01 中国电力科学研究院有限公司 Access authentication method, device and system of electric power 5G terminal

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007845A1 (en) * 2011-06-30 2013-01-03 International Business Machines Corporation Authentication and authorization methods for cloud computing security platform

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007845A1 (en) * 2011-06-30 2013-01-03 International Business Machines Corporation Authentication and authorization methods for cloud computing security platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
苏靖枫等: "不含双线性对的高效无证书聚合签密方案", 《计算机应用》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116684870A (en) * 2023-08-03 2023-09-01 中国电力科学研究院有限公司 Access authentication method, device and system of electric power 5G terminal
CN116684870B (en) * 2023-08-03 2023-10-20 中国电力科学研究院有限公司 Access authentication method, device and system for power 5G terminals

Similar Documents

Publication Publication Date Title
CN109584978B (en) Information processing method and system based on signature aggregation medical health monitoring network model
CN107483209B (en) Secure signcryption method based on heterogeneous system
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN110489982B (en) Smart power grid data aggregation and encryption method with forward security
CN110460570B (en) A smart grid data encryption method and decryption method with forward security
CN113704736A (en) Lightweight access authentication method and system for power Internet of things equipment based on IBC system
CN114826656A (en) Trusted data link transmission method and system
CN107294696B (en) Method for distributing full homomorphic keys for Leveled
Ahmed et al. Signcryption based authenticated and key exchange protocol for EI-based V2G environment
CN115473623A (en) Method for safely aggregating multidimensional user data in smart power grid
CN114095229A (en) Method, device and system for constructing data transmission protocol of energy Internet
Wu et al. Cryptanalysis and improvement of a new certificateless signature scheme in the standard model
Liu et al. A power resource dispatching framework with a privacy protection function in the Power Internet of Things
CN108390866A (en) Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy
Liu et al. Integrated and accountable data sharing for smart grids with fog and dual-blockchain assistance
CN115695007A (en) A lightweight authenticated key exchange method for metaverse power transactions
Mao et al. Locally verifiable batch authentication in IoMT
Zhang et al. Anonymous authentication and information sharing scheme based on blockchain and zero knowledge proof for vanets
CN107231353A (en) Batch authentication method based on binary tree in a kind of intelligent grid
CN113329397A (en) Power terminal security access authentication method, device and system in 5G communication environment
CN114095162A (en) A connection verification method and device for a certificateless electricity consumption information collection system
CN111147240B (en) A privacy protection method and system with traceability
Wang et al. A NTRU-based access authentication scheme for satellite terrestrial integrated network
CN113055161A (en) Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms
CN116232759A (en) Mist-blockchain assisted smart grid aggregation authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210831

RJ01 Rejection of invention patent application after publication